Examples with InvalidAlgorithmParameterException java.security.InvalidAlgorithmParameterException used on opensource projects

Example 86 with InvalidAlgorithmParameterException

use of java.security.InvalidAlgorithmParameterException in project qpid-broker-j by apache.

the class AESKeyFileEncrypter method decrypt.

@Override
public String decrypt(final String encrypted) {
    if (!isValidBase64(encrypted)) {
        throw new IllegalArgumentException("Encrypted value is not valid Base 64 data: '" + encrypted + "'");
    }
    byte[] encryptedBytes = Strings.decodeBase64(encrypted);
    try {
        Cipher cipher = Cipher.getInstance(CIPHER_NAME);
        IvParameterSpec ivParameterSpec = new IvParameterSpec(encryptedBytes, 0, AES_INITIALIZATION_VECTOR_LENGTH);
        cipher.init(Cipher.DECRYPT_MODE, _secretKey, ivParameterSpec);
        return new String(readFromCipherStream(encryptedBytes, AES_INITIALIZATION_VECTOR_LENGTH, encryptedBytes.length - AES_INITIALIZATION_VECTOR_LENGTH, cipher), StandardCharsets.UTF_8);
    } catch (IOException | InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | NoSuchPaddingException e) {
        throw new IllegalArgumentException("Unable to decrypt secret", e);
    }
}

Example 87 with InvalidAlgorithmParameterException

use of java.security.InvalidAlgorithmParameterException in project nifi by apache.

the class AESSensitivePropertyProvider method protect.

/**
 * Returns the encrypted cipher text.
 *
 * @param unprotectedValue the sensitive value
 * @return the value to persist in the {@code nifi.properties} file
 * @throws SensitivePropertyProtectionException if there is an exception encrypting the value
 */
@Override
public String protect(String unprotectedValue) throws SensitivePropertyProtectionException {
    if (unprotectedValue == null || unprotectedValue.trim().length() == 0) {
        throw new IllegalArgumentException("Cannot encrypt an empty value");
    }
    // Generate IV
    byte[] iv = generateIV();
    if (iv.length < IV_LENGTH) {
        throw new IllegalArgumentException("The IV (" + iv.length + " bytes) must be at least " + IV_LENGTH + " bytes");
    }
    try {
        // Initialize cipher for encryption
        cipher.init(Cipher.ENCRYPT_MODE, this.key, new IvParameterSpec(iv));
        byte[] plainBytes = unprotectedValue.getBytes(StandardCharsets.UTF_8);
        byte[] cipherBytes = cipher.doFinal(plainBytes);
        logger.debug(getName() + " encrypted a sensitive value successfully");
        return base64Encode(iv) + DELIMITER + base64Encode(cipherBytes);
    // return Base64.toBase64String(iv) + DELIMITER + Base64.toBase64String(cipherBytes);
    } catch (BadPaddingException | IllegalBlockSizeException | EncoderException | InvalidAlgorithmParameterException | InvalidKeyException e) {
        final String msg = "Error encrypting a protected value";
        logger.error(msg, e);
        throw new SensitivePropertyProtectionException(msg, e);
    }
}

Example 88 with InvalidAlgorithmParameterException

use of java.security.InvalidAlgorithmParameterException in project nifi by apache.

the class AESSensitivePropertyProvider method unprotect.

