public class DataSealer extends Object
Modifier and Type | Field and Description |
---|---|
private String |
cipherAlgorithm
Encryption algorithm to use.
|
private SecretKey |
cipherKey
Key used for encryption.
|
private String |
cipherKeyAlias
Keystore alias for the encryption key.
|
private String |
cipherKeyPassword
Password for encryption key.
|
private String |
keystorePassword
Password for keystore.
|
private String |
keystorePath
Path to keystore.
|
private String |
keystoreType
Tye of keystore to use for access to keys.
|
private static org.slf4j.Logger |
log
Class logger.
|
private String |
macAlgorithm
MAC algorithm to use.
|
private SecretKey |
macKey
Key used for MAC.
|
private String |
macKeyAlias
Keystore alias for the MAC key.
|
private String |
macKeyPassword
Password for MAC key.
|
private SecureRandom |
random
Source of secure random data.
|
Constructor and Description |
---|
DataSealer() |
Modifier and Type | Method and Description |
---|---|
String |
getCipherAlgorithm()
Returns the encryption algorithm.
|
SecretKey |
getCipherKey()
Returns the encryption key.
|
String |
getCipherKeyAlias()
Returns the encryption key alias.
|
String |
getCipherKeyPassword()
Returns the encryption key password.
|
String |
getKeystorePassword()
Returns the keystore password.
|
String |
getKeystorePath()
Returns the keystore path.
|
String |
getKeystoreType()
Returns the keystore type.
|
private static byte[] |
getLongBytes(long longValue)
Convert a long value into a byte array.
|
private static byte[] |
getMAC(Mac mac,
String data,
long exp)
Compute a MAC over a string, prefixed by an expiration time.
|
String |
getMacAlgorithm()
Returns the MAC algorithm.
|
SecretKey |
getMacKey()
Returns the MAC key, if different from the encryption key.
|
String |
getMacKeyAlias()
Returns the MAC key alias.
|
String |
getMacKeyPassword()
Returns the MAC key password.
|
SecureRandom |
getRandom()
Returns the pseudorandom generator.
|
void |
init()
Initialization method used after setting all relevant bean properties.
|
private void |
loadKeys()
Load keys based on bean properties.
|
void |
setCipherAlgorithm(String alg)
Sets the encryption algorithm.
|
void |
setCipherKey(SecretKey key)
Sets the encryption key.
|
void |
setCipherKeyAlias(String alias)
Sets the encryption key alias.
|
void |
setCipherKeyPassword(String password)
Sets the encryption key password.
|
void |
setKeystorePassword(String password)
Sets the keystore password.
|
void |
setKeystorePath(String path)
Sets the keystore path.
|
void |
setKeystoreType(String type)
Sets the keystore type.
|
void |
setMacAlgorithm(String alg)
Sets the MAC key algorithm.
|
void |
setMacKey(SecretKey key)
Sets the MAC key.
|
void |
setMacKeyAlias(String alias)
Sets the MAC key alias.
|
void |
setMacKeyPassword(String password)
Sets the MAC key password.
|
void |
setRandom(SecureRandom r)
Sets the pseudorandom generator.
|
private void |
testEncryption()
Run a test over the configured bean properties.
|
String |
unwrap(String wrapped)
Decrypts and verifies an encrypted bundle of MAC'd data, and returns it.
|
String |
wrap(String data,
long exp)
Encodes data into a cryptographic blob: [IV][HMAC][exp][data] where: [IV] = the Initialization Vector; byte-array
[HMAC] = the HMAC; byte array [exp] = expiration time of the data; 8 bytes; Big-endian [data] = the principal; a
UTF-8-encoded string The bytes are then GZIP'd.
|
private static org.slf4j.Logger log
private SecretKey cipherKey
private SecretKey macKey
private SecureRandom random
private String keystoreType
private String keystorePath
private String keystorePassword
private String cipherKeyAlias
private String cipherKeyPassword
private String cipherAlgorithm
private String macKeyAlias
private String macKeyPassword
private String macAlgorithm
public void init() throws DataSealerException
DataSealerException
- if initialization failspublic SecretKey getCipherKey()
public SecretKey getMacKey()
public SecureRandom getRandom()
public String getKeystoreType()
public String getKeystorePath()
public String getKeystorePassword()
public String getCipherKeyAlias()
public String getCipherKeyPassword()
public String getCipherAlgorithm()
public String getMacKeyAlias()
public String getMacKeyPassword()
public String getMacAlgorithm()
public void setCipherKey(SecretKey key)
key
- the encryption key to setpublic void setMacKey(SecretKey key)
key
- the MAC key to setpublic void setRandom(SecureRandom r)
r
- the pseudorandom generator to setpublic void setKeystoreType(String type)
type
- the keystore type to setpublic void setKeystorePath(String path)
path
- the keystore path to setpublic void setKeystorePassword(String password)
password
- the keystore password to setpublic void setCipherKeyAlias(String alias)
alias
- the encryption key alias to setpublic void setCipherKeyPassword(String password)
password
- the encryption key password to setpublic void setCipherAlgorithm(String alg)
alg
- the encryption algorithm to setpublic void setMacKeyAlias(String alias)
alias
- the MAC key alias to setpublic void setMacKeyPassword(String password)
password
- the the MAC key password to setpublic void setMacAlgorithm(String alg)
alg
- the MAC algorithm to setpublic String unwrap(String wrapped) throws DataSealerException
wrapped
- the encoded blobDataSealerException
- if the data cannot be unwrapped and verifiedpublic String wrap(String data, long exp) throws DataSealerException
data
- the data to wrapexp
- expiration timeDataSealerException
- if the wrapping operation failsprivate void testEncryption() throws DataSealerException
DataSealerException
- if the test failsprivate static byte[] getMAC(Mac mac, String data, long exp)
mac
- MAC object to usedata
- data to hashexp
- timestamp to prefix the data withprivate static byte[] getLongBytes(long longValue)
longValue
- value to convertprivate void loadKeys() throws GeneralSecurityException, IOException
GeneralSecurityException
- if the keys fail due to a security-related issueIOException
- if the load process failsCopyright © 1999-2012. All Rights Reserved.