List of usage examples for java.security DigestOutputStream DigestOutputStream
public DigestOutputStream(OutputStream stream, MessageDigest digest)
From source file:org.hibernate.search.elasticsearch.test.GsonStreamedEncodingTest.java
@Test public void testDigestToTriggerLengthComputation() { final List<JsonObject> list = produceLargeBulkJSON(); try (GsonHttpEntity entity = new GsonHttpEntity(gson, list)) { assertEquals(-1l, entity.getContentLength()); } catch (IOException e) { throw new RuntimeException("We're mocking IO operations, this should not happen?", e); }//from ww w . ja v a 2 s. co m //Need to discard the entity and get a new one, as the getContentLenght() //invocation will have frozen the value: we can't report inconsistent values //to the Apache HTTP client or it gets confused. try (GsonHttpEntity entity = new GsonHttpEntity(gson, list)) { final MessageDigest digest = getSha256Digest(); OutputStream discardingStream = new OutputStream() { @Override public void write(int b) throws IOException { } }; DigestOutputStream digestStream = new DigestOutputStream(discardingStream, digest); entity.writeTo(digestStream); assertNotEquals(-1l, entity.getContentLength()); final byte[] content = produceContentWithCustomEncoder(entity); assertEquals(content.length, entity.getContentLength()); } catch (IOException e) { throw new RuntimeException("We're mocking IO operations, this should not happen?", e); } }
From source file:org.hibernate.search.elasticsearch.test.GsonStreamedEncodingTest.java
private String optimisedSha256(final List<JsonObject> bodyParts) { notEmpty(bodyParts);/*from ww w . j a va 2 s . c o m*/ try (GsonHttpEntity entity = new GsonHttpEntity(gson, bodyParts)) { final MessageDigest digest = getSha256Digest(); OutputStream discardingStream = new OutputStream() { @Override public void write(int b) throws IOException { } }; DigestOutputStream digestStream = new DigestOutputStream(discardingStream, digest); entity.writeTo(digestStream); return encodeHexString(digest.digest()); } catch (IOException e) { throw new RuntimeException("We're mocking IO operations, this should not happen?", e); } }
From source file:org.jvnet.hudson.update_center.Signing.java
/** * Generates a canonicalized JSON format of the given object, and put the signature in it. * Because it mutates the signed object itself, validating the signature needs a bit of work, * but this enables a signature to be added transparently. *///from w w w . j av a 2 s .co m public void sign(JSONObject o) throws GeneralSecurityException, IOException { JSONObject sign = new JSONObject(); List<X509Certificate> certs = getCertificateChain(); X509Certificate signer = certs.get(0); // the first one is the signer, and the rest is the chain to a root CA. // this is for computing a digest MessageDigest sha1 = MessageDigest.getInstance("SHA1"); DigestOutputStream dos = new DigestOutputStream(new NullOutputStream(), sha1); // this is for computing a signature PrivateKey key = ((KeyPair) new PEMReader(new FileReader(privateKey)).readObject()).getPrivate(); Signature sig = Signature.getInstance("SHA1withRSA"); sig.initSign(key); SignatureOutputStream sos = new SignatureOutputStream(sig); // this is for verifying that signature validates Signature verifier = Signature.getInstance("SHA1withRSA"); verifier.initVerify(signer.getPublicKey()); SignatureOutputStream vos = new SignatureOutputStream(verifier); o.writeCanonical(new OutputStreamWriter(new TeeOutputStream(new TeeOutputStream(dos, sos), vos), "UTF-8")); // digest byte[] digest = sha1.digest(); sign.put("digest", new String(Base64.encodeBase64(digest))); // signature byte[] s = sig.sign(); sign.put("signature", new String(Base64.encodeBase64(s))); // and certificate chain JSONArray a = new JSONArray(); for (X509Certificate cert : certs) a.add(new String(Base64.encodeBase64(cert.getEncoded()))); sign.put("certificates", a); // did the signature validate? if (!verifier.verify(s)) throw new GeneralSecurityException( "Signature failed to validate. Either the certificate and the private key weren't matching, or a bug in the program."); o.put("signature", sign); }
From source file:org.lilie.services.eliot.tice.jackrabbit.core.data.version_2_4_0.FileDataStore.java
