Github user alopresto commented on a diff in the pull request:
https://github.com/apache/nifi/pull/1686#discussion_r113014671
--- Diff:
nifi-commons/nifi-data-provenance-utils/src/main/java/org/apache/nifi/provenance/CryptoUtils.java
---
@@ -0,0 +1,228 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.provenance;
+
+import java.io.BufferedReader;
+import java.io.ByteArrayOutputStream;
+import java.io.File;
+import java.io.FileReader;
+import java.io.IOException;
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
+import java.util.Arrays;
+import java.util.Base64;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.regex.Pattern;
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.nifi.security.util.EncryptionMethod;
+import org.apache.nifi.security.util.crypto.AESKeyedCipherProvider;
+import org.apache.nifi.util.NiFiProperties;
+import org.bouncycastle.util.encoders.Hex;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class CryptoUtils {
+ private static final Logger logger =
LoggerFactory.getLogger(StaticKeyProvider.class);
+ private static final String STATIC_KEY_PROVIDER_CLASS_NAME =
"org.apache.nifi.provenance.StaticKeyProvider";
+ private static final String FILE_BASED_KEY_PROVIDER_CLASS_NAME =
"org.apache.nifi.provenance.FileBasedKeyProvider";
+ private static final Pattern HEX_PATTERN =
Pattern.compile("(?i)^[0-9a-f]+$");
+
+ public static final int IV_LENGTH = 16;
+
+ public static boolean isUnlimitedStrengthCryptoAvailable() {
+ try {
+ return Cipher.getMaxAllowedKeyLength("AES") > 128;
+ } catch (NoSuchAlgorithmException e) {
+ logger.warn("Tried to determine if unlimited strength crypto
is available but the AES algorithm is not available");
+ return false;
+ }
+ }
+
+ /**
+ * Utility method which returns true if the string is null, empty, or
entirely whitespace.
+ *
+ * @param src the string to evaluate
+ * @return true if empty
+ */
+ public static boolean isEmpty(String src) {
+ return src == null || src.trim().isEmpty();
+ }
+
+ /**
+ * Concatenates multiple byte[] into a single byte[]. Because it uses
a {@link ByteArrayOutputStream}
+ * rather than {@link System#arraycopy(Object, int, Object, int, int)}
the performance is much better
+ * with an arbitrary number of input byte[]s.
+ *
+ * @param arrays the component byte[] in order
+ * @return a concatenated byte[]
+ * @throws IOException this should never be thrown
+ */
+ public static byte[] concatByteArrays(byte[]... arrays) throws
IOException {
+ ByteArrayOutputStream boas = new ByteArrayOutputStream();
--- End diff --
I was curious about this, so I added an implementation as you described
above and compared them. The BAOS is definitely faster for small byte[], but
slower for large ones. Interesting.
```java
public static byte[] concatByteArrays(byte[]... arrays) throws
IOException {
int totalByteLength = 0;
for (byte[] bytes : arrays) {
totalByteLength += bytes.length;
}
byte[] totalBytes = new byte[totalByteLength];
int currentLength = 0;
for (byte[] bytes : arrays) {
System.arraycopy(bytes, 0, totalBytes, currentLength,
bytes.length);
currentLength += bytes.length;
}
return totalBytes;
}
public static byte[] concatByteArraysWithBAOS(byte[]... arrays) throws
IOException {
ByteArrayOutputStream boas = new ByteArrayOutputStream();
for (byte[] arr : arrays) {
boas.write(arr);
}
return boas.toByteArray();
}
```
```
Calculating small/small -- 3 arrays with avg length 11
Ran 100 of small/small (traditional) with a total wall time of 28720012 ns
and average run of 195354 ns
Ran 100 of small/small (BAOS) with a total wall time of 6745072 ns and
average run of 12300 ns
Calculating small/large -- 2 arrays with avg length 567
Ran 100 of small/large (traditional) with a total wall time of 2712642 ns
and average run of 5807 ns
Ran 100 of small/large (BAOS) with a total wall time of 3774826 ns and
average run of 11078 ns
Calculating large/small -- 145 arrays with avg length 8
Ran 100 of large/small (traditional) with a total wall time of 5173622 ns
and average run of 27214 ns
Ran 100 of large/small (BAOS) with a total wall time of 5120322 ns and
average run of 27663 ns
Calculating large/large -- 182 arrays with avg length 534
Ran 100 of large/large (traditional) with a total wall time of 11537912 ns
and average run of 83769 ns
Ran 100 of large/large (BAOS) with a total wall time of 65845017 ns and
average run of 612915 ns
```
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
