下面列出了怎么用java.security.GeneralSecurityException的API类实例代码及写法,或者点击链接到github查看源代码。
public static GoogleCredential buildCredential(CloudCredential gcpCredential, HttpTransport httpTransport) throws IOException, GeneralSecurityException {
String credentialJson = getServiceAccountCredentialJson(gcpCredential);
if (isNotEmpty(credentialJson)) {
return GoogleCredential.fromStream(new ByteArrayInputStream(Base64.decodeBase64(credentialJson)), httpTransport, JSON_FACTORY)
.createScoped(SCOPES);
} else {
try {
PrivateKey pk = SecurityUtils.loadPrivateKeyFromKeyStore(SecurityUtils.getPkcs12KeyStore(),
new ByteArrayInputStream(Base64.decodeBase64(getServiceAccountPrivateKey(gcpCredential))), "notasecret", "privatekey", "notasecret");
return new GoogleCredential.Builder().setTransport(httpTransport)
.setJsonFactory(JSON_FACTORY)
.setServiceAccountId(getServiceAccountId(gcpCredential))
.setServiceAccountScopes(SCOPES)
.setServiceAccountPrivateKey(pk)
.build();
} catch (IOException e) {
throw new CredentialVerificationException("Can not read private key", e);
}
}
}
/**
* <p>Tests Diffie-Hellman key exchange.</p>
* <p>Use at least a <code>p</code> of 2048 bits. Better pre-determined values for <code>p</code> can be found at the link below.</p>
* @see https://tools.ietf.org/html/rfc3526
* @throws GeneralSecurityException
*/
@Test public void testDH() throws GeneralSecurityException {
// Create primes p & g
// Tip: You don't need to regenerate p; Use a fixed value in your application
int bits = 2048;
BigInteger p = BigInteger.probablePrime(bits, new SecureRandom());
BigInteger g = new BigInteger("2");
// Create two peers
KeyAgreementPeer peerA = new DHPeer(p, g);
KeyAgreementPeer peerB = new DHPeer(p, g);
// Exchange public keys and compute shared secret
byte[] sharedSecretA = peerA.computeSharedSecret(peerB.getPublicKey());
byte[] sharedSecretB = peerB.computeSharedSecret(peerA.getPublicKey());
assertArrayEquals(sharedSecretA, sharedSecretB);
}
@Override
public DecryptionMaterials getDecryptionMaterials(EncryptionContext context) {
CurrentMaterials materials = currMaterials.get();
if (context.getMaterialDescription().entrySet().containsAll(description.entrySet())) {
if (materials.encryptionEntry instanceof SecretKeyEntry) {
return materials.symRawMaterials;
} else {
try {
return makeAsymMaterials(materials, context.getMaterialDescription());
} catch (GeneralSecurityException ex) {
throw new DynamoDBMappingException("Unable to decrypt envelope key", ex);
}
}
} else {
return null;
}
}
private void buildForward(List<List<Vertex>> adjacencyList,
LinkedList<X509Certificate> certPathList,
boolean searchAllCertStores)
throws GeneralSecurityException, IOException
{
if (debug != null) {
debug.println("SunCertPathBuilder.buildForward()...");
}
/* Initialize current state */
ForwardState currentState = new ForwardState();
currentState.initState(buildParams.certPathCheckers());
/* Initialize adjacency list */
adjacencyList.clear();
adjacencyList.add(new LinkedList<Vertex>());
currentState.untrustedChecker = new UntrustedChecker();
depthFirstSearchForward(buildParams.targetSubject(), currentState,
new ForwardBuilder(buildParams,
searchAllCertStores),
adjacencyList, certPathList);
}
@Test
public void testMissingKey()
throws NoSuchKeyException, GeneralSecurityException, AuthModeUnavailableException {
when(keyManager.getDecrypter(anyString(), anyInt(), anyBoolean()))
.thenThrow(new NoSuchKeyException("no such key"));
byte[] ciphertextBytes = ciphertextBuilder.build().toByteArray();
// New key pair generated.
