Package org.nuxeo.common.codec
Class Crypto
java.lang.Object
org.nuxeo.common.codec.Crypto
- Direct Known Subclasses:
Crypto.NoOp
Supported algorithms (name, keysize):
- AES/ECB/PKCS5Padding (128)
- DES/ECB/PKCS5Padding (64)
- Since:
- 7.4
-
Nested Class Summary
-
Field Summary
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionvoid
clear()
Clear sensible values.byte[]
The method returns either the decryptedstrToDecrypt
, either thestrToDecrypt
itself if it is not recognized as a crypted string or if the decryption fails.encrypt
(byte[] bytesToEncrypt) static byte[]
getBytes
(char[] chars) Utility method to getbyte[]
fromchar[]
since it is recommended to store passwords inchar[]
rather than inString
.
The default charset of this Java virtual machine is used.static char[]
getChars
(byte[] bytes) Utility method to getchar[]
frombytes[]
since it is recommended to store passwords inchar[]
rather than inString
.
The default charset of this Java virtual machine is used.getKeysFromKeyStore
(String keystorePath, char[] keystorePass, String keyAlias, char[] keyPass) Extract secret keys from a keystore looking forkeyAlias + algorithm
protected SecretKey
getSecretKey
(String algorithm, byte[] key) byte[]
getSHA1Digest
(byte[] key) byte[]
getSHA1DigestOrEmpty
(byte[] bytes) static boolean
isEncrypted
(String value) static void
setKeyInKeyStore
(String keystorePath, char[] keystorePass, String keyAlias, char[] keyPass, SecretKey key) Store a key in a keystore.
The keystore is created if it doesn't exist.boolean
verifyKey
(byte[] candidateDigest) Test the givencandidateDigest
against the configured digest.boolean
verifyKey
(char[] candidateDigest) Test the givencandidateDigest
against the configured digest.
-
Field Details
-
CRYPTO_PATTERN
-
AES
- See Also:
-
AES_ECB_PKCS5PADDING
- See Also:
-
DES
- See Also:
-
DES_ECB_PKCS5PADDING
- See Also:
-
IMPLEMENTED_ALGOS
-
DEFAULT_ALGO
- See Also:
-
-
Constructor Details
-
Crypto
public Crypto(byte[] secretKey) -
Crypto
Initialize cryptography with a map ofSecretKey
.- Parameters:
secretKeys
- Map ofSecretKey
per algorithm
-
Crypto
Initialize cryptography with a map ofSecretKey
.- Parameters:
digest
- Digest for later use byverifyKey(byte[])
secretKeys
- Map ofSecretKey
per algorithm
-
Crypto
public Crypto(String keystorePath, char[] keystorePass, String keyAlias, char[] keyPass) throws GeneralSecurityException, IOException Initialize cryptography with a keystore.- Parameters:
keystorePath
- Path to the keystore.keystorePass
- Keystore password. It is also used to generate the digest forverifyKey(byte[])
keyAlias
- Key alias prefix. It is suffixed with the algorithm.keyPass
- Key password- Throws:
GeneralSecurityException
IOException
-
-
Method Details
-
getSecretKey
- Throws:
NoSuchAlgorithmException
-
getSHA1Digest
- Throws:
NoSuchAlgorithmException
-
getSHA1DigestOrEmpty
public byte[] getSHA1DigestOrEmpty(byte[] bytes) -
encrypt
- Throws:
GeneralSecurityException
-
encrypt
- Parameters:
algorithm
- cipher transformation of the form "algorithm/mode/padding" or "algorithm". See the Cipher section in the Java Cryptography Architecture Standard Algorithm Name Documentation.- Throws:
NoSuchPaddingException
- ifalgorithm
contains a padding scheme that is not available.NoSuchAlgorithmException
- ifalgorithm
is in an invalid or not supported format.GeneralSecurityException
-
decrypt
The method returns either the decryptedstrToDecrypt
, either thestrToDecrypt
itself if it is not recognized as a crypted string or if the decryption fails. The return value is a byte array for security purpose, it is your responsibility to convert it then to a String or not (use ofchar[]
is recommended).- Returns:
- the decrypted
strToDecrypt
as an array of bytes, nevernull
- See Also:
-
clear
public void clear()Clear sensible values. That makes the current object unusable. -
verifyKey
public boolean verifyKey(byte[] candidateDigest) Test the givencandidateDigest
against the configured digest. In case of failure, the secret data is destroyed and the object is made unusable.
Use that method to check if some code is allowed to request that Crypto object.- Returns:
- true if
candidateDigest
matches the one used on creation. - See Also:
-
verifyKey
public boolean verifyKey(char[] candidateDigest) Test the givencandidateDigest
against the configured digest. In case of failure, the secret data is destroyed and the object is made unusable.
Use that method to check if some code is allowed to request that Crypto object.- Returns:
- true if
candidateDigest
matches the one used on creation. - See Also:
-
getBytes
public static byte[] getBytes(char[] chars) Utility method to getbyte[]
fromchar[]
since it is recommended to store passwords inchar[]
rather than inString
.
The default charset of this Java virtual machine is used. There can be conversion issue with unmappable characters: they will be replaced with the charset's default replacement string.- Parameters:
chars
- char array to convert- Returns:
- the byte array converted from
chars
using the default charset.
-
getChars
public static char[] getChars(byte[] bytes) Utility method to getchar[]
frombytes[]
since it is recommended to store passwords inchar[]
rather than inString
.
The default charset of this Java virtual machine is used. There can be conversion issue with unmappable characters: they will be replaced with the charset's default replacement string.- Parameters:
bytes
- byte array to convert- Returns:
- the char array converted from
bytes
using the default charset.
-
isEncrypted
- Returns:
- true if the given
value
is encrypted
-
getKeysFromKeyStore
public static Map<String,SecretKey> getKeysFromKeyStore(String keystorePath, char[] keystorePass, String keyAlias, char[] keyPass) throws GeneralSecurityException, IOException Extract secret keys from a keystore looking forkeyAlias + algorithm
- Parameters:
keystorePath
- Path to the keystorekeystorePass
- Keystore passwordkeyAlias
- Key alias prefix. It is suffixed with the algorithm.keyPass
- Key password- Throws:
GeneralSecurityException
IOException
- See Also:
-
setKeyInKeyStore
public static void setKeyInKeyStore(String keystorePath, char[] keystorePass, String keyAlias, char[] keyPass, SecretKey key) throws GeneralSecurityException, IOException Store a key in a keystore.
The keystore is created if it doesn't exist.- Parameters:
keystorePath
- Path to the keystorekeystorePass
- Keystore passwordkeyAlias
- Key alias prefix. It must be suffixed with the algorithm (Key.getAlgorithm()
is fine).keyPass
- Key password- Throws:
GeneralSecurityException
IOException
- See Also:
-