You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@james.apache.org by bt...@apache.org on 2021/04/02 01:34:29 UTC
[james-project] 02/08: JAMES-3524 Restore classes deleted after S3
blobStore rewrite
This is an automated email from the ASF dual-hosted git repository.
btellier pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/james-project.git
commit 18676437865ca4926ce799f3d8bba52fef51c186
Author: Benoit Tellier <bt...@linagora.com>
AuthorDate: Thu Mar 25 14:29:23 2021 +0700
JAMES-3524 Restore classes deleted after S3 blobStore rewrite
Credit: Jean HELOU
Restored from: https://github.com/apache/james-project/tree/james-project-3.5.0/server/blob/blob-objectstorage/src/main/java/org/apache/james/blob/objectstorage/crypto
---
.../org/apache/james/blob/aes/CryptoConfig.java | 45 +++++++++++++++++
.../apache/james/blob/aes/CryptoConfigBuilder.java | 48 ++++++++++++++++++
.../org/apache/james/blob/aes/CryptoException.java | 34 +++++++++++++
.../james/blob/aes/PBKDF2StreamingAeadFactory.java | 59 ++++++++++++++++++++++
4 files changed, 186 insertions(+)
diff --git a/server/blob/blob-aes/src/main/java/org/apache/james/blob/aes/CryptoConfig.java b/server/blob/blob-aes/src/main/java/org/apache/james/blob/aes/CryptoConfig.java
new file mode 100644
index 0000000..0625535
--- /dev/null
+++ b/server/blob/blob-aes/src/main/java/org/apache/james/blob/aes/CryptoConfig.java
@@ -0,0 +1,45 @@
+/****************************************************************
+ * Licensed to the Apache Software Foundation (ASF) under one *
+ * or more contributor license agreements. See the NOTICE file *
+ * distributed with this work for additional information *
+ * regarding copyright ownership. The ASF licenses this file *
+ * to you under the Apache License, Version 2.0 (the *
+ * "License"); you may not use this file except in compliance *
+ * with the License. You may obtain a copy of the License at *
+ * *
+ * http://www.apache.org/licenses/LICENSE-2.0 *
+ * *
+ * Unless required by applicable law or agreed to in writing, *
+ * software distributed under the License is distributed on an *
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY *
+ * KIND, either express or implied. See the License for the *
+ * specific language governing permissions and limitations *
+ * under the License. *
+ ****************************************************************/
+
+package org.apache.james.blob.aes;
+
+import com.google.crypto.tink.subtle.Hex;
+
+public class CryptoConfig {
+
+ public static CryptoConfigBuilder builder() {
+ return new CryptoConfigBuilder();
+ }
+
+ private final String salt;
+ private final char[] password;
+
+ public CryptoConfig(String salt, char[] password) {
+ this.salt = salt;
+ this.password = password;
+ }
+
+ public byte[] salt() {
+ return Hex.decode(salt);
+ }
+
+ public char[] password() {
+ return password;
+ }
+}
\ No newline at end of file
diff --git a/server/blob/blob-aes/src/main/java/org/apache/james/blob/aes/CryptoConfigBuilder.java b/server/blob/blob-aes/src/main/java/org/apache/james/blob/aes/CryptoConfigBuilder.java
new file mode 100644
index 0000000..f3c9916
--- /dev/null
+++ b/server/blob/blob-aes/src/main/java/org/apache/james/blob/aes/CryptoConfigBuilder.java
@@ -0,0 +1,48 @@
+/****************************************************************
+ * Licensed to the Apache Software Foundation (ASF) under one *
+ * or more contributor license agreements. See the NOTICE file *
+ * distributed with this work for additional information *
+ * regarding copyright ownership. The ASF licenses this file *
+ * to you under the Apache License, Version 2.0 (the *
+ * "License"); you may not use this file except in compliance *
+ * with the License. You may obtain a copy of the License at *
+ * *
+ * http://www.apache.org/licenses/LICENSE-2.0 *
+ * *
+ * Unless required by applicable law or agreed to in writing, *
+ * software distributed under the License is distributed on an *
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY *
+ * KIND, either express or implied. See the License for the *
+ * specific language governing permissions and limitations *
+ * under the License. *
+ ****************************************************************/
+
+package org.apache.james.blob.aes;
+
+import com.google.common.base.Preconditions;
+import com.google.common.base.Strings;
+import com.google.crypto.tink.subtle.Hex;
+
+public class CryptoConfigBuilder {
+ private String salt;
+ private char[] password;
+
+ CryptoConfigBuilder() {
+ }
+
+ public CryptoConfigBuilder salt(String salt) {
+ this.salt = salt;
+ return this;
+ }
+
+ public CryptoConfigBuilder password(char[] password) {
+ this.password = password;
+ return this;
+ }
+
+ public CryptoConfig build() {
+ Preconditions.checkState(!Strings.isNullOrEmpty(salt));
+ Preconditions.checkState(password != null && password.length > 0);
