From 0392c11d87af58bde6f7c84fe2f0cb0673fa5d04 Mon Sep 17 00:00:00 2001
From: Jean-Noël Rouvignac <jean-noel.rouvignac@forgerock.com>
Date: Tue, 02 Feb 2016 11:10:58 +0000
Subject: [PATCH] CryptoManagerImpl.java: code cleanup Extract a few methods for duplicated code
---
opendj-server-legacy/src/main/java/org/opends/server/crypto/CryptoManagerImpl.java | 384 +++++++++++++++---------------------------------------
1 files changed, 110 insertions(+), 274 deletions(-)
diff --git a/opendj-server-legacy/src/main/java/org/opends/server/crypto/CryptoManagerImpl.java b/opendj-server-legacy/src/main/java/org/opends/server/crypto/CryptoManagerImpl.java
index 4379f54..b42c8c5 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/crypto/CryptoManagerImpl.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/crypto/CryptoManagerImpl.java
@@ -280,8 +280,6 @@
config.addChangeListener(this);
}
-
- /** {@inheritDoc} */
@Override
public boolean isConfigurationChangeAcceptable(
CryptoManagerCfg cfg,
@@ -410,8 +408,6 @@
return isAcceptable;
}
-
- /** {@inheritDoc} */
@Override
public ConfigChangeResult applyConfigurationChange(CryptoManagerCfg cfg)
{
@@ -485,29 +481,26 @@
.addAttribute(requestedAttribute);
InternalSearchOperation searchOp = icc.processSearch(request);
for (Entry e : searchOp.getSearchEntries()) {
- /* attribute ds-cfg-public-key-certificate is a MUST in
- the schema */
+ // attribute ds-cfg-public-key-certificate is a MUST in the schema
certificate = e.parseAttribute(
ATTR_CRYPTO_PUBLIC_KEY_CERTIFICATE).asByteString().toByteArray();
}
break;
}
catch (DirectoryException ex) {
- if (0 == i
- && ResultCode.NO_SUCH_OBJECT == ex.getResultCode()){
- final Entry entry = new Entry(entryDN, null, null, null);
- entry.addObjectClass(DirectoryServer.getTopObjectClass());
- entry.addObjectClass(ocCertRequest);
- AddOperation addOperation = icc.processAdd(entry);
- if (ResultCode.SUCCESS != addOperation.getResultCode()) {
- throw new DirectoryException(
- addOperation.getResultCode(),
- ERR_CRYPTOMGR_FAILED_TO_INITIATE_INSTANCE_KEY_GENERATION.get(entry.getName()));
- }
- }
- else {
+ if (0 != i || ex.getResultCode() != ResultCode.NO_SUCH_OBJECT) {
throw ex;
}
+
+ final Entry entry = new Entry(entryDN, null, null, null);
+ entry.addObjectClass(DirectoryServer.getTopObjectClass());
+ entry.addObjectClass(ocCertRequest);
+ AddOperation addOperation = icc.processAdd(entry);
+ if (ResultCode.SUCCESS != addOperation.getResultCode()) {
+ throw new DirectoryException(
+ addOperation.getResultCode(),
+ ERR_CRYPTOMGR_FAILED_TO_INITIATE_INSTANCE_KEY_GENERATION.get(entry.getName()));
+ }
}
}
}
@@ -575,10 +568,8 @@
md.digest(instanceKeyCertificate));
}
-
/**
- Publishes the instance key entry in ADS, if it does not already
- exist.
+ Publishes the instance key entry in ADS, if it does not already exist.
@throws CryptoManagerException In case there is a problem
searching for the entry, or, if necessary, adding it.
@@ -1041,18 +1032,8 @@
Set<String> symmetricKeys =
entry.parseAttribute(ATTR_CRYPTO_SYMMETRIC_KEY).asSetOfString();
- // Find the symmetric key value that was wrapped using
- // our instance key.
