nifi-registry-security-utils/src/main/java/org/apache/nifi/registry/security/util/CryptoUtils.java - nifi-registry - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.apache.nifi.registry.security.util;

 import javax.crypto.Cipher;
 import java.security.NoSuchAlgorithmException;

 public class CryptoUtils {

     /**
      *  Required Cipher transformations according to Java SE 8 {@link Cipher} docs
      */
     private static final String[] standardCryptoTransformations = {
         "AES/CBC/NoPadding",
         "AES/CBC/PKCS5Padding",
         "AES/ECB/NoPadding",
         "AES/ECB/PKCS5Padding",
         "DES/CBC/NoPadding",
         "DES/CBC/PKCS5Padding",
         "DES/ECB/NoPadding",
         "DES/ECB/PKCS5Padding",
         "DESede/CBC/NoPadding",
         "DESede/CBC/PKCS5Padding",
         "DESede/ECB/NoPadding",
         "DESede/ECB/PKCS5Padding",
         "RSA/ECB/PKCS1Padding",
         "RSA/ECB/OAEPWithSHA-1AndMGF1Padding",
         "RSA/ECB/OAEPWithSHA-256AndMGF1Padding"
     };

     /**
      * Check if cryptographic strength available in this Java Runtime is restricted.
      *
      * Not every Java Platform supports "unlimited strength encryption",
      * so this convenience method provides a way to check if strength of crypto
      * functions (i.e., max key length) is unlimited or restricted in the
      * current Java runtime environment.
      *
      * @return true if it can be determined that max key lengths are less than unlimited
      *         false if key lengths are restricted
      *         null if max key length cannot be determined for any known Cipher transformations */
     public static Boolean isCryptoRestricted() {

         Boolean isCryptoRestricted = null;

         for (String transformation : standardCryptoTransformations) {
             try {
                 return Cipher.getMaxAllowedKeyLength(transformation) < Integer.MAX_VALUE;
             } catch (final NoSuchAlgorithmException e) {
                 // Unexpected as we are pulling from a list of transforms that every
                 // java platform is required to support, but try the next one
             }
         }

         // Tried every standard Cipher transformation and none were available,
         // so crypto strength restrictions cannot be determined.
         return null;

     }

 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package org.apache.nifi.registry.security.util;

	import javax.crypto.Cipher;
	import java.security.NoSuchAlgorithmException;

	public class CryptoUtils {

	/**
	* Required Cipher transformations according to Java SE 8 {@link Cipher} docs
	*/
	private static final String[] standardCryptoTransformations = {
	"AES/CBC/NoPadding",
	"AES/CBC/PKCS5Padding",
	"AES/ECB/NoPadding",
	"AES/ECB/PKCS5Padding",
	"DES/CBC/NoPadding",
	"DES/CBC/PKCS5Padding",
	"DES/ECB/NoPadding",
	"DES/ECB/PKCS5Padding",
	"DESede/CBC/NoPadding",
	"DESede/CBC/PKCS5Padding",
	"DESede/ECB/NoPadding",
	"DESede/ECB/PKCS5Padding",
	"RSA/ECB/PKCS1Padding",
	"RSA/ECB/OAEPWithSHA-1AndMGF1Padding",
	"RSA/ECB/OAEPWithSHA-256AndMGF1Padding"
	};

	/**
	* Check if cryptographic strength available in this Java Runtime is restricted.
	*
	* Not every Java Platform supports "unlimited strength encryption",
	* so this convenience method provides a way to check if strength of crypto
	* functions (i.e., max key length) is unlimited or restricted in the
	* current Java runtime environment.
	*
	* @return true if it can be determined that max key lengths are less than unlimited
	* false if key lengths are restricted
	* null if max key length cannot be determined for any known Cipher transformations */
	public static Boolean isCryptoRestricted() {

	Boolean isCryptoRestricted = null;

	for (String transformation : standardCryptoTransformations) {
	try {
	return Cipher.getMaxAllowedKeyLength(transformation) < Integer.MAX_VALUE;
	} catch (final NoSuchAlgorithmException e) {
	// Unexpected as we are pulling from a list of transforms that every
	// java platform is required to support, but try the next one
	}
	}

	// Tried every standard Cipher transformation and none were available,
	// so crypto strength restrictions cannot be determined.
	return null;

	}

	}