Package org.nuxeo.common.codec

Class Crypto

  • Direct Known Subclasses:
    Crypto.NoOp
    public class Crypto
extends Object
    Supported algorithms (name, keysize):
    • AES/ECB/PKCS5Padding (128)
    • DES/ECB/PKCS5Padding (64)
    Since:
    7.4

    • Constructor Detail

      • Crypto

        public Crypto​(byte[] secretKey)

      • Crypto

        public Crypto​(Map<String,​SecretKey> secretKeys)
        Initialize cryptography with a map of SecretKey.
        Parameters:
        secretKeys - Map of SecretKey per algorithm

      • Crypto

        public Crypto​(Map<String,​SecretKey> secretKeys,
              char[] digest)
        Initialize cryptography with a map of SecretKey.
        Parameters:
        digest - Digest for later use by verifyKey(byte[])
        secretKeys - Map of SecretKey per algorithm

    • Method Detail

      • getSHA1DigestOrEmpty

        public byte[] getSHA1DigestOrEmpty​(byte[] bytes)

      • decrypt

        public byte[] decrypt​(String strToDecrypt)
        The method returns either the decrypted strToDecrypt, either the strToDecrypt itself if it is not recognized as a crypted string or if the decryption fails. The return value is a byte array for security purpose, it is your responsibility to convert it then to a String or not (use of char[] is recommended).
        Returns:
        the decrypted strToDecrypt as an array of bytes, never null
        See Also:
        getChars(byte[])

      • clear

        public void clear()
        Clear sensible values. That makes the current object unusable.

      • verifyKey

        public boolean verifyKey​(byte[] candidateDigest)
        Test the given candidateDigest against the configured digest. In case of failure, the secret data is destroyed and the object is made unusable.
        Use that method to check if some code is allowed to request that Crypto object.
        Returns:
        true if candidateDigest matches the one used on creation.
        See Also:
        clear(), verifyKey(char[])

      • verifyKey

        public boolean verifyKey​(char[] candidateDigest)
        Test the given candidateDigest against the configured digest. In case of failure, the secret data is destroyed and the object is made unusable.
        Use that method to check if some code is allowed to request that Crypto object.
        Returns:
        true if candidateDigest matches the one used on creation.
        See Also:
        clear(), verifyKey(byte[])

      • getBytes

        public static byte[] getBytes​(char[] chars)
        Utility method to get byte[] from char[] since it is recommended to store passwords in char[] rather than in String.
        The default charset of this Java virtual machine is used. There can be conversion issue with unmappable characters: they will be replaced with the charset's default replacement string.
        Parameters:
        chars - char array to convert
        Returns:
        the byte array converted from chars using the default charset.

      • getChars

        public static char[] getChars​(byte[] bytes)
        Utility method to get char[] from bytes[] since it is recommended to store passwords in char[] rather than in String.
        The default charset of this Java virtual machine is used. There can be conversion issue with unmappable characters: they will be replaced with the charset's default replacement string.
        Parameters:
        bytes - byte array to convert
        Returns:
        the char array converted from bytes using the default charset.

      • isEncrypted

        public static boolean isEncrypted​(String value)
        Returns:
        true if the given value is encrypted