SecurityUtil (Tranche Distributed Repository (Build #288) Java API Documentation)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.tranche.security
Class SecurityUtil

java.lang.Object
  org.tranche.security.SecurityUtil

public class SecurityUtil
extends java.lang.Object
extends java.lang.Object

A helper class for handling security related tasks. You can also find helper methods here for looking up default X.509 certificates and RSA keys.

Author:: Jayson Falkner - jfalkner@umich.edu, Bryan E. Smith - bryanesmith@gmail.com, James "Augie" Hill - augman85@gmail.com

Field Summary
`static int`	`SIGNATURE_BUFFER_SIZE` Size of signature in bytes, used by buffer.

Constructor Summary
`SecurityUtil()`

Method Summary
`static boolean`	`certificateNamesMatch(java.lang.String a, java.lang.String b)` A utility method to check whether two certificate names match.
`static java.security.cert.Certificate`	`createCertificate(java.lang.String name, java.security.PublicKey pub, java.security.PrivateKey priv)` Helper method that uses the bouncycastle.org's X509 certificate generator to make a certificate for the given public/private key pair.
`static java.io.File`	`decryptDiskBacked(java.lang.String passphrase, java.io.File file)` Decrypt an AES-encrypted file using a specified passphrase.
`static java.io.File`	`decryptDiskBacked(java.lang.String passphrase, java.io.File file, BigHash expectedHash)` Decrypt an AES-encrypted file using a specified passphrase.
`static byte[]`	`decryptInMemory(java.lang.String passphrase, byte[] dataBytes)` In-memory version of decryption function.
`static byte[]`	`decryptInMemory(java.lang.String passphrase, byte[] dataBytes, BigHash expectedHash)` In-memory version of decryption function.
`static char`	`encodeByte(byte b)` Encodes a byte as a character.
`static java.lang.String`	`encodeBytes(byte[] bytes)` Helper method to make MD5 hashes digestable and file-name friendly.
`static java.io.File`	`encryptDiskBacked(java.lang.String passphrase, java.io.File file)` Encrypts a file using AES and a passphrase.
`static byte[]`	`encryptInMemory(java.lang.String passphrase, byte[] dataBytes)` In-memory version of encryption function.
`static java.lang.String`	`generateBase64Password()` Generate a random base64 password 20 characters long.
`static java.lang.String`	`generateBase64Password(int size)` Generate a random base64 password of specified size.
`static User`	`getAdmin()` Get User object representing adminstrative privileges.
`static java.security.cert.X509Certificate`	`getAdminCertificate()` Returns certificate with priveldges: all
`static User`	`getAnonymous()` Get User object representing anonymous, read-only privileges.
`static java.security.cert.X509Certificate`	`getAnonymousCertificate()` Returns certificate with priveldges: read only
`static int`	`getAnonymousFlags()` Returns integer for flags used to set for user: anonymous.
`static java.security.PrivateKey`	`getAnonymousKey()` Returns key with priveldges: read only
`static User`	`getAutoCert()` Get User object representing auto-certificate privileges (read, write).
`static java.security.cert.X509Certificate`	`getAutoCertCertificate()` Returns certificate with priveldges: read, write (no delete, no write configuration)
`static int`	`getAutoCertFlags()` Returns integer for flags used to set for user: auto-cert.
`static java.security.cert.X509Certificate`	`getCertificate(byte[] bytes)` Returns X509Certificate object serialized into bytes.
`static java.security.cert.X509Certificate`	`getCertificate(java.io.File file)` Helper method to load an X509 certificate from a file.
`static java.security.cert.X509Certificate`	`getCertificate(java.io.InputStream in)` Helper method to load an X509 certificate from an input stream.
`static java.security.cert.X509Certificate`	`getDefaultCertificate()` Retrieve the default X.509 certificate used by tool.
`static java.security.PrivateKey`	`getDefaultKey()` Retrieve the default private key used by the tool.
`static java.security.cert.X509Certificate`	`getEmailCertificate()` Returns certificate used for signing email to be sent from server.
`static java.security.PrivateKey`	`getEmailKey()` Returns key used for signing email to be sent from server.
`static java.lang.String`	`getMD5Name(java.security.cert.X509Certificate cert)` Helper method to convert certificate's into unique names.
`static java.security.PrivateKey`	`getPrivateKey(byte[] keyBytes)` Load the PrivateKey serialized to a byte array.
`static java.security.PrivateKey`	`getPrivateKey(java.io.File file)` Load the PrivateKey serialized to a file.
`static java.security.PrivateKey`	`getPrivateKeyFromKeyStore(java.io.InputStream keystore, java.lang.String keystorePassword, java.lang.String alias, java.lang.String aliasPassword)` Retrieve the PrivateKey (used to sign bytes) from the system keystore.
`static java.security.PrivateKey`	`getPrivateKeyFromKeyStore(java.lang.String keystore, java.lang.String keystorePassword, java.lang.String alias, java.lang.String aliasPassword)` Retrieve the PrivateKey (used to sign bytes) from the system keystore.
`static User`	`getReadOnly()` Get User object representing read-only privileges.
`static java.security.cert.X509Certificate`	`getReadOnlyCertificate()` Returns certificate with priveldges: read only
`static int`	`getReadOnlyFlags()` Returns integer for flags used to set for user: read-only.
`static java.lang.String`	`getSignatureAlgorithm(java.security.PrivateKey key)` Extract the signature algorithm used with specified PrivateKey.
`static java.lang.String`	`getSignatureAlgorithm(java.security.PublicKey key)` Extract the signature algorithm used with specified PublicKey.