- SecretKey secretKey = null;
- for (String symmetricKey : symmetricKeys)
- {
- secretKey = decodeSymmetricKeyAttribute(symmetricKey);
- if (secretKey != null)
- {
- break;
- }
- }
-
+ // Find the symmetric key value that was wrapped using our instance key.
+ SecretKey secretKey = decodeSymmetricKeyAttribute(symmetricKeys);
if (null != secretKey) {
CipherKeyEntry.importCipherKeyEntry(this, keyID, transformation,
secretKey, keyLengthBits, ivLengthBits, isCompromised);
@@ -1070,16 +1051,7 @@
CipherKeyEntry.importCipherKeyEntry(this, keyID, transformation,
secretKey, keyLengthBits, ivLengthBits, isCompromised);
- // Write the value to the entry.
- InternalClientConnection internalConnection = getRootConnection();
- Attribute attribute = Attributes.create(ATTR_CRYPTO_SYMMETRIC_KEY, symmetricKey);
- List<Modification> modifications = newArrayList(new Modification(ModificationType.ADD, attribute, false));
- ModifyOperation internalModify = internalConnection.processModify(entry.getName(), modifications);
- if (internalModify.getResultCode() != ResultCode.SUCCESS)
- {
- throw new CryptoManagerException(
- ERR_CRYPTOMGR_IMPORT_KEY_ENTRY_FAILED_TO_ADD_KEY.get(entry.getName()));
- }
+ writeValueToEntry(entry, symmetricKey);
}
catch (CryptoManagerException e)
{
@@ -1094,6 +1066,19 @@
}
}
+ private SecretKey decodeSymmetricKeyAttribute(Set<String> symmetricKeys) throws CryptoManagerException
+ {
+ for (String symmetricKey : symmetricKeys)
+ {
+ SecretKey secretKey = decodeSymmetricKeyAttribute(symmetricKey);
+ if (secretKey != null)
+ {
+ return secretKey;
+ }
+ }
+ return null;
+ }
+
/**
* Imports a mac key entry from an entry in ADS.
@@ -1132,50 +1117,24 @@
Set<String> symmetricKeys =
entry.parseAttribute(ATTR_CRYPTO_SYMMETRIC_KEY).asSetOfString();
- // Find the symmetric key value that was wrapped using our
- // instance key.
- SecretKey secretKey = null;
- for (String symmetricKey : symmetricKeys)
+ SecretKey secretKey = decodeSymmetricKeyAttribute(symmetricKeys);
+ if (secretKey != null)
{
- secretKey = decodeSymmetricKeyAttribute(symmetricKey);
- if (secretKey != null)
- {
- break;
- }
+ MacKeyEntry.importMacKeyEntry(this, keyID, algorithm, secretKey, keyLengthBits, isCompromised);
+ return;
}
- if (secretKey == null)
+ // Request the value from another server.
+ String symmetricKey = getSymmetricKey(symmetricKeys);
+ if (symmetricKey == null)
{
- // Request the value from another server.
- String symmetricKey = getSymmetricKey(symmetricKeys);
- if (symmetricKey == null)
- {
- throw new CryptoManagerException(
- ERR_CRYPTOMGR_IMPORT_KEY_ENTRY_FAILED_TO_DECODE.get(entry.getName()));
- }
- secretKey = decodeSymmetricKeyAttribute(symmetricKey);
- MacKeyEntry.importMacKeyEntry(this, keyID, algorithm,
- secretKey, keyLengthBits,
- isCompromised);
+ throw new CryptoManagerException(
+ ERR_CRYPTOMGR_IMPORT_KEY_ENTRY_FAILED_TO_DECODE.get(entry.getName()));
+ }
+ secretKey = decodeSymmetricKeyAttribute(symmetricKey);
+ MacKeyEntry.importMacKeyEntry(this, keyID, algorithm, secretKey, keyLengthBits, isCompromised);
- // Write the value to the entry.