/** * Creates a new data record./* ww w. j a va 2 s .com*/ * The stream is first consumed and the contents are saved in a temporary file * and the SHA-1 message digest of the stream is calculated. If a * record with the same SHA-1 digest (and length) is found then it is * returned. Otherwise the temporary file is moved in place to become * the new data record that gets returned. * * @param input binary stream * @return data record that contains the given stream * @throws DataStoreException if the record could not be created */ public DataRecord addRecord(InputStream input) throws DataStoreException { File temporary = null; try { temporary = newTemporaryFile(); DataIdentifier tempId = new DataIdentifier(temporary.getName()); usesIdentifier(tempId); // Copy the stream to the temporary file and calculate the // stream length and the message digest of the stream long length = 0; MessageDigest digest = MessageDigest.getInstance(DIGEST); OutputStream output = new DigestOutputStream(new FileOutputStream(temporary), digest); try { length = IOUtils.copyLarge(input, output); } finally { output.close(); } DataIdentifier identifier = new DataIdentifier(digest.digest()); File file; synchronized (this) { // Check if the same record already exists, or // move the temporary file in place if needed usesIdentifier(identifier); file = getFile(identifier); if (!file.exists()) { File parent = file.getParentFile(); parent.mkdirs(); if (temporary.renameTo(file)) { // no longer need to delete the temporary file temporary = null; } else { throw new IOException("Can not rename " + temporary.getAbsolutePath() + " to " + file.getAbsolutePath() + " (media read only?)"); } } else { long now = System.currentTimeMillis(); if (getLastModified(file) < now + ACCESS_TIME_RESOLUTION) { setLastModified(file, now + ACCESS_TIME_RESOLUTION); } } if (file.length() != length) { // Sanity checks on the record file. These should never fail, // but better safe than sorry... if (!file.isFile()) { throw new IOException("Not a file: " + file); } throw new IOException(DIGEST + " collision: " + file); } } // this will also make sure that // tempId is not garbage collected until here inUse.remove(tempId); return new FileDataRecord(identifier, file); } catch (NoSuchAlgorithmException e) { throw new DataStoreException(DIGEST + " not available", e); } catch (IOException e) { throw new DataStoreException("Could not add record", e); } finally { if (temporary != null) { temporary.delete(); } } }
From source file:org.sourcepit.m2p2.cache.FileCacheTransport.java
private IStatus cache(URI toDownload, OutputStream target, IProgressMonitor monitor, final IArtifactDescriptor descriptor, File artifactFile, String md5) { log.log(LogService.LOG_INFO, "Downloading " + descriptor.getArtifactKey().toExternalForm()); final MessageDigest md5Digest = newMd5Digest(); final File tmpFile; try {//w ww.j av a 2 s. co m tmpFile = createTempFile(artifactFile); } catch (IOException e) { throw new IllegalStateException(e); } final IStatus result; DigestOutputStream out = null; try { out = new DigestOutputStream( new CopyOutputStream(target, new BufferedOutputStream(new FileOutputStream(tmpFile))), md5Digest); result = this.target.download(toDownload, out, monitor); out.flush(); } catch (IOException e) { deleteQuietly(tmpFile); throw new IllegalStateException(e); } finally { IOUtils.closeQuietly(out); } final String actualMd5 = toHexString(out.getMessageDigest().digest()); if (!md5.equals(actualMd5)) { log.log(LogService.LOG_WARNING, "Unable to cache artifact " + descriptor.getArtifactKey().toExternalForm() + " due to checksum verification failure. Expected " + md5 + " but was " + actualMd5 + "."); deleteQuietly(tmpFile); } else { try { deleteFile(artifactFile); moveFile(tmpFile, artifactFile); } catch (IOException e) { throw new IllegalStateException(e); } } return result; }
From source file:org.vafer.jdeb.DataBuilder.java
/** * Build the data archive of the deb from the provided DataProducers * * @param producers//from ww w.j a va 2s . c o m * @param output * @param checksums * @param compression the compression method used for the data file * @return * @throws java.security.NoSuchAlgorithmException * @throws java.io.IOException * @throws org.apache.commons.compress.compressors.CompressorException */ BigInteger buildData(Collection<DataProducer> producers, File output, final StringBuilder checksums, Compression compression) throws NoSuchAlgorithmException, IOException, CompressorException { final File dir = output.getParentFile(); if (dir != null && (!dir.exists() || !dir.isDirectory())) { throw new IOException("Cannot write data file at '" + output.getAbsolutePath() + "'"); } final TarArchiveOutputStream tarOutputStream = new TarArchiveOutputStream( compression.toCompressedOutputStream(new FileOutputStream(output))); tarOutputStream.setLongFileMode(TarArchiveOutputStream.LONGFILE_GNU); final MessageDigest digest = MessageDigest.getInstance("MD5"); final Total dataSize = new Total(); final