org.apache.nifi.security.kms

Class CryptoUtils

java.lang.Object

org.apache.nifi.security.kms.CryptoUtils

public class CryptoUtils
extends Object

Field Summary

Fields

Modifier and Type	Field and Description
private static String	FILE_BASED_KEY_PROVIDER_CLASS_NAME
private static Pattern	HEX_PATTERN
static int	IV_LENGTH
private static String	LEGACY_FBKP_FQCN
private static String	LEGACY_SKP_FQCN
private static org.slf4j.Logger	logger
private static String	STATIC_KEY_PROVIDER_CLASS_NAME
private static List<Integer>	UNLIMITED_KEY_LENGTHS

Constructor Summary

Constructors

Constructor and Description
CryptoUtils()

Method Summary

Modifier and Type	Method and Description
static byte[]	concatByteArrays(byte[]... arrays) Concatenates multiple byte[] into a single byte[].
static SecretKey	formKeyFromHex(String keyHex) Returns a SecretKey formed from the hexadecimal key bytes (validity is checked).
(package private) static String	handleLegacyPackages(String implementationClassName)
static boolean	isEmpty(String src) Utility method which returns true if the string is null, empty, or entirely whitespace.
static boolean	isHexString(String hexString) Returns true if the input is valid hexadecimal (does not enforce length and is case-insensitive).
static boolean	isProvenanceRepositoryEncryptionConfigured(NiFiProperties niFiProperties)
static boolean	isUnlimitedStrengthCryptoAvailable()
static boolean	isValidKeyProvider(String keyProviderImplementation, String keyProviderLocation, String keyId, Map<String,String> encryptionKeys) Returns true if the provided configuration values successfully define the specified KeyProvider.
static boolean	keyIsValid(String encryptionKeyHex) Returns true if the provided key is valid hex and is the correct length for the current system's JCE policies.
static Map<String,SecretKey>	readKeys(String filepath, SecretKey masterKey) Returns a map containing the key IDs and the parsed key from a key provider definition file.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

logger

private static final org.slf4j.Logger logger

STATIC_KEY_PROVIDER_CLASS_NAME

private static final String STATIC_KEY_PROVIDER_CLASS_NAME

See Also:

Constant Field Values

FILE_BASED_KEY_PROVIDER_CLASS_NAME

private static final String FILE_BASED_KEY_PROVIDER_CLASS_NAME

See Also:

Constant Field Values

LEGACY_SKP_FQCN

private static final String LEGACY_SKP_FQCN

See Also:

Constant Field Values

LEGACY_FBKP_FQCN

private static final String LEGACY_FBKP_FQCN

See Also:

Constant Field Values

HEX_PATTERN

private static final Pattern HEX_PATTERN

UNLIMITED_KEY_LENGTHS

private static final List<Integer> UNLIMITED_KEY_LENGTHS

IV_LENGTH

public static final int IV_LENGTH

See Also:

Constant Field Values

Constructor Detail

CryptoUtils

public CryptoUtils()

Method Detail

isUnlimitedStrengthCryptoAvailable

public static boolean isUnlimitedStrengthCryptoAvailable()

isEmpty

public static boolean isEmpty(String src)

Utility method which returns true if the string is null, empty, or entirely whitespace.

Parameters:

src - the string to evaluate

Returns:

true if empty

concatByteArrays

public static byte[] concatByteArrays(byte[]... arrays)
                               throws IOException

Concatenates multiple byte[] into a single byte[].

Parameters:

arrays - the component byte[] in order

Returns:

a concatenated byte[]

Throws:

IOException - this should never be thrown

isValidKeyProvider

public static boolean isValidKeyProvider(String keyProviderImplementation,
                                         String keyProviderLocation,
                                         String keyId,
                                         Map<String,String> encryptionKeys)

Returns true if the provided configuration values successfully define the specified KeyProvider.

Parameters:

keyProviderImplementation - the FQ class name of the KeyProvider implementation

keyProviderLocation - the location of the definition (for FileBasedKeyProvider, etc.)

keyId - the active key ID

encryptionKeys - a map of key IDs to key material in hex format

Returns:

true if the provided configuration is valid

handleLegacyPackages

static String handleLegacyPackages(String implementationClassName)
                            throws KeyManagementException

Throws:

KeyManagementException

keyIsValid

public static boolean keyIsValid(String encryptionKeyHex)

Returns true if the provided key is valid hex and is the correct length for the current system's JCE policies.

Parameters:

encryptionKeyHex - the key in hexadecimal

Returns:

true if this key is valid

isHexString

public static boolean isHexString(String hexString)

Returns true if the input is valid hexadecimal (does not enforce length and is case-insensitive).

Parameters:

hexString - the string to evaluate

Returns:

true if the string is valid hex

formKeyFromHex

public static SecretKey formKeyFromHex(String keyHex)
                                throws KeyManagementException

Returns a SecretKey formed from the hexadecimal key bytes (validity is checked).

Parameters:

keyHex - the key in hex form

Returns:

the SecretKey

Throws:

KeyManagementException

readKeys

public static Map<String,SecretKey> readKeys(String filepath,
                                             SecretKey masterKey)
                                      throws KeyManagementException

Returns a map containing the key IDs and the parsed key from a key provider definition file. The values in the file are decrypted using the master key provided. If the file is missing or empty, cannot be read, or if no valid keys are read, a KeyManagementException will be thrown.

Parameters:

filepath - the key definition file path

masterKey - the master key used to decrypt each key definition

Returns:

a Map of key IDs to SecretKeys

Throws:

KeyManagementException - if the file is missing or invalid

isProvenanceRepositoryEncryptionConfigured

public static boolean isProvenanceRepositoryEncryptionConfigured(NiFiProperties niFiProperties)