use of org.apache.nifi.security.util.crypto.NiFiLegacyCipherProvider in project nifi by apache.
the class StringEncryptor method encryptPBE.
private byte[] encryptPBE(String plaintext) {
PBECipherProvider pbecp = (PBECipherProvider) cipherProvider;
final EncryptionMethod encryptionMethod = EncryptionMethod.forAlgorithm(algorithm);
// Generate salt
byte[] salt;
// NiFi legacy code determined the salt length based on the cipher block size
if (pbecp instanceof NiFiLegacyCipherProvider) {
salt = ((NiFiLegacyCipherProvider) pbecp).generateSalt(encryptionMethod);
} else {
salt = pbecp.generateSalt();
}
// Determine necessary key length
int keyLength = CipherUtility.parseKeyLengthFromAlgorithm(algorithm);
// Generate cipher
try {
Cipher cipher = pbecp.getCipher(encryptionMethod, new String(password.getPassword()), salt, keyLength, true);
// Write IV if necessary (allows for future use of PBKDF2, Bcrypt, or Scrypt)
// byte[] iv = new byte[0];
// if (cipherProvider instanceof RandomIVPBECipherProvider) {
// iv = cipher.getIV();
// }
// Encrypt the plaintext
byte[] cipherBytes = cipher.doFinal(plaintext.getBytes(StandardCharsets.UTF_8));
// byte[] rawBytes = CryptoUtils.concatByteArrays(salt, iv, cipherBytes);
return CryptoUtils.concatByteArrays(salt, cipherBytes);
} catch (Exception e) {
throw new EncryptionException("Could not encrypt sensitive value", e);
}
}
Aggregations