org.pfsw.security.crypto

Class CryptoUtil

java.lang.Object

org.pfsw.security.crypto.CryptoUtil

public class CryptoUtil
extends java.lang.Object

This utility class simplifies hashing passwords and particularly comparison of passwords.

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	CryptoUtil() Initialize the new instance with default values.

Method Summary

Modifier and Type	Method and Description
java.lang.String	asPlainText(java.lang.String aString) Returns the given string as it is if it does not start with a prefix in curly brackets (e.g.
java.lang.String	base64EncodedWithPrefix(byte[] hash, HashMechanism hashMechanism)
java.lang.String	base64HashedUTF8(java.lang.String aString, java.lang.String hashMechanism) Returns the given string UTF-8 char encoded, hashed with the specified hashing mechanism (e.g.
byte[]	computeHash(byte[] content, CheckedHashAlgorithm hashAlgorithm) Computes a hash value for the given input data using the specified hashing algorithm.
byte[]	computeHash(byte[] content, java.lang.String algorithm) Computes a hash value for the given input data using the specified hashing algorithm.
byte[]	computeHash(java.lang.String text, CheckedCharsetName charEncoding, java.lang.String algorithm) Computes a hash value for the given text using the specified hashing algorithm.
byte[]	computeHash(java.lang.String text, java.lang.String charEncoding, java.lang.String algorithm) Computes a hash value for the given text using the specified hashing algorithm.
byte[]	computeUTF8Hash(java.lang.String text, java.lang.String algorithmName) Computes a hash value for the given text using UTF-8 character encoding an the specified hashing algorithm.
protected byte[]	concatArrays(byte[] bytes1, byte[] bytes2)
byte[]	createSHAhash(java.lang.String aString) Returns the SHA-1 hash representation of the given string in the current platform's character encoding.
byte[]	createSSHAhash(java.lang.String aString) Returns the SSHA hash representation of the given string
byte[]	createSSHAhash(java.lang.String aString, byte[] salt) Returns the SSHA hash representation (SHA-1 based) of the given string.
static CryptoUtil	current() Returns the only instance this class supports (design pattern "Singleton")
protected java.lang.String	decryptString(java.lang.String aString)
java.lang.String	defaultEncrypted(java.lang.String aString) Returns the given string encrypted with the default algorithm and base64 encoded with a prefix naming the algorithm in curly brackets (e.g.
boolean	equals(java.lang.String str1, java.lang.String str2) Compares whether or not the two given strings are equal.
boolean	equals(java.lang.String str1, java.lang.String str2, CheckedCharsetName charEncoding) Compares whether or not the two given strings are equal.
protected boolean	equalsHashedAgainstEncoded(java.lang.String hashed, java.lang.String maybeEncoded, CheckedCharsetName charEncoding)
boolean	equalsUTF8(java.lang.String str1, java.lang.String str2) Compares whether or not the two given strings are equal.
byte[]	generateSalt(int length) Generates a random salt with the specified length.
byte[]	generateSalt20() Generates a random salt with the default length of 20.
java.lang.String	getFingerprintOf(java.security.cert.X509Certificate cert) Returns the fingerprint (i.e.
java.lang.String	getFingerprintOf(java.security.cert.X509Certificate cert, java.lang.String hexSeparator) Returns the fingerprint (i.e.
protected void	handleException(java.lang.Exception ex)
java.lang.String	hashed(byte[] data, HashMechanism hashMechanism) Returns the given data hashed with the specified hashing mechanism (e.g.
java.lang.String	hashedUTF8(java.lang.String aString, HashMechanism hashMechanism) Returns the given string UTF-8 char encoded, hashed with the specified hashing mechanism (e.g.
java.lang.String	hashedUTF8(java.lang.String aString, java.lang.String hashMechanismName) Returns the given string UTF-8 char encoded, hashed with the specified hashing mechanism (e.g.
protected boolean	isEncrypted(java.lang.String str)
protected boolean	isHashed(java.lang.String str)
protected byte[]	obfuscate1(java.lang.String aStr) Encrypts the given string according to IAP1 algorithm
protected java.lang.String	plainText1(java.lang.String string) Decrypts the given string which must be IAP1 obfuscated
java.lang.String	shaEncrypted(java.lang.String aString) Returns the given string SHA encrypted and base64 encoded with a prefix "{SHA}".
java.lang.String	sshaEncrypted(java.lang.String aString) Returns the given string SSHA encrypted and base64 encoded with a prefix "{SSHA}".
java.lang.String	sshaEncrypted(java.lang.String aString, byte[] salt) Returns the given string SSHA encrypted and base64 encoded with a prefix "{SSHA}".
protected StringUtil	str()
protected void	transform1(byte[] bytes, int keyNum) Does a XOR transformation of each byte in the given byte array using the key specified by the given keyNum.
protected java.lang.String	unencoded(java.lang.String str) Tries to Base64 decode the given string.
byte[]	xor1(java.lang.String string) Returns the byte array containing the xor encoded representation of the given input string.
java.lang.String	xor1Encrypted(java.lang.String aString) Returns the given string XOR1 encrypted and base64 encoded with a prefix "{XOR1}".