- Attribute attribute = Attributes.create(ATTR_CRYPTO_SYMMETRIC_KEY, symmetricKey);
- List<Modification> modifications = newArrayList(
- new Modification(ModificationType.ADD, attribute, false));
- ModifyOperation internalModify =
- getRootConnection().processModify(entry.getName(), modifications);
- if (internalModify.getResultCode() != ResultCode.SUCCESS)
- {
- throw new CryptoManagerException(
- ERR_CRYPTOMGR_IMPORT_KEY_ENTRY_FAILED_TO_ADD_KEY.get(entry.getName()));
- }
- }
- else
- {
- MacKeyEntry.importMacKeyEntry(this, keyID, algorithm,
- secretKey, keyLengthBits,
- isCompromised);
- }
+ writeValueToEntry(entry, symmetricKey);
}
catch (CryptoManagerException e)
{
@@ -1190,6 +1149,16 @@
}
}
+ private void writeValueToEntry(Entry entry, String symmetricKey) throws CryptoManagerException
+ {
+ Attribute attribute = Attributes.create(ATTR_CRYPTO_SYMMETRIC_KEY, symmetricKey);
+ List<Modification> modifications = newArrayList(new Modification(ModificationType.ADD, attribute));
+ ModifyOperation internalModify = getRootConnection().processModify(entry.getName(), modifications);
+ if (internalModify.getResultCode() != ResultCode.SUCCESS)
+ {
+ throw new CryptoManagerException(ERR_CRYPTOMGR_IMPORT_KEY_ENTRY_FAILED_TO_ADD_KEY.get(entry.getName()));
+ }
+ }
/**
* This class implements a utility interface to the unique
@@ -1201,9 +1170,7 @@
*/
private static class KeyEntryID
{
- /**
- * Constructs a KeyEntryID using a new unique identifier.
- */
+ /** Constructs a KeyEntryID using a new unique identifier. */
public KeyEntryID() {
fValue = UUID.randomUUID();
}
@@ -1227,11 +1194,9 @@
}
/**
- * Constructs a {@code KeyEntryID} from its {@code String}
- * representation.
+ * Constructs a {@code KeyEntryID} from its {@code String} representation.
*
- * @param keyEntryID The {@code String} reprentation of a
- * {@code KeyEntryID}.
+ * @param keyEntryID The {@code String} representation of a {@code KeyEntryID}.
*
* @throws CryptoManagerException If the argument does
* not conform to the {@code KeyEntryID} string syntax.
@@ -1395,7 +1360,7 @@
/**
Construct an instance of {@code SecretKeyEntry} using the specified
parameters. This constructor would typically be used for key entries
- imported from ADS, for which the full set of paramters is known.
+ imported from ADS, for which the full set of parameters is known.
<p>
Note the relationship between the secret key data array length and the
secret key length parameter described in {@link SecretKeyEntry}
@@ -1578,49 +1543,19 @@
ocMap.put(DirectoryServer.getTopObjectClass(), OC_TOP);
ocMap.put(ocCipherKey, OC_CRYPTO_CIPHER_KEY);
- // Create the operational and user attributes.
- LinkedHashMap<AttributeType,List<Attribute>> opAttrs = new LinkedHashMap<>(0);
- LinkedHashMap<AttributeType,List<Attribute>> userAttrs = new LinkedHashMap<>();
-
- // Add the key ID attribute.
+ // Create the user attributes.
+ LinkedHashMap<AttributeType, List<Attribute>> userAttrs = new LinkedHashMap<>();
userAttrs.put(attrKeyID, Attributes.createAsList(attrKeyID, distinguishedValue));
-
- // Add the transformation name attribute.
putSingleValueAttribute(userAttrs, attrTransformation, keyEntry.getType());
-
- // Add the init vector length attribute.
putSingleValueAttribute(userAttrs, attrInitVectorLength,
String.valueOf(keyEntry.getIVLengthBits()));
-
- // Add the key length attribute.
putSingleValueAttribute(userAttrs, attrKeyLength,
String.valueOf(keyEntry.getKeyLengthBits()));
-
-
- // Get the trusted certificates.