when(keyManager.generateKeyPair(anyInt(), anyBoolean())).thenReturn(true);
decrypterManager.decrypt(ciphertextBytes, handler, extra);
verify(handler).handlePublicKey(
ciphertextBuilder.getIsAuthKey(), PUBLIC_KEY.getBytes(), ciphertextBytes, extra);
// New key pair not generated.
when(keyManager.generateKeyPair(anyInt(), anyBoolean())).thenReturn(false);
decrypterManager.decrypt(ciphertextBytes, handler, extra);
verify(handler).error(CapillaryHandlerErrorCode.STALE_CIPHERTEXT, ciphertextBytes, extra);
// Key pair generation failed.
when(keyManager.generateKeyPair(anyInt(), anyBoolean()))
.thenThrow(new GeneralSecurityException("unknown exception"));
decrypterManager.decrypt(ciphertextBytes, handler, extra);
verify(handler).error(CapillaryHandlerErrorCode.UNKNOWN_ERROR, ciphertextBytes, extra);
verifyNoMoreInteractions(handler);
}
@Test
public void testConfigTurnOn() throws GeneralSecurityException, IOException, JSONException {
int maxTemp = 11;
JSONObject data = new JSONObject();
// Set up
CloudiotPubsubExampleServer.createRegistry(CLOUD_REGION, PROJECT_ID, REGISTRY_ID, TOPIC_ID);
CloudiotPubsubExampleServer.createDevice(PROJECT_ID, CLOUD_REGION, REGISTRY_ID, DEVICE_ID);
data.put("temperature", maxTemp);
CloudiotPubsubExampleServer server = new CloudiotPubsubExampleServer();
server.updateDeviceConfig(PROJECT_ID, CLOUD_REGION, REGISTRY_ID, DEVICE_ID, data);
String got = bout.toString();
Assert.assertTrue(got.contains("on"));
Assert.assertTrue(got.contains("11"));
Assert.assertTrue(got.contains("test-device-"));
// Clean up
CloudiotPubsubExampleServer.deleteDevice(DEVICE_ID, PROJECT_ID, CLOUD_REGION, REGISTRY_ID);
CloudiotPubsubExampleServer.deleteRegistry(CLOUD_REGION, PROJECT_ID, REGISTRY_ID);
}
private X509Certificate generateX509V3Certificate(final KeyPair keyPair,
final X500Principal subject,
final X500Principal issuer,
final Date notBefore,
final Date notAfter,
final BigInteger serialNumber,
final GeneralNames generalNames,
final boolean isCA) throws GeneralSecurityException {
X509V3CertificateGenerator generator = new X509V3CertificateGenerator();
generator.setSerialNumber(serialNumber);
generator.setIssuerDN(issuer);
generator.setSubjectDN(subject);
generator.setNotBefore(notBefore);
generator.setNotAfter(notAfter);
generator.setPublicKey(keyPair.getPublic());
generator.setSignatureAlgorithm("SHA256WithRSAEncryption");
generator.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(isCA));
generator.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(160));
generator.addExtension(X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth));
if (generalNames != null) {
generator.addExtension(X509Extensions.SubjectAlternativeName, false, generalNames);
}
return generator.generateX509Certificate(keyPair.getPrivate(), SecurityUtil.getSecurityProvider());
}
private void checkAttrs() throws UnrecoverableEntryException,
GeneralSecurityException, NoSuchAlgorithmException,
KeyStoreException, IOException {
KeyStore ks = Utils.loadKeyStore(WORKING_DIRECTORY
+ File.separator
+ KESTORE_NEW, Utils.KeyStoreType.pkcs12, PASSWORD);
KeyStore.Entry keyStoreEntry = ks.getEntry(ALIAS,
new KeyStore.PasswordProtection(KEY_PASSWORD));
out.println("Attributes after store:");
//print attribute values
keyStoreEntry.getAttributes().stream().forEach((attr) -> {
out.println(attr.getName() + ", '" + attr.getValue() + "'");
});
Arrays.stream(ATTR_SET).forEach((attr) -> {
if (!keyStoreEntry.getAttributes().contains(attr)) {
throw new RuntimeException("Entry doesn't contain attribute: ("
+ attr.getName() + ", '" + attr.getValue() + "')");
}
});
}
/**
* Get the Keystore given the URL to the keystore
* @param keyStoreType or null for default
* @param url
* @param storePass
* @return
* @throws GeneralSecurityException
* @throws IOException
*/
public static KeyStore getKeyStore(String keyStoreType, URL url, char[] storePass) throws GeneralSecurityException, IOException
{
if (url == null)
throw PicketBoxMessages.MESSAGES.invalidNullArgument("url");
InputStream is = null;
try
{
is = url.openStream();
return getKeyStore(keyStoreType, is, storePass);
}
finally
{
safeClose(is);
}
}
/**
* Returns the digest value of a given public key.
