Class Crypto

java.lang.Object
org.nuxeo.common.codec.Crypto
Direct Known Subclasses:
Crypto.NoOp

public class Crypto extends Object
Supported algorithms (name, keysize):
  • AES/ECB/PKCS5Padding (128)
  • DES/ECB/PKCS5Padding (64)
Since:
7.4
  • Field Details

  • Constructor Details

    • Crypto

      public Crypto(byte[] secretKey)
    • Crypto

      public Crypto(Map<String,SecretKey> secretKeys)
      Initialize cryptography with a map of SecretKey.
      Parameters:
      secretKeys - Map of SecretKey per algorithm
    • Crypto

      public Crypto(Map<String,SecretKey> secretKeys, char[] digest)
      Initialize cryptography with a map of SecretKey.
      Parameters:
      digest - Digest for later use by verifyKey(byte[])
      secretKeys - Map of SecretKey per algorithm
    • Crypto

      public Crypto(String keystorePath, char[] keystorePass, String keyAlias, char[] keyPass) throws GeneralSecurityException, IOException
      Initialize cryptography with a keystore.
      Parameters:
      keystorePath - Path to the keystore.
      keystorePass - Keystore password. It is also used to generate the digest for verifyKey(byte[])
      keyAlias - Key alias prefix. It is suffixed with the algorithm.
      keyPass - Key password
      Throws:
      GeneralSecurityException
      IOException
  • Method Details

    • getSecretKey

      protected SecretKey getSecretKey(String algorithm, byte[] key) throws NoSuchAlgorithmException
      Throws:
      NoSuchAlgorithmException
    • getSHA1Digest

      public byte[] getSHA1Digest(byte[] key) throws NoSuchAlgorithmException
      Throws:
      NoSuchAlgorithmException
    • getSHA1DigestOrEmpty

      public byte[] getSHA1DigestOrEmpty(byte[] bytes)
    • encrypt

      public String encrypt(byte[] bytesToEncrypt) throws GeneralSecurityException
      Throws:
      GeneralSecurityException
    • encrypt

      public String encrypt(String algorithm, byte[] bytesToEncrypt) throws GeneralSecurityException
      Parameters:
      algorithm - cipher transformation of the form "algorithm/mode/padding" or "algorithm". See the Cipher section in the Java Cryptography Architecture Standard Algorithm Name Documentation.
      Throws:
      NoSuchPaddingException - if algorithm contains a padding scheme that is not available.
      NoSuchAlgorithmException - if algorithm is in an invalid or not supported format.
      GeneralSecurityException
    • decrypt

      public byte[] decrypt(String strToDecrypt)
      The method returns either the decrypted strToDecrypt, either the strToDecrypt itself if it is not recognized as a crypted string or if the decryption fails. The return value is a byte array for security purpose, it is your responsibility to convert it then to a String or not (use of char[] is recommended).
      Returns:
      the decrypted strToDecrypt as an array of bytes, never null
      See Also:
    • clear

      public void clear()
      Clear sensible values. That makes the current object unusable.
    • verifyKey

      public boolean verifyKey(byte[] candidateDigest)
      Test the given candidateDigest against the configured digest. In case of failure, the secret data is destroyed and the object is made unusable.
      Use that method to check if some code is allowed to request that Crypto object.
      Returns:
      true if candidateDigest matches the one used on creation.
      See Also:
    • verifyKey

      public boolean verifyKey(char[] candidateDigest)
      Test the given candidateDigest against the configured digest. In case of failure, the secret data is destroyed and the object is made unusable.
      Use that method to check if some code is allowed to request that Crypto object.
      Returns:
      true if candidateDigest matches the one used on creation.
      See Also:
    • getBytes

      public static byte[] getBytes(char[] chars)
      Utility method to get byte[] from char[] since it is recommended to store passwords in char[] rather than in String.
      The default charset of this Java virtual machine is used. There can be conversion issue with unmappable characters: they will be replaced with the charset's default replacement string.
      Parameters:
      chars - char array to convert
      Returns:
      the byte array converted from chars using the default charset.
    • getChars

      public static char[] getChars(byte[] bytes)
      Utility method to get char[] from bytes[] since it is recommended to store passwords in char[] rather than in String.
      The default charset of this Java virtual machine is used. There can be conversion issue with unmappable characters: they will be replaced with the charset's default replacement string.
      Parameters:
      bytes - byte array to convert
      Returns:
      the char array converted from bytes using the default charset.
    • isEncrypted

      public static boolean isEncrypted(String value)
      Returns:
      true if the given value is encrypted
    • getKeysFromKeyStore

      public static Map<String,SecretKey> getKeysFromKeyStore(String keystorePath, char[] keystorePass, String keyAlias, char[] keyPass) throws GeneralSecurityException, IOException
      Extract secret keys from a keystore looking for keyAlias + algorithm
      Parameters:
      keystorePath - Path to the keystore
      keystorePass - Keystore password
      keyAlias - Key alias prefix. It is suffixed with the algorithm.
      keyPass - Key password
      Throws:
      GeneralSecurityException
      IOException
      See Also:
    • setKeyInKeyStore

      public static void setKeyInKeyStore(String keystorePath, char[] keystorePass, String keyAlias, char[] keyPass, SecretKey key) throws GeneralSecurityException, IOException
      Store a key in a keystore.
      The keystore is created if it doesn't exist.
      Parameters:
      keystorePath - Path to the keystore
      keystorePass - Keystore password
      keyAlias - Key alias prefix. It must be suffixed with the algorithm (Key.getAlgorithm() is fine).
      keyPass - Key password
      Throws:
      GeneralSecurityException
      IOException
      See Also: