mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-08-07 17:49:17 +00:00
Merged V3.0 to HEAD (again)
11824: Added heartbeat client functionality and unit tests to Alfresco Server. git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@12518 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
@@ -0,0 +1,372 @@
|
||||
/*
|
||||
* Copyright (C) 2005-2008 Alfresco Software Limited.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU General Public License
|
||||
* as published by the Free Software Foundation; either version 2
|
||||
* of the License, or (at your option) any later version.
|
||||
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
|
||||
* As a special exception to the terms and conditions of version 2.0 of
|
||||
* the GPL, you may redistribute this Program in connection with Free/Libre
|
||||
* and Open Source Software ("FLOSS") applications as described in Alfresco's
|
||||
* FLOSS exception. You should have received a copy of the text describing
|
||||
* the FLOSS exception, and it is also available here:
|
||||
* http://www.alfresco.com/legal/licensing"
|
||||
*/
|
||||
package org.alfresco.util.security;
|
||||
|
||||
import java.io.ByteArrayOutputStream;
|
||||
import java.io.DataInputStream;
|
||||
import java.io.DataOutputStream;
|
||||
import java.io.EOFException;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.security.GeneralSecurityException;
|
||||
import java.security.InvalidAlgorithmParameterException;
|
||||
import java.security.InvalidKeyException;
|
||||
import java.security.MessageDigest;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.security.NoSuchProviderException;
|
||||
import java.security.PrivateKey;
|
||||
import java.security.SecureRandom;
|
||||
|
||||
import javax.crypto.BadPaddingException;
|
||||
import javax.crypto.Cipher;
|
||||
import javax.crypto.IllegalBlockSizeException;
|
||||
import javax.crypto.Mac;
|
||||
import javax.crypto.NoSuchPaddingException;
|
||||
import javax.crypto.SecretKey;
|
||||
import javax.crypto.spec.IvParameterSpec;
|
||||
import javax.crypto.spec.SecretKeySpec;
|
||||
|
||||
/**
|
||||
* An input stream that encrypts data produced by a {@link EncryptingOutputStream}. A lightweight yet secure hybrid
|
||||
* encryption scheme is used. A random symmetric key is decrypted using the receiver's private key. The supplied data is
|
||||
* then decrypted using the symmetric key and read on a streaming basis. When the end of the stream is reached or the
|
||||
* stream is closed, a HMAC checksum of the entire stream contents is validated.
|
||||
*/
|
||||
public class DecryptingInputStream extends InputStream
|
||||
{
|
||||
|
||||
/** The wrapped stream. */
|
||||
private final DataInputStream wrapped;
|
||||
|
||||
/** The input cipher. */
|
||||
private final Cipher inputCipher;
|
||||
|
||||
/** The MAC generator. */
|
||||
private final Mac mac;
|
||||
|
||||
/** Internal buffer for MAC computation. */
|
||||
private final ByteArrayOutputStream buffer = new ByteArrayOutputStream(1024);
|
||||
|
||||
/** A DataOutputStream on top of our interal buffer. */
|
||||
private final DataOutputStream dataStr = new DataOutputStream(this.buffer);
|
||||
|
||||
/** The current unencrypted data block. */
|
||||
private byte[] currentDataBlock;
|
||||
|
||||
/** The next encrypted data block. (could be the HMAC checksum) */
|
||||
private byte[] nextDataBlock;
|
||||
|
||||
/** Have we read to the end of the underlying stream?. */
|
||||
private boolean isAtEnd;
|
||||
|
||||
/** Our current position within currentDataBlock. */
|
||||
private int currentDataPos;
|
||||
|
||||
/**
|
||||
* Constructs a DecryptingInputStream using default symmetric encryption parameters.
|
||||
*
|
||||
* @param wrapped
|
||||
* the input stream to decrypt
|
||||
* @param privKey
|
||||
* the receiver's private key for decrypting the symmetric key
|
||||
* @throws IOException
|
||||
* Signals that an I/O exception has occurred.