- Map<String, byte[]> trustedCerts =
- cryptoManager.getTrustedCertificates();
-
- // Need to add our own instance certificate.
- byte[] instanceKeyCertificate =
- CryptoManagerImpl.getInstanceKeyCertificateFromLocalTruststore();
- trustedCerts.put(getInstanceKeyID(instanceKeyCertificate),
- instanceKeyCertificate);
-
- // Add the symmetric key attribute.
- AttributeBuilder builder = new AttributeBuilder(attrSymmetricKey);
- for (Map.Entry<String, byte[]> mapEntry : trustedCerts.entrySet())
- {
- String symmetricKey = cryptoManager.encodeSymmetricKeyAttribute(
- mapEntry.getKey(), mapEntry.getValue(), keyEntry.getSecretKey());
-
- builder.add(symmetricKey);
- }
- userAttrs.put(attrSymmetricKey, builder.toAttributeList());
+ userAttrs.put(attrSymmetricKey, buildSymetricKeyAttributes(cryptoManager, keyEntry.getSecretKey()));
// Create the entry.
+ LinkedHashMap<AttributeType, List<Attribute>> opAttrs = new LinkedHashMap<>(0);
Entry entry = new Entry(entryDN, ocMap, userAttrs, opAttrs);
-
AddOperation addOperation = getRootConnection().processAdd(entry);
if (addOperation.getResultCode() != ResultCode.SUCCESS)
{
@@ -1630,36 +1565,24 @@
}
}
-
/**
* Initializes a secret key entry from the supplied parameters,
- * validates it, and registers it in the supplied map. The
- * anticipated use of this method is to import a key entry from
- * ADS.
+ * validates it, and registers it in the supplied map.
+ * The anticipated use of this method is to import a key entry from ADS.
*
* @param cryptoManager The CryptoManager instance.
- *
* @param keyIDString The key identifier.
- *
- * @param transformation The cipher transformation for which the
- * key entry was produced.
- *
+ * @param transformation The cipher transformation for which the key entry was produced.
* @param secretKey The cipher key.
- *
- * @param secretKeyLengthBits The length of the cipher key in
- * bits.
- *
+ * @param secretKeyLengthBits The length of the cipher key in bits.
* @param ivLengthBits The length of the initialization vector,
* which will be zero in the case of any stream cipher algorithm,
* any block cipher algorithm for which the transformation mode
* does not use an initialization vector, and any HMAC algorithm.
- *
* @param isCompromised Mark the key as compromised, so that it
* will not subsequently be used for encryption. The key entry
* must be maintained in order to decrypt existing ciphertext.
- *
* @return The key entry, if one was successfully produced.
- *
* @throws CryptoManagerException In case of an error in the
* parameters used to initialize or validate the key entry.
*/
@@ -1681,12 +1604,11 @@
CipherKeyEntry keyEntry = getKeyEntry(cryptoManager, keyID);
if (null != keyEntry) {
// Paranoiac check to ensure exact type match.
- if (! (keyEntry.getType().equals(transformation)
- && keyEntry.getKeyLengthBits() == secretKeyLengthBits
- && keyEntry.getIVLengthBits() == ivLengthBits)) {
- throw new CryptoManagerException(
- ERR_CRYPTOMGR_IMPORT_KEY_ENTRY_FIELD_MISMATCH.get(
- keyIDString));
+ if (!keyEntry.getType().equals(transformation)
+ || keyEntry.getKeyLengthBits() != secretKeyLengthBits
+ || keyEntry.getIVLengthBits() != ivLengthBits) {
+ throw new CryptoManagerException(
+ ERR_CRYPTOMGR_IMPORT_KEY_ENTRY_FIELD_MISMATCH.get(keyIDString));
}
// Allow transition to compromised.
if (isCompromised && !keyEntry.isCompromised()) {
@@ -1708,8 +1630,7 @@
getCipher(keyEntry, Cipher.DECRYPT_MODE, iv);
// Cache new entry.
