Java SealedObject类代码示例

import javax.crypto.SealedObject; //导入依赖的package包/类
/**
 * Encrypt a properties if the data definition (model-specific) requires it.
 * 
 * @param propertyQName             the property qualified name
 * @param inbound                   the property to encrypt
 * @return                          the encrypted property or the original if encryption is not required
 */
public Serializable encrypt(QName propertyQName, Serializable inbound)
{
    PropertyDefinition propertyDef = dictionaryService.getProperty(propertyQName);
    if (inbound == null || propertyDef == null || !(propertyDef.getDataType().getName().equals(DataTypeDefinition.ENCRYPTED)))
    {
        return inbound;
    }
    if (inbound instanceof SealedObject)
    {
        return inbound;
    }
    Serializable outbound = encryptor.sealObject(KeyProvider.ALIAS_METADATA, null, inbound);
    // Done
    return outbound;
}
 

import javax.crypto.SealedObject; //导入依赖的package包/类
/**
 * Decrypt a property if the data definition (model-specific) requires it.
 * 
 * @param propertyQName             the property qualified name
 * @param inbound                   the property to decrypt
 * @return                          the decrypted property or the original if it wasn't encrypted
 */
public Serializable decrypt(QName propertyQName, Serializable inbound)
{
    PropertyDefinition propertyDef = dictionaryService.getProperty(propertyQName);
    if (inbound == null || propertyDef == null || !(propertyDef.getDataType().getName().equals(DataTypeDefinition.ENCRYPTED)))
    {
        return inbound;
    }
    if (!(inbound instanceof SealedObject))
    {
        return inbound;
    }
    try
    {
     Serializable outbound = encryptor.unsealObject(KeyProvider.ALIAS_METADATA, inbound);
     // Done
     return outbound;
    }
    catch(KeyException e)
    {
    	throw new AlfrescoRuntimeException("Invalid metadata decryption key", e);
    }
}
 

import javax.crypto.SealedObject; //导入依赖的package包/类
@Override
Serializable convert(Serializable value)
{
    if (value == null)
    {
        return null;
    }
    else if (value instanceof SealedObject)
    {
        return value;
    }
    else
    {
        throw new IllegalArgumentException("Encrypted properties must be encrypted by the client.");
    }
}
 

import javax.crypto.SealedObject; //导入依赖的package包/类
@Override
public Serializable sealObject(String keyAlias, AlgorithmParameters params, Serializable input)
{
    if (input == null)
    {
        return null;
    }
    Cipher cipher = getCipher(keyAlias, params, Cipher.ENCRYPT_MODE);
    if (cipher == null)
    {
        return input;
    }
    try
    {
        return new SealedObject(input, cipher);
    }
    catch (Exception e)
    {
        throw new AlfrescoRuntimeException("Failed to seal object", e);
    }
}
 

import javax.crypto.SealedObject; //导入依赖的package包/类
/**
 * Seals the given cleartext key, using the password provided at
 * construction time
 */
SealedObject seal(Key key)
    throws Exception
{
    // create a random salt (8 bytes)
    byte[] salt = new byte[8];
    SunJCE.getRandom().nextBytes(salt);

    // create PBE parameters from salt and iteration count
    PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, 20);

    // create PBE key from password
    PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
    SecretKey sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
    pbeKeySpec.clearPassword();

    // seal key
    Cipher cipher;

    PBEWithMD5AndTripleDESCipher cipherSpi;
    cipherSpi = new PBEWithMD5AndTripleDESCipher();
    cipher = new CipherForKeyProtector(cipherSpi, SunJCE.getInstance(),
                                       "PBEWithMD5AndTripleDES");
    cipher.init(Cipher.ENCRYPT_MODE, sKey, pbeSpec);
    return new SealedObjectForKeyProtector(key, cipher);
}
 

import javax.crypto.SealedObject; //导入依赖的package包/类
/**
 * Seals the given cleartext key, using the password provided at
 * construction time
 */
SealedObject seal(Key key)
    throws Exception
{
    // create a random salt (8 bytes)
    byte[] salt = new byte[8];
    SunJCE.getRandom().nextBytes(salt);

    // create PBE parameters from salt and iteration count
    PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, ITERATION_COUNT);

    // create PBE key from password
    PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
    SecretKey sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
    pbeKeySpec.clearPassword();

    // seal key
    Cipher cipher;