List<String> addedDirectories = new ArrayList<String>(); final DataConsumer receiver = new DataConsumer() { public void onEachDir(String dirname, String linkname, String user, int uid, String group, int gid, int mode, long size) throws IOException { dirname = fixPath(dirname); createParentDirectories(dirname, user, uid, group, gid); // The directory passed in explicitly by the caller also gets the passed-in mode. (Unlike // the parent directories for now. See related comments at "int mode =" in // createParentDirectories, including about a possible bug.) createDirectory(dirname, user, uid, group, gid, mode, 0); console.info("dir: " + dirname); } public void onEachFile(InputStream inputStream, String filename, String linkname, String user, int uid, String group, int gid, int mode, long size) throws IOException { filename = fixPath(filename); createParentDirectories(filename, user, uid, group, gid); final TarArchiveEntry entry = new TarArchiveEntry(filename, true); entry.setUserName(user); entry.setUserId(uid); entry.setGroupName(group); entry.setGroupId(gid); entry.setMode(mode); entry.setSize(size); tarOutputStream.putArchiveEntry(entry); dataSize.add(size); digest.reset(); Utils.copy(inputStream, new DigestOutputStream(tarOutputStream, digest)); final String md5 = Utils.toHex(digest.digest()); tarOutputStream.closeArchiveEntry(); console.info("file:" + entry.getName() + " size:" + entry.getSize() + " mode:" + entry.getMode() + " linkname:" + entry.getLinkName() + " username:" + entry.getUserName() + " userid:" + entry.getUserId() + " groupname:" + entry.getGroupName() + " groupid:" + entry.getGroupId() + " modtime:" + entry.getModTime() + " md5: " + md5); // append to file md5 list checksums.append(md5).append(" ").append(entry.getName()).append('\n'); } public void onEachLink(String path, String linkName, boolean symlink, String user, int uid, String group, int gid, int mode) throws IOException { path = fixPath(path); createParentDirectories(path, user, uid, group, gid); final TarArchiveEntry entry = new TarArchiveEntry(path, symlink ? TarArchiveEntry.LF_SYMLINK : TarArchiveEntry.LF_LINK); entry.setLinkName(linkName); entry.setUserName(user); entry.setUserId(uid); entry.setGroupName(group); entry.setGroupId(gid); entry.setMode(mode); tarOutputStream.putArchiveEntry(entry); tarOutputStream.closeArchiveEntry(); console.info("link:" + entry.getName() + " mode:" + entry.getMode() + " linkname:" + entry.getLinkName() + " username:" + entry.getUserName() + " userid:" + entry.getUserId() + " groupname:" + entry.getGroupName() + " groupid:" + entry.getGroupId()); } private void createDirectory(String directory, String user, int uid, String group, int gid, int mode, long size) throws IOException { // All dirs should end with "/" when created, or the test DebAndTaskTestCase.testTarFileSet() thinks its a file // and so thinks it has the wrong permission. // This consistency also helps when checking if a directory already exists in addedDirectories. if (!directory.endsWith("/")) { directory += "/"; } if (!addedDirectories.contains(directory)) { TarArchiveEntry entry = new TarArchiveEntry(directory, true); entry.setUserName(user); entry.setUserId(uid); entry.setGroupName(group); entry.setGroupId(gid); entry.setMode(mode); entry.setSize(size); tarOutputStream.putArchiveEntry(entry); tarOutputStream.closeArchiveEntry(); addedDirectories.add(directory); // so addedDirectories consistently have "/" for finding duplicates. } } private void createParentDirectories(String filename, String user, int uid, String group, int gid) throws IOException { String dirname = fixPath(new File(filename).getParent()); // Debian packages must have parent directories created // before sub-directories or files can be installed. // For example, if an entry of ./usr/lib/foo/bar existed // in a .deb package, but the ./usr/lib/foo directory didn't // exist, the package installation would fail. The .deb must // then have an entry for ./usr/lib/foo and then ./usr/lib/foo/bar if (dirname == null) { return; } // The loop below will create entries for all parent directories // to ensure that .deb packages will install correctly. String[] pathParts = dirname.split("/"); String parentDir = "./"; for (int i = 1; i < pathParts.length; i++) { parentDir += pathParts[i] + "/"; // Make it so the dirs can be traversed by users. // We could instead try something more granular, like setting the directory // permission to 'rx' for each of the 3 user/group/other read permissions // found on the file being added (ie, only if "other" has read // permission on the main node, then add