- cryptoManager.cipherKeyEntryCache.put(keyEntry.getKeyID(),
- keyEntry);
+ cryptoManager.cipherKeyEntryCache.put(keyEntry.getKeyID(), keyEntry);
return keyEntry;
}
@@ -1725,10 +1646,8 @@
*
* @param cryptoManager The CryptoManager instance with which the
* key entry is associated.
- *
* @param transformation The cipher transformation for which the
* key was produced.
- *
* @param keyLengthBits The cipher key length in bits.
*
* @return The key entry corresponding to the parameters, or
@@ -1741,7 +1660,6 @@
Reject.ifNull(cryptoManager, transformation);
Reject.ifFalse(0 < keyLengthBits);
- CipherKeyEntry keyEntry = null;
// search for an existing key that satisfies the request
for (Map.Entry<KeyEntryID, CipherKeyEntry> i
: cryptoManager.cipherKeyEntryCache.entrySet()) {
@@ -1749,12 +1667,10 @@
if (! entry.isCompromised()
&& entry.getType().equals(transformation)
&& entry.getKeyLengthBits() == keyLengthBits) {
- keyEntry = entry;
- break;
+ return entry;
}
}
-
- return keyEntry;
+ return null;
}
@@ -1776,7 +1692,6 @@
*
* @param cryptoManager The CryptoManager instance with which the
* key entry is associated.
- *
* @param keyID The key identifier.
*
* @return The key entry associated with the key identifier, or
@@ -1836,7 +1751,7 @@
/**
* Construct an instance of CipherKeyEntry using the specified
* parameters. This constructor would typically be used for key
- * entries imported from ADS, for which the full set of paramters
+ * entries imported from ADS, for which the full set of parameters
* is known, and for a newly generated key entry, for which the
* initialization vector length might not yet be known, but which
* must be set prior to using the key.
@@ -1849,8 +1764,7 @@
*
* @param secretKey The cipher key.
*
- * @param secretKeyLengthBits The length of the secret key in
- * bits.
+ * @param secretKeyLengthBits The length of the secret key in bits.
*
* @param ivLengthBits The length in bits of a mandatory
* initialization vector or 0 if none is required. Set this
@@ -1897,7 +1811,7 @@
* size, or 0 for a stream cipher or a block cipher mode that does
* not use an initialization vector (e.g., ECB).
*
- * @param ivLengthBits The initiazliation vector length in bits.
+ * @param ivLengthBits The initialization vector length in bits.
*/
private void setIVLengthBits(int ivLengthBits) {
Reject.ifFalse(-1 == fIVLengthBits && 0 <= ivLengthBits);
@@ -1935,7 +1849,7 @@
* @param mode Either Cipher.ENCRYPT_MODE or Cipher.DECRYPT_MODE.
*
* @param initializationVector For Cipher.DECRYPT_MODE, supply
- * the initialzation vector used in the corresponding encryption
+ * the initialization vector used in the corresponding encryption
* cipher, or {@code null} if none.
*
* @return The initialized cipher object.
@@ -2099,46 +2013,16 @@
ocMap.put(DirectoryServer.getTopObjectClass(), OC_TOP);
ocMap.put(ocMacKey, OC_CRYPTO_MAC_KEY);
- // Create the operational and user attributes.
- LinkedHashMap<AttributeType,List<Attribute>> opAttrs = new LinkedHashMap<>(0);
- LinkedHashMap<AttributeType,List<Attribute>> userAttrs = new LinkedHashMap<>();
-
- // Add the key ID attribute.
+ // Create the user attributes.