+ return new CryptoConfig(Hex.encode(Hex.decode(salt)), password);
+ }
+}
\ No newline at end of file
diff --git a/server/blob/blob-aes/src/main/java/org/apache/james/blob/aes/CryptoException.java b/server/blob/blob-aes/src/main/java/org/apache/james/blob/aes/CryptoException.java
new file mode 100644
index 0000000..c8f0a91
--- /dev/null
+++ b/server/blob/blob-aes/src/main/java/org/apache/james/blob/aes/CryptoException.java
@@ -0,0 +1,34 @@
+/****************************************************************
+ * Licensed to the Apache Software Foundation (ASF) under one *
+ * or more contributor license agreements. See the NOTICE file *
+ * distributed with this work for additional information *
+ * regarding copyright ownership. The ASF licenses this file *
+ * to you under the Apache License, Version 2.0 (the *
+ * "License"); you may not use this file except in compliance *
+ * with the License. You may obtain a copy of the License at *
+ * *
+ * http://www.apache.org/licenses/LICENSE-2.0 *
+ * *
+ * Unless required by applicable law or agreed to in writing, *
+ * software distributed under the License is distributed on an *
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY *
+ * KIND, either express or implied. See the License for the *
+ * specific language governing permissions and limitations *
+ * under the License. *
+ ****************************************************************/
+
+package org.apache.james.blob.aes;
+
+public class CryptoException extends RuntimeException {
+ public CryptoException() {
+ super();
+ }
+
+ public CryptoException(String message) {
+ super(message);
+ }
+
+ public CryptoException(String message, Throwable cause) {
+ super(message, cause);
+ }
+}
\ No newline at end of file
diff --git a/server/blob/blob-aes/src/main/java/org/apache/james/blob/aes/PBKDF2StreamingAeadFactory.java b/server/blob/blob-aes/src/main/java/org/apache/james/blob/aes/PBKDF2StreamingAeadFactory.java
new file mode 100644
index 0000000..d3ca2b0
--- /dev/null
+++ b/server/blob/blob-aes/src/main/java/org/apache/james/blob/aes/PBKDF2StreamingAeadFactory.java
@@ -0,0 +1,59 @@
+/****************************************************************
+ * Licensed to the Apache Software Foundation (ASF) under one *
+ * or more contributor license agreements. See the NOTICE file *
+ * distributed with this work for additional information *
+ * regarding copyright ownership. The ASF licenses this file *
+ * to you under the Apache License, Version 2.0 (the *
+ * "License"); you may not use this file except in compliance *
+ * with the License. You may obtain a copy of the License at *
+ * *
+ * http://www.apache.org/licenses/LICENSE-2.0 *
+ * *
+ * Unless required by applicable law or agreed to in writing, *
+ * software distributed under the License is distributed on an *
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY *
+ * KIND, either express or implied. See the License for the *
+ * specific language governing permissions and limitations *
+ * under the License. *
+ ****************************************************************/
+
+package org.apache.james.blob.aes;
+
+import java.security.GeneralSecurityException;
+import java.security.NoSuchAlgorithmException;
+import java.security.spec.InvalidKeySpecException;
+
+import javax.crypto.SecretKey;
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.PBEKeySpec;
+
+import com.google.crypto.tink.subtle.AesGcmHkdfStreaming;
+
+public class PBKDF2StreamingAeadFactory {
+ private static final int PBKDF2_ITERATIONS = 65536;
+ private static final int KEY_SIZE = 256;
+ private static final String SECRET_KEY_FACTORY_ALGORITHM = "PBKDF2WithHmacSHA1";
+ private static final String HKDF_ALGO = "HmacSha256";
+ private static final int KEY_SIZE_IN_BYTES = 32;
+ private static final int SEGMENT_SIZE = 4096;
+ private static final int OFFSET = 0;
+ public static final byte[] EMPTY_ASSOCIATED_DATA = new byte[0];
+
+ public static AesGcmHkdfStreaming newAesGcmHkdfStreaming(CryptoConfig config) {
+ try {
+ SecretKey secretKey = deriveKey(config);
+ return new AesGcmHkdfStreaming(secretKey.getEncoded(), HKDF_ALGO, KEY_SIZE_IN_BYTES, SEGMENT_SIZE, OFFSET);
+ } catch (GeneralSecurityException e) {
+ throw new CryptoException("Incorrect crypto setup", e);
+
+ }
+ }
+
+ private static SecretKey deriveKey(CryptoConfig cryptoConfig)
+ throws NoSuchAlgorithmException, InvalidKeySpecException {
+ byte[] saltBytes = cryptoConfig.salt();
+ SecretKeyFactory skf = SecretKeyFactory.getInstance(SECRET_KEY_FACTORY_ALGORITHM);
+ PBEKeySpec spec = new PBEKeySpec(cryptoConfig.password(), saltBytes, PBKDF2_ITERATIONS, KEY_SIZE);
+ return skf.generateSecret(spec);
+ }
+}
\ No newline at end of file
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For additional commands, e-mail: notifications-help@james.apache.org