`static User`	`getUser()` Get User object representing user privileges (read, write, delete).
`static java.security.cert.X509Certificate`	`getUserCertificate()` Returns certificate with priveldges: read, write, delete (not set configuration)
`static int`	`getUserFlags()` Returns integer for flags used to set for user: (super) user.
`static User`	`getWriteOnly()` Get User object representing write-only privileges.
`static java.security.cert.X509Certificate`	`getWriteOnlyCertificate()` Returns certificate with priveldges: write
`static int`	`getWriteOnlyFlags()` Returns integer for flags used to set for user: write-only.
`static byte[]`	`hash(byte[] bytes, java.lang.String algorithm)` Create a hash using a particular hashing algorithm.
`static byte[]`	`hash(java.io.File f, java.lang.String algorithm)` Create a hash using a particular hashing algorithm.
`static byte[]`	`hash(java.io.File f, java.lang.String algorithm, byte[] buf)` Create a hash using a particular hashing algorithm.
`static byte[]`	`hash(java.io.InputStream is, java.lang.String algorithm)` Create a hash using a particular hashing algorithm.
`static byte[]`	`hash(java.io.InputStream is, java.lang.String algorithm, byte[] buf)` Create a hash using a particular hashing algorithm.
`static boolean`	`isCertificateSignedByDefaultCerts(java.security.cert.X509Certificate cert)` Checks to see whether certificate is signed by the loaded certificates.
`static void`	`lazyLoad()` Lazy load resources used by utility methods.
`static void`	`setAdminCert(java.security.cert.X509Certificate cert)` Set the administrator X.509 certificate.
`static void`	`setAdminCertLocation(java.lang.String adminCertificateLocation)` Set the file path to the administrator X.509 certificate.
`static void`	`setAnonCert(java.security.cert.X509Certificate cert)` Set the anonymous, read-only X.509 certificate.
`static void`	`setAnonCertLocation(java.lang.String anonCertificateLocation)` Set the file path to the anonymous, read-only X.509 certificate.
`static void`	`setAnonKey(java.security.PrivateKey key)` Set the anonymous, read-only private key.
`static void`	`setAnonKeyLocation(java.lang.String anonPrivateKeyLocation)` Set the file path to the anonymous, read-only private key.
`static void`	`setAutoCertCert(java.security.cert.X509Certificate cert)` Set the auto-certificate (read, write) X.509 certificate.
`static void`	`setAutocertCertLocation(java.lang.String autocertCertificateLocation)` Set the file path to the read-only X.509 certificate.
`static void`	`setDefaultCertificate(java.security.cert.X509Certificate aDefaultCertificate)` Set the default X.509 certificate used by the tool.
`static void`	`setDefaultKey(java.security.PrivateKey aDefaultKey)` Set the default private key used by the tool.
`static void`	`setEmailCert(java.security.cert.X509Certificate cert)` Set the X.509 certificate used to sign email data to be sent by server.
`static void`	`setEmailCertLocation(java.lang.String emailCertificateLocation)` Set the file path to the certificate used for signing email to be sent by server.
`static void`	`setEmailKey(java.security.PrivateKey key)` Set the private key used to sign email data to be sent by server.
`static void`	`setEmailKeyLocation(java.lang.String emailPrivateKeyLocation)` Set the file path to the private key used for signing email to be sent by server.
`static void`	`setReadCert(java.security.cert.X509Certificate cert)` Set the read-only X.509 certificate.
`static void`	`setReadCertLocation(java.lang.String readCertificateLocation)` Set the file path to the read-only X.509 certificate.
`static void`	`setUserCert(java.security.cert.X509Certificate cert)` Set the user (read, write, delete) X.509 certificate.
`static void`	`setUserCertLocation(java.lang.String userCertificateLocation)` Set the file path to the user (read, write, delete) X.509 certificate.
`static void`	`setWriteCert(java.security.cert.X509Certificate cert)` Set the write-only X.509 certificate.
`static void`	`setWriteCertLocation(java.lang.String writeCertificateLocation)` Set the file path to the write-only X.509 certificate.
`static java.lang.String`	`SHA1(java.lang.String text)`
`static byte[]`	`sign(java.io.File f, java.security.PrivateKey key)` Sign a file using a private key.
`static byte[]`	`sign(java.io.File f, java.security.PrivateKey key, byte[] buf)` Sign a file using a private key.
`static byte[]`	`sign(java.io.File f, java.security.PrivateKey key, java.lang.String algorithm)` Sign a file using a private key and a specified algorithm.
`static byte[]`	`sign(java.io.File f, java.security.PrivateKey key, java.lang.String algorithm, byte[] buffer)` Sign a file using a private key and a specified algorithm.
`static byte[]`	`sign(java.io.InputStream is, java.security.PrivateKey key)` Sign data from an InputStream using a private key.
`static byte[]`	`sign(java.io.InputStream is, java.security.PrivateKey key, java.lang.String algorithm)` Sign data from an InputStream using a private key and a specific algorithm.
`static byte[]`	`sign(java.io.InputStream is, java.security.PrivateKey key, java.lang.String algorithm, byte[] buf)` Sign data from an InputStream using a private key and a specific algorithm.
`static boolean`	`verify(java.io.InputStream is, byte[] digitalSignature, java.lang.String algorithm, java.security.cert.Certificate cert)` Verify that the contents of an InputStream's bytes were signed by a certificate using a particular algorithm.
`static boolean`	`verify(java.io.InputStream is, byte[] digitalSignature, java.lang.String algorithm, java.security.PublicKey publicKey)` Verify that the contents of an InputStream's bytes were signed by a public key using a particular algorithm.