|
||||
* @throws NoSuchAlgorithmException
|
||||
* the no such algorithm exception
|
||||
* @throws NoSuchPaddingException
|
||||
* the no such padding exception
|
||||
* @throws InvalidKeyException
|
||||
* the invalid key exception
|
||||
* @throws IllegalBlockSizeException
|
||||
* the illegal block size exception
|
||||
* @throws BadPaddingException
|
||||
* the bad padding exception
|
||||
* @throws InvalidAlgorithmParameterException
|
||||
* the invalid algorithm parameter exception
|
||||
* @throws NoSuchProviderException
|
||||
* the no such provider exception
|
||||
*/
|
||||
public DecryptingInputStream(final InputStream wrapped, final PrivateKey privKey) throws IOException,
|
||||
NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException,
|
||||
BadPaddingException, InvalidAlgorithmParameterException, NoSuchProviderException
|
||||
{
|
||||
this(wrapped, privKey, "AES", "CBC", "PKCS5PADDING");
|
||||
}
|
||||
|
||||
/**
|
||||
* Constructs a DecryptingInputStream.
|
||||
*
|
||||
* @param wrapped
|
||||
* the input stream to decrypt
|
||||
* @param privKey
|
||||
* the receiver's private key for decrypting the symmetric key
|
||||
* @param algorithm
|
||||
* encryption algorithm (e.g. "AES")
|
||||
* @param mode
|
||||
* encryption mode (e.g. "CBC")
|
||||
* @param padding
|
||||
* padding scheme (e.g. "PKCS5PADDING")
|
||||
* @throws IOException
|
||||
* Signals that an I/O exception has occurred.
|
||||
* @throws NoSuchAlgorithmException
|
||||
* the no such algorithm exception
|
||||
* @throws NoSuchPaddingException
|
||||
* the no such padding exception
|
||||
* @throws InvalidKeyException
|
||||
* the invalid key exception
|
||||
* @throws IllegalBlockSizeException
|
||||
* the illegal block size exception
|
||||
* @throws BadPaddingException
|
||||
* the bad padding exception
|
||||
* @throws InvalidAlgorithmParameterException
|
||||
* the invalid algorithm parameter exception
|
||||
* @throws NoSuchProviderException
|
||||
* the no such provider exception
|
||||
*/
|
||||
public DecryptingInputStream(final InputStream wrapped, final PrivateKey privKey, final String algorithm,
|
||||
final String mode, final String padding) throws IOException, NoSuchAlgorithmException,
|
||||
NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException,
|
||||
InvalidAlgorithmParameterException, NoSuchProviderException
|
||||
{
|
||||
// Initialise a secure source of randomness
|
||||
this.wrapped = new DataInputStream(wrapped);
|
||||
final SecureRandom secRand = SecureRandom.getInstance("SHA1PRNG");
|
||||
|
||||
// Set up RSA
|
||||
final Cipher rsa = Cipher.getInstance("RSA/ECB/OAEPWITHSHA1ANDMGF1PADDING");
|
||||
rsa.init(Cipher.DECRYPT_MODE, privKey, secRand);
|
||||
|
||||
// Read and decrypt the symmetric key
|
||||
final SecretKey symKey = new SecretKeySpec(rsa.doFinal(readBlock()), algorithm);
|
||||
|
||||
// Read and decrypt initialisation vector
|
||||
final byte[] keyIV = rsa.doFinal(readBlock());
|
||||
|
||||
// Set up cipher for decryption
|
||||
this.inputCipher = Cipher.getInstance(algorithm + "/" + mode + "/" + padding);
|
||||
this.inputCipher.init(Cipher.DECRYPT_MODE, symKey, new IvParameterSpec(keyIV));
|
||||
|
||||
// Read and decrypt the MAC key
|
||||
final SecretKey macKey = new SecretKeySpec(this.inputCipher.doFinal(readBlock()), "HMACSHA1");
|
||||
|
||||
// Set up HMAC
|
||||
this.mac = Mac.getInstance("HMACSHA1");
|
||||
this.mac.init(macKey);
|
||||
|
||||
// Always read a block ahead so we can intercept the HMAC block
|
||||
this.nextDataBlock = readBlock(false);
|
||||
}
|
||||
|
||||
/**
|
||||
* Reads the next block of data, adding it to the HMAC checksum. Strips the header recording the number of bytes in
|
||||
* the block.