    PBEWithMD5AndTripleDESCipher cipherSpi;
    cipherSpi = new PBEWithMD5AndTripleDESCipher();
    cipher = new CipherForKeyProtector(cipherSpi, SunJCE.getInstance(),
                                       "PBEWithMD5AndTripleDES");
    cipher.init(Cipher.ENCRYPT_MODE, sKey, pbeSpec);
    return new SealedObjectForKeyProtector(key, cipher);
}
 

import javax.crypto.SealedObject; //导入依赖的package包/类
public static String encryptAndSerializeObject(final Serializable object, final SecretKey key) {

        if (object == null) {
            throw new IllegalArgumentException("object must not be null");
        }

        try {
            final Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            cipher.init(Cipher.ENCRYPT_MODE, key);
            final SealedObject sealedobject = new SealedObject(object, cipher);
            final ByteArrayOutputStream bos = new ByteArrayOutputStream();
            final ObjectOutputStream out = new ObjectOutputStream(bos);
            out.writeObject(sealedobject);
            final byte[] bytes = bos.toByteArray();
            return BaseEncoding.base64().encode(bytes);
        } catch (final Exception e) {
            log.error(e.toString(), e);
            throw new ElasticsearchException(e.toString());
        }
    }
 

import javax.crypto.SealedObject; //导入依赖的package包/类
public static Serializable decryptAnDeserializeObject(final String string, final SecretKey key) {

        if (string == null) {
            throw new IllegalArgumentException("string must not be null");
        }

        try {
            final byte[] userr = BaseEncoding.base64().decode(string);
            final ByteArrayInputStream bis = new ByteArrayInputStream(userr);
            final ObjectInputStream in = new ObjectInputStream(bis);
            final SealedObject ud = (SealedObject) in.readObject();
            return (Serializable) ud.getObject(key);
        } catch (final Exception e) {
            log.error(e.toString(), e);
            throw new ElasticsearchException(e.toString());
        }
    }
 

import javax.crypto.SealedObject; //导入依赖的package包/类
@Test
public void encryptAndDecryptMessage() throws Exception {
    MessageModel newMessage = new MessageModel(false, "OWNER", 1);


    PublicKey pubTest = Settings.getInstance().getPublicKey();
    PrivateKey privTest = Settings.getInstance().getPrivateKey();

    Log.d(LOG_TAG, "plain: " + newMessage.getOwnerName());

    SealedObject encrypted = Crypto.encryptBytes(newMessage, pubTest);
    assertNotNull("Encrypted SealedObject is null", encrypted);

    Object decrypted = Crypto.decryptBytes(encrypted, privTest);
    assertNotNull("Decrypted Object is null", decrypted);

    MessageModel oldMessage = (MessageModel) decrypted;
    assertEquals("Values before/after encryption don't match", oldMessage.getOwnerName(),
            "OWNER");
}
 

import javax.crypto.SealedObject; //导入依赖的package包/类
public synchronized Object sealObject(Object object) throws CryptoException {
    try {
    	if (useSealedObject) {
    		return new SealedObject((Serializable)object, encryptCipher);
    	}
    	AccessibleByteArrayOutputStream baos = new AccessibleByteArrayOutputStream(1 << 13);
    	ObjectOutputStream oos = new ObjectOutputStream(baos);
    	oos.writeObject(object);
    	oos.flush();
    	oos.close();
    	return encrypt(baos.getBuffer(), 0, baos.getCount());
    } catch ( Exception e ) {
        try {
            initEncryptCipher();
        } catch (CryptoException err) {
            //shouldn't happen
        }
          throw new CryptoException(CorePlugin.Event.TEIID10013, CorePlugin.Util.gs(CorePlugin.Event.TEIID10013, e.getMessage()));
    }
}
 

import javax.crypto.SealedObject; //导入依赖的package包/类
/**
 * Gets the security context from the exchange.
 * @param exchange the exchange
 * @param create create a new security context if one does not already exist in the exchange or if it is not still valid
 * @return the security context, or null if create is false and one didn't already exist or was not valid
 */
public SecurityContext getContext(Exchange exchange, boolean create) {
    SecurityContext securityContext = null;
    Property property = exchange.getContext().getProperty(EXCHANGE_PROPERTY, Scope.EXCHANGE);
    if (property != null) {
        Object object = property.getValue();
        if (object instanceof SecurityContext) {
            securityContext = (SecurityContext)object;
        } else if (object instanceof SealedObject) {
            PrivateCrypto privateCrypto = _systemSecurity.getPrivateCrypto();
            if (privateCrypto == null) {
                throw new IllegalStateException("privateCrypto == null");
            }
            securityContext = (SecurityContext)privateCrypto.unseal((SealedObject)object);
        } else if (object != null) {
            throw new IllegalArgumentException(object.getClass().getName() + " != " + EXCHANGE_PROPERTY);
        }
    }
    UUID systemUUID = _systemSecurity.getUUID();
    if ((securityContext == null || !securityContext.isValid(systemUUID)) && create) {
        Long timeoutMillis = _systemSecurity.getSecurityContextTimeoutMillis();
        securityContext = new DefaultSecurityContext(systemUUID, timeoutMillis);
    }
    return securityContext;
}
 