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Field Detail

SIGNATURE_BUFFER_SIZE

public static final int SIGNATURE_BUFFER_SIZE

Size of signature in bytes, used by buffer.

See Also:: Constant Field Values

Constructor Detail

SecurityUtil

public SecurityUtil()

Method Detail

hash

public static byte[] hash(java.io.File f,
                          java.lang.String algorithm,
                          byte[] buf)
                   throws java.io.IOException,
                          java.security.GeneralSecurityException

Create a hash using a particular hashing algorithm.

Parameters:: f -; algorithm -; buf -
Returns:
Throws:: java.io.IOException; java.security.GeneralSecurityException

hash

public static byte[] hash(java.io.File f,
                          java.lang.String algorithm)
                   throws java.io.IOException,
                          java.security.GeneralSecurityException

Create a hash using a particular hashing algorithm.

Parameters:: f -; algorithm -
Returns:
Throws:: java.io.IOException; java.security.GeneralSecurityException

encodeBytes

public static java.lang.String encodeBytes(byte[] bytes)

Helper method to make MD5 hashes digestable and file-name friendly. This encoding represents every 4 bits as 0-f.

Parameters:: bytes -
Returns:

encodeByte

public static char encodeByte(byte b)

Encodes a byte as a character. Only encodes byte if 0-15, inclusive. Throws a RuntimeException if not in aforementioned range.

Parameters:: b -
Returns:

generateBase64Password

public static java.lang.String generateBase64Password(int size)

Generate a random base64 password of specified size.

Parameters:: size -
Returns:

generateBase64Password

public static java.lang.String generateBase64Password()

Generate a random base64 password 20 characters long.

Returns:

createCertificate

public static java.security.cert.Certificate createCertificate(java.lang.String name,
                                                               java.security.PublicKey pub,
                                                               java.security.PrivateKey priv)
                                                        throws java.security.GeneralSecurityException

Helper method that uses the bouncycastle.org's X509 certificate generator to make a certificate for the given public/private key pair.

Parameters:: name -; pub -; priv -
Returns:
Throws:: java.security.GeneralSecurityException

sign

public static byte[] sign(java.io.File f,
                          java.security.PrivateKey key)
                   throws java.io.IOException,
                          java.security.GeneralSecurityException

Sign a file using a private key. Uses key's signature algorithm to sign.

