List of usage examples for org.bouncycastle.jcajce.io CipherOutputStream CipherOutputStream
public CipherOutputStream(OutputStream output, Cipher cipher)
From source file:com.joyent.manta.client.crypto.EncryptingEntityHelper.java
License:Open Source License
/** * Creates a new {@link OutputStream} implementation that is backed directly * by a {@link CipherOutputStream} or a {@link HmacOutputStream} that wraps * a {@link CipherOutputStream} depending on the encryption cipher/mode being * used. This allows us to support EtM authentication for ciphers/modes that * do not natively support authenticating encryption. * * NOTE: The design of com.joyent.manta.client.multipart.EncryptionStateRecorder * is heavily coupled to this implementation! Changing how these streams are * wrapped requires changes to EncryptionStateRecorder! * * @param httpOut output stream for writing to the HTTP network socket * @param cipherDetails information about the method of encryption in use * @param cipher cipher to utilize for encrypting stream * @param hmac current HMAC object with the current checksum state * @return a new stream configured based on the parameters *///from w ww. j a va 2 s. c om public static OutputStream makeCipherOutputForStream(final OutputStream httpOut, final SupportedCipherDetails cipherDetails, final Cipher cipher, final HMac hmac) { /* We have to use a "close shield" here because when close() is called * on a CipherOutputStream() for two reasons: * * 1. CipherOutputStream.close() writes additional bytes that a HMAC * would need to read. * 2. Since we are going to append a HMAC to the end of the OutputStream * httpOut, then we have to pretend to close it so that the HMAC bytes * are not being written in the middle of the CipherOutputStream and * thereby corrupting the ciphertext. */ final CloseShieldOutputStream noCloseOut = new CloseShieldOutputStream(httpOut); final CipherOutputStream cipherOut = new CipherOutputStream(noCloseOut, cipher); final OutputStream out; Validate.notNull(cipherDetails, "Cipher details must not be null"); Validate.notNull(cipher, "Cipher must not be null"); // Things are a lot more simple if we are using AEAD if (cipherDetails.isAEADCipher()) { out = cipherOut; } else { out = new HmacOutputStream(hmac, cipherOut); } if (LOGGER.isTraceEnabled()) { LOGGER.trace("Creating new OutputStream for multipart [{}]", out.getClass()); } return out; }
From source file:com.joyent.manta.util.CipherClonerTest.java
License:Open Source License
private void canCloneCipher(final SupportedCipherDetails cipherDetails) throws Exception { final SecretKey secretKey = SecretKeyUtils.generate(cipherDetails); final byte[] iv = cipherDetails.generateIv(); final byte[] inputData = RandomUtils.nextBytes(cipherDetails.getBlockSizeInBytes() * 3); // notice we are specifically calling getBouncyCastleCipher() final Cipher originalCipher = cipherDetails.getBouncyCastleCipher(); originalCipher.init(Cipher.ENCRYPT_MODE, secretKey, cipherDetails.getEncryptionParameterSpec(iv)); final Cipher clonedCipher = new CipherCloner().createClone(originalCipher); final ByteArrayOutputStream originalOutput = new ByteArrayOutputStream(); final CipherOutputStream originalCipherOutput = new CipherOutputStream(originalOutput, originalCipher); originalCipherOutput.write(inputData); originalCipherOutput.flush();//from w ww . ja v a2 s. c o m // we don't want to close originalCipherOutput because that would finalize originalCipher // and allow it to be reused below final ByteArrayOutputStream clonedOutput = new ByteArrayOutputStream(); final CipherOutputStream clonedCipherOutput = new CipherOutputStream(clonedOutput, clonedCipher); clonedCipherOutput.write(inputData); clonedCipherOutput.flush(); final byte[] originalEncrypted = originalOutput.toByteArray(); final byte[] clonedEncrypted = clonedOutput.toByteArray(); Assert.assertEquals(originalEncrypted.length, clonedEncrypted.length); AssertJUnit.assertArrayEquals(originalEncrypted, clonedEncrypted); }