public final class SecurityUtils extends Object
Modifier and Type | Field and Description |
---|---|
static String |
BOUNCY_CASTLE
Bouncycastle JCE provider name
|
static String |
CURVE_ED25519_SHA512 |
static int |
DEFAULT_DHGEX_KEY_SIZE |
static List<String> |
DEFAULT_SECURITY_PROVIDER_REGISTRARS |
static String |
ECC_SUPPORTED_PROP
System property used to control whether Elliptic Curves are supported or not.
|
static String |
EDDSA
EDDSA support - should match
EdDSAKey.KEY_ALGORITHM |
static String |
EDDSA_SUPPORTED_PROP
Deprecated.
Please use "org.apache.sshd.security.provider.EdDSA.enabled&qupt;
|
static int |
MAX_DHGEX_KEY_SIZE |
static String |
MAX_DHGEX_KEY_SIZE_PROP
System property used to configure the value for the maximum supported Diffie-Hellman
Group Exchange key size.
|
static int |
MIN_DHGEX_KEY_SIZE
The min.
|
static int |
PREFERRED_DHGEX_KEY_SIZE |
static String |
PROP_DEFAULT_SECURITY_PROVIDER |
static String |
REGISTER_BOUNCY_CASTLE_PROP
Deprecated.
Please use "org.apache.sshd.security.provider.BC.enabled"
|
static String |
SECURITY_PROVIDER_REGISTRARS
Comma separated list of fully qualified
SecurityProviderRegistrar s
to automatically register |
public static final String BOUNCY_CASTLE
public static final String EDDSA
EdDSAKey.KEY_ALGORITHM
public static final String CURVE_ED25519_SHA512
public static final String MAX_DHGEX_KEY_SIZE_PROP
public static final int MIN_DHGEX_KEY_SIZE
public static final int DEFAULT_DHGEX_KEY_SIZE
public static final int PREFERRED_DHGEX_KEY_SIZE
public static final int MAX_DHGEX_KEY_SIZE
public static final String SECURITY_PROVIDER_REGISTRARS
SecurityProviderRegistrar
s
to automatically registerpublic static final List<String> DEFAULT_SECURITY_PROVIDER_REGISTRARS
@Deprecated public static final String REGISTER_BOUNCY_CASTLE_PROP
Bouncyastle
JCE providerpublic static final String ECC_SUPPORTED_PROP
true
it is up to the user to make sure that indeed there is a provider for them@Deprecated public static final String EDDSA_SUPPORTED_PROP
isEDDSACurveSupported()
). If not
set or set to true
, then the existence of the optional support classes
determines the support.public static final String PROP_DEFAULT_SECURITY_PROVIDER
public static boolean isAPrioriDisabledProvider(String name)
name
- The provider's name - never null
/emptytrue
if the provider is marked as disabled a-priorisetAPrioriDisabledProvider(String, boolean)
public static void setAPrioriDisabledProvider(String name, boolean disabled)
SecurityProviderRegistrar.isEnabled()
is eventually
consulted it will return false
regardless of the configured value for
the specific provider registrar instance. Note: has no effect if the
provider has already been registered.name
- The provider's name - never null
/emptydisabled
- true
whether to disable it a-prioriisAPrioriDisabledProvider(String)
public static Set<String> getAPrioriDisabledProviders()
public static boolean isECCSupported()
true
if Elliptic Curve Cryptography is supportedECC_SUPPORTED_PROP
public static boolean isDHGroupExchangeSupported()
true
if Diffie-Hellman Group Exchange is supportedgetMaxDHGroupExchangeKeySize()
public static boolean isDHOakelyGroupSupported(int keySize)
keySize
- The expected key sizetrue
if Oakely Diffie-Hellman Group Exchange is supported
for the specified key sizegetMaxDHGroupExchangeKeySize()
public static int getMaxDHGroupExchangeKeySize()
public static void setMaxDHGroupExchangeKeySize(int keySize)
getMaxDHGroupExchangeKeySize()
keySize
- The reported key size - if zero, then it will be auto-detected, if
negative then DH group exchange will be disabledpublic static boolean isDHGroupExchangeSupported(int maxKeySize)
public static SecurityProviderChoice getDefaultProviderChoice()
public static void setDefaultProviderChoice(SecurityProviderChoice choice)
public static Set<String> getRegisteredProviders()
public static boolean isBouncyCastleRegistered()
public static boolean isProviderRegistered(String provider)
public static SecurityProviderRegistrar getRegisteredProvider(String provider)
