Package com.orientechnologies.orient.core.security.symmetrickey

Class OSymmetricKey

java.lang.Object
com.orientechnologies.orient.core.security.symmetrickey.OSymmetricKey
public class OSymmetricKey extends Object
Implements a symmetric key utility class that can create default keys and keys from a String, a file, a KeyStore, and from the OSymmetricKeyConfig interface.

Static creation methods are provided for each type: OSymmetricKey.fromConfig() OSymmetricKey.fromString() OSymmetricKey.fromFile() OSymmetricKey.fromStream() OSymmetricKey.fromKeystore()

The encrypt() methods return a specialized Base64-encoded JSON document with these properties (depending on the cipher transform): "algorithm", "transform", "iv", "payload"

The decrypt() and decryptAsString() methods accept the Base64-encoded JSON document.

A symmetric key credential interceptor is provided (OSymmetricKeyCI) as well as several authenticators: OSecuritySymmetricKeyAuth, OSystemSymmetricKeyAuth

Author:
S. Colin Leister

  • Constructor Details

    • OSymmetricKey

      public OSymmetricKey()

    • OSymmetricKey

      public OSymmetricKey(String secretKeyAlgorithm, String cipherTransform, int keySize)
      Creates a key based on the algorithm, transformation, and key size specified.

    • OSymmetricKey

      public OSymmetricKey(SecretKey secretKey) throws OSecurityException
      Uses the specified SecretKey as the private key and sets key algorithm from the SecretKey.
      Throws:
      OSecurityException

    • OSymmetricKey

      public OSymmetricKey(String algorithm, String base64Key) throws OSecurityException
      Sets the SecretKey based on the specified algorithm and Base64 key specified.
      Throws:
      OSecurityException

  • Method Details

    • getDefaultCipherTransform

      public String getDefaultCipherTransform(String transform)

    • getIteration

      public int getIteration(int iteration)

    • getKeyAlgorithm

      public String getKeyAlgorithm(String algorithm)

    • getKeySize

      public int getKeySize(int bits)

    • getSaltLength

      public int getSaltLength(int length)

    • getSeedAlgorithm

      public String getSeedAlgorithm(String algorithm)

    • getSeedPhrase

      public String getSeedPhrase(String phrase)

    • setDefaultCipherTransform

      public OSymmetricKey setDefaultCipherTransform(String transform)

    • setIteration

      public OSymmetricKey setIteration(int iteration)

    • setKeyAlgorithm

      public OSymmetricKey setKeyAlgorithm(String algorithm)

    • setKeySize

      public OSymmetricKey setKeySize(int bits)

    • setSaltLength

      public OSymmetricKey setSaltLength(int length)

    • setSeedAlgorithm

      public OSymmetricKey setSeedAlgorithm(String algorithm)

    • setSeedPhrase

      public OSymmetricKey setSeedPhrase(String phrase)

    • create

      protected void create()

    • separateAlgorithm

      protected static String separateAlgorithm(String cipherTransform)
      Returns the secret key algorithm portion of the cipher transformation.

    • fromConfig

      public static OSymmetricKey fromConfig(OSymmetricKeyConfig keyConfig)
      Creates an OSymmetricKey from an OSymmetricKeyConfig interface.

    • fromString

      public static OSymmetricKey fromString(String algorithm, String base64Key)
      Creates an OSymmetricKey from a Base64 key.

    • fromFile

      public static OSymmetricKey fromFile(String algorithm, String path)
      Creates an OSymmetricKey from a file containing a Base64 key.

    • fromStream

      public static OSymmetricKey fromStream(String algorithm, InputStream is)
      Creates an OSymmetricKey from an InputStream containing a Base64 key.

    • fromKeystore

      public static OSymmetricKey fromKeystore(String path, String password, String keyAlias, String keyPassword)
      Creates an OSymmetricKey from a Java "JCEKS" KeyStore.
      Parameters:
      path - The location of the KeyStore file.
      password - The password for the KeyStore. May be null.
      keyAlias - The alias name of the key to be used from the KeyStore. Required.
      keyPassword - The password of the key represented by keyAlias. May be null.

    • fromKeystore

      public static OSymmetricKey fromKeystore(InputStream is, String password, String keyAlias, String keyPassword)
      Creates an OSymmetricKey from a Java "JCEKS" KeyStore.
      Parameters:
      is - The InputStream used to load the KeyStore.
      password - The password for the KeyStore. May be null.
      keyAlias - The alias name of the key to be used from the KeyStore. Required.
      keyPassword - The password of the key represented by keyAlias. May be null.

    • getBase64Key

      public String getBase64Key()
      Returns the internal SecretKey as a Base64 String.

    • convertToBase64

      protected static String convertToBase64(byte[] bytes)

    • convertFromBase64

      protected static byte[] convertFromBase64(String base64)

    • encrypt

      public String encrypt(String value)
      This is a convenience method that takes a String argument, encodes it as Base64, then calls encrypt(byte[]).
      Parameters:
      value - The String to be encoded to Base64 then encrypted.
      Returns:
      A Base64-encoded JSON document.

    • encrypt

      public String encrypt(String transform, String value)
      This is a convenience method that takes a String argument, encodes it as Base64, then calls encrypt(byte[]).
      Parameters:
      transform - The cipher transformation to use.
      value - The String to be encoded to Base64 then encrypted.
      Returns:
      A Base64-encoded JSON document.

    • encrypt

      public String encrypt(byte[] bytes)
      This method encrypts an array of bytes.
      Parameters:
      bytes - The array of bytes to be encrypted.
      Returns:
      The encrypted bytes as a Base64-encoded JSON document or null if unsuccessful.

    • encrypt

      public String encrypt(String transform, byte[] bytes)
      This method encrypts an array of bytes.
      Parameters:
      transform - The cipher transformation to use.
      bytes - The array of bytes to be encrypted.
      Returns:
      The encrypted bytes as a Base64-encoded JSON document or null if unsuccessful.

    • encodeJSON

      protected String encodeJSON(byte[] encrypted, byte[] initVector)

    • decryptAsString

      public String decryptAsString(String encodedJSON)
      This method decrypts the Base64-encoded JSON document using the specified algorithm and cipher transformation.
      Parameters:
      encodedJSON - The Base64-encoded JSON document.
      Returns:
      The decrypted array of bytes as a UTF8 String or null if not successful.

    • decrypt

      public byte[] decrypt(String encodedJSON)
      This method decrypts the Base64-encoded JSON document using the specified algorithm and cipher transformation.
      Parameters:
      encodedJSON - The Base64-encoded JSON document.
      Returns:
      The decrypted array of bytes or null if unsuccessful.

    • saveToStream

      public void saveToStream(OutputStream os)
      Saves the internal SecretKey to the specified OutputStream as a Base64 String.

    • saveToKeystore

      public void saveToKeystore(OutputStream os, String ksPasswd, String keyAlias, String keyPasswd)
      Saves the internal SecretKey as a KeyStore.