/**
 * Returns the decrypted plaintext.
 *
 * @param protectedValue the cipher text read from the {@code nifi.properties} file
 * @return the raw value to be used by the application
 * @throws SensitivePropertyProtectionException if there is an error decrypting the cipher text
 */
@Override
public String unprotect(String protectedValue) throws SensitivePropertyProtectionException {
    if (protectedValue == null || protectedValue.trim().length() < MIN_CIPHER_TEXT_LENGTH) {
        throw new IllegalArgumentException("Cannot decrypt a cipher text shorter than " + MIN_CIPHER_TEXT_LENGTH + " chars");
    }
    if (!protectedValue.contains(DELIMITER)) {
        throw new IllegalArgumentException("The cipher text does not contain the delimiter " + DELIMITER + " -- it should be of the form Base64(IV) || Base64(cipherText)");
    }
    protectedValue = protectedValue.trim();
    final String IV_B64 = protectedValue.substring(0, protectedValue.indexOf(DELIMITER));
    byte[] iv = Base64.decode(IV_B64);
    if (iv.length < IV_LENGTH) {
        throw new IllegalArgumentException("The IV (" + iv.length + " bytes) must be at least " + IV_LENGTH + " bytes");
    }
    String CIPHERTEXT_B64 = protectedValue.substring(protectedValue.indexOf(DELIMITER) + 2);
    // Restore the = padding if necessary to reconstitute the GCM MAC check
    if (CIPHERTEXT_B64.length() % 4 != 0) {
        final int paddedLength = CIPHERTEXT_B64.length() + 4 - (CIPHERTEXT_B64.length() % 4);
        CIPHERTEXT_B64 = StringUtils.rightPad(CIPHERTEXT_B64, paddedLength, '=');
    }
    try {
        byte[] cipherBytes = Base64.decode(CIPHERTEXT_B64);
        cipher.init(Cipher.DECRYPT_MODE, this.key, new IvParameterSpec(iv));
        byte[] plainBytes = cipher.doFinal(cipherBytes);
        logger.debug(getName() + " decrypted a sensitive value successfully");
        return new String(plainBytes, StandardCharsets.UTF_8);
    } catch (BadPaddingException | IllegalBlockSizeException | DecoderException | InvalidAlgorithmParameterException | InvalidKeyException e) {
        final String msg = "Error decrypting a protected value";
        logger.error(msg, e);
        throw new SensitivePropertyProtectionException(msg, e);
    }
}

Example 89 with InvalidAlgorithmParameterException

use of java.security.InvalidAlgorithmParameterException in project nifi by apache.

the class CipherUtility method initPBECipher.

/**
 * Initializes a {@link Cipher} object with the given PBE parameters.
 *
 * @param algorithm      the algorithm
 * @param provider       the JCA provider
 * @param password       the password
 * @param salt           the salt
 * @param iterationCount the KDF iteration count
 * @param encryptMode    true to encrypt; false to decrypt
 * @return the initialized Cipher
 * @throws IllegalArgumentException if any parameter is invalid
 */
public static Cipher initPBECipher(String algorithm, String provider, String password, byte[] salt, int iterationCount, boolean encryptMode) throws IllegalArgumentException {
    try {
        // Initialize secret key from password
        final PBEKeySpec pbeKeySpec = new PBEKeySpec(password.toCharArray());
        final SecretKeyFactory factory = SecretKeyFactory.getInstance(algorithm, provider);
        SecretKey tempKey = factory.generateSecret(pbeKeySpec);
        final PBEParameterSpec parameterSpec = new PBEParameterSpec(salt, iterationCount);
        Cipher cipher = Cipher.getInstance(algorithm, provider);
        cipher.init(encryptMode ? Cipher.ENCRYPT_MODE : Cipher.DECRYPT_MODE, tempKey, parameterSpec);
        return cipher;
    } catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidKeySpecException | NoSuchPaddingException | InvalidKeyException | InvalidAlgorithmParameterException e) {
        throw new IllegalArgumentException("One or more parameters to initialize the PBE cipher were invalid", e);
    }
}

Example 90 with InvalidAlgorithmParameterException

use of java.security.InvalidAlgorithmParameterException in project jdk8u_jdk by JetBrains.

the class DSAParameterGenerator method engineGenerateParameters.

/**
     * Generates the parameters.
     *
     * @return the new AlgorithmParameters object
     */
protected AlgorithmParameters engineGenerateParameters() {
    AlgorithmParameters algParams = null;
    try {
        if (this.random == null) {
            this.random = new SecureRandom();
        }
        if (valueL == -1) {
            try {
                engineInit(DEFAULTS, this.random);
            } catch (InvalidAlgorithmParameterException iape) {
            // should never happen
            }
        }
        BigInteger[] pAndQ = generatePandQ(this.random, valueL, valueN, seedLen);
        BigInteger paramP = pAndQ[0];
        BigInteger paramQ = pAndQ[1];
        BigInteger paramG = generateG(paramP, paramQ);
        DSAParameterSpec dsaParamSpec = new DSAParameterSpec(paramP, paramQ, paramG);
        algParams = AlgorithmParameters.getInstance("DSA", "SUN");
        algParams.init(dsaParamSpec);
    } catch (InvalidParameterSpecException e) {
        // this should never happen
        throw new RuntimeException(e.getMessage());
    } catch (NoSuchAlgorithmException e) {
        // this should never happen, because we provide it
        throw new RuntimeException(e.getMessage());
    } catch (NoSuchProviderException e) {
        // this should never happen, because we provide it
        throw new RuntimeException(e.getMessage());
    }
    return algParams;
}