Package org.jboss.crypto
Class CryptoUtil
- java.lang.Object
-
- org.jboss.crypto.CryptoUtil
-
public class CryptoUtil extends Object
Various security related utilities like MessageDigest factories, SecureRandom access, password hashing. This product includes software developed by Tom Wu and Eugene Jhong for the SRP Distribution (http://srp.stanford.edu/srp/).- Version:
- $Revision: 62650 $
- Author:
- Scott.Stark@jboss.org
-
-
Field Summary
Fields Modifier and Type Field Description static String
BASE16_ENCODING
static String
BASE64_ENCODING
static String
RFC2617_ENCODING
-
Constructor Summary
Constructors Constructor Description CryptoUtil()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static Object
accessSealedObject(String cipherAlgorithm, Object key, byte[] cipherIV, Object obj)
static byte[]
calculatePasswordHash(String username, char[] password, byte[] salt)
Cacluate the SRP RFC2945 password hash = H(salt | H(username | ':' | password)) where H = SHA secure hash.static byte[]
calculateVerifier(String username, char[] password, byte[] salt, byte[] Nb, byte[] gb)
Calculate x = H(s | H(U | ':' | password)) verifier v = g^x % N described in RFC2945.static byte[]
calculateVerifier(String username, char[] password, byte[] salt, BigInteger N, BigInteger g)
Calculate x = H(s | H(U | ':' | password)) verifier v = g^x % N described in RFC2945.static MessageDigest
copy(MessageDigest md)
static Object
createCipher(String cipherAlgorithm)
static String
createPasswordHash(String hashAlgorithm, String hashEncoding, String hashCharset, String username, String password)
Calculate a password hash using a MessageDigest.static String
createPasswordHash(String hashAlgorithm, String hashEncoding, String hashCharset, String username, String password, DigestCallback callback)
Calculate a password hash using a MessageDigest.static Object
createSealedObject(String cipherAlgorithm, Object key, byte[] cipherIV, Serializable data)
static Object
createSecretKey(String cipherAlgorithm, Object key)
Use reflection to create a javax.crypto.spec.SecretKeySpec to avoid an explicit reference to SecretKeySpec so that the JCE is not needed unless the SRP parameters indicate that encryption is needed.static String
encodeBase16(byte[] bytes)
Hex encoding of hashes, as used by Catalina.static String
encodeBase64(byte[] bytes)
BASE64 encoder implementation.static String
encodeRFC2617(byte[] data)
3.1.3 Representation of digest values An optional header allows the server to specify the algorithm used to create the checksum or digest.static byte[]
fromb64(String str)
static byte[]
generateSeed(int numBytes)
Returns the given number of seed bytes, computed using the seed generation algorithm that this class uses to seed itself.static Random
getPRNG()
static boolean
hasUnlimitedCrypto()
From Appendix E of the JCE ref guide, the xaximum key size allowed by the "Strong" jurisdiction policy files allows a maximum Blowfish cipher size of 128 bits.static void
init()
static void
init(byte[] prngSeed)
static MessageDigest
newDigest()
static void
nextBytes(byte[] bytes)
Generates random bytes and places them into a user-supplied byte array.static double
nextDouble()
Returns the next pseudorandom, uniformly distributed double value between 0.0 and 1.0 from this random number generator's sequence.static long
nextLong()
Returns the next pseudorandom, uniformly distributed long value from this random number generator's sequence.static byte[]
sessionKeyHash(byte[] number)
Perform an interleaved even-odd hash on the byte stringstatic String
tob64(byte[] buffer)
static byte[]
trim(byte[] in)
Treat the input as the MSB representation of a number, and lop off leading zero elements.static byte[]
xor(byte[] b1, byte[] b2, int length)
-
-
-
Field Detail
-
BASE64_ENCODING
public static final String BASE64_ENCODING
- See Also:
- Constant Field Values
-
BASE16_ENCODING
public static final String BASE16_ENCODING
- See Also:
- Constant Field Values
-
RFC2617_ENCODING
public static final String RFC2617_ENCODING
- See Also:
- Constant Field Values
-
-
Method Detail
-
init
public static void init() throws NoSuchAlgorithmException
- Throws:
NoSuchAlgorithmException
-
init
public static void init(byte[] prngSeed) throws NoSuchAlgorithmException
- Throws:
NoSuchAlgorithmException
-
newDigest
public static MessageDigest newDigest()
-
copy
public static MessageDigest copy(MessageDigest md)
-
getPRNG
public static Random getPRNG()
-
nextDouble
public static double nextDouble()
Returns the next pseudorandom, uniformly distributed double value between 0.0 and 1.0 from this random number generator's sequence.
-
nextLong
public static long nextLong()
Returns the next pseudorandom, uniformly distributed long value from this random number generator's sequence. The general contract of nextLong is that one long value is pseudorandomly generated and returned. All 264 possible long values are produced with (approximately) equal probability.
-
nextBytes
public static void nextBytes(byte[] bytes)
Generates random bytes and places them into a user-supplied byte array. The number of random bytes produced is equal to the length of the byte array.
-
generateSeed
public static byte[] generateSeed(int numBytes)
Returns the given number of seed bytes, computed using the seed generation algorithm that this class uses to seed itself. This call may be used to seed other random number generators.