+ LinkedHashMap<AttributeType, List<Attribute>> userAttrs = new LinkedHashMap<>();
userAttrs.put(attrKeyID, Attributes.createAsList(attrKeyID, distinguishedValue));
-
- // Add the mac algorithm name attribute.
putSingleValueAttribute(userAttrs, attrMacAlgorithm, keyEntry.getType());
-
- // Add the key length attribute.
putSingleValueAttribute(userAttrs, attrKeyLength, String.valueOf(keyEntry.getKeyLengthBits()));
-
- // Get the trusted certificates.
- Map<String, byte[]> trustedCerts = cryptoManager.getTrustedCertificates();
-
- // Need to add our own instance certificate.
- byte[] instanceKeyCertificate =
- CryptoManagerImpl.getInstanceKeyCertificateFromLocalTruststore();
- trustedCerts.put(getInstanceKeyID(instanceKeyCertificate),
- instanceKeyCertificate);
-
- // Add the symmetric key attribute.
- AttributeBuilder builder = new AttributeBuilder(attrSymmetricKey);
- for (Map.Entry<String, byte[]> mapEntry :
- trustedCerts.entrySet())
- {
- String symmetricKey =
- cryptoManager.encodeSymmetricKeyAttribute(
- mapEntry.getKey(),
- mapEntry.getValue(),
- keyEntry.getSecretKey());
- builder.add(symmetricKey);
- }
-
- userAttrs.put(attrSymmetricKey, builder.toAttributeList());
+ userAttrs.put(attrSymmetricKey, buildSymetricKeyAttributes(cryptoManager, keyEntry.getSecretKey()));
// Create the entry.
+ LinkedHashMap<AttributeType, List<Attribute>> opAttrs = new LinkedHashMap<>(0);
Entry entry = new Entry(entryDN, ocMap, userAttrs, opAttrs);
-
AddOperation addOperation = getRootConnection().processAdd(entry);
if (addOperation.getResultCode() != ResultCode.SUCCESS)
{
@@ -2150,28 +2034,19 @@
/**
* Initializes a secret key entry from the supplied parameters,
- * validates it, and registers it in the supplied map. The
- * anticipated use of this method is to import a key entry from
- * ADS.
+ * validates it, and registers it in the supplied map.
+ * The anticipated use of this method is to import a key entry from ADS.
*
* @param cryptoManager The CryptoManager instance.
- *
* @param keyIDString The key identifier.
- *
* @param algorithm The name of the MAC algorithm for which the
* key entry is to be produced.
- *
* @param secretKey The MAC key.
- *
- * @param secretKeyLengthBits The length of the secret key in
- * bits.
- *
- * @param isCompromised Mark the key as compromised, so that it
+ * @param secretKeyLengthBits The length of the secret key in bits.
+ * @param isCompromised Mark the key as compromised, so that it
* will not subsequently be used for new data. The key entry
* must be maintained in order to verify existing signatures.
- *
- * @return The key entry, if one was successfully produced.
- *
+ * @return The key entry, if one was successfully produced.
* @throws CryptoManagerException In case of an error in the
* parameters used to initialize or validate the key entry.
*/
@@ -2229,10 +2104,7 @@
*
* @param cryptoManager The CryptoManager instance with which the
* key entry is associated.
- *
- * @param algorithm The MAC algorithm for which the key was
- * produced.
- *
+ * @param algorithm The MAC algorithm for which the key was produced.
* @param keyLengthBits The MAC key length in bits.
*
* @return The key entry corresponding to the parameters, or
@@ -2245,7 +2117,6 @@
Reject.ifNull(cryptoManager, algorithm);
Reject.ifFalse(0 < keyLengthBits);
- MacKeyEntry keyEntry = null;
// search for an existing key that satisfies the request
for (Map.Entry<KeyEntryID, MacKeyEntry> i
: cryptoManager.macKeyEntryCache.entrySet()) {
@@ -2253,12 +2124,10 @@
if (! entry.isCompromised()
&& entry.getType().equals(algorithm)
&& entry.getKeyLengthBits() == keyLengthBits) {
- keyEntry = entry;
- break;
+ return entry;
}
}
-
- return keyEntry;
+ return null;
}
@@ -2280,7 +2149,6 @@
*
* @param cryptoManager The CryptoManager instance with which the
* key entry is associated.