o+rx permission on all the containing // directories, same w/ user & group), and then also we'd have to // check the parentDirs collection of those already added to // see if those permissions need to be similarly updated. (Note, it hasn't // been demonstrated, but there might be a bug if a user specifically // requests a directory with certain permissions, // that has already been auto-created because it was a parent, and if so, go set // the user-requested mode on that directory instead of this automatic one.) // But for now, keeping it simple by making every dir a+rx. Examples are: // drw-r----- fs/fs # what you get with setMode(mode) // drwxr-xr-x fs/fs # Usable. Too loose? int mode = TarArchiveEntry.DEFAULT_DIR_MODE; createDirectory(parentDir, user, uid, group, gid, mode, 0); } } }; try { for (DataProducer data : producers) { data.produce(receiver); } } finally { tarOutputStream.close(); } console.info("Total size: " + dataSize); return dataSize.count; }
From source file:org.vafer.jdeb.Processor.java
/** * Build the data archive of the deb from the provided DataProducers * @param pData//from w w w.ja v a 2 s . co m * @param pOutput * @param pChecksums * @param pCompression the compression method used for the data file (gzip, bzip2 or anything else for no compression) * @return * @throws NoSuchAlgorithmException * @throws IOException */ BigInteger buildData(final DataProducer[] pData, final File pOutput, final StringBuffer pChecksums, String pCompression) throws NoSuchAlgorithmException, IOException { OutputStream out = new FileOutputStream(pOutput); if ("gzip".equals(pCompression)) { out = new GZIPOutputStream(out); } else if ("bzip2".equals(pCompression)) { out.write("BZ".getBytes()); out = new CBZip2OutputStream(out); } final TarOutputStream outputStream = new TarOutputStream(out); outputStream.setLongFileMode(TarOutputStream.LONGFILE_GNU); final MessageDigest digest = MessageDigest.getInstance("MD5"); final Total dataSize = new Total(); final List addedDirectories = new ArrayList(); final DataConsumer receiver = new DataConsumer() { public void onEachDir(String dirname, String linkname, String user, int uid, String group, int gid, int mode, long size) throws IOException { dirname = fixPath(dirname); createParentDirectories((new File(dirname)).getParent(), user, uid, group, gid); // The directory passed in explicitly by the caller also gets the passed-in mode. (Unlike // the parent directories for now. See related comments at "int mode =" in // createParentDirectories, including about a possible bug.) createDirectory(dirname, user, uid, group, gid, mode, 0); console.println("dir: " + dirname); } public void onEachFile(InputStream inputStream, String filename, String linkname, String user, int uid, String group, int gid, int mode, long size) throws IOException { filename = fixPath(filename); createParentDirectories((new File(filename)).getParent(), user, uid, group, gid); TarEntry entry = new TarEntry(filename); // FIXME: link is in the constructor entry.setUserName(user); entry.setUserId(uid); entry.setGroupName(group); entry.setGroupId(gid); entry.setMode(mode); entry.setSize(size); outputStream.putNextEntry(entry); dataSize.add(size); digest.reset(); Utils.copy(inputStream, new DigestOutputStream(outputStream, digest)); final String md5 = Utils.toHex(digest.digest()); outputStream.closeEntry(); console.println("file:" + entry.getName() + " size:" + entry.getSize() + " mode:" + entry.getMode() + " linkname:" + entry.getLinkName() + " username:" + entry.getUserName() + " userid:" + entry.getUserId() + " groupname:" + entry.getGroupName() + " groupid:" + entry.getGroupId() + " modtime:" + entry.getModTime() + " md5: " + md5); pChecksums.append(md5).append(" ").append(entry.getName()).append('\n'); } private String fixPath(String path) { // If we're receiving directory names from Windows, then we'll convert to use slash // This does eliminate the ability to use of a backslash in a directory name on *NIX, but in practice, this is a non-issue if (path.indexOf('\\') > -1) { path = path.replace('\\', '/'); } // ensure the path is like : ./foo/bar if (path.startsWith("/")) { path = "." + path; } else if (!path.startsWith("./")) { path = "./" + path; } return path; } private void createDirectory(String directory, String user, int uid, String group, int gid, int mode, long size) throws IOException { // All dirs should end with "/" when created, or the test DebAndTaskTestCase.testTarFileSet() thinks its a file // and so thinks it has the wrong permission. // This consistency also helps when checking if a directory already exists in