|
||||
*
|
||||
* @return the data block, or <code>null</code> if the end of the stream has been reached
|
||||
* @throws IOException
|
||||
* Signals that an I/O exception has occurred.
|
||||
*/
|
||||
private byte[] readBlock() throws IOException
|
||||
{
|
||||
return readBlock(true);
|
||||
}
|
||||
|
||||
/**
|
||||
* Reads the next block of data, optionally adding it to the HMAC checksum. Strips the header recording the number
|
||||
* of bytes in the block.
|
||||
*
|
||||
* @param updateMac
|
||||
* should the block be added to the HMAC checksum?
|
||||
* @return the data block, or <code>null</code> if the end of the stream has been reached
|
||||
* @throws IOException
|
||||
* Signals that an I/O exception has occurred.
|
||||
*/
|
||||
private byte[] readBlock(final boolean updateMac) throws IOException
|
||||
{
|
||||
int len;
|
||||
try
|
||||
{
|
||||
len = this.wrapped.readInt();
|
||||
}
|
||||
catch (final EOFException e)
|
||||
{
|
||||
return null;
|
||||
}
|
||||
final byte[] in = new byte[len];
|
||||
this.wrapped.readFully(in);
|
||||
if (updateMac)
|
||||
{
|
||||
macBlock(in);
|
||||
}
|
||||
return in;
|
||||
}
|
||||
|
||||
/**
|
||||
* Updates the HMAC checksum with the given data block.
|
||||
*
|
||||
* @param block
|
||||
* the block
|
||||
* @throws IOException
|
||||
* Signals that an I/O exception has occurred.
|
||||
*/
|
||||
private void macBlock(final byte[] block) throws IOException
|
||||
{
|
||||
this.dataStr.writeInt(block.length);
|
||||
this.dataStr.write(block);
|
||||
// If we don't have the MAC key yet, buffer up until we do
|
||||
if (this.mac != null)
|
||||
{
|
||||
this.dataStr.flush();
|
||||
final byte[] bytes = this.buffer.toByteArray();
|
||||
this.buffer.reset();
|
||||
this.mac.update(bytes);
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* (non-Javadoc)
|
||||
* @see java.io.InputStream#read()
|
||||
*/
|
||||
@Override
|
||||
public int read() throws IOException
|
||||
{
|
||||
final byte[] buf = new byte[1];
|
||||
int bytesRead;
|
||||
while ((bytesRead = read(buf)) == 0)
|
||||
{
|
||||
;
|
||||
}
|
||||
return bytesRead == -1 ? -1 : buf[0] & 0xFF;
|
||||
}
|
||||
|
||||
/*
|
||||
* (non-Javadoc)
|
||||
* @see java.io.InputStream#read(byte[])
|
||||
*/
|
||||
@Override
|
||||
public int read(final byte b[]) throws IOException
|
||||
{
|
||||
return read(b, 0, b.length);
|
||||
}
|
||||
|
||||
/*
|
||||
* (non-Javadoc)
|
||||
* @see java.io.InputStream#read(byte[], int, int)
|
||||
*/
|
||||
@Override
|
||||
public int read(final byte b[], int off, final int len) throws IOException
|
||||
{
|
||||
if (b == null)
|
||||
{
|
||||
throw new NullPointerException();
|
||||
}
|
||||
else if (off < 0 || off > b.length || len < 0 || off + len > b.length || off + len < 0)
|
||||
{
|
||||
throw new IndexOutOfBoundsException();
|
||||
}
|
||||
else if (len == 0)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
int bytesToRead = len;
|
||||
OUTER: while (bytesToRead > 0)
|
||||
{
|
||||
// Fetch another block if necessary
|
||||
while (this.currentDataBlock == null || this.currentDataPos >= this.currentDataBlock.length)
|
||||
{
|
||||
byte[] newDataBlock;
|
||||
// We're right at the end of the last block so finish
|
||||
if (this.isAtEnd)
|
||||
{
|
||||
this.currentDataBlock = this.nextDataBlock = null;
|
||||
break OUTER;
|
||||
}
|
||||
// We've already read the last block so validate the MAC code
|
||||
else if ((newDataBlock = readBlock(false)) == null)
|
||||
{
|
||||
if (!MessageDigest.isEqual(this.mac.doFinal(), this.nextDataBlock))
|
||||
{
|
||||
throw new IOException("Invalid HMAC");
|
||||
}
|
||||
// We still have what's left in the cipher to read
|
||||
try
|
||||
{
|
||||
this.currentDataBlock = this.inputCipher.doFinal();
