下面列出了javax.crypto.spec.PBEKeySpec#clearPassword() 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
private Optional<String> hashPassword(String password, String salt) {
char[] chars = password.toCharArray();
byte[] bytes = salt.getBytes();
PBEKeySpec spec = new PBEKeySpec(chars, bytes, ITERATIONS, KEY_LENGTH);
Arrays.fill(chars, Character.MIN_VALUE);
try {
SecretKeyFactory fac = SecretKeyFactory.getInstance(ALGORITHM);
byte[] securePassword = fac.generateSecret(spec).getEncoded();
return Optional.of(Base64.getEncoder().encodeToString(securePassword));
} catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
logger.error("Exception encountered in hashPassword", e);
return Optional.empty();
} finally {
spec.clearPassword();
}
}
private Key unsealKey(SealedObject sealedKey, char[] password) throws Exception {
if (logger.isDebugEnabled()) {
logger.debug("==> RangerKeyStore.unsealKey()");
}
// Create SecretKey
SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance("PBEWithMD5AndTripleDES");
PBEKeySpec pbeKeySpec = new PBEKeySpec(password);
SecretKey secretKey = secretKeyFactory.generateSecret(pbeKeySpec);
pbeKeySpec.clearPassword();
// Get the AlgorithmParameters from RangerSealedObject
AlgorithmParameters algorithmParameters = null;
if (sealedKey instanceof RangerSealedObject) {
algorithmParameters = ((RangerSealedObject) sealedKey).getParameters();
} else {
algorithmParameters = new RangerSealedObject(sealedKey).getParameters();
}
// Unseal the Key
Cipher cipher = Cipher.getInstance("PBEWithMD5AndTripleDES");
cipher.init(Cipher.DECRYPT_MODE, secretKey, algorithmParameters);
if (logger.isDebugEnabled()) {
logger.debug("<== RangerKeyStore.unsealKey()");
}
return (Key) sealedKey.getObject(cipher);
}
private SecretKey getPBEKey(char[] password) throws IOException
{
SecretKey skey = null;
try {
PBEKeySpec keySpec = new PBEKeySpec(password);
SecretKeyFactory skFac = SecretKeyFactory.getInstance("PBE");
skey = skFac.generateSecret(keySpec);
keySpec.clearPassword();
} catch (Exception e) {
throw new IOException("getSecretKey failed: " +
e.getMessage(), e);
}
return skey;
}
private SecretKey getPBEKey(char[] password) throws IOException
{
SecretKey skey = null;
try {
PBEKeySpec keySpec = new PBEKeySpec(password);
SecretKeyFactory skFac = SecretKeyFactory.getInstance("PBE");
skey = skFac.generateSecret(keySpec);
keySpec.clearPassword();
} catch (Exception e) {
throw new IOException("getSecretKey failed: " +
e.getMessage(), e);
}
return skey;
}
private SecretKey getPBEKey(char[] password) throws IOException
{
SecretKey skey = null;
try {
PBEKeySpec keySpec = new PBEKeySpec(password);
SecretKeyFactory skFac = SecretKeyFactory.getInstance("PBE");
skey = skFac.generateSecret(keySpec);
keySpec.clearPassword();
} catch (Exception e) {
throw new IOException("getSecretKey failed: " +
e.getMessage(), e);
}
return skey;
}
private SecretKey getPBEKey(char[] password) throws IOException
{
SecretKey skey = null;
try {
PBEKeySpec keySpec = new PBEKeySpec(password);
SecretKeyFactory skFac = SecretKeyFactory.getInstance("PBE");
skey = skFac.generateSecret(keySpec);
keySpec.clearPassword();
} catch (Exception e) {
throw new IOException("getSecretKey failed: " +
e.getMessage(), e);
}
return skey;
}
private SecretKey getPBEKey(char[] password) throws IOException
{
SecretKey skey = null;
try {
PBEKeySpec keySpec = new PBEKeySpec(password);
SecretKeyFactory skFac = SecretKeyFactory.getInstance("PBE");
skey = skFac.generateSecret(keySpec);
keySpec.clearPassword();
} catch (Exception e) {
throw new IOException("getSecretKey failed: " +
e.getMessage(), e);
}
return skey;
}
private SecretKey getPBEKey(char[] password) throws IOException
{
SecretKey skey = null;
try {
PBEKeySpec keySpec = new PBEKeySpec(password);
SecretKeyFactory skFac = SecretKeyFactory.getInstance("PBE");
skey = skFac.generateSecret(keySpec);
keySpec.clearPassword();
} catch (Exception e) {
throw new IOException("getSecretKey failed: " +
e.getMessage(), e);
}
return skey;
}
private SecretKey getPBEKey(char[] password) throws IOException
{
SecretKey skey = null;
try {
PBEKeySpec keySpec = new PBEKeySpec(password);
SecretKeyFactory skFac = SecretKeyFactory.getInstance("PBE");
skey = skFac.generateSecret(keySpec);
keySpec.clearPassword();
} catch (Exception e) {
throw new IOException("getSecretKey failed: " +
e.getMessage(), e);
}
return skey;
}
/**
* Encrypts the message using password based encryption.
