Modifier and Type | Field and Description |
---|---|
static String |
AES |
static String |
AES_ECB_PKCS5PADDING |
protected static Pattern |
CRYPTO_PATTERN |
static String |
DEFAULT_ALGO |
static String |
DES |
static String |
DES_ECB_PKCS5PADDING |
static String[] |
IMPLEMENTED_ALGOS |
static Crypto |
NO_OP |
Constructor and Description |
---|
Crypto(byte[] secretKey) |
Crypto(Map<String,SecretKey> secretKeys)
Initialize cryptography with a map of
SecretKey . |
Crypto(Map<String,SecretKey> secretKeys,
char[] digest)
Initialize cryptography with a map of
SecretKey . |
Crypto(String keystorePath,
char[] keystorePass,
String keyAlias,
char[] keyPass)
Initialize cryptography with a keystore.
|
Modifier and Type | Method and Description |
---|---|
void |
clear()
Clear sensible values.
|
byte[] |
decrypt(String strToDecrypt)
The method returns either the decrypted
strToDecrypt , either the strToDecrypt itself if it is not
recognized as a crypted string or if the decryption fails. |
String |
encrypt(byte[] bytesToEncrypt) |
String |
encrypt(String algorithm,
byte[] bytesToEncrypt) |
protected void |
finalize() |
static byte[] |
getBytes(char[] chars)
Utility method to get
byte[] from char[] since it is recommended to store passwords in
char[] rather than in String .The default charset of this Java virtual machine is used. |
static char[] |
getChars(byte[] bytes)
Utility method to get
char[] from bytes[] since it is recommended to store passwords in
char[] rather than in String .The default charset of this Java virtual machine is used. |
static Map<String,SecretKey> |
getKeysFromKeyStore(String keystorePath,
char[] keystorePass,
String keyAlias,
char[] keyPass)
Extract secret keys from a keystore looking for
keyAlias + algorithm |
protected SecretKey |
getSecretKey(String algorithm,
byte[] key) |
byte[] |
getSHA1Digest(byte[] key) |
byte[] |
getSHA1DigestOrEmpty(byte[] bytes) |
static boolean |
isEncrypted(String value) |
static void |
setKeyInKeyStore(String keystorePath,
char[] keystorePass,
String keyAlias,
char[] keyPass,
SecretKey key)
Store a key in a keystore.
The keystore is created if it doesn't exist. |
boolean |
verifyKey(byte[] candidateDigest)
Test the given
candidateDigest against the configured digest. |
boolean |
verifyKey(char[] candidateDigest)
Test the given
candidateDigest against the configured digest. |
protected static final Pattern CRYPTO_PATTERN
public static final String AES
public static final String AES_ECB_PKCS5PADDING
public static final String DES
public static final String DES_ECB_PKCS5PADDING
public static final String[] IMPLEMENTED_ALGOS
public static final String DEFAULT_ALGO
public Crypto(byte[] secretKey)
secretKey
- public Crypto(Map<String,SecretKey> secretKeys)
SecretKey
.secretKeys
- Map of SecretKey
per algorithmpublic Crypto(Map<String,SecretKey> secretKeys, char[] digest)
SecretKey
.digest
- Digest for later use by verifyKey(byte[])
secretKeys
- Map of SecretKey
per algorithmpublic Crypto(String keystorePath, char[] keystorePass, String keyAlias, char[] keyPass) throws GeneralSecurityException, IOException
keystorePath
- Path to the keystore.keystorePass
- Keystore password. It is also used to generate the digest for verifyKey(byte[])
keyAlias
- Key alias prefix. It is suffixed with the algorithm.keyPass
- Key passwordIOException
GeneralSecurityException
protected SecretKey getSecretKey(String algorithm, byte[] key) throws NoSuchAlgorithmException
NoSuchAlgorithmException
public byte[] getSHA1Digest(byte[] key) throws NoSuchAlgorithmException
NoSuchAlgorithmException
public byte[] getSHA1DigestOrEmpty(byte[] bytes)
public String encrypt(byte[] bytesToEncrypt) throws GeneralSecurityException
bytesToEncrypt
- GeneralSecurityException
public String encrypt(String algorithm, byte[] bytesToEncrypt) throws GeneralSecurityException
algorithm
- cipher transformation of the form "algorithm/mode/padding" or "algorithm". See the Cipher
section in the Java
Cryptography Architecture Standard Algorithm Name Documentation.bytesToEncrypt
- NoSuchPaddingException
- if algorithm
contains a padding scheme that is not available.NoSuchAlgorithmException
- if algorithm
is in an invalid or not supported format.GeneralSecurityException
public byte[] decrypt(String strToDecrypt)
strToDecrypt
, either the strToDecrypt
itself if it is not
recognized as a crypted string or if the decryption fails. The return value is a byte array for security purpose,
it is your responsibility to convert it then to a String or not (use of char[]
is recommended).strToDecrypt
- strToDecrypt
as an array of bytes, never null
getChars(byte[])
public void clear()
public boolean verifyKey(byte[] candidateDigest)
candidateDigest
against the configured digest. In case of failure, the secret data is
destroyed and the object is made unusable.candidateDigest
- candidateDigest
matches the one used on creation.clear()
,
verifyKey(char[])
public boolean verifyKey(char[] candidateDigest)
candidateDigest
against the configured digest. In case of failure, the secret data is
destroyed and the object is made unusable.candidateDigest
- candidateDigest
matches the one used on creation.clear()
,
verifyKey(byte[])
public static byte[] getBytes(char[] chars)
byte[]
from char[]
since it is recommended to store passwords in
char[]
rather than in String
.chars
- char array to convertchars
using the default charset.public static char[] getChars(byte[] bytes)
char[]
from bytes[]
since it is recommended to store passwords in
char[]
rather than in String
.bytes
- byte array to convertbytes
using the default charset.public static boolean isEncrypted(String value)
value
- value
is encryptedpublic static Map<String,SecretKey> getKeysFromKeyStore(String keystorePath, char[] keystorePass, String keyAlias, char[] keyPass) throws GeneralSecurityException, IOException
keyAlias + algorithm
keystorePath
- Path to the keystorekeystorePass
- Keystore passwordkeyAlias
- Key alias prefix. It is suffixed with the algorithm.keyPass
- Key passwordGeneralSecurityException
IOException
IMPLEMENTED_ALGOS
public static void setKeyInKeyStore(String keystorePath, char[] keystorePass, String keyAlias, char[] keyPass, SecretKey key) throws GeneralSecurityException, IOException
keystorePath
- Path to the keystorekeystorePass
- Keystore passwordkeyAlias
- Key alias prefix. It must be suffixed with the algorithm (Key.getAlgorithm()
is
fine).keyPass
- Key passwordkey
- GeneralSecurityException
IOException
IMPLEMENTED_ALGOS
Copyright © 2016 Nuxeo SA. All rights reserved.