/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.flume.channel.file.encryption;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.Key;
import java.security.KeyStore;
import java.util.List;
import java.util.Map;
import javax.crypto.KeyGenerator;
import org.apache.flume.channel.file.TestUtils;
import com.google.common.base.Charsets;
import com.google.common.base.Joiner;
import com.google.common.base.Throwables;
import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
import com.google.common.io.Files;
import com.google.common.io.Resources;
public class EncryptionTestUtils {
private static Key newKey() {
KeyGenerator keyGen;
try {
keyGen = KeyGenerator.getInstance("AES");
Key key = keyGen.generateKey();
return key;
} catch (Exception e) {
throw Throwables.propagate(e);
}
}
public static void createKeyStore(File keyStoreFile,
File keyStorePasswordFile, Map<String, File> keyAliasPassword)
throws Exception {
KeyStore ks = KeyStore.getInstance("jceks");
ks.load(null);
List<String> keysWithSeperatePasswords = Lists.newArrayList();
for(String alias : keyAliasPassword.keySet()) {
Key key = newKey();
char[] password = null;
File passwordFile = keyAliasPassword.get(alias);
if(passwordFile == null) {
password = Files.toString(keyStorePasswordFile, Charsets.UTF_8)
.toCharArray();
} else {
keysWithSeperatePasswords.add(alias);
password = Files.toString(passwordFile, Charsets.UTF_8).toCharArray();
}
ks.setKeyEntry(alias, key, password, null);
}
char[] keyStorePassword = Files.
toString(keyStorePasswordFile, Charsets.UTF_8).toCharArray();
FileOutputStream outputStream = new FileOutputStream(keyStoreFile);
ks.store(outputStream, keyStorePassword);
outputStream.close();
}
public static Map<String, File> configureTestKeyStore(File baseDir,
File keyStoreFile) throws IOException {
Map<String, File> result = Maps.newHashMap();
if (System.getProperty("java.vendor").contains("IBM")) {
Resources.copy(Resources.getResource("ibm-test.keystore"),
new FileOutputStream(keyStoreFile));
} else {
Resources.copy(Resources.getResource("sun-test.keystore"),
new FileOutputStream(keyStoreFile));
}
/*
Commands below:
keytool -genseckey -alias key-0 -keypass keyPassword -keyalg AES \
-keysize 128 -validity 9000 -keystore src/test/resources/test.keystore \
-storetype jceks -storepass keyStorePassword
keytool -genseckey -alias key-1 -keyalg AES -keysize 128 -validity 9000 \
-keystore src/test/resources/test.keystore -storetype jceks \
-storepass keyStorePassword
*/
// key-0 has own password, key-1 used key store password
result.put("key-0",
TestUtils.writeStringToFile(baseDir, "key-0", "keyPassword"));
result.put("key-1", null);
return result;
}
public static Map<String,String> configureForKeyStore(File keyStoreFile,
File keyStorePasswordFile, Map<String, File> keyAliasPassword)
throws Exception {
Map<String, String> context = Maps.newHashMap();
List<String> keys = Lists.newArrayList();
Joiner joiner = Joiner.on(".");
for(String alias : keyAliasPassword.keySet()) {
File passwordFile = keyAliasPassword.get(alias);
if(passwordFile == null) {
keys.add(alias);
} else {
String propertyName = joiner.join(EncryptionConfiguration.KEY_PROVIDER,
EncryptionConfiguration.JCE_FILE_KEYS, alias,
EncryptionConfiguration.JCE_FILE_KEY_PASSWORD_FILE);
keys.add(alias);
context.put(propertyName, passwordFile.getAbsolutePath());
}
}
context.put(joiner.join(EncryptionConfiguration.KEY_PROVIDER,
EncryptionConfiguration.JCE_FILE_KEY_STORE_FILE),
keyStoreFile.getAbsolutePath());
if(keyStorePasswordFile != null) {
context.put(joiner.join(EncryptionConfiguration.KEY_PROVIDER,
EncryptionConfiguration.JCE_FILE_KEY_STORE_PASSWORD_FILE),
keyStorePasswordFile.getAbsolutePath());
}
context.put(joiner.join(EncryptionConfiguration.KEY_PROVIDER,
EncryptionConfiguration.JCE_FILE_KEYS),
Joiner.on(" ").join(keys));
return context;
}
}