*
* <p>In Version “H003” of the EBICS protocol the ES of the financial:
*
* <p>The SHA-256 hash values of the financial institution's public keys for X002 and E002 are
* composed by concatenating the exponent with a blank character and the modulus in hexadecimal
* representation (using lower case letters) without leading zero (as to the hexadecimal
* representation). The resulting string has to be converted into a byte array based on US ASCII
* code.
*
* @param publicKey the public key
* @return the digest value
* @throws EbicsException
*/
public static byte[] getKeyDigest(RSAPublicKey publicKey) throws AxelorException {
String modulus;
String exponent;
String hash;
byte[] digest;
exponent = Hex.encodeHexString(publicKey.getPublicExponent().toByteArray());
modulus = Hex.encodeHexString(removeFirstByte(publicKey.getModulus().toByteArray()));
hash = exponent + " " + modulus;
if (hash.charAt(0) == '0') {
hash = hash.substring(1);
}
try {
digest = MessageDigest.getInstance("SHA-256", "BC").digest(hash.getBytes("US-ASCII"));
} catch (GeneralSecurityException | UnsupportedEncodingException e) {
throw new AxelorException(
e.getCause(), TraceBackRepository.CATEGORY_CONFIGURATION_ERROR, e.getMessage());
}
return new String(Hex.encodeHex(digest, false)).getBytes();
}
public TlsClientManager(TlsClientConfig tlsClientConfig, PasswordUtil passwordUtil, InputStreamFactory inputStreamFactory) throws GeneralSecurityException, IOException {
super(tlsClientConfig, passwordUtil, inputStreamFactory);
this.trustStore = loadKeystore(tlsClientConfig.getTrustStore(), tlsClientConfig.getTrustStoreType(), tlsClientConfig.getTrustStorePassword());
this.tlsClientConfig = tlsClientConfig;
this.configurationWriters = new ArrayList<>();
this.certificateAliases = new HashSet<>();
}
@Before
public void setup() throws Exception {
ChannelHandler uncaughtExceptionHandler =
new ChannelDuplexHandler() {
@Override
public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) throws Exception {
caughtException = cause;
super.exceptionCaught(ctx, cause);
ctx.close();
}
};
TsiHandshakerFactory handshakerFactory =
new DelegatingTsiHandshakerFactory(FakeTsiHandshaker.clientHandshakerFactory()) {
@Override
public TsiHandshaker newHandshaker(String authority) {
return new DelegatingTsiHandshaker(super.newHandshaker(authority)) {
@Override
public TsiPeer extractPeer() throws GeneralSecurityException {
return mockedTsiPeer;
}
@Override
public Object extractPeerObject() throws GeneralSecurityException {
return mockedAltsContext;
}
};
}
};
ManagedChannel fakeChannel = NettyChannelBuilder.forTarget("localhost:8080").build();
ObjectPool<Channel> fakeChannelPool = new FixedObjectPool<Channel>(fakeChannel);
LazyChannel lazyFakeChannel = new LazyChannel(fakeChannelPool);
ChannelHandler altsServerHandler = new ServerAltsProtocolNegotiator(
handshakerFactory, lazyFakeChannel)
.newHandler(grpcHandler);
// On real server, WBAEH fires default ProtocolNegotiationEvent. KickNH provides this behavior.