Parameters:: f -; key -
Returns:
Throws:: java.io.IOException; java.security.GeneralSecurityException

sign

public static byte[] sign(java.io.File f,
                          java.security.PrivateKey key,
                          byte[] buf)
                   throws java.io.IOException,
                          java.security.GeneralSecurityException

Sign a file using a private key. Uses key's signature algorithm to sign.

Parameters:: f -; key -; buf -
Returns:
Throws:: java.io.IOException; java.security.GeneralSecurityException

sign

public static byte[] sign(java.io.File f,
                          java.security.PrivateKey key,
                          java.lang.String algorithm)
                   throws java.io.IOException,
                          java.security.GeneralSecurityException

Sign a file using a private key and a specified algorithm.

Parameters:: f -; key -; algorithm -
Returns:
Throws:: java.io.IOException; java.security.GeneralSecurityException

sign

public static byte[] sign(java.io.File f,
                          java.security.PrivateKey key,
                          java.lang.String algorithm,
                          byte[] buffer)
                   throws java.io.IOException,
                          java.security.GeneralSecurityException

Sign a file using a private key and a specified algorithm.

Parameters:: f -; key -; algorithm -; buffer -
Returns:
Throws:: java.io.IOException; java.security.GeneralSecurityException

sign

public static byte[] sign(java.io.InputStream is,
                          java.security.PrivateKey key)
                   throws java.io.IOException,
                          java.security.GeneralSecurityException

Sign data from an InputStream using a private key. Uses key's signature algorithm.

Parameters:: is -; key -
Returns:
Throws:: java.io.IOException; java.security.GeneralSecurityException

sign

public static byte[] sign(java.io.InputStream is,
                          java.security.PrivateKey key,
                          java.lang.String algorithm)
                   throws java.io.IOException,
                          java.security.GeneralSecurityException

Sign data from an InputStream using a private key and a specific algorithm.

Parameters:: is -; key -; algorithm -
Returns:
Throws:: java.io.IOException; java.security.GeneralSecurityException

sign

public static final byte[] sign(java.io.InputStream is,
                                java.security.PrivateKey key,
                                java.lang.String algorithm,
                                byte[] buf)
                         throws java.io.IOException,
                                java.security.GeneralSecurityException

Sign data from an InputStream using a private key and a specific algorithm.

After profiling this was hot-spot that dominated the AddFileTool's time. The only speed improvement to make is allowing a reusable buffer of bytes.

Parameters:: is -; key -; algorithm -; buf -
Returns:
Throws:: java.io.IOException; java.security.GeneralSecurityException

hash

public static byte[] hash(byte[] bytes,
                          java.lang.String algorithm)
                   throws java.io.IOException,
                          java.security.GeneralSecurityException

Create a hash using a particular hashing algorithm.

Parameters:: bytes -; algorithm -
Returns:
Throws:: java.io.IOException; java.security.GeneralSecurityException

SHA1

public static java.lang.String SHA1(java.lang.String text)
                             throws java.security.NoSuchAlgorithmException,
                                    java.io.UnsupportedEncodingException

Throws:: java.security.NoSuchAlgorithmException; java.io.UnsupportedEncodingException

hash

public static byte[] hash(java.io.InputStream is,
                          java.lang.String algorithm)
                   throws java.io.IOException,
                          java.security.GeneralSecurityException

Create a hash using a particular hashing algorithm.

Parameters:: is -; algorithm -
Returns:
Throws:: java.io.IOException; java.security.GeneralSecurityException

lazyLoad

public static void lazyLoad()

Lazy load resources used by utility methods.

hash

public static byte[] hash(java.io.InputStream is,
                          java.lang.String algorithm,
                          byte[] buf)
                   throws java.io.IOException,
                          java.security.GeneralSecurityException

Create a hash using a particular hashing algorithm.

Parameters:: is -; algorithm -; buf -
Returns:
Throws:: java.io.IOException; java.security.GeneralSecurityException

getPrivateKeyFromKeyStore

public static java.security.PrivateKey getPrivateKeyFromKeyStore(java.lang.String keystore,
                                                                 java.lang.String keystorePassword,
                                                                 java.lang.String alias,
                                                                 java.lang.String aliasPassword)
                                                          throws java.io.IOException,
                                                                 java.security.GeneralSecurityException

Retrieve the PrivateKey (used to sign bytes) from the system keystore.