|
||||
}
|
||||
catch (final GeneralSecurityException e)
|
||||
{
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
this.isAtEnd = true;
|
||||
}
|
||||
// We have an ordinary data block to MAC and decrypt
|
||||
else
|
||||
{
|
||||
macBlock(this.nextDataBlock);
|
||||
this.currentDataBlock = this.inputCipher.update(this.nextDataBlock);
|
||||
this.nextDataBlock = newDataBlock;
|
||||
}
|
||||
this.currentDataPos = 0;
|
||||
}
|
||||
final int bytesRead = Math.min(bytesToRead, this.currentDataBlock.length - this.currentDataPos);
|
||||
System.arraycopy(this.currentDataBlock, this.currentDataPos, b, off, bytesRead);
|
||||
bytesToRead -= bytesRead;
|
||||
off += bytesRead;
|
||||
this.currentDataPos += bytesRead;
|
||||
}
|
||||
return bytesToRead == len ? -1 : len - bytesToRead;
|
||||
}
|
||||
|
||||
/*
|
||||
* (non-Javadoc)
|
||||
* @see java.io.InputStream#available()
|
||||
*/
|
||||
@Override
|
||||
public int available() throws IOException
|
||||
{
|
||||
return this.currentDataBlock == null ? 0 : this.currentDataBlock.length - this.currentDataPos;
|
||||
}
|
||||
|
||||
/*
|
||||
* (non-Javadoc)
|
||||
* @see java.io.InputStream#close()
|
||||
*/
|
||||
@Override
|
||||
public void close() throws IOException
|
||||
{
|
||||
// Read right to the end, just to ensure the MAC code is valid!
|
||||
if (this.nextDataBlock != null)
|
||||
{
|
||||
final byte[] skipBuff = new byte[1024];
|
||||
while (read(skipBuff) != -1)
|
||||
{
|
||||
;
|
||||
}
|
||||
}
|
||||
this.wrapped.close();
|
||||
this.dataStr.close();
|
||||
}
|
||||
|
||||
}
|
@@ -0,0 +1,269 @@
|
||||
/*
|
||||
* Copyright (C) 2005-2008 Alfresco Software Limited.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU General Public License
|
||||
* as published by the Free Software Foundation; either version 2
|
||||
* of the License, or (at your option) any later version.
|
||||
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
|
||||
* As a special exception to the terms and conditions of version 2.0 of
|
||||
* the GPL, you may redistribute this Program in connection with Free/Libre
|
||||
* and Open Source Software ("FLOSS") applications as described in Alfresco's
|
||||
* FLOSS exception. You should have received a copy of the text describing
|
||||
* the FLOSS exception, and it is also available here:
|
||||
* http://www.alfresco.com/legal/licensing"
|
||||
*/
|
||||
package org.alfresco.util.security;
|
||||
|
||||
import java.io.ByteArrayOutputStream;
|
||||
import java.io.DataOutputStream;
|
||||
import java.io.IOException;
|
||||
import java.io.OutputStream;
|
||||
import java.security.GeneralSecurityException;
|
||||
import java.security.InvalidKeyException;
|
||||
import java.security.Key;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.security.PublicKey;
|
||||
import java.security.SecureRandom;
|
||||
|
||||
import javax.crypto.BadPaddingException;
|
||||
import javax.crypto.Cipher;
|
||||
import javax.crypto.IllegalBlockSizeException;
|
||||
import javax.crypto.KeyGenerator;
|
||||
import javax.crypto.Mac;
|
||||
import javax.crypto.NoSuchPaddingException;
|
||||
import javax.crypto.spec.SecretKeySpec;
|
||||
|
||||
/**
|
||||
* An output stream that encrypts data to another output stream. A lightweight yet secure hybrid encryption scheme is
|
||||
* used. A random symmetric key is generated and encrypted using the receiver's public key. The supplied data is then
|
||||
* encrypted using the symmetric key and sent to the underlying stream on a streaming basis. An HMAC checksum is also
|
||||
* computed on an ongoing basis and appended to the output when the stream is closed. This class can be used in
|
||||
* conjunction with {@link DecryptingInputStream} to transport data securely.