ChannelHandler handler = new KickNegotiationHandler(altsServerHandler);
channel = new EmbeddedChannel(uncaughtExceptionHandler, handler);
}
@Override
public SSLWriteCipher createCipher(SSLCipher sslCipher,
Authenticator authenticator,
ProtocolVersion protocolVersion, String algorithm,
Key key, AlgorithmParameterSpec params,
SecureRandom random) throws GeneralSecurityException {
return new NullWriteCipher(authenticator, protocolVersion);
}
public void verifyAsymmetricRsa() throws IOException, GeneralSecurityException {
// TODO(developer): Replace these variables before running the sample.
String projectId = "your-project-id";
String locationId = "us-east1";
String keyRingId = "my-key-ring";
String keyId = "my-key";
String keyVersionId = "123";
String message = "my message";
byte[] signature = null;
verifyAsymmetricRsa(projectId, locationId, keyRingId, keyId, keyVersionId, message, signature);
}
public AuthGenerator createAuthGenerator()
{
if (this.token != null)
{
try
{
return new AuthGenerator(token);
}
catch (GeneralSecurityException e)
{
throw new RuntimeException("Never happens", e);
}
}
return null;
}
/**
* @param input an byte array to encrypt
* @return the concatenation of the IV followed by the cipher text
* @see #decrypt(byte[]) the reverse operation
*/
public static byte[] encrypt(byte[] input) {
try {
Cipher cipher = config.getCipher();
SecretKey secretKey = config.getSecretKey();
cipher.init(Cipher.ENCRYPT_MODE, secretKey, SecureRandomFactory.createPRNG()); // init generates the IV
byte[] iv = cipher.getIV();
byte[] cipherText = cipher.doFinal(input);
return Bytes.concat(iv, cipherText);
} catch (GeneralSecurityException e) {
throw new CryptoOperationRuntimeException(e);
}
}
/**
* Get the RSA public key value.
*
* @param provider
* the Java security provider.
* @return the RSA public key value
*/
private PublicKey getRSAPublicKey(Provider provider) {
try {
RSAPublicKeySpec publicKeySpec = getRSAPublicKeySpec();
KeyFactory factory = provider != null ? KeyFactory.getInstance("RSA", provider)
: KeyFactory.getInstance("RSA");
return factory.generatePublic(publicKeySpec);
} catch (GeneralSecurityException e) {
throw new IllegalStateException(e);
}
}
/**
* 使用HMAC-SHA1进行消息签名, 返回字节数组,长度为20字节.
*
* @param input 原始输入字符数组
* @param key HMAC-SHA1密钥
*/
public static byte[] hmacSha1(byte[] input, byte[] key) {
try {
SecretKey secretKey = new SecretKeySpec(key, HMACSHA1_ALG);
Mac mac = Mac.getInstance(HMACSHA1_ALG);
mac.init(secretKey);
return mac.doFinal(input);
} catch (GeneralSecurityException e) {
throw ExceptionUtil.unchecked(e);
}
}
/**
* {@inheritDoc}
*/
@Override
public Future<Void> validate(final List<X509Certificate> chain, final Set<TrustAnchor> trustAnchors) {
Objects.requireNonNull(chain);
Objects.requireNonNull(trustAnchors);
if (chain.isEmpty()) {
throw new IllegalArgumentException("certificate chain must not be empty");
} else if (trustAnchors.isEmpty()) {
throw new IllegalArgumentException("trust anchor list must not be empty");
}
final Promise<Void> result = Promise.promise();
try {
final PKIXParameters params = new PKIXParameters(trustAnchors);
// TODO do we need to check for revocation?