Parameters:: keystore -; keystorePassword -; alias -; aliasPassword -
Returns:
Throws:: java.io.IOException; java.security.GeneralSecurityException

getPrivateKeyFromKeyStore

public static java.security.PrivateKey getPrivateKeyFromKeyStore(java.io.InputStream keystore,
                                                                 java.lang.String keystorePassword,
                                                                 java.lang.String alias,
                                                                 java.lang.String aliasPassword)
                                                          throws java.io.IOException,
                                                                 java.security.GeneralSecurityException

Retrieve the PrivateKey (used to sign bytes) from the system keystore.

Parameters:: keystore -; keystorePassword -; alias -; aliasPassword -
Returns:
Throws:: java.io.IOException; java.security.GeneralSecurityException

getAnonymousCertificate

public static final java.security.cert.X509Certificate getAnonymousCertificate()
                                                                        throws java.io.IOException,
                                                                               java.security.GeneralSecurityException

Returns certificate with priveldges: read only

Returns:
Throws:: java.io.IOException; java.security.GeneralSecurityException

getAnonymousKey

public static final java.security.PrivateKey getAnonymousKey()
                                                      throws java.io.IOException,
                                                             java.security.GeneralSecurityException

Returns key with priveldges: read only

Returns:
Throws:: java.io.IOException; java.security.GeneralSecurityException

getEmailCertificate

public static final java.security.cert.X509Certificate getEmailCertificate()
                                                                    throws java.io.IOException,
                                                                           java.security.GeneralSecurityException

Returns certificate used for signing email to be sent from server.

Returns:
Throws:: java.io.IOException; java.security.GeneralSecurityException

getEmailKey

public static final java.security.PrivateKey getEmailKey()
                                                  throws java.io.IOException,
                                                         java.security.GeneralSecurityException

Returns key used for signing email to be sent from server.

Returns:
Throws:: java.io.IOException; java.security.GeneralSecurityException

getAdminCertificate

public static final java.security.cert.X509Certificate getAdminCertificate()
                                                                    throws java.io.IOException,
                                                                           java.security.GeneralSecurityException

Returns certificate with priveldges: all

Must have matching key to sign bytes.

Returns:
Throws:: java.io.IOException; java.security.GeneralSecurityException

getUserCertificate

public static final java.security.cert.X509Certificate getUserCertificate()
                                                                   throws java.io.IOException,
                                                                          java.security.GeneralSecurityException

Returns certificate with priveldges: read, write, delete (not set configuration)

Must have matching key to sign bytes.

Returns:
Throws:: java.io.IOException; java.security.GeneralSecurityException

getReadOnlyCertificate

public static final java.security.cert.X509Certificate getReadOnlyCertificate()
                                                                       throws java.io.IOException,
                                                                              java.security.GeneralSecurityException

Returns certificate with priveldges: read only

Must have matching key to sign bytes.

Returns:
Throws:: java.io.IOException; java.security.GeneralSecurityException

getWriteOnlyCertificate

public static final java.security.cert.X509Certificate getWriteOnlyCertificate()
                                                                        throws java.io.IOException,
                                                                               java.security.GeneralSecurityException

Returns certificate with priveldges: write

Must have matching key to sign bytes.

Returns:
Throws:: java.io.IOException; java.security.GeneralSecurityException

getAutoCertCertificate

public static final java.security.cert.X509Certificate getAutoCertCertificate()
                                                                       throws java.io.IOException,
                                                                              java.security.GeneralSecurityException

Returns certificate with priveldges: read, write (no delete, no write configuration)

Must have matching key to sign bytes.

Returns:
Throws:: java.io.IOException; java.security.GeneralSecurityException

getAdmin

public static final User getAdmin()
                           throws java.io.IOException,
                                  java.security.GeneralSecurityException

Get User object representing adminstrative privileges. (Cannot sign without private key.)

Returns:
Throws:: java.io.IOException; java.security.GeneralSecurityException

getUser

public static final User getUser()
                          throws java.io.IOException,
                                 java.security.GeneralSecurityException

Get User object representing user privileges (read, write, delete). (Cannot sign without private key.)

Returns:
Throws:: java.io.IOException; java.security.GeneralSecurityException

getUserFlags

public static final int getUserFlags()

Returns integer for flags used to set for user: (super) user.

Returns:

getReadOnly

public static final User getReadOnly()
                              throws java.io.IOException,
                                     java.security.GeneralSecurityException

Get User object representing read-only privileges. (Cannot sign without private key.)

Returns:
Throws:: java.io.IOException; java.security.GeneralSecurityException

getReadOnlyFlags

public static final int getReadOnlyFlags()

Returns integer for flags used to set for user: read-only.

