Search in sources :

Example 1 with PBECipherProvider

use of org.apache.nifi.security.util.crypto.PBECipherProvider in project nifi by apache.

the class StringEncryptor method decryptPBE.

private byte[] decryptPBE(byte[] cipherBytes) throws DecoderException {
    PBECipherProvider pbecp = (PBECipherProvider) cipherProvider;
    final EncryptionMethod encryptionMethod = EncryptionMethod.forAlgorithm(algorithm);
    // Extract salt
    int saltLength = CipherUtility.getSaltLengthForAlgorithm(algorithm);
    byte[] salt = new byte[saltLength];
    System.arraycopy(cipherBytes, 0, salt, 0, saltLength);
    byte[] actualCipherBytes = Arrays.copyOfRange(cipherBytes, saltLength, cipherBytes.length);
    // Determine necessary key length
    int keyLength = CipherUtility.parseKeyLengthFromAlgorithm(algorithm);
    // Generate cipher
    try {
        Cipher cipher = pbecp.getCipher(encryptionMethod, new String(password.getPassword()), salt, keyLength, false);
        // Decrypt the plaintext
        return cipher.doFinal(actualCipherBytes);
    } catch (Exception e) {
        throw new EncryptionException("Could not decrypt sensitive value", e);
    }
}
Also used : EncryptionMethod(org.apache.nifi.security.util.EncryptionMethod) Cipher(javax.crypto.Cipher) DecoderException(org.apache.commons.codec.DecoderException) PBECipherProvider(org.apache.nifi.security.util.crypto.PBECipherProvider)

Example 2 with PBECipherProvider

use of org.apache.nifi.security.util.crypto.PBECipherProvider in project nifi by apache.

the class StringEncryptor method encryptPBE.

private byte[] encryptPBE(String plaintext) {
    PBECipherProvider pbecp = (PBECipherProvider) cipherProvider;
    final EncryptionMethod encryptionMethod = EncryptionMethod.forAlgorithm(algorithm);
    // Generate salt
    byte[] salt;
    // NiFi legacy code determined the salt length based on the cipher block size
    if (pbecp instanceof NiFiLegacyCipherProvider) {
        salt = ((NiFiLegacyCipherProvider) pbecp).generateSalt(encryptionMethod);
    } else {
        salt = pbecp.generateSalt();
    }
    // Determine necessary key length
    int keyLength = CipherUtility.parseKeyLengthFromAlgorithm(algorithm);
    // Generate cipher
    try {
        Cipher cipher = pbecp.getCipher(encryptionMethod, new String(password.getPassword()), salt, keyLength, true);
        // Write IV if necessary (allows for future use of PBKDF2, Bcrypt, or Scrypt)
        // byte[] iv = new byte[0];
        // if (cipherProvider instanceof RandomIVPBECipherProvider) {
        // iv = cipher.getIV();
        // }
        // Encrypt the plaintext
        byte[] cipherBytes = cipher.doFinal(plaintext.getBytes(StandardCharsets.UTF_8));
        // byte[] rawBytes = CryptoUtils.concatByteArrays(salt, iv, cipherBytes);
        return CryptoUtils.concatByteArrays(salt, cipherBytes);
    } catch (Exception e) {
        throw new EncryptionException("Could not encrypt sensitive value", e);
    }
}
Also used : EncryptionMethod(org.apache.nifi.security.util.EncryptionMethod) Cipher(javax.crypto.Cipher) DecoderException(org.apache.commons.codec.DecoderException) PBECipherProvider(org.apache.nifi.security.util.crypto.PBECipherProvider) NiFiLegacyCipherProvider(org.apache.nifi.security.util.crypto.NiFiLegacyCipherProvider)

Aggregations

Cipher (javax.crypto.Cipher)2 DecoderException (org.apache.commons.codec.DecoderException)2 EncryptionMethod (org.apache.nifi.security.util.EncryptionMethod)2 PBECipherProvider (org.apache.nifi.security.util.crypto.PBECipherProvider)2 NiFiLegacyCipherProvider (org.apache.nifi.security.util.crypto.NiFiLegacyCipherProvider)1