params.setRevocationEnabled(false);
final CertificateFactory factory = CertificateFactory.getInstance("X.509");
final CertPath path = factory.generateCertPath(chain);
final CertPathValidator validator = CertPathValidator.getInstance("PKIX");
validator.validate(path, params);
LOG.debug("validation of device certificate [subject DN: {}] succeeded",
chain.get(0).getSubjectX500Principal().getName());
result.complete();
} catch (GeneralSecurityException e) {
LOG.debug("validation of device certificate [subject DN: {}] failed",
chain.get(0).getSubjectX500Principal().getName(), e);
if (e instanceof CertificateException) {
result.fail(e);
} else {
result.fail(new CertificateException("validation of device certificate failed", e));
}
}
return result.future();
}
static final SSLReadCipher nullTlsReadCipher() {
try {
return B_NULL.createReadCipher(
Authenticator.nullTlsMac(),
ProtocolVersion.NONE, null, null, null);
} catch (GeneralSecurityException gse) {
// unlikely
throw new RuntimeException("Cannot create NULL SSLCipher", gse);
}
}
static String encrypt(String property) throws GeneralSecurityException, UnsupportedEncodingException {
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("PBEWithMD5AndDES");
SecretKey key = keyFactory.generateSecret(new PBEKeySpec(habridgeKey));
Cipher pbeCipher = Cipher.getInstance("PBEWithMD5AndDES");
pbeCipher.init(Cipher.ENCRYPT_MODE, key, new PBEParameterSpec(SALT, 20));
return base64Encode(pbeCipher.doFinal(property.getBytes("UTF-8")));
}
private TrustManagerFactory createTrustManagerFactory(KeyStoreConfiguration keyStoreConfiguration) throws GeneralSecurityException, IOException {
KeyStore trustStore = KeyStore.getInstance(StringUtils
.hasText(keyStoreConfiguration.getStoreType()) ? keyStoreConfiguration.getStoreType() : KeyStore.getDefaultType());
loadKeyStore(keyStoreConfiguration, trustStore);
TrustManagerFactory trustManagerFactory = TrustManagerFactory
.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(trustStore);
return trustManagerFactory;
}
public Token createToken(Uri uri) throws IllegalArgumentException, GeneralSecurityException {
String name = "";
String issuer = "Not Set";
if (uri.getPath() == null) {
throw new IllegalArgumentException("Missed name or issuer");
}
String[] nameAndIssuer = uri.getPath().split(":");
if (nameAndIssuer.length == 2) {
issuer = nameAndIssuer[0].replaceAll("/","");
name = nameAndIssuer[1].replaceAll("/","");;
} else {
name = nameAndIssuer[0].replaceAll("/","");;
}
Set<String> params = uri.getQueryParameterNames();
if (!params.contains("secret")
|| !params.contains("period")
|| !params.contains("digits")
|| !params.contains("algorithm")) {
throw new IllegalArgumentException("Missed one of the following parameters secret, period, digits, algorithm");
}
String secretKey = uri.getQueryParameter("secret");
int period = Integer.parseInt(uri.getQueryParameter("period"));
int digits = Integer.parseInt(uri.getQueryParameter("digits"));
String algorithm = uri.getQueryParameter("algorithm");
String encryptedSecretKey = this.defaultEncryptionManager.encrypt(secretKey);
PersistableToken persistableToken = new PersistableToken(name, issuer, encryptedSecretKey, period, digits, algorithm);
return new Token(persistableToken, createTotpGenerator(period, digits, algorithm, secretKey));
}
private static byte[] decrypt(byte[] cipherBytes, String key, byte[] iv) {
try {
Cipher cipher = Cipher.getInstance(ENCRYPTION_ALGORITHM);
AlgorithmParameters params = AlgorithmParameters.getInstance("AES");
params.init(new IvParameterSpec(iv));
cipher.init(Cipher.DECRYPT_MODE, getKey(key), params);
return cipher.doFinal(cipherBytes);
} catch (GeneralSecurityException e) {
throw new RuntimeException("Failed to decrypt.", e);
}
}
@Override
public void failTest() throws GeneralSecurityException {
Throwable caughtException = null;
Collection<? extends CRL> crls = null;
System.out.println("generateCRLs(): " + testName);
if (expectedException == null) {
throw new RuntimeException("failTest requires non-null " +
"expectedException");
}
try {
crls =
cf.generateCRLs(new ByteArrayInputStream(testData));
} catch (CRLException e) {
caughtException = e;
}
if (caughtException != null) {
// It has to be the right kind of exception though...
if (!caughtException.getClass().equals(
expectedException.getClass())) {
System.err.println("Unexpected exception thrown. " +
"Received: " + caughtException + ", Expected: " +
expectedException.getClass());
throw new RuntimeException(caughtException);
}
} else {
// For a failure test, we'd expect some kind of exception
// to be thrown.
throw new RuntimeException("Failed to catch expected " +
"exception " + expectedException.getClass());
}
}
/**
* Verifies keyed checksum.
