List of usage examples for org.bouncycastle.jcajce.io CipherInputStream CipherInputStream
public CipherInputStream(InputStream input, Cipher cipher)
From source file:com.joyent.manta.client.crypto.EncryptingEntityTest.java
License:Open Source License
private static void verifyEncryptionWorksRoundTrip(byte[] keyBytes, SupportedCipherDetails cipherDetails, HttpEntity entity, Predicate<byte[]> validator) throws Exception { SecretKey key = SecretKeyUtils.loadKey(keyBytes, cipherDetails); EncryptingEntity encryptingEntity = new EncryptingEntity(key, cipherDetails, entity); File file = File.createTempFile("ciphertext-", ".data"); FileUtils.forceDeleteOnExit(file);/*from w w w . j a va 2s.co m*/ try (FileOutputStream out = new FileOutputStream(file)) { encryptingEntity.writeTo(out); } Assert.assertEquals(file.length(), encryptingEntity.getContentLength(), "Expected ciphertext file size doesn't match actual file size " + "[originalContentLength=" + entity.getContentLength() + "] -"); byte[] iv = encryptingEntity.getCipher().getIV(); Cipher cipher = cipherDetails.getCipher(); cipher.init(Cipher.DECRYPT_MODE, key, cipherDetails.getEncryptionParameterSpec(iv)); final long ciphertextSize; if (cipherDetails.isAEADCipher()) { ciphertextSize = encryptingEntity.getContentLength(); } else { ciphertextSize = encryptingEntity.getContentLength() - cipherDetails.getAuthenticationTagOrHmacLengthInBytes(); } try (FileInputStream in = new FileInputStream(file); BoundedInputStream bin = new BoundedInputStream(in, ciphertextSize); CipherInputStream cin = new CipherInputStream(bin, cipher)) { final byte[] actualBytes = IOUtils.toByteArray(cin); final byte[] hmacBytes = new byte[cipherDetails.getAuthenticationTagOrHmacLengthInBytes()]; in.read(hmacBytes); Assert.assertTrue(validator.test(actualBytes), "Entity validation failed"); } }
From source file:com.joyent.manta.client.crypto.MantaEncryptedObjectInputStream.java
License:Open Source License
/** * Creates a new instance of a {@link CipherInputStream} based on the parameters * returned as HTTP headers for the object. * * @return a configured decrypting stream *///from w w w . java 2 s . c om private InputStream createCryptoStream() { final InputStream source; boolean isRangeRequest = (plaintextRangeLength != null && plaintextRangeLength > 0L); // No need to calculate HMAC because we are using a AEAD cipher if (this.cipherDetails.isAEADCipher()) { source = super.getBackingStream(); /* Since we are doing EtM authentication with the non-GCM cipher modes, * we need to exclude the binary HMAC bytes from the stream that the * CipherInputStream is reading (otherwise it will think it is ciphertext). * That is why we wrap the source stream in a bounded stream that prevents * the closing of the underlying stream - it allows us to read the final * HMAC bytes upon close(). */ } else { final long adjustedContentLength; final long hmacSize; if (this.hmac == null) { hmacSize = this.cipherDetails.getAuthenticationTagOrHmacLengthInBytes(); } else { hmacSize = this.hmac.getMacSize(); } if (!isRangeRequest || this.unboundedEnd) { adjustedContentLength = this.contentLength - hmacSize; } else { adjustedContentLength = this.contentLength; } BoundedInputStream bin = new BoundedInputStream(super.getBackingStream(), adjustedContentLength); bin.setPropagateClose(false); source = bin; } final CipherInputStream cin = new CipherInputStream(source, this.cipher); /* A plaintext value not null indicates that we aren't working with * a subset of the total object (byte range), so we can just pass back * the ciphertext stream without any limitations on its length. */ if (!isRangeRequest) { return cin; } // If we have gotten this far, we are dealing with a byte range /* We adjust the maximum number of plaintext bytes that can be returned * as the plaintext length + skipped bytes because the plaintext length * already has the skipped bytes subtracted from it. */ return new BoundedInputStream(cin, this.plaintextRangeLength + this.initialBytesToSkip); }