|
||||
*/
|
||||
public class EncryptingOutputStream extends OutputStream
|
||||
{
|
||||
/** The wrapped stream. */
|
||||
private final OutputStream wrapped;
|
||||
|
||||
/** The output cipher. */
|
||||
private final Cipher outputCipher;
|
||||
|
||||
/** The MAC generator. */
|
||||
private final Mac mac;
|
||||
|
||||
/** Internal buffer for MAC computation. */
|
||||
private final ByteArrayOutputStream buffer = new ByteArrayOutputStream(1024);
|
||||
|
||||
/** A DataOutputStream on top of our interal buffer. */
|
||||
private final DataOutputStream dataStr = new DataOutputStream(this.buffer);
|
||||
|
||||
/**
|
||||
* Constructs an EncryptingOutputStream using default symmetric encryption parameters.
|
||||
*
|
||||
* @param wrapped
|
||||
* outputstream to store the encrypted data
|
||||
* @param receiverKey
|
||||
* the receiver's public key for encrypting the symmetric key
|
||||
* @param rand
|
||||
* a secure source of randomness
|
||||
* @throws IOException
|
||||
* Signals that an I/O exception has occurred.
|
||||
* @throws NoSuchAlgorithmException
|
||||
* the no such algorithm exception
|
||||
* @throws NoSuchPaddingException
|
||||
* the no such padding exception
|
||||
* @throws InvalidKeyException
|
||||
* the invalid key exception
|
||||
* @throws BadPaddingException
|
||||
* the bad padding exception
|
||||
* @throws IllegalBlockSizeException
|
||||
* the illegal block size exception
|
||||
*/
|
||||
public EncryptingOutputStream(final OutputStream wrapped, final PublicKey receiverKey, final SecureRandom rand)
|
||||
throws IOException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException,
|
||||
IllegalBlockSizeException, BadPaddingException
|
||||
{
|
||||
this(wrapped, receiverKey, "AES", rand, 128, "CBC", "PKCS5PADDING");
|
||||
}
|
||||
|
||||
/**
|
||||
* Constructs an EncryptingOutputStream.
|
||||
*
|
||||
* @param wrapped
|
||||
* outputstream to store the encrypted data
|
||||
* @param receiverKey
|
||||
* the receiver's public key for encrypting the symmetric key
|
||||
* @param algorithm
|
||||
* symmetric encryption algorithm (e.g. "AES")
|
||||
* @param rand
|
||||
* a secure source of randomness
|
||||
* @param strength
|
||||
* the key size in bits (e.g. 128)
|
||||
* @param mode
|
||||
* encryption mode (e.g. "CBC")
|
||||
* @param padding
|
||||
* padding scheme (e.g. "PKCS5PADDING")
|
||||
* @throws IOException
|
||||
* Signals that an I/O exception has occurred.
|
||||
* @throws NoSuchAlgorithmException
|
||||
* the no such algorithm exception
|
||||
* @throws NoSuchPaddingException
|
||||
* the no such padding exception
|
||||
* @throws InvalidKeyException
|
||||
* the invalid key exception
|
||||
* @throws BadPaddingException
|
||||
* the bad padding exception
|
||||
* @throws IllegalBlockSizeException
|
||||
* the illegal block size exception
|
||||
*/
|
||||
public EncryptingOutputStream(final OutputStream wrapped, final PublicKey receiverKey, final String algorithm,
|
||||
final SecureRandom rand, final int strength, final String mode, final String padding) throws IOException,
|
||||
NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException,
|
||||
BadPaddingException
|
||||
{
|
||||
// Initialise
|
||||
this.wrapped = wrapped;
|
||||
|
||||
// Generate a random symmetric key
|
||||
final KeyGenerator keyGen = KeyGenerator.getInstance(algorithm);
|
||||
keyGen.init(strength, rand);
|
||||
final Key symKey = keyGen.generateKey();
|
||||
|
||||
// Instantiate Symmetric cipher for encryption.
