This is an automated email from the ASF dual-hosted git repository. btellier pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/james-project.git
commit 18676437865ca4926ce799f3d8bba52fef51c186 Author: Benoit Tellier <[email protected]> AuthorDate: Thu Mar 25 14:29:23 2021 +0700 JAMES-3524 Restore classes deleted after S3 blobStore rewrite Credit: Jean HELOU Restored from: https://github.com/apache/james-project/tree/james-project-3.5.0/server/blob/blob-objectstorage/src/main/java/org/apache/james/blob/objectstorage/crypto --- .../org/apache/james/blob/aes/CryptoConfig.java | 45 +++++++++++++++++ .../apache/james/blob/aes/CryptoConfigBuilder.java | 48 ++++++++++++++++++ .../org/apache/james/blob/aes/CryptoException.java | 34 +++++++++++++ .../james/blob/aes/PBKDF2StreamingAeadFactory.java | 59 ++++++++++++++++++++++ 4 files changed, 186 insertions(+) diff --git a/server/blob/blob-aes/src/main/java/org/apache/james/blob/aes/CryptoConfig.java b/server/blob/blob-aes/src/main/java/org/apache/james/blob/aes/CryptoConfig.java new file mode 100644 index 0000000..0625535 --- /dev/null +++ b/server/blob/blob-aes/src/main/java/org/apache/james/blob/aes/CryptoConfig.java @@ -0,0 +1,45 @@ +/**************************************************************** + * Licensed to the Apache Software Foundation (ASF) under one * + * or more contributor license agreements. See the NOTICE file * + * distributed with this work for additional information * + * regarding copyright ownership. The ASF licenses this file * + * to you under the Apache License, Version 2.0 (the * + * "License"); you may not use this file except in compliance * + * with the License. You may obtain a copy of the License at * + * * + * http://www.apache.org/licenses/LICENSE-2.0 * + * * + * Unless required by applicable law or agreed to in writing, * + * software distributed under the License is distributed on an * + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * + * KIND, either express or implied. See the License for the * + * specific language governing permissions and limitations * + * under the License. * + ****************************************************************/ + +package org.apache.james.blob.aes; + +import com.google.crypto.tink.subtle.Hex; + +public class CryptoConfig { + + public static CryptoConfigBuilder builder() { + return new CryptoConfigBuilder(); + } + + private final String salt; + private final char[] password; + + public CryptoConfig(String salt, char[] password) { + this.salt = salt; + this.password = password; + } + + public byte[] salt() { + return Hex.decode(salt); + } + + public char[] password() { + return password; + } +} \ No newline at end of file diff --git a/server/blob/blob-aes/src/main/java/org/apache/james/blob/aes/CryptoConfigBuilder.java b/server/blob/blob-aes/src/main/java/org/apache/james/blob/aes/CryptoConfigBuilder.java new file mode 100644 index 0000000..f3c9916 --- /dev/null +++ b/server/blob/blob-aes/src/main/java/org/apache/james/blob/aes/CryptoConfigBuilder.java @@ -0,0 +1,48 @@ +/**************************************************************** + * Licensed to the Apache Software Foundation (ASF) under one * + * or more contributor license agreements. See the NOTICE file * + * distributed with this work for additional information * + * regarding copyright ownership. The ASF licenses this file * + * to you under the Apache License, Version 2.0 (the * + * "License"); you may not use this file except in compliance * + * with the License. You may obtain a copy of the License at * + * * + * http://www.apache.org/licenses/LICENSE-2.0 * + * * + * Unless required by applicable law or agreed to in writing, * + * software distributed under the License is distributed on an * + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * + * KIND, either express or implied. See the License for the * + * specific language governing permissions and limitations * + * under the License. * + ****************************************************************/ + +package org.apache.james.blob.aes; + +import com.google.common.base.Preconditions; +import com.google.common.base.Strings; +import com.google.crypto.tink.subtle.Hex; + +public class CryptoConfigBuilder { + private String salt; + private char[] password; + + CryptoConfigBuilder() { + } + + public CryptoConfigBuilder salt(String salt) { + this.salt = salt; + return this; + } + + public CryptoConfigBuilder password(char[] password) { + this.password = password; + return this; + } + + public CryptoConfig build() { + Preconditions.checkState(!Strings.isNullOrEmpty(salt)); + Preconditions.checkState(password != null && password.length > 0); + return new CryptoConfig(Hex.encode(Hex.decode(salt)), password); + } +} \ No newline at end of file diff --git a/server/blob/blob-aes/src/main/java/org/apache/james/blob/aes/CryptoException.java b/server/blob/blob-aes/src/main/java/org/apache/james/blob/aes/CryptoException.java new file mode 100644 index 0000000..c8f0a91 --- /dev/null +++ b/server/blob/blob-aes/src/main/java/org/apache/james/blob/aes/CryptoException.java @@ -0,0 +1,34 @@ +/**************************************************************** + * Licensed to the Apache Software Foundation (ASF) under one * + * or more contributor license agreements. See the NOTICE file * + * distributed with this work for additional information * + * regarding copyright ownership. The ASF licenses this file * + * to you under the Apache License, Version 2.0 (the * + * "License"); you may not use this file except in compliance * + * with the License. You may obtain a copy of the License at * + * * + * http://www.apache.org/licenses/LICENSE-2.0 * + * * + * Unless required by applicable law or agreed to in writing, * + * software distributed under the License is distributed on an * + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * + * KIND, either express or implied. See the License for the * + * specific language governing permissions and limitations * + * under the License. * + ****************************************************************/ + +package org.apache.james.blob.aes; + +public class CryptoException extends RuntimeException { + public CryptoException() { + super(); + } + + public CryptoException(String message) { + super(message); + } + + public CryptoException(String message, Throwable cause) { + super(message, cause); + } +} \ No newline at end of file diff --git a/server/blob/blob-aes/src/main/java/org/apache/james/blob/aes/PBKDF2StreamingAeadFactory.java b/server/blob/blob-aes/src/main/java/org/apache/james/blob/aes/PBKDF2StreamingAeadFactory.java new file mode 100644 index 0000000..d3ca2b0 --- /dev/null +++ b/server/blob/blob-aes/src/main/java/org/apache/james/blob/aes/PBKDF2StreamingAeadFactory.java @@ -0,0 +1,59 @@ +/**************************************************************** + * Licensed to the Apache Software Foundation (ASF) under one * + * or more contributor license agreements. See the NOTICE file * + * distributed with this work for additional information * + * regarding copyright ownership. The ASF licenses this file * + * to you under the Apache License, Version 2.0 (the * + * "License"); you may not use this file except in compliance * + * with the License. You may obtain a copy of the License at * + * * + * http://www.apache.org/licenses/LICENSE-2.0 * + * * + * Unless required by applicable law or agreed to in writing, * + * software distributed under the License is distributed on an * + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * + * KIND, either express or implied. See the License for the * + * specific language governing permissions and limitations * + * under the License. * + ****************************************************************/ + +package org.apache.james.blob.aes; + +import java.security.GeneralSecurityException; +import java.security.NoSuchAlgorithmException; +import java.security.spec.InvalidKeySpecException; + +import javax.crypto.SecretKey; +import javax.crypto.SecretKeyFactory; +import javax.crypto.spec.PBEKeySpec; + +import com.google.crypto.tink.subtle.AesGcmHkdfStreaming; + +public class PBKDF2StreamingAeadFactory { + private static final int PBKDF2_ITERATIONS = 65536; + private static final int KEY_SIZE = 256; + private static final String SECRET_KEY_FACTORY_ALGORITHM = "PBKDF2WithHmacSHA1"; + private static final String HKDF_ALGO = "HmacSha256"; + private static final int KEY_SIZE_IN_BYTES = 32; + private static final int SEGMENT_SIZE = 4096; + private static final int OFFSET = 0; + public static final byte[] EMPTY_ASSOCIATED_DATA = new byte[0]; + + public static AesGcmHkdfStreaming newAesGcmHkdfStreaming(CryptoConfig config) { + try { + SecretKey secretKey = deriveKey(config); + return new AesGcmHkdfStreaming(secretKey.getEncoded(), HKDF_ALGO, KEY_SIZE_IN_BYTES, SEGMENT_SIZE, OFFSET); + } catch (GeneralSecurityException e) { + throw new CryptoException("Incorrect crypto setup", e); + + } + } + + private static SecretKey deriveKey(CryptoConfig cryptoConfig) + throws NoSuchAlgorithmException, InvalidKeySpecException { + byte[] saltBytes = cryptoConfig.salt(); + SecretKeyFactory skf = SecretKeyFactory.getInstance(SECRET_KEY_FACTORY_ALGORITHM); + PBEKeySpec spec = new PBEKeySpec(cryptoConfig.password(), saltBytes, PBKDF2_ITERATIONS, KEY_SIZE); + return skf.generateSecret(spec); + } +} \ No newline at end of file --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