* @param data the data.
* @param size the length of data.
* @param key the key used to encrypt the checksum.
* @param checksum
* @return true if verification is successful.
*/
public boolean verifyKeyedChecksum(byte[] data, int size,
byte[] key, byte[] checksum, int usage) throws KrbCryptoException {
try {
byte[] newCksum = Aes256.calculateChecksum(key, usage, data,
0, size);
return isChecksumEqual(checksum, newCksum);
} catch (GeneralSecurityException e) {
KrbCryptoException ke = new KrbCryptoException(e.getMessage());
ke.initCause(e);
throw ke;
}
}
public static void main(String[] args) throws Exception {
KeyPairGenerator generator =
KeyPairGenerator.getInstance("RSA", "SunMSCAPI");
KeyPair keyPair = generator.generateKeyPair();
Key publicKey = keyPair.getPublic();
Key privateKey = keyPair.getPrivate();
Cipher cipher = null;
try {
cipher = Cipher.getInstance("RSA", "SunMSCAPI");
} catch (GeneralSecurityException e) {
System.out.println("Cipher not supported by provider, skipping...");
return;
}
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
displayBytes("Plaintext data:", PLAINTEXT);
byte[] data = cipher.doFinal(PLAINTEXT);
displayBytes("Encrypted data:", data);
cipher.init(Cipher.DECRYPT_MODE, privateKey);
data = cipher.doFinal(data);
displayBytes("Decrypted data:", data);
}
@Override
@WorkerThread
public byte[] readData(Context context, String path) {
try {
File localFile = findLocalFile(context, path);
return encrypter.decrypt(FileUtils.readAll(localFile));
} catch (IOException | GeneralSecurityException e) {
throw new StorageAccessException(e);
}
}
public static void setupTLS(final Object port) throws GeneralSecurityException, IOException {
final HTTPConduit httpConduit = (HTTPConduit) ClientProxy.getClient(port).getConduit();
final TLSClientParameters tlsCP = new TLSClientParameters();
final String storePassword = "keystorePass";
final String keyPassword = "clientPassword";
final KeyStore keyStore = KeyStore.getInstance("jks");
final String keyStoreLoc = "META-INF/clientStore.jks";
keyStore.load(Thread.currentThread().getContextClassLoader().getResourceAsStream(keyStoreLoc), storePassword.toCharArray());
// set the key managers from the Java KeyStore we just loaded
final KeyManager[] myKeyManagers = getKeyManagers(keyStore, keyPassword);
tlsCP.setKeyManagers(myKeyManagers);
tlsCP.setCertAlias("clientalias"); // in case there is multiple certs in the keystore, make sure we pick the one we want
// Create a trust manager that does not validate certificate chains
// this should not be done in production. It's recommended to create a cacerts with the certificate chain or
// to rely on a well known CA such as Verisign which is already available in the JVM
TrustManager[] trustAllCerts = getTrustManagers();
tlsCP.setTrustManagers(trustAllCerts);
// don't check the host name of the certificate to match the server (running locally)
// this should not be done on a real production system
tlsCP.setHostnameVerifier((s, sslSession) -> true);
httpConduit.setTlsClientParameters(tlsCP);
}
/**
* @return OUTCOME_SUCCESS if successfully update selected Uda;
* OUTCOME_ERROR if encounter some error when updating
* @throws SaaSApplicationException
*/
public String update()
throws SaaSApplicationException, GeneralSecurityException {
// delegate to controller
try {
controller.updateUdaDefinition();
addMessage(null, FacesMessage.SEVERITY_INFO,
BaseBean.INFO_UDADEFINITIONS_SAVED);
} catch (ObjectNotFoundException e) {
onfe = e;
}
// evaluate result
return OUTCOME_SUCCESS;
}