Class CryptoUtil


  • public class CryptoUtil
    extends Object
    Various security related utilities like MessageDigest factories, SecureRandom access, password hashing. This product includes software developed by Tom Wu and Eugene Jhong for the SRP Distribution (http://srp.stanford.edu/srp/).
    Version:
    $Revision: 62650 $
    Author:
    Scott.Stark@jboss.org
    • Constructor Detail

      • CryptoUtil

        public CryptoUtil()
    • Method Detail

      • getPRNG

        public static Random getPRNG()
      • nextDouble

        public static double nextDouble()
        Returns the next pseudorandom, uniformly distributed double value between 0.0 and 1.0 from this random number generator's sequence.
      • nextLong

        public static long nextLong()
        Returns the next pseudorandom, uniformly distributed long value from this random number generator's sequence. The general contract of nextLong is that one long value is pseudorandomly generated and returned. All 264 possible long values are produced with (approximately) equal probability.
      • nextBytes

        public static void nextBytes​(byte[] bytes)
        Generates random bytes and places them into a user-supplied byte array. The number of random bytes produced is equal to the length of the byte array.
      • generateSeed

        public static byte[] generateSeed​(int numBytes)
        Returns the given number of seed bytes, computed using the seed generation algorithm that this class uses to seed itself. This call may be used to seed other random number generators.
      • calculatePasswordHash

        public static byte[] calculatePasswordHash​(String username,
                                                   char[] password,
                                                   byte[] salt)
        Cacluate the SRP RFC2945 password hash = H(salt | H(username | ':' | password)) where H = SHA secure hash. The username is converted to a byte[] using the UTF-8 encoding.
      • calculateVerifier

        public static byte[] calculateVerifier​(String username,
                                               char[] password,
                                               byte[] salt,
                                               byte[] Nb,
                                               byte[] gb)
        Calculate x = H(s | H(U | ':' | password)) verifier v = g^x % N described in RFC2945.
      • calculateVerifier

        public static byte[] calculateVerifier​(String username,
                                               char[] password,
                                               byte[] salt,
                                               BigInteger N,
                                               BigInteger g)
        Calculate x = H(s | H(U | ':' | password)) verifier v = g^x % N described in RFC2945.
      • sessionKeyHash

        public static byte[] sessionKeyHash​(byte[] number)
        Perform an interleaved even-odd hash on the byte string
      • trim

        public static byte[] trim​(byte[] in)
        Treat the input as the MSB representation of a number, and lop off leading zero elements. For efficiency, the input is simply returned if no leading zeroes are found.
      • xor

        public static byte[] xor​(byte[] b1,
                                 byte[] b2,
                                 int length)
      • encodeRFC2617

        public static String encodeRFC2617​(byte[] data)
        3.1.3 Representation of digest values An optional header allows the server to specify the algorithm used to create the checksum or digest. By default the MD5 algorithm is used and that is the only algorithm described in this document. For the purposes of this document, an MD5 digest of 128 bits is represented as 32 ASCII printable characters. The bits in the 128 bit digest are converted from most significant to least significant bit, four bits at a time to their ASCII presentation as follows. Each four bits is represented by its familiar hexadecimal notation from the characters 0123456789abcdef. That is, binary 0000 getInfos represented by the character '0', 0001, by '1', and so on up to the representation of 1111 as 'f'.
        Parameters:
        data - - the raw MD5 hash data
        Returns:
        the encoded MD5 representation
      • encodeBase16

        public static String encodeBase16​(byte[] bytes)
        Hex encoding of hashes, as used by Catalina. Each byte is converted to the corresponding two hex characters.
      • encodeBase64

        public static String encodeBase64​(byte[] bytes)
        BASE64 encoder implementation. Provides encoding methods, using the BASE64 encoding rules, as defined in the MIME specification, rfc1521.
      • createPasswordHash

        public static String createPasswordHash​(String hashAlgorithm,
                                                String hashEncoding,
                                                String hashCharset,
                                                String username,
                                                String password)
        Calculate a password hash using a MessageDigest.
        Parameters:
        hashAlgorithm - - the MessageDigest algorithm name
        hashEncoding - - either base64 or hex to specify the type of encoding the MessageDigest as a string.
        hashCharset - - the charset used to create the byte[] passed to the MessageDigestfrom the password String. If null the platform default is used.
        username - - ignored in default version
        password - - the password string to be hashed
        Returns:
        the hashed string if successful, null if there is a digest exception
      • createPasswordHash

        public static String createPasswordHash​(String hashAlgorithm,
                                                String hashEncoding,
                                                String hashCharset,
                                                String username,
                                                String password,
                                                DigestCallback callback)
        Calculate a password hash using a MessageDigest.
        Parameters:
        hashAlgorithm - - the MessageDigest algorithm name
        hashEncoding - - either base64 or hex to specify the type of encoding the MessageDigest as a string.
        hashCharset - - the charset used to create the byte[] passed to the MessageDigestfrom the password String. If null the platform default is used.
        username - - ignored in default version
        password - - the password string to be hashed
        callback - - the callback used to allow customization of the hash to occur. The preDigest method is called before the password is added and the postDigest method is called after the password has been added.
        Returns:
        the hashed string if successful, null if there is a digest exception
      • tob64

        public static String tob64​(byte[] buffer)
      • hasUnlimitedCrypto

        public static boolean hasUnlimitedCrypto()
        From Appendix E of the JCE ref guide, the xaximum key size allowed by the "Strong" jurisdiction policy files allows a maximum Blowfish cipher size of 128 bits.
        Returns:
        true if a Blowfish key can be initialized with 256 bit size, false otherwise.
      • createSecretKey

        public static Object createSecretKey​(String cipherAlgorithm,
                                             Object key)
                                      throws KeyException
        Use reflection to create a javax.crypto.spec.SecretKeySpec to avoid an explicit reference to SecretKeySpec so that the JCE is not needed unless the SRP parameters indicate that encryption is needed.
        Returns:
        a javax.cyrpto.SecretKey
        Throws:
        KeyException