Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
apache
pulsar
提交
f5268ed3
pulsar
项目概览
apache
/
pulsar
通知
129
Star
40
Fork
3
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Wiki
1
Wiki
分析
仓库
DevOps
项目成员
Pages
pulsar
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Pages
分析
分析
仓库分析
DevOps
Wiki
1
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
提交
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
f5268ed3
编写于
10月 20, 2017
作者:
A
Andrews
提交者:
GitHub
10月 20, 2017
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Specify rsa transform, aes & tag length (#839)
上级
1d9d596e
变更
1
隐藏空白更改
内联
并排
Showing
1 changed file
with
18 addition
and
5 deletion
+18
-5
pulsar-client/src/main/java/org/apache/pulsar/client/impl/MessageCrypto.java
...ain/java/org/apache/pulsar/client/impl/MessageCrypto.java
+18
-5
未找到文件。
pulsar-client/src/main/java/org/apache/pulsar/client/impl/MessageCrypto.java
浏览文件 @
f5268ed3
...
...
@@ -89,9 +89,14 @@ public class MessageCrypto {
private
static
final
String
ECDSA
=
"ECDSA"
;
private
static
final
String
RSA
=
"RSA"
;
private
static
final
String
ECIES
=
"ECIES"
;
// Ideally the transformation should also be part of the message property. This will prevent client
// from assuming hardcoded value. However, it will increase the size of the message even further.
private
static
final
String
RSA_TRANS
=
"RSA/NONE/OAEPWithSHA1AndMGF1Padding"
;
private
static
final
String
AESGCM
=
"AES/GCM/NoPadding"
;
private
static
KeyGenerator
keyGenerator
;
private
static
final
int
tagLen
=
16
*
8
;
private
static
final
int
ivLen
=
12
;
private
byte
[]
iv
=
new
byte
[
ivLen
];
private
Cipher
cipher
;
...
...
@@ -147,7 +152,15 @@ public class MessageCrypto {
return
;
}
keyGenerator
=
KeyGenerator
.
getInstance
(
"AES"
);
keyGenerator
.
init
(
128
,
secureRandom
);
int
aesKeyLength
=
Cipher
.
getMaxAllowedKeyLength
(
"AES"
);
if
(
aesKeyLength
<=
128
)
{
log
.
warn
(
"{} AES Cryptographic strength is limited to {} bits. Consider installing JCE Unlimited Strength Jurisdiction Policy Files."
,
logCtx
,
aesKeyLength
);
keyGenerator
.
init
(
aesKeyLength
,
secureRandom
);
}
else
{
keyGenerator
.
init
(
256
,
secureRandom
);
}
}
catch
(
NoSuchAlgorithmException
|
NoSuchProviderException
|
NoSuchPaddingException
e
)
{
...
...
@@ -314,7 +327,7 @@ public class MessageCrypto {
// Encrypt data key using public key
if
(
RSA
.
equals
(
pubKey
.
getAlgorithm
()))
{
dataKeyCipher
=
Cipher
.
getInstance
(
RSA
,
BouncyCastleProvider
.
PROVIDER_NAME
);
dataKeyCipher
=
Cipher
.
getInstance
(
RSA
_TRANS
,
BouncyCastleProvider
.
PROVIDER_NAME
);
}
else
if
(
ECDSA
.
equals
(
pubKey
.
getAlgorithm
()))
{
dataKeyCipher
=
Cipher
.
getInstance
(
ECIES
,
BouncyCastleProvider
.
PROVIDER_NAME
);
}
else
{
...
...
@@ -402,7 +415,7 @@ public class MessageCrypto {
// Create gcm param
// TODO: Replace random with counter and periodic refreshing based on timer/counter value
secureRandom
.
nextBytes
(
iv
);
GCMParameterSpec
gcmParam
=
new
GCMParameterSpec
(
ivLen
*
8
,
iv
);
GCMParameterSpec
gcmParam
=
new
GCMParameterSpec
(
tagLen
,
iv
);
// Update message metadata with encryption param
msgMetadata
.
setEncryptionParam
(
ByteString
.
copyFrom
(
iv
));
...
...
@@ -467,7 +480,7 @@ public class MessageCrypto {
// Decrypt data key using private key
if
(
RSA
.
equals
(
privateKey
.
getAlgorithm
()))
{
dataKeyCipher
=
Cipher
.
getInstance
(
RSA
,
BouncyCastleProvider
.
PROVIDER_NAME
);
dataKeyCipher
=
Cipher
.
getInstance
(
RSA
_TRANS
,
BouncyCastleProvider
.
PROVIDER_NAME
);
}
else
if
(
ECDSA
.
equals
(
privateKey
.
getAlgorithm
()))
{
dataKeyCipher
=
Cipher
.
getInstance
(
ECIES
,
BouncyCastleProvider
.
PROVIDER_NAME
);
}
else
{
...
...
@@ -495,7 +508,7 @@ public class MessageCrypto {
ByteString
ivString
=
msgMetadata
.
getEncryptionParam
();
ivString
.
copyTo
(
iv
,
0
);
GCMParameterSpec
gcmParams
=
new
GCMParameterSpec
(
ivLen
*
8
,
iv
);
GCMParameterSpec
gcmParams
=
new
GCMParameterSpec
(
tagLen
,
iv
);
ByteBuf
targetBuf
=
null
;
try
{
cipher
.
init
(
Cipher
.
DECRYPT_MODE
,
dataKeySecret
,
gcmParams
);
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录