-
calculatePasswordHash
public static byte[] calculatePasswordHash(String username, char[] password, byte[] salt)
Cacluate the SRP RFC2945 password hash = H(salt | H(username | ':' | password)) where H = SHA secure hash. The username is converted to a byte[] using the UTF-8 encoding.
-
calculateVerifier
public static byte[] calculateVerifier(String username, char[] password, byte[] salt, byte[] Nb, byte[] gb)
Calculate x = H(s | H(U | ':' | password)) verifier v = g^x % N described in RFC2945.
-
calculateVerifier
public static byte[] calculateVerifier(String username, char[] password, byte[] salt, BigInteger N, BigInteger g)
Calculate x = H(s | H(U | ':' | password)) verifier v = g^x % N described in RFC2945.
-
sessionKeyHash
public static byte[] sessionKeyHash(byte[] number)
Perform an interleaved even-odd hash on the byte string
-
trim
public static byte[] trim(byte[] in)
Treat the input as the MSB representation of a number, and lop off leading zero elements. For efficiency, the input is simply returned if no leading zeroes are found.
-
xor
public static byte[] xor(byte[] b1, byte[] b2, int length)
-
encodeRFC2617
public static String encodeRFC2617(byte[] data)
3.1.3 Representation of digest values An optional header allows the server to specify the algorithm used to create the checksum or digest. By default the MD5 algorithm is used and that is the only algorithm described in this document. For the purposes of this document, an MD5 digest of 128 bits is represented as 32 ASCII printable characters. The bits in the 128 bit digest are converted from most significant to least significant bit, four bits at a time to their ASCII presentation as follows. Each four bits is represented by its familiar hexadecimal notation from the characters 0123456789abcdef. That is, binary 0000 getInfos represented by the character '0', 0001, by '1', and so on up to the representation of 1111 as 'f'.- Parameters:
data
- - the raw MD5 hash data- Returns:
- the encoded MD5 representation
-
encodeBase16
public static String encodeBase16(byte[] bytes)
Hex encoding of hashes, as used by Catalina. Each byte is converted to the corresponding two hex characters.
-
encodeBase64
public static String encodeBase64(byte[] bytes)
BASE64 encoder implementation. Provides encoding methods, using the BASE64 encoding rules, as defined in the MIME specification, rfc1521.
-
createPasswordHash
public static String createPasswordHash(String hashAlgorithm, String hashEncoding, String hashCharset, String username, String password)
Calculate a password hash using a MessageDigest.- Parameters:
hashAlgorithm
- - the MessageDigest algorithm namehashEncoding
- - either base64 or hex to specify the type of encoding the MessageDigest as a string.hashCharset
- - the charset used to create the byte[] passed to the MessageDigestfrom the password String. If null the platform default is used.username
- - ignored in default versionpassword
- - the password string to be hashed- Returns:
- the hashed string if successful, null if there is a digest exception
-
createPasswordHash
public static String createPasswordHash(String hashAlgorithm, String hashEncoding, String hashCharset, String username, String password, DigestCallback callback)
Calculate a password hash using a MessageDigest.- Parameters:
hashAlgorithm
- - the MessageDigest algorithm namehashEncoding
- - either base64 or hex to specify the type of encoding the MessageDigest as a string.hashCharset
- - the charset used to create the byte[] passed to the MessageDigestfrom the password String. If null the platform default is used.username
- - ignored in default versionpassword
- - the password string to be hashedcallback
- - the callback used to allow customization of the hash to occur. The preDigest method is called before the password is added and the postDigest method is called after the password has been added.- Returns:
- the hashed string if successful, null if there is a digest exception
-
tob64
public static String tob64(byte[] buffer)
-
fromb64
public static byte[] fromb64(String str) throws NumberFormatException
- Throws:
NumberFormatException
-
hasUnlimitedCrypto
public static boolean hasUnlimitedCrypto()
From Appendix E of the JCE ref guide, the xaximum key size allowed by the "Strong" jurisdiction policy files allows a maximum Blowfish cipher size of 128 bits.- Returns:
- true if a Blowfish key can be initialized with 256 bit size, false otherwise.
-
createSecretKey
public static Object createSecretKey(String cipherAlgorithm, Object key) throws KeyException
Use reflection to create a javax.crypto.spec.SecretKeySpec to avoid an explicit reference to SecretKeySpec so that the JCE is not needed unless the SRP parameters indicate that encryption is needed.- Returns:
- a javax.cyrpto.SecretKey
- Throws:
KeyException
-
createCipher
public static Object createCipher(String cipherAlgorithm) throws GeneralSecurityException
- Parameters:
cipherAlgorithm
-- Returns:
- A javax.crypto.Cipher
- Throws:
GeneralSecurityException
-
createSealedObject
public static Object createSealedObject(String cipherAlgorithm, Object key, byte[] cipherIV, Serializable data) throws GeneralSecurityException
- Throws:
GeneralSecurityException
-
accessSealedObject
public static Object accessSealedObject(String cipherAlgorithm, Object key, byte[] cipherIV, Object obj) throws GeneralSecurityException
- Throws:
GeneralSecurityException
-
-