|
||||
this.outputCipher = Cipher.getInstance(algorithm + "/" + mode + "/" + padding);
|
||||
this.outputCipher.init(Cipher.ENCRYPT_MODE, symKey, rand);
|
||||
|
||||
// Set up HMAC
|
||||
this.mac = Mac.getInstance("HMACSHA1");
|
||||
final byte[] macKeyBytes = new byte[20];
|
||||
rand.nextBytes(macKeyBytes);
|
||||
final Key macKey = new SecretKeySpec(macKeyBytes, "HMACSHA1");
|
||||
this.mac.init(macKey);
|
||||
|
||||
// Set up RSA to encrypt symmetric key
|
||||
final Cipher rsa = Cipher.getInstance("RSA/ECB/OAEPWITHSHA1ANDMGF1PADDING");
|
||||
rsa.init(Cipher.ENCRYPT_MODE, receiverKey, rand);
|
||||
|
||||
// Write the header
|
||||
|
||||
// Write out an RSA-encrypted block for the key of the cipher.
|
||||
writeBlock(rsa.doFinal(symKey.getEncoded()));
|
||||
|
||||
// Write out RSA-encrypted Initialisation Vector block
|
||||
writeBlock(rsa.doFinal(this.outputCipher.getIV()));
|
||||
|
||||
// Write out key for HMAC.
|
||||
writeBlock(this.outputCipher.doFinal(macKey.getEncoded()));
|
||||
}
|
||||
|
||||
/*
|
||||
* (non-Javadoc)
|
||||
* @see java.io.OutputStream#write(int)
|
||||
*/
|
||||
@Override
|
||||
public void write(final int b) throws IOException
|
||||
{
|
||||
write(new byte[]
|
||||
{
|
||||
(byte) b
|
||||
}, 0, 1);
|
||||
}
|
||||
|
||||
/*
|
||||
* (non-Javadoc)
|
||||
* @see java.io.OutputStream#write(byte[])
|
||||
*/
|
||||
@Override
|
||||
public void write(final byte b[]) throws IOException
|
||||
{
|
||||
write(b, 0, b.length);
|
||||
}
|
||||
|
||||
/*
|
||||
* (non-Javadoc)
|
||||
* @see java.io.OutputStream#write(byte[], int, int)
|
||||
*/
|
||||
@Override
|
||||
public void write(final byte b[], final int off, final int len) throws IOException
|
||||
{
|
||||
if (b == null)
|
||||
{
|
||||
throw new NullPointerException();
|
||||
}
|
||||
else if (off < 0 || off > b.length || len < 0 || off + len > b.length || off + len < 0)
|
||||
{
|
||||
throw new IndexOutOfBoundsException();
|
||||
}
|
||||
else if (len == 0)
|
||||
{
|
||||
return;
|
||||
}
|
||||
final byte[] out = this.outputCipher.update(b, off, len); // Encrypt data.
|
||||
if (out != null && out.length > 0)
|
||||
{
|
||||
writeBlock(out);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Writes a block of data, preceded by its length, and adds it to the HMAC checksum.
|
||||
*
|
||||
* @param out
|
||||
* the data to be written.
|
||||
* @throws IOException
|
||||
* Signals that an I/O exception has occurred.
|
||||
*/
|
||||
private void writeBlock(final byte[] out) throws IOException
|
||||
{
|
||||
this.dataStr.writeInt(out.length); // Write length.
|
||||
this.dataStr.write(out); // Write encrypted data.
