org.jboss.crypto

Class CryptoUtil

java.lang.Object

org.jboss.crypto.CryptoUtil

public class CryptoUtil
extends Object

Various security related utilities like MessageDigest factories, SecureRandom access, password hashing. This product includes software developed by Tom Wu and Eugene Jhong for the SRP Distribution (http://srp.stanford.edu/srp/).

Version:

$Revision: 62650 $

Author:

Scott.Stark@jboss.org

Field Summary

Fields

Modifier and Type	Field and Description
static String	BASE16_ENCODING
static String	BASE64_ENCODING
static String	RFC2617_ENCODING

Constructor Summary

Constructors

Constructor and Description
CryptoUtil()

Method Summary

Modifier and Type	Method and Description
static Object	accessSealedObject(String cipherAlgorithm, Object key, byte[] cipherIV, Object obj)
static byte[]	calculatePasswordHash(String username, char[] password, byte[] salt) Cacluate the SRP RFC2945 password hash = H(salt | H(username | ':' | password)) where H = SHA secure hash.
static byte[]	calculateVerifier(String username, char[] password, byte[] salt, BigInteger N, BigInteger g) Calculate x = H(s | H(U | ':' | password)) verifier v = g^x % N described in RFC2945.
static byte[]	calculateVerifier(String username, char[] password, byte[] salt, byte[] Nb, byte[] gb) Calculate x = H(s | H(U | ':' | password)) verifier v = g^x % N described in RFC2945.
static MessageDigest	copy(MessageDigest md)
static Object	createCipher(String cipherAlgorithm)
static String	createPasswordHash(String hashAlgorithm, String hashEncoding, String hashCharset, String username, String password) Calculate a password hash using a MessageDigest.
static String	createPasswordHash(String hashAlgorithm, String hashEncoding, String hashCharset, String username, String password, DigestCallback callback) Calculate a password hash using a MessageDigest.
static Object	createSealedObject(String cipherAlgorithm, Object key, byte[] cipherIV, Serializable data)
static Object	createSecretKey(String cipherAlgorithm, Object key) Use reflection to create a javax.crypto.spec.SecretKeySpec to avoid an explicit reference to SecretKeySpec so that the JCE is not needed unless the SRP parameters indicate that encryption is needed.
static String	encodeBase16(byte[] bytes) Hex encoding of hashes, as used by Catalina.
static String	encodeBase64(byte[] bytes) BASE64 encoder implementation.
static String	encodeRFC2617(byte[] data) 3.1.3 Representation of digest values An optional header allows the server to specify the algorithm used to create the checksum or digest.
static byte[]	fromb64(String str)
static byte[]	generateSeed(int numBytes) Returns the given number of seed bytes, computed using the seed generation algorithm that this class uses to seed itself.
static Random	getPRNG()
static boolean	hasUnlimitedCrypto() From Appendix E of the JCE ref guide, the xaximum key size allowed by the "Strong" jurisdiction policy files allows a maximum Blowfish cipher size of 128 bits.
static void	init()
static void	init(byte[] prngSeed)
static MessageDigest	newDigest()
static void	nextBytes(byte[] bytes) Generates random bytes and places them into a user-supplied byte array.
static double	nextDouble() Returns the next pseudorandom, uniformly distributed double value between 0.0 and 1.0 from this random number generator's sequence.
static long	nextLong() Returns the next pseudorandom, uniformly distributed long value from this random number generator's sequence.
static byte[]	sessionKeyHash(byte[] number) Perform an interleaved even-odd hash on the byte string
static String	tob64(byte[] buffer)
static byte[]	trim(byte[] in) Treat the input as the MSB representation of a number, and lop off leading zero elements.
static byte[]	xor(byte[] b1, byte[] b2, int length)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

BASE64_ENCODING

public static final String BASE64_ENCODING

See Also:

Constant Field Values

BASE16_ENCODING

public static final String BASE16_ENCODING

See Also:

Constant Field Values

RFC2617_ENCODING

public static final String RFC2617_ENCODING

See Also:

Constant Field Values

Constructor Detail

CryptoUtil

public CryptoUtil()

Method Detail

init

public static void init()
                 throws NoSuchAlgorithmException

Throws:

NoSuchAlgorithmException

init

public static void init(byte[] prngSeed)
                 throws NoSuchAlgorithmException

Throws:

NoSuchAlgorithmException

newDigest

public static MessageDigest newDigest()

copy

public static MessageDigest copy(MessageDigest md)

getPRNG

public static Random getPRNG()

nextDouble

public static double nextDouble()

Returns the next pseudorandom, uniformly distributed double value between 0.0 and 1.0 from this random number generator's sequence.

nextLong

public static long nextLong()

Returns the next pseudorandom, uniformly distributed long value from this random number generator's sequence. The general contract of nextLong is that one long value is pseudorandomly generated and returned. All 264 possible long values are produced with (approximately) equal probability.

nextBytes

public static void nextBytes(byte[] bytes)

Generates random bytes and places them into a user-supplied byte array. The number of random bytes produced is equal to the length of the byte array.

generateSeed

public static byte[] generateSeed(int numBytes)

Returns the given number of seed bytes, computed using the seed generation algorithm that this class uses to seed itself. This call may be used to seed other random number generators.