- *
* @param keyID The key identifier.
*
* @return The key entry associated with the key identifier, or
@@ -2321,19 +2189,13 @@
/**
* Construct an instance of MacKeyEntry using the specified
* parameters. This constructor would typically be used for key
- * entries imported from ADS, for which the full set of paramters
- * is known.
+ * entries imported from ADS, for which the full set of parameters is known.
*
- * @param keyID The unique identifier of this MAC algorithm/key
- * pair.
- *
+ * @param keyID The unique identifier of this MAC algorithm/key pair.
* @param algorithm The name of the MAC algorithm for which the
* key entry is to be produced.
- *
* @param secretKey The MAC key.
- *
- * @param secretKeyLengthBits The length of the secret key in
- * bits.
+ * @param secretKeyLengthBits The length of the secret key in bits.
*
* @param isCompromised {@code false} if the key may be used
* for signing, or {@code true} if the key is being retained only
@@ -2364,6 +2226,24 @@
private final String fType;
}
+ private static List<Attribute> buildSymetricKeyAttributes(CryptoManagerImpl cryptoManager, SecretKey secretKey)
+ throws CryptoManagerException
+ {
+ Map<String, byte[]> trustedCerts = cryptoManager.getTrustedCertificates();
+
+ // Need to add our own instance certificate.
+ byte[] instanceKeyCertificate = CryptoManagerImpl.getInstanceKeyCertificateFromLocalTruststore();
+ trustedCerts.put(getInstanceKeyID(instanceKeyCertificate), instanceKeyCertificate);
+
+ AttributeBuilder builder = new AttributeBuilder(attrSymmetricKey);
+ for (Map.Entry<String, byte[]> mapEntry : trustedCerts.entrySet())
+ {
+ String symmetricKey =
+ cryptoManager.encodeSymmetricKeyAttribute(mapEntry.getKey(), mapEntry.getValue(), secretKey);
+ builder.add(symmetricKey);
+ }
+ return builder.toAttributeList();
+ }
/**
* This method produces an initialized MAC engine based on the
@@ -2404,16 +2284,12 @@
return mac;
}
-
- /** {@inheritDoc} */
@Override
public String getPreferredMessageDigestAlgorithm()
{
return preferredDigestAlgorithm;
}
-
- /** {@inheritDoc} */
@Override
public MessageDigest getPreferredMessageDigest()
throws NoSuchAlgorithmException
@@ -2421,8 +2297,6 @@
return MessageDigest.getInstance(preferredDigestAlgorithm);
}
-
- /** {@inheritDoc} */
@Override
public MessageDigest getMessageDigest(String digestAlgorithm)
throws NoSuchAlgorithmException
@@ -2430,8 +2304,6 @@
return MessageDigest.getInstance(digestAlgorithm);
}
-
- /** {@inheritDoc} */
@Override
public byte[] digest(byte[] data)
throws NoSuchAlgorithmException
@@ -2440,8 +2312,6 @@
digest(data);
}
-
- /** {@inheritDoc} */
@Override
public byte[] digest(String digestAlgorithm, byte[] data)
throws NoSuchAlgorithmException
@@ -2449,8 +2319,6 @@
return MessageDigest.getInstance(digestAlgorithm).digest(data);
}
-
- /** {@inheritDoc} */
@Override
public byte[] digest(InputStream inputStream)
throws IOException, NoSuchAlgorithmException
@@ -2473,8 +2341,6 @@
return digest.digest();
}
-
- /** {@inheritDoc} */
@Override