|
||||
this.dataStr.flush();
|
||||
final byte[] block = this.buffer.toByteArray();
|
||||
this.buffer.reset();
|
||||
this.mac.update(block);
|
||||
this.wrapped.write(block);
|
||||
}
|
||||
|
||||
/*
|
||||
* (non-Javadoc)
|
||||
* @see java.io.OutputStream#flush()
|
||||
*/
|
||||
@Override
|
||||
public void flush() throws IOException
|
||||
{
|
||||
this.wrapped.flush();
|
||||
}
|
||||
|
||||
/*
|
||||
* (non-Javadoc)
|
||||
* @see java.io.OutputStream#close()
|
||||
*/
|
||||
@Override
|
||||
public void close() throws IOException
|
||||
{
|
||||
try
|
||||
{
|
||||
// Write the last block
|
||||
writeBlock(this.outputCipher.doFinal());
|
||||
}
|
||||
catch (final GeneralSecurityException e)
|
||||
{
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
// Write the MAC code
|
||||
writeBlock(this.mac.doFinal());
|
||||
this.wrapped.close();
|
||||
this.dataStr.close();
|
||||
}
|
||||
|
||||
}
|
@@ -0,0 +1,86 @@
|
||||
/*
|
||||
* Copyright (C) 2005-2008 Alfresco Software Limited.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU General Public License
|
||||
* as published by the Free Software Foundation; either version 2
|
||||
* of the License, or (at your option) any later version.
|
||||
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
|
||||
* As a special exception to the terms and conditions of version 2.0 of
|
||||
* the GPL, you may redistribute this Program in connection with Free/Libre
|
||||
* and Open Source Software ("FLOSS") applications as described in Alfresco's
|
||||
* FLOSS exception. You should have received a copy of the text describing
|
||||
* the FLOSS exception, and it is also available here:
|
||||
* http://www.alfresco.com/legal/licensing"
|
||||
*/
|
||||
package org.alfresco.util.security;
|
||||
|
||||
import java.io.ByteArrayInputStream;
|
||||
import java.io.ByteArrayOutputStream;
|
||||
import java.io.InputStream;
|
||||
import java.io.OutputStream;
|
||||
import java.security.KeyPair;
|
||||
import java.security.KeyPairGenerator;
|
||||
import java.security.SecureRandom;
|
||||
import java.util.Arrays;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
/**
|
||||
* Tests that the EncryptingOutputStream and EncryptingInputStream classes work correctly.
|
||||
*/
|
||||
public class EncryptingOutputStreamTest extends TestCase
|
||||
{
|
||||
|
||||
/**
|
||||
* Tests encryption / decryption by attempting to encrypt and decrypt the bytes forming this class definition and
|
||||
* comparing it with the unencrypted bytes.
|
||||
*
|
||||
* @throws Exception
|
||||
* an exception
|
||||
*/
|
||||
public void testEncrypt() throws Exception
|
||||
{
|
||||
final KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
|
||||
final SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
|
||||
final byte[] seed = getClass().getName().getBytes("UTF-8");
|
||||
random.setSeed(seed);
|
||||
keyGen.initialize(1024, random);
|
||||
final KeyPair pair = keyGen.generateKeyPair();
|
||||
|
||||
final ByteArrayOutputStream buff = new ByteArrayOutputStream(2048);
|
||||
final OutputStream encrypting = new EncryptingOutputStream(buff, pair.getPublic(), random);
|
||||
final ByteArrayOutputStream plainText1 = new ByteArrayOutputStream(2048);
|
||||
|
||||
final InputStream in = getClass().getResourceAsStream(getClass().getSimpleName() + ".class");
|
||||
final byte[] inbuff = new byte[17];
|
||||
int bytesRead;
|
||||
while ((bytesRead = in.read(inbuff)) != -1)
|
||||
{
|
||||
encrypting.write(inbuff, 0, bytesRead);
|
||||
plainText1.write(inbuff, 0, bytesRead);
|
||||
}
|
||||
in.close();
|
||||
encrypting.close();
|
||||
plainText1.close();
|
||||
final InputStream decrypting = new DecryptingInputStream(new ByteArrayInputStream(buff.toByteArray()), pair
|
||||
.getPrivate());
|
||||
final ByteArrayOutputStream plainText2 = new ByteArrayOutputStream(2048);
|
||||
while ((bytesRead = decrypting.read(inbuff)) != -1)
|
||||
{
|
||||
plainText2.write(inbuff, 0, bytesRead);
|
||||
}
|
||||
|
||||
assertTrue(Arrays.equals(plainText1.toByteArray(), plainText2.toByteArray()));
|
||||
|
||||
}
|
||||
}
|
Reference in New Issue
Block a user