calculatePasswordHash

public static byte[] calculatePasswordHash(String username,
                                           char[] password,
                                           byte[] salt)

Cacluate the SRP RFC2945 password hash = H(salt | H(username | ':' | password)) where H = SHA secure hash. The username is converted to a byte[] using the UTF-8 encoding.

calculateVerifier

public static byte[] calculateVerifier(String username,
                                       char[] password,
                                       byte[] salt,
                                       byte[] Nb,
                                       byte[] gb)

Calculate x = H(s | H(U | ':' | password)) verifier v = g^x % N described in RFC2945.

calculateVerifier

public static byte[] calculateVerifier(String username,
                                       char[] password,
                                       byte[] salt,
                                       BigInteger N,
                                       BigInteger g)

Calculate x = H(s | H(U | ':' | password)) verifier v = g^x % N described in RFC2945.

sessionKeyHash

public static byte[] sessionKeyHash(byte[] number)

Perform an interleaved even-odd hash on the byte string

trim

public static byte[] trim(byte[] in)

Treat the input as the MSB representation of a number, and lop off leading zero elements. For efficiency, the input is simply returned if no leading zeroes are found.

xor

public static byte[] xor(byte[] b1,
                         byte[] b2,
                         int length)

encodeRFC2617

public static String encodeRFC2617(byte[] data)

3.1.3 Representation of digest values An optional header allows the server to specify the algorithm used to create the checksum or digest. By default the MD5 algorithm is used and that is the only algorithm described in this document. For the purposes of this document, an MD5 digest of 128 bits is represented as 32 ASCII printable characters. The bits in the 128 bit digest are converted from most significant to least significant bit, four bits at a time to their ASCII presentation as follows. Each four bits is represented by its familiar hexadecimal notation from the characters 0123456789abcdef. That is, binary 0000 getInfos represented by the character '0', 0001, by '1', and so on up to the representation of 1111 as 'f'.

Parameters:

data - - the raw MD5 hash data

Returns:

the encoded MD5 representation

encodeBase16

public static String encodeBase16(byte[] bytes)

Hex encoding of hashes, as used by Catalina. Each byte is converted to the corresponding two hex characters.

encodeBase64

public static String encodeBase64(byte[] bytes)

BASE64 encoder implementation. Provides encoding methods, using the BASE64 encoding rules, as defined in the MIME specification, rfc1521.

createPasswordHash

public static String createPasswordHash(String hashAlgorithm,
                                        String hashEncoding,
                                        String hashCharset,
                                        String username,
                                        String password)

Calculate a password hash using a MessageDigest.

Parameters:

hashAlgorithm - - the MessageDigest algorithm name

hashEncoding - - either base64 or hex to specify the type of encoding the MessageDigest as a string.

hashCharset - - the charset used to create the byte[] passed to the MessageDigestfrom the password String. If null the platform default is used.

username - - ignored in default version

password - - the password string to be hashed

Returns:

the hashed string if successful, null if there is a digest exception

createPasswordHash

public static String createPasswordHash(String hashAlgorithm,
                                        String hashEncoding,
                                        String hashCharset,
                                        String username,
                                        String password,
                                        DigestCallback callback)

Calculate a password hash using a MessageDigest.

Parameters:

hashAlgorithm - - the MessageDigest algorithm name

hashEncoding - - either base64 or hex to specify the type of encoding the MessageDigest as a string.

hashCharset - - the charset used to create the byte[] passed to the MessageDigestfrom the password String. If null the platform default is used.

username - - ignored in default version

password - - the password string to be hashed

callback - - the callback used to allow customization of the hash to occur. The preDigest method is called before the password is added and the postDigest method is called after the password has been added.

Returns:

the hashed string if successful, null if there is a digest exception

tob64

public static String tob64(byte[] buffer)

fromb64

public static byte[] fromb64(String str)
                      throws NumberFormatException

Throws:

NumberFormatException

hasUnlimitedCrypto

public static boolean hasUnlimitedCrypto()

From Appendix E of the JCE ref guide, the xaximum key size allowed by the "Strong" jurisdiction policy files allows a maximum Blowfish cipher size of 128 bits.

Returns:

true if a Blowfish key can be initialized with 256 bit size, false otherwise.

createSecretKey

public static Object createSecretKey(String cipherAlgorithm,
                                     Object key)
                              throws KeyException

Use reflection to create a javax.crypto.spec.SecretKeySpec to avoid an explicit reference to SecretKeySpec so that the JCE is not needed unless the SRP parameters indicate that encryption is needed.

Returns:

a javax.cyrpto.SecretKey

Throws:

KeyException

createCipher

public static Object createCipher(String cipherAlgorithm)
                           throws GeneralSecurityException

Parameters:

cipherAlgorithm -

Returns:

A javax.crypto.Cipher

Throws:

GeneralSecurityException

createSealedObject

public static Object createSealedObject(String cipherAlgorithm,
                                        Object key,
                                        byte[] cipherIV,
                                        Serializable data)
                                 throws GeneralSecurityException

Throws:

GeneralSecurityException

accessSealedObject

public static Object accessSealedObject(String cipherAlgorithm,
                                        Object key,
                                        byte[] cipherIV,
                                        Object obj)
                                 throws GeneralSecurityException

Throws:

GeneralSecurityException