Returns:

getAnonymous

public static final User getAnonymous()
                               throws java.io.IOException,
                                      java.security.GeneralSecurityException

Get User object representing anonymous, read-only privileges. (Cannot sign without private key.)

Returns:
Throws:: java.io.IOException; java.security.GeneralSecurityException

getAnonymousFlags

public static final int getAnonymousFlags()

Returns integer for flags used to set for user: anonymous.

Returns:

getWriteOnly

public static final User getWriteOnly()
                               throws java.io.IOException,
                                      java.security.GeneralSecurityException

Get User object representing write-only privileges. (Cannot sign without private key.)

Returns:
Throws:: java.io.IOException; java.security.GeneralSecurityException

getWriteOnlyFlags

public static final int getWriteOnlyFlags()

Returns integer for flags used to set for user: write-only.

Returns:

getAutoCert

public static final User getAutoCert()
                              throws java.io.IOException,
                                     java.security.GeneralSecurityException

Get User object representing auto-certificate privileges (read, write). (Cannot sign without private key.)

Returns:
Throws:: java.io.IOException; java.security.GeneralSecurityException

getAutoCertFlags

public static final int getAutoCertFlags()

Returns integer for flags used to set for user: auto-cert.

Returns:

getCertificate

public static final java.security.cert.X509Certificate getCertificate(byte[] bytes)
                                                               throws java.io.IOException,
                                                                      java.security.GeneralSecurityException

Returns X509Certificate object serialized into bytes.

Parameters:: bytes -
Returns:
Throws:: java.io.IOException; java.security.GeneralSecurityException

getCertificate

public static final java.security.cert.X509Certificate getCertificate(java.io.InputStream in)
                                                               throws java.io.IOException,
                                                                      java.security.GeneralSecurityException

Helper method to load an X509 certificate from an input stream.

Parameters:: in -
Returns:
Throws:: java.io.IOException; java.security.GeneralSecurityException

getCertificate

public static java.security.cert.X509Certificate getCertificate(java.io.File file)
                                                         throws java.io.IOException,
                                                                java.security.GeneralSecurityException

Helper method to load an X509 certificate from a file.

Parameters:: file -
Returns:
Throws:: java.io.IOException; java.security.GeneralSecurityException

verify

public static boolean verify(java.io.InputStream is,
                             byte[] digitalSignature,
                             java.lang.String algorithm,
                             java.security.cert.Certificate cert)
                      throws java.io.IOException,
                             java.security.GeneralSecurityException

Verify that the contents of an InputStream's bytes were signed by a certificate using a particular algorithm.

Parameters:: is -; digitalSignature -; algorithm -; cert -
Returns:
Throws:: java.io.IOException; java.security.GeneralSecurityException

verify

public static boolean verify(java.io.InputStream is,
                             byte[] digitalSignature,
                             java.lang.String algorithm,
                             java.security.PublicKey publicKey)
                      throws java.io.IOException,
                             java.security.GeneralSecurityException

Verify that the contents of an InputStream's bytes were signed by a public key using a particular algorithm.

Parameters:: is -; digitalSignature -; algorithm -; publicKey -
Returns:
Throws:: java.io.IOException; java.security.GeneralSecurityException

getMD5Name

public static java.lang.String getMD5Name(java.security.cert.X509Certificate cert)

Helper method to convert certificate's into unique names.

Parameters:: cert -
Returns:

getSignatureAlgorithm

public static java.lang.String getSignatureAlgorithm(java.security.PublicKey key)

Extract the signature algorithm used with specified PublicKey.

Parameters:: key -
Returns:

getSignatureAlgorithm

public static java.lang.String getSignatureAlgorithm(java.security.PrivateKey key)

Extract the signature algorithm used with specified PrivateKey.

Parameters:: key -
Returns:

getPrivateKey

public static java.security.PrivateKey getPrivateKey(java.io.File file)
                                              throws java.io.IOException,
                                                     java.security.GeneralSecurityException

Load the PrivateKey serialized to a file.

Parameters:: file -
Returns:
Throws:: java.io.IOException; java.security.GeneralSecurityException

getPrivateKey

public static java.security.PrivateKey getPrivateKey(byte[] keyBytes)
                                              throws java.io.IOException,
                                                     java.security.GeneralSecurityException

Load the PrivateKey serialized to a byte array.

Parameters:: keyBytes -
Returns:
Throws:: java.io.IOException; java.security.GeneralSecurityException

getDefaultCertificate

public static java.security.cert.X509Certificate getDefaultCertificate()

Retrieve the default X.509 certificate used by tool. Unless configured otherwise, this is the anonymous certificate.