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

CryptoUtil

protected CryptoUtil()

Initialize the new instance with default values.

Method Detail

current

public static CryptoUtil current()

Returns the only instance this class supports (design pattern "Singleton")

asPlainText

public java.lang.String asPlainText(java.lang.String aString)

Returns the given string as it is if it does not start with a prefix in curly brackets (e.g. {xor}). If it starts with a prefix the method returns the string decrypted according to the algorithm named by the prefix.

Parameters:

aString - The string to return or to convert into plain text

Returns:

The input string unchanged or converted to plain text if it was encrypted and could be decrypted

sshaEncrypted

public java.lang.String sshaEncrypted(java.lang.String aString)

Returns the given string SSHA encrypted and base64 encoded with a prefix "{SSHA}".

Parameters:

aString - The string to be encrypted

sshaEncrypted

public java.lang.String sshaEncrypted(java.lang.String aString,
                                      byte[] salt)

Returns the given string SSHA encrypted and base64 encoded with a prefix "{SSHA}".

Parameters:

aString - The string to be encrypted

salt - The salt value

shaEncrypted

public java.lang.String shaEncrypted(java.lang.String aString)

Returns the given string SHA encrypted and base64 encoded with a prefix "{SHA}".

Parameters:

aString - The string to be encrypted

base64HashedUTF8

public java.lang.String base64HashedUTF8(java.lang.String aString,
                                         java.lang.String hashMechanism)

Returns the given string UTF-8 char encoded, hashed with the specified hashing mechanism (e.g. CryptoConstants.SHA_2_384_NAME) and base64 encoded with a prefix (e.g. "{SHA256}) for the used mechanism". Finally the whole string gets base64 encoded and returned.

Parameters:

aString - The string to be hashed.

hashMechanism - The hashing mechanism to be used (Not algorithm names!). See CryptoConstants.SHA_1_NAME.

Throws:

CryptoRuntimeException - If the specified mechanism is not supported.

hashedUTF8

public java.lang.String hashedUTF8(java.lang.String aString,
                                   java.lang.String hashMechanismName)

Returns the given string UTF-8 char encoded, hashed with the specified hashing mechanism (e.g. CryptoConstants.SHA_2_512_NAME) and base64 encoded with a prefix (e.g. "{SHA256}) for the used mechanism".

Parameters:

aString - The string to be hashed.

hashMechanismName - The hashing mechanism to be used (Not algorithm names!). See CryptoConstants.

Throws:

CryptoRuntimeException - If the specified mechanism is not supported.

hashedUTF8

public java.lang.String hashedUTF8(java.lang.String aString,
                                   HashMechanism hashMechanism)

Returns the given string UTF-8 char encoded, hashed with the specified hashing mechanism (e.g. HashMechanism.SALTED_SHA_2_256) and base64 encoded with a prefix (e.g. "{SSHA256}") for the used mechanism.

Parameters:

aString - The string to be hashed.

hashMechanism - The hashing mechanism to be used.