public static boolean isRegistrationCompleted()
public static SecurityProviderRegistrar registerSecurityProvider(SecurityProviderRegistrar registrar)
registrar
- The registrar instance to registernull
if not already registered
and not enabled or not supported registrar.public static Iterable<KeyPair> loadKeyPairIdentities(SessionContext session, NamedResource resourceKey, InputStream inputStream, FilePasswordProvider provider) throws IOException, GeneralSecurityException
session
- The SessionContext
for invoking this load command - may
be null
if not invoked within a session context (e.g., offline tool).resourceKey
- An identifier of the key being loaded - used as
argument to the FilePasswordProvider#getPassword
invocationinputStream
- The InputStream
for the private keyprovider
- A FilePasswordProvider
- may be null
if the loaded key is guaranteed not to be encryptedKeyPair
-s - or null
if none loadedIOException
- If failed to read/parse the input streamGeneralSecurityException
- If failed to generate the keyspublic static AbstractGeneratorHostKeyProvider createGeneratorHostKeyProvider(Path path)
public static KeyPairResourceParser getBouncycastleKeyPairResourceParser()
public static RandomFactory getRandomFactory()
isBouncyCastleRegistered()
then a BouncyCastleRandomFactory
instance, otherwise a JceRandomFactory
onepublic static boolean isEDDSACurveSupported()
true
if EDDSA curves (e.g., ed25519
) are supportedpublic static PublicKeyEntryDecoder<? extends PublicKey,? extends PrivateKey> getEDDSAPublicKeyEntryDecoder()
public static PrivateKeyEntryDecoder<? extends PublicKey,? extends PrivateKey> getOpenSSHEDDSAPrivateKeyEntryDecoder()
public static Signature getEDDSASigner()
public static int getEDDSAKeySize(Key key)
public static Class<? extends PrivateKey> getEDDSAPrivateKeyType()
public static boolean compareEDDSAPrivateKeys(PrivateKey k1, PrivateKey k2)
public static PublicKey recoverEDDSAPublicKey(PrivateKey key) throws GeneralSecurityException
GeneralSecurityException
public static PublicKey generateEDDSAPublicKey(String keyType, byte[] seed) throws GeneralSecurityException
GeneralSecurityException
public static <B extends Buffer> B putRawEDDSAPublicKey(B buffer, PublicKey key)
public static <B extends Buffer> B putEDDSAKeyPair(B buffer, PublicKey pubKey, PrivateKey prvKey)
public static KeyPair extractEDDSAKeyPair(Buffer buffer, String keyType) throws GeneralSecurityException
GeneralSecurityException
public static KeyPairResourceParser getKeyPairResourceParser()
public static void setKeyPairResourceParser(KeyPairResourceParser parser)
parser
- The system-wide KeyPairResourceParser
to use.
If set to null
, then the default parser will be re-constructed
on next call to getKeyPairResourceParser()
public static <T> SecurityEntityFactory<T> resolveSecurityEntityFactory(Class<T> entityType, String algorithm, Predicate<? super SecurityProviderRegistrar> entitySelector)
public static <T> SecurityEntityFactory<T> createSecurityEntityFactory(Class<T> entityType, Predicate<? super SecurityProviderRegistrar> entitySelector)
public static KeyFactory getKeyFactory(String algorithm) throws GeneralSecurityException
GeneralSecurityException
public static Cipher getCipher(String transformation) throws GeneralSecurityException
GeneralSecurityException
public static MessageDigest getMessageDigest(String algorithm) throws GeneralSecurityException
GeneralSecurityException
public static KeyPairGenerator getKeyPairGenerator(String algorithm) throws GeneralSecurityException
GeneralSecurityException
public static KeyAgreement getKeyAgreement(String algorithm) throws GeneralSecurityException
GeneralSecurityException
public static Mac getMac(String algorithm) throws GeneralSecurityException
GeneralSecurityException
public static Signature getSignature(String algorithm) throws GeneralSecurityException
GeneralSecurityException
public static CertificateFactory getCertificateFactory(String type) throws GeneralSecurityException
GeneralSecurityException
Copyright © 2008–2022 The Apache Software Foundation. All rights reserved.