Returns:

setDefaultCertificate

public static void setDefaultCertificate(java.security.cert.X509Certificate aDefaultCertificate)

Set the default X.509 certificate used by the tool. If not specified, uses the anonymous certificate.

Parameters:: aDefaultCertificate -

getDefaultKey

public static java.security.PrivateKey getDefaultKey()

Retrieve the default private key used by the tool. If not specified, uses the anonymous key.

Returns:

setDefaultKey

public static void setDefaultKey(java.security.PrivateKey aDefaultKey)

Set the default private key used by the tool. If not specified, uses the anonymous key.

Parameters:: aDefaultKey -

encryptDiskBacked

public static java.io.File encryptDiskBacked(java.lang.String passphrase,
                                             java.io.File file)
                                      throws java.io.IOException

Encrypts a file using AES and a passphrase.

Parameters:: passphrase -; file -
Returns:
Throws:: java.io.IOException

encryptInMemory

public static byte[] encryptInMemory(java.lang.String passphrase,
                                     byte[] dataBytes)
                              throws java.io.IOException

In-memory version of encryption function. This method avoids all uses of temporary files, which can save some time when handling lots of small files.

Parameters:: passphrase -; dataBytes -
Returns:
Throws:: java.io.IOException

decryptDiskBacked

public static java.io.File decryptDiskBacked(java.lang.String passphrase,
                                             java.io.File file)
                                      throws WrongPassphraseException,
                                             java.io.IOException,
                                             java.security.GeneralSecurityException

Decrypt an AES-encrypted file using a specified passphrase.

Parameters:: passphrase -; file -
Returns:
Throws:: WrongPassphraseException; java.io.IOException; java.security.GeneralSecurityException

decryptDiskBacked

public static java.io.File decryptDiskBacked(java.lang.String passphrase,
                                             java.io.File file,
                                             BigHash expectedHash)
                                      throws WrongPassphraseException,
                                             java.io.IOException,
                                             java.security.GeneralSecurityException

Decrypt an AES-encrypted file using a specified passphrase.

Parameters:: passphrase -; file -; expectedHash -
Returns:
Throws:: WrongPassphraseException; java.io.IOException; java.security.GeneralSecurityException

decryptInMemory

public static byte[] decryptInMemory(java.lang.String passphrase,
                                     byte[] dataBytes)
                              throws WrongPassphraseException,
                                     java.io.IOException,
                                     java.security.GeneralSecurityException

In-memory version of decryption function. This method avoids all uses of temporary files, which can save some time when handling lots of small files.

Parameters:: passphrase -; dataBytes -
Returns:
Throws:: WrongPassphraseException; java.io.IOException; java.security.GeneralSecurityException

decryptInMemory

public static byte[] decryptInMemory(java.lang.String passphrase,
                                     byte[] dataBytes,
                                     BigHash expectedHash)
                              throws WrongPassphraseException,
                                     java.io.IOException,
                                     java.security.GeneralSecurityException

In-memory version of decryption function. This method avoids all uses of temporary files, which can save some time when handling lots of small files.

Parameters:: passphrase -; dataBytes -; expectedHash -
Returns:
Throws:: WrongPassphraseException; java.io.IOException; java.security.GeneralSecurityException

isCertificateSignedByDefaultCerts

public static boolean isCertificateSignedByDefaultCerts(java.security.cert.X509Certificate cert)
                                                 throws java.lang.Exception

Checks to see whether certificate is signed by the loaded certificates.

Primary use case is to help decide on client's side whether to perform certain network-specific actions. The content will still be validated server-side.

Parameters:: cert - The certificate to check
Returns:: True if signed by the default certs, false otherwise
Throws:: java.lang.Exception

certificateNamesMatch

public static boolean certificateNamesMatch(java.lang.String a,
                                            java.lang.String b)

A utility method to check whether two certificate names match.

Not sufficient for security, but a fast way to check whether found a matching cert name before more expensive security checks.

Parameters:: a -; b -
Returns:

setAdminCert

public static void setAdminCert(java.security.cert.X509Certificate cert)

Set the administrator X.509 certificate.

Parameters:: cert -

setAdminCertLocation

public static void setAdminCertLocation(java.lang.String adminCertificateLocation)

Set the file path to the administrator X.509 certificate.

Parameters:: adminCertificateLocation -

setUserCert

public static void setUserCert(java.security.cert.X509Certificate cert)

Set the user (read, write, delete) X.509 certificate.