import javax.crypto.SealedObject; //导入依赖的package包/类
/**
 * readObject(ObjectInputStream s) method testing. Tests if the
 * serialization/deserialization works correctly: object is serialized,
 * deserialized, the content od deserialized object equals to the content of
 * initial object.
 */
@TestTargetNew(
    level = TestLevel.COMPLETE,
    notes = "",
    method = "!Serialization",
    args = {}
)
public void testReadObject() throws Exception {
    String secret = "secret string";
    SealedObject so = new SealedObject(secret, new NullCipher());
    ByteArrayOutputStream bos = new ByteArrayOutputStream();
    ObjectOutputStream oos = new ObjectOutputStream(bos);
    oos.writeObject(so);

    ObjectInputStream ois = new ObjectInputStream(new ByteArrayInputStream(
            bos.toByteArray()));

    SealedObject so_des = (SealedObject) ois.readObject();
    assertEquals("The secret content of deserialized object "
            + "should be equal to the secret content of initial object",
            secret, so_des.getObject(new NullCipher()));
    assertEquals("The value returned by getAlgorithm() method of "
            + "deserialized object should be equal to the value returned "
            + "by getAlgorithm() method of initial object", so
            .getAlgorithm(), so_des.getAlgorithm());
}
 

import javax.crypto.SealedObject; //导入依赖的package包/类
/**
 * getAlgorithm() method testing. Tests if the returned value equals to the
 * corresponding value of Cipher object.
 */
@TestTargetNew(
    level = TestLevel.COMPLETE,
    notes = "",
    method = "getAlgorithm",
    args = {}
)
public void testGetAlgorithm() throws Exception {
    String secret = "secret string";
    String algorithm = "DES";
    KeyGenerator kg = KeyGenerator.getInstance(algorithm);
    Key key = kg.generateKey();

    Cipher cipher = Cipher.getInstance(algorithm);
    cipher.init(Cipher.ENCRYPT_MODE, key);
    SealedObject so = new SealedObject(secret, cipher);

    assertEquals("The algorithm name should be the same as used "
            + "in cipher.", algorithm, so.getAlgorithm());
}
 

import javax.crypto.SealedObject; //导入依赖的package包/类
/**
 * Seals the given cleartext key, using the password provided at
 * construction time
 */
SealedObject seal(Key key)
    throws Exception
{
    // create a random salt (8 bytes)
    byte[] salt = new byte[8];
    SunJCE.RANDOM.nextBytes(salt);

    // create PBE parameters from salt and iteration count
    PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, 20);

    // create PBE key from password
    PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
    SecretKey sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
    pbeKeySpec.clearPassword();

    // seal key
    Cipher cipher;

    PBEWithMD5AndTripleDESCipher cipherSpi;
    cipherSpi = new PBEWithMD5AndTripleDESCipher();
    cipher = new CipherForKeyProtector(cipherSpi, PROV,
                                       "PBEWithMD5AndTripleDES");
    cipher.init(Cipher.ENCRYPT_MODE, sKey, pbeSpec);
    return new SealedObjectForKeyProtector(key, cipher);
}
 

import javax.crypto.SealedObject; //导入依赖的package包/类
/** Encrypts the Serializable object with AES
    * @param plaintext the Serializable object to encrypt
    * @param password the password to use for encryption, if it's null or empty the default pass will be used instead
    * @return an encrypter String formatted as json containing the used cipher and the encrypted object
    */
   public static String encryptAES(Serializable plaintext, String password) {
	try{
		final PBEParameterSpec pbeParamSpec = new PBEParameterSpec(salt, 20);
		final PBEKeySpec pbeKeySpec = new PBEKeySpec( 
	    		(password==null || password.equalsIgnoreCase(""))?defaultPass:password.toCharArray()  );
		final SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance(AES_ALG);
		final SecretKey secretKey = secretKeyFactory.generateSecret(pbeKeySpec);

		final Cipher cipher = Cipher.getInstance(AES_ALG);
	    cipher.init(Cipher.ENCRYPT_MODE,secretKey,pbeParamSpec);

	    return gson.toJson(new SealedObject(plaintext,cipher));
	} catch(Exception e) {
		e.printStackTrace();
	}
	return null;
}