Throws:

CryptoRuntimeException - If the specified mechanism is not supported.

hashed

public java.lang.String hashed(byte[] data,
                               HashMechanism hashMechanism)

Returns the given data hashed with the specified hashing mechanism (e.g. HashMechanism.SALTED_SHA_2_512) and base64 encoded with a prefix (e.g. "{SSHA512}") for the used mechanism.

Parameters:

data - The data to be hashed.

hashMechanism - The hashing mechanism to be used.

Throws:

CryptoRuntimeException - If the specified mechanism is not supported.

base64EncodedWithPrefix

public java.lang.String base64EncodedWithPrefix(byte[] hash,
                                                HashMechanism hashMechanism)

xor1Encrypted

public java.lang.String xor1Encrypted(java.lang.String aString)

Returns the given string XOR1 encrypted and base64 encoded with a prefix "{XOR1}".

Parameters:

aString - The string to be encrypted

defaultEncrypted

public java.lang.String defaultEncrypted(java.lang.String aString)

Returns the given string encrypted with the default algorithm and base64 encoded with a prefix naming the algorithm in curly brackets (e.g. {xor}).

Currently it uses the XOR encryption.

equals

public boolean equals(java.lang.String str1,
                      java.lang.String str2)

Compares whether or not the two given strings are equal. If one or both keys are encrypted then they get decrypted before being compared. That allows to compare transparently a plain text string against an XOR encrypted string or even an XOR encrypted string against a SHA hashed value. In the latter case the plain text gets hashed before the comparison.

The sting character encoding used here is the platform's default encoding.

equalsUTF8

public boolean equalsUTF8(java.lang.String str1,
                          java.lang.String str2)

Compares whether or not the two given strings are equal. If one or both keys are encrypted then they get decrypted before being compared. That allows to compare transparently a plain text string against an XOR encrypted string or even an XOR encrypted string against a SHA hashed value. In the latter case the plain text gets hashed before the comparison.

The sting character encoding used here is the platform's default encoding.

equals

public boolean equals(java.lang.String str1,
                      java.lang.String str2,
                      CheckedCharsetName charEncoding)

Compares whether or not the two given strings are equal. If one or both keys are encoded then they get decoded before being compared. That allows to compare transparently a plain text string against an XOR encrypted string or even an XOR encrypted string against a SHA hashed value. In the latter case the plain text gets hashed before the comparison.

Comparing two hashed or XOR encrypted values always return false.

Parameters:

str1 - First string to compare with second.

str2 - Second string to compare with first.

charEncoding - The character encoding used to convert strings to byte arrays.

xor1

public byte[] xor1(java.lang.String string)

Returns the byte array containing the xor encoded representation of the given input string.

createSSHAhash

public byte[] createSSHAhash(java.lang.String aString)

Returns the SSHA hash representation of the given string

createSSHAhash

public byte[] createSSHAhash(java.lang.String aString,
                             byte[] salt)

Returns the SSHA hash representation (SHA-1 based) of the given string.

Parameters:

aString - the string to be hashed.

salt - the salt value for SSHA.

createSHAhash

public byte[] createSHAhash(java.lang.String aString)

Returns the SHA-1 hash representation of the given string in the current platform's character encoding.

computeHash

public byte[] computeHash(byte[] content,
                          java.lang.String algorithm)

Computes a hash value for the given input data using the specified hashing algorithm. The returned byte array contains the hash. Its length depends on the algorithm. If the given algorithm is not supported a CryptoRuntimeExcption will be thrown.

Parameters:

content - The content to be hashed (must not be null).

algorithm - The name of the has algorithm (see CryptoConstants). Must not be null.

Throws:

CryptoRuntimeExcption - If the given algorithm is not supported.

computeHash

public byte[] computeHash(byte[] content,
                          CheckedHashAlgorithm hashAlgorithm)

Computes a hash value for the given input data using the specified hashing algorithm. The returned byte array contains the hash. Its length depends on the algorithm. If the given algorithm is not supported a CryptoRuntimeExcption will be thrown.

Parameters:

content - The content to be hashed (must not be null).

hashAlgorithm - The hash mechanism to use. Must not be null.