* @param algo
* the encryption algorithm
* @param plaintext
* the message to be encrypted
* @param password
* the password
* @param iterationCount
* the iteration count
* @param salt
* the salt
* @return iv and the cipher text in form of
* len(iv) of 1 byte | iv of len(iv) bytes | cipher text.
* @throws GeneralSecurityException
* if error occurs.
*/
public static byte[] encrypt(PBEAlgo algo, byte[] plaintext, char[] password,
int iterationCount, byte[] salt) throws GeneralSecurityException {
Args.notNull(plaintext, "plaintext");
Args.notNull(password, "password");
Args.positive(iterationCount, "iterationCount");
Args.notNull(salt, "salt");
SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance(algo.algoName());
PBEKeySpec pbeKeySpec = new PBEKeySpec(password);
SecretKey pbeKey = secretKeyFactory.generateSecret(pbeKeySpec);
Cipher cipher = Cipher.getInstance(algo.algoName());
PBEParameterSpec pbeParameterSpec = new PBEParameterSpec(salt, iterationCount);
cipher.init(Cipher.ENCRYPT_MODE, pbeKey, pbeParameterSpec);
pbeKeySpec.clearPassword();
byte[] iv = cipher.getIV();
int ivLen = (iv == null) ? 0 : iv.length;
if (ivLen > 255) {
throw new GeneralSecurityException("IV too long: " + ivLen);
}
byte[] cipherText = cipher.doFinal(plaintext);
byte[] ret = new byte[1 + ivLen + cipherText.length];
// length of IV
ret[0] = (byte) (ivLen & 0xFF);
if (ivLen > 0) {
System.arraycopy(iv, 0, ret, 1, ivLen);
}
System.arraycopy(cipherText, 0, ret, 1 + ivLen, cipherText.length);
return ret;
}
private SecretKey getPBEKey(char[] password) throws IOException
{
SecretKey skey = null;
try {
PBEKeySpec keySpec = new PBEKeySpec(password);
SecretKeyFactory skFac = SecretKeyFactory.getInstance("PBE");
skey = skFac.generateSecret(keySpec);
keySpec.clearPassword();
} catch (Exception e) {
throw new IOException("getSecretKey failed: " +
e.getMessage(), e);
}
return skey;
}
private SecretKey getPBEKey(char[] password) throws IOException
{
SecretKey skey = null;
try {
PBEKeySpec keySpec = new PBEKeySpec(password);
SecretKeyFactory skFac = SecretKeyFactory.getInstance("PBE");
skey = skFac.generateSecret(keySpec);
keySpec.clearPassword();
} catch (Exception e) {
throw new IOException("getSecretKey failed: " +
e.getMessage(), e);
}
return skey;
}
public static byte[] hash(char[] password, byte[] salt) {
PBEKeySpec spec = new PBEKeySpec(password, salt, 5000, 128);
Arrays.fill(password, Character.MIN_VALUE);
try {
SecretKeyFactory skf = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
return skf.generateSecret(spec).getEncoded();
} catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
throw new AssertionError("Error while hashing a password: " + e.getMessage(), e);
} finally {
spec.clearPassword();
}
}
private SecretKey getPBEKey(char[] password) throws IOException
{
SecretKey skey = null;
try {
PBEKeySpec keySpec = new PBEKeySpec(password);
SecretKeyFactory skFac = SecretKeyFactory.getInstance("PBE");
skey = skFac.generateSecret(keySpec);
keySpec.clearPassword();
} catch (Exception e) {
throw new IOException("getSecretKey failed: " +
e.getMessage(), e);