public byte[] digest(String digestAlgorithm,
InputStream inputStream)
@@ -2497,8 +2363,6 @@
return digest.digest();
}
-
- /** {@inheritDoc} */
@Override
public String getMacEngineKeyEntryID()
throws CryptoManagerException
@@ -2507,8 +2371,6 @@
preferredMACAlgorithmKeyLengthBits);
}
-
- /** {@inheritDoc} */
@Override
public String getMacEngineKeyEntryID(final String macAlgorithm,
final int keyLengthBits)
@@ -2525,8 +2387,6 @@
return keyEntry.getKeyID().getStringValue();
}
-
- /** {@inheritDoc} */
@Override
public Mac getMacEngine(String keyEntryID)
throws CryptoManagerException
@@ -2536,8 +2396,6 @@
return keyEntry != null ? getMacEngine(keyEntry) : null;
}
-
- /** {@inheritDoc} */
@Override
public byte[] encrypt(byte[] data)
throws GeneralSecurityException, CryptoManagerException
@@ -2546,8 +2404,6 @@
preferredCipherTransformationKeyLengthBits, data);
}
-
- /** {@inheritDoc} */
@Override
public byte[] encrypt(String cipherTransformation,
int keyLengthBits,
@@ -2584,8 +2440,6 @@
return cipherText;
}
-
- /** {@inheritDoc} */
@Override
public CipherOutputStream getCipherOutputStream(
OutputStream outputStream) throws CryptoManagerException
@@ -2594,8 +2448,6 @@
preferredCipherTransformationKeyLengthBits, outputStream);
}
-
- /** {@inheritDoc} */
@Override
public CipherOutputStream getCipherOutputStream(
String cipherTransformation, int keyLengthBits,
@@ -2630,8 +2482,6 @@
return new CipherOutputStream(outputStream, cipher);
}
-
- /** {@inheritDoc} */
@Override
public byte[] decrypt(byte[] data)
throws GeneralSecurityException,
@@ -2710,8 +2560,6 @@
}
}
-
- /** {@inheritDoc} */
@Override
public CipherInputStream getCipherInputStream(
InputStream inputStream) throws CryptoManagerException
@@ -2743,8 +2591,7 @@
ERR_CRYPTOMGR_DECRYPT_FAILED_TO_READ_KEY_IDENTIFIER.get(
"stream underflow"));
}
- keyEntry = CipherKeyEntry.getKeyEntry(this,
- new KeyEntryID(keyID));
+ keyEntry = CipherKeyEntry.getKeyEntry(this, new KeyEntryID(keyID));
if (null == keyEntry) {
throw new CryptoManagerException(
ERR_CRYPTOMGR_DECRYPT_UNKNOWN_KEY_IDENTIFIER.get());
@@ -2768,8 +2615,6 @@
getCipher(keyEntry, Cipher.DECRYPT_MODE, iv));
}
-
- /** {@inheritDoc} */
@Override
public int compress(byte[] src, int srcOff, int srcLen,
byte[] dst, int dstOff, int dstLen)
@@ -2796,8 +2641,6 @@
}
}
-
- /** {@inheritDoc} */
@Override
public int uncompress(byte[] src, int srcOff, int srcLen,
byte[] dst, int dstOff, int dstLen)
@@ -2831,8 +2674,6 @@
}
}
-
- /** {@inheritDoc} */
@Override
public SSLContext getSslContext(String componentName, SortedSet<String> sslCertNicknames) throws ConfigException
{
@@ -2870,29 +2711,24 @@
return sslContext;
}
-
- /** {@inheritDoc} */
@Override
public SortedSet<String> getSslCertNicknames()
{
return sslCertNicknames;
}
- /** {@inheritDoc} */
@Override
public boolean isSslEncryption()
{
return sslEncryption;
}
- /** {@inheritDoc} */
@Override
public SortedSet<String> getSslProtocols()
{
return sslProtocols;
}
- /** {@inheritDoc} */
@Override
public SortedSet<String> getSslCipherSuites()
{
--
Gitblit v1.10.0