Throws:

CryptoRuntimeExcption - If the given algorithm is not supported.

computeHash

public byte[] computeHash(java.lang.String text,
                          java.lang.String charEncoding,
                          java.lang.String algorithm)

Computes a hash value for the given text using the specified hashing algorithm. The returned byte array contains the hash. Its length depends on the algorithm. If the given algorithm is not supported a CryptoRuntimeExcption will be thrown.

Parameters:

text - The content to be hashed (must not be null).

charEncoding - The character encoding to be used when converting the given text to bytes.

algorithm - The name of the has algorithm (see CryptoConstants). Must not be null.

Throws:

CryptoRuntimeExcption - If the given charEncoding or algorithm is not supported.

computeHash

public byte[] computeHash(java.lang.String text,
                          CheckedCharsetName charEncoding,
                          java.lang.String algorithm)

Computes a hash value for the given text using the specified hashing algorithm. The returned byte array contains the hash. Its length depends on the algorithm. If the given algorithm is not supported a CryptoRuntimeExcption will be thrown.

Parameters:

text - The content to be hashed (must not be null).

charEncoding - The character encoding to be used when converting the given text to bytes.

algorithm - The name of the has algorithm (see CryptoConstants). Must not be null.

Throws:

CryptoRuntimeExcption - If the given charEncoding or algorithm is not supported.

computeUTF8Hash

public byte[] computeUTF8Hash(java.lang.String text,
                              java.lang.String algorithmName)

Computes a hash value for the given text using UTF-8 character encoding an the specified hashing algorithm. The returned byte array contains the hash. Its length depends on the algorithm. If the given algorithm is not supported a CryptoRuntimeExcption will be thrown.

Parameters:

text - The content to be hashed (must not be null).

algorithmName - The name of the has algorithm (see CryptoConstants). Must not be null.

Throws:

CryptoRuntimeExcption - If the given charEncoding or algorithm is not supported.

generateSalt

public byte[] generateSalt(int length)

Generates a random salt with the specified length.

Parameters:

length - The length of the salt to be generated.

Returns:

The salt as byte array with the specified length.

generateSalt20

public byte[] generateSalt20()

Generates a random salt with the default length of 20.

Returns:

The salt as byte array with a length of 20.

getFingerprintOf

public java.lang.String getFingerprintOf(java.security.cert.X509Certificate cert)
                                  throws java.security.cert.CertificateEncodingException

Returns the fingerprint (i.e. SHA1 hash) of the given certificate as hexadecimal string (all upper case, no separators).

Throws:

java.security.cert.CertificateEncodingException

getFingerprintOf

public java.lang.String getFingerprintOf(java.security.cert.X509Certificate cert,
                                         java.lang.String hexSeparator)
                                  throws java.security.cert.CertificateEncodingException

Returns the fingerprint (i.e. SHA1 hash) of the given certificate as hexadecimal string (all upper case, each hex byte separated by the given hexSeparator).

Throws:

java.security.cert.CertificateEncodingException

decryptString

protected java.lang.String decryptString(java.lang.String aString)

equalsHashedAgainstEncoded

protected boolean equalsHashedAgainstEncoded(java.lang.String hashed,
                                             java.lang.String maybeEncoded,
                                             CheckedCharsetName charEncoding)

unencoded

protected java.lang.String unencoded(java.lang.String str)

Tries to Base64 decode the given string. Returns the string unchanged if it was not Base64 encoded otherwise returns the decoded string.

isEncrypted

protected boolean isEncrypted(java.lang.String str)

isHashed

protected boolean isHashed(java.lang.String str)

obfuscate1

protected byte[] obfuscate1(java.lang.String aStr)

Encrypts the given string according to IAP1 algorithm

plainText1

protected java.lang.String plainText1(java.lang.String string)

Decrypts the given string which must be IAP1 obfuscated

transform1

protected void transform1(byte[] bytes,
                          int keyNum)

Does a XOR transformation of each byte in the given byte array using the key specified by the given keyNum.

concatArrays

protected byte[] concatArrays(byte[] bytes1,
                              byte[] bytes2)

handleException

protected void handleException(java.lang.Exception ex)

str

protected StringUtil str()