}
return skey;
}
private SecretKey getPBEKey(char[] password) throws IOException
{
SecretKey skey = null;
try {
PBEKeySpec keySpec = new PBEKeySpec(password);
SecretKeyFactory skFac = SecretKeyFactory.getInstance("PBE");
skey = skFac.generateSecret(keySpec);
keySpec.clearPassword();
} catch (Exception e) {
throw new IOException("getSecretKey failed: " +
e.getMessage(), e);
}
return skey;
}
private static byte[] hash(char[] pin, byte[] salt)
throws NoSuchAlgorithmException, InvalidKeySpecException {
PBEKeySpec spec = new PBEKeySpec(pin, salt, ROUNDS, KEY_LEN);
Arrays.fill(pin, Character.MIN_VALUE);
try {
SecretKeyFactory skf = SecretKeyFactory.getInstance(KEY_ALGORITHM);
return skf.generateSecret(spec).getEncoded();
} finally {
spec.clearPassword();
}
}
/**
* clearPassword() method testing. Tests that internal copy of password
* is cleared after the method call.
*/
public void testClearPassword() {
char[] password = new char[] {'1', '2', '3', '4', '5'};
PBEKeySpec pbeks = new PBEKeySpec(password);
pbeks.clearPassword();
try {
pbeks.getPassword();
fail("An IllegalStateException should be was thrown "
+ "after the clearing the password.");
} catch (IllegalStateException e) {
}
}
public static void wipe(PBEKeySpec spec) {
if (spec == null)
return;
spec.clearPassword();
}
/**
* Passes a user-supplied UTF-8 encoded password through 1000 rounds of PBKDF2
* with the device ID from select used as salt. 16 bytes of that are used.
*
* @param password a user-supplied password
* @param salt the salt value (the deviceId returned by select command)
* @return a secret/key for authentication
* @throws InvalidKeySpecException in case of crypto operation error
* @throws NoSuchAlgorithmException in case of crypto operation error
*/
public static byte[] calculateSecret(String password, byte[] salt) throws NoSuchAlgorithmException, InvalidKeySpecException {
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
PBEKeySpec keyspec = new PBEKeySpec(password.toCharArray(), salt, 1000, 128);
try {
return factory.generateSecret(keyspec).getEncoded();
} finally {
keyspec.clearPassword();
}
}
/**
* Generates the salted PBKDF2 hash of a clear-text password
*
* @param password The clear-text password of type {@link SecureString} to allow clearing after hash generation.
* @param salt Random generated bytes to prevent against attacks using rainbow tables
* @param iterations The number of times that the password is hashed during the derivation of the symmetric key.
* The higher number, the more difficult it is to brute force
* @param length Bit-length of the derived symmetric key.
* @return
* @throws NoSuchAlgorithmException
* @throws InvalidKeySpecException
*/
private static byte[] pbkdf2(SecureString password, byte[] salt, int iterations, int length) throws NoSuchAlgorithmException, InvalidKeySpecException {
PBEKeySpec spec = new PBEKeySpec(password.getChars(), salt, iterations, length * 8);
SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance(ALGORITHM);
byte[] hash = secretKeyFactory.generateSecret(spec).getEncoded();
spec.clearPassword();
return hash;
}