Parameters:: cert -

setUserCertLocation

public static void setUserCertLocation(java.lang.String userCertificateLocation)

Set the file path to the user (read, write, delete) X.509 certificate.

Parameters:: userCertificateLocation -

setWriteCert

public static void setWriteCert(java.security.cert.X509Certificate cert)

Set the write-only X.509 certificate.

Parameters:: cert -

setWriteCertLocation

public static void setWriteCertLocation(java.lang.String writeCertificateLocation)

Set the file path to the write-only X.509 certificate.

Parameters:: writeCertificateLocation -

setReadCert

public static void setReadCert(java.security.cert.X509Certificate cert)

Set the read-only X.509 certificate.

Parameters:: cert -

setReadCertLocation

public static void setReadCertLocation(java.lang.String readCertificateLocation)

Set the file path to the read-only X.509 certificate.

Parameters:: readCertificateLocation -

setAutoCertCert

public static void setAutoCertCert(java.security.cert.X509Certificate cert)

Set the auto-certificate (read, write) X.509 certificate.

Parameters:: cert -

setAutocertCertLocation

public static void setAutocertCertLocation(java.lang.String autocertCertificateLocation)

Set the file path to the read-only X.509 certificate.

Parameters:: autocertCertificateLocation -

setAnonCert

public static void setAnonCert(java.security.cert.X509Certificate cert)

Set the anonymous, read-only X.509 certificate.

Parameters:: cert -

setAnonKey

public static void setAnonKey(java.security.PrivateKey key)

Set the anonymous, read-only private key.

Parameters:: key -

setAnonCertLocation

public static void setAnonCertLocation(java.lang.String anonCertificateLocation)

Set the file path to the anonymous, read-only X.509 certificate.

Parameters:: anonCertificateLocation -

setAnonKeyLocation

public static void setAnonKeyLocation(java.lang.String anonPrivateKeyLocation)

Set the file path to the anonymous, read-only private key.

Parameters:: anonPrivateKeyLocation -

setEmailCert

public static void setEmailCert(java.security.cert.X509Certificate cert)

Set the X.509 certificate used to sign email data to be sent by server.

Parameters:: cert -

setEmailKey

public static void setEmailKey(java.security.PrivateKey key)

Set the private key used to sign email data to be sent by server.

Parameters:: key -

setEmailCertLocation

public static void setEmailCertLocation(java.lang.String emailCertificateLocation)

Set the file path to the certificate used for signing email to be sent by server.

Parameters:: emailCertificateLocation -

setEmailKeyLocation

public static void setEmailKeyLocation(java.lang.String emailPrivateKeyLocation)

Set the file path to the private key used for signing email to be sent by server.

Parameters:: emailPrivateKeyLocation -

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

This code is free for use both commercially and non-commercially as stated in the project's license

org.tranche.security Class SecurityUtil

SIGNATURE_BUFFER_SIZE

SecurityUtil

hash

hash

encodeBytes

encodeByte

generateBase64Password

generateBase64Password

createCertificate

sign

sign

sign

sign

sign

sign

sign

hash

SHA1

hash

lazyLoad

hash

getPrivateKeyFromKeyStore

getPrivateKeyFromKeyStore

getAnonymousCertificate

getAnonymousKey

getEmailCertificate

getEmailKey

getAdminCertificate

getUserCertificate

getReadOnlyCertificate

getWriteOnlyCertificate

getAutoCertCertificate

getAdmin

getUser

getUserFlags

getReadOnly

getReadOnlyFlags

getAnonymous

getAnonymousFlags

getWriteOnly

getWriteOnlyFlags

getAutoCert

getAutoCertFlags

getCertificate

getCertificate

getCertificate

verify

verify

getMD5Name

getSignatureAlgorithm

getSignatureAlgorithm

getPrivateKey

getPrivateKey

getDefaultCertificate

setDefaultCertificate

getDefaultKey

setDefaultKey

encryptDiskBacked

encryptInMemory

decryptDiskBacked

decryptDiskBacked

decryptInMemory

decryptInMemory

isCertificateSignedByDefaultCerts

certificateNamesMatch

setAdminCert

setAdminCertLocation

setUserCert

setUserCertLocation

setWriteCert

setWriteCertLocation

setReadCert

setReadCertLocation

setAutoCertCert

setAutocertCertLocation

setAnonCert

setAnonKey

setAnonCertLocation

setAnonKeyLocation

org.tranche.security
Class SecurityUtil