addedDirectories. if (!directory.endsWith("/")) { directory += "/"; } if (!addedDirectories.contains(directory)) { TarEntry entry = new TarEntry(directory); // FIXME: link is in the constructor entry.setUserName(user); entry.setUserId(uid); entry.setGroupName(group); entry.setGroupId(gid); entry.setMode(mode); entry.setSize(size); outputStream.putNextEntry(entry); outputStream.closeEntry(); addedDirectories.add(directory); // so addedDirectories consistently have "/" for finding duplicates. } } private void createParentDirectories(String dirname, String user, int uid, String group, int gid) throws IOException { // Debian packages must have parent directories created // before sub-directories or files can be installed. // For example, if an entry of ./usr/lib/foo/bar existed // in a .deb package, but the ./usr/lib/foo directory didn't // exist, the package installation would fail. The .deb must // then have an entry for ./usr/lib/foo and then ./usr/lib/foo/bar if (dirname == null) { return; } // The loop below will create entries for all parent directories // to ensure that .deb packages will install correctly. String[] pathParts = dirname.split("\\/"); String parentDir = "./"; for (int i = 1; i < pathParts.length; i++) { parentDir += pathParts[i] + "/"; // Make it so the dirs can be traversed by users. // We could instead try something more granular, like setting the directory // permission to 'rx' for each of the 3 user/group/other read permissions // found on the file being added (ie, only if "other" has read // permission on the main node, then add o+rx permission on all the containing // directories, same w/ user & group), and then also we'd have to // check the parentDirs collection of those already added to // see if those permissions need to be similarly updated. (Note, it hasn't // been demonstrated, but there might be a bug if a user specifically // requests a directory with certain permissions, // that has already been auto-created because it was a parent, and if so, go set // the user-requested mode on that directory instead of this automatic one.) // But for now, keeping it simple by making every dir a+rx. Examples are: // drw-r----- fs/fs # what you get with setMode(mode) // drwxr-xr-x fs/fs # Usable. Too loose? int mode = TarEntry.DEFAULT_DIR_MODE; createDirectory(parentDir, user, uid, group, gid, mode, 0); } } }; for (int i = 0; i < pData.length; i++) { final DataProducer data = pData[i]; data.produce(receiver); } outputStream.close(); console.println("Total size: " + dataSize); return dataSize.count; }
From source file:org.zanata.common.io.DigestWriter.java
public DigestWriter(Writer delegateWriter, MessageDigest digest) { this.digestWriter = new OutputStreamWriter( new DigestOutputStream(new WriterOutputStream(delegateWriter), digest), Charsets.UTF_8); }
From source file:pxb.android.tinysign.TinySign.java
private static Manifest generateSF(Manifest manifest) throws NoSuchAlgorithmException, UnsupportedEncodingException { MessageDigest md = MessageDigest.getInstance("SHA1"); PrintStream print = new PrintStream(new DigestOutputStream(new OutputStream() { @Override/* w w w.j av a 2 s .c o m*/ public void write(byte[] arg0) throws IOException { } @Override public void write(byte[] arg0, int arg1, int arg2) throws IOException { } @Override public void write(int arg0) throws IOException { } }, md), true, "UTF-8"); Manifest sf = new Manifest(); Map<String, Attributes> entries = manifest.getEntries(); for (Map.Entry<String, Attributes> entry : entries.entrySet()) { // Digest of the manifest stanza for this entry. print.print("Name: " + entry.getKey() + "\r\n"); for (Map.Entry<Object, Object> att : entry.getValue().entrySet()) { print.print(att.getKey() + ": " + att.getValue() + "\r\n"); } print.print("\r\n"); print.flush(); Attributes sfAttr = new Attributes(); sfAttr.putValue("SHA1-Digest", eBase64(md.digest())); sf.getEntries().put(entry.getKey(), sfAttr); } return sf; }
From source file:pxb.android.tinysign.TinySign.java
private static String writeMF(File dir, Manifest manifest, ZipOutputStream zos) throws NoSuchAlgorithmException, IOException { MessageDigest md = MessageDigest.getInstance("SHA1"); DigestOutputStream dos = new DigestOutputStream(zos, md); zipAndSha1(dir, zos, dos, manifest); Attributes main = manifest.getMainAttributes(); main.putValue("Manifest-Version", "1.0"); main.putValue("Created-By", "tiny-sign-" + TinySign.class.getPackage().getImplementationVersion()); zos.putNextEntry(new ZipEntry("META-INF/MANIFEST.MF")); manifest.write(dos);//w ww .j av a 2s . com zos.closeEntry(); return eBase64(md.digest()); }