Module org.tquadrat.foundation.util
Package org.tquadrat.foundation.util

Class SecurityUtils

java.lang.Object
org.tquadrat.foundation.util.SecurityUtils
@ClassVersion(sourceVersion="$Id: SecurityUtils.java 1086 2024-01-05 23:18:33Z tquadrat $") @UtilityClass public final class SecurityUtils extends Object
This class provides some utility functions that are helpful in the security arena.

The methods are thread safe, but they use a global message digest. As a consequence, multiple threads that are calculating hashes will serialise on the use of those digest. That is acceptable for an application where this calculation does not occur that often (for example a web application that needs to check a password at login) but not for an application that uses multiple threads to calculate the hashes for a bunch of files.
Author:
Thomas Thrien (thomas.thrien@tquadrat.org)
Version:
$Id: SecurityUtils.java 1086 2024-01-05 23:18:33Z tquadrat $
Since:
0.0.5
UML Diagram
UML Diagram for "org.tquadrat.foundation.util.SecurityUtils"

UML Diagram for "org.tquadrat.foundation.util.SecurityUtils"

UML Diagram for "org.tquadrat.foundation.util.SecurityUtils"

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final BigInteger
    DHM_PRIME
    A recommended prime for the Diffie-Hellman-Merkle key exchange scheme.
    static final BigInteger
    DHM_PRIME_MOD
    A recommended prime modulus (primitive root) for the Diffie-Hellman-Merkle key exchange scheme.
    private static final MessageDigest
    m_MD5MessageDigest
    The message digest that is used to encrypt the passwords with the MD5 hash algorithm.
    private static final MessageDigest
    m_SHA1MessageDigest
    The message digest that is used to encrypt the passwords with the SHA-1 hash algorithm.
    private static final MessageDigest
    m_SHA256MessageDigest
    The message digest that is used to encrypt the passwords with the SHA-1 hash algorithm.
    static final int
    MD5HASH_Length
    The length for an MD5 hash: 32.
    private static final String
    MSG_AlgorithmNotSupported
    The message that indicates that the named algorithm is not supported: "MessageDigest does not support \'%1$s\' Algorithm".
    static final int
    SHA1HASH_Length
    The length for an SHA1 hash: 40.
    static final int
    SHA256HASH_Length
    The length for an SHA256 hash: 64.

  • Constructor Summary

    Constructors
    Modifier
    Constructor
    Description
    private
    SecurityUtils()
    No instances are allowed for this class.

  • Method Summary

    Modifier and Type
    Method
    Description
    static final BigInteger
    calculateDiffieHellmanEncryptionKey(BigInteger prime, BigInteger localSecret, BigInteger remoteSecret)
    Performs the calculation for the Diffie-Hellmann-Merkle key exchange procedure.
    static final BigInteger
    calculateDiffieHellmanPublicValue(BigInteger prime, BigInteger root, BigInteger localSecret)
    Calculates the value that will be transmitted to the other party on the exchange of an encryption key using the Diffie-Hellman-Merkle key exchange scheme.
    static final String
    calculateMD5CheckSum(File file)
    Calculates a checksum for the given file, based on the MD5 algorithm.
    static final byte[]
    calculateMD5Hash(byte[] input)
    Creates a MD5 hash from the given byte sequence.

    This method is not very efficient for calculating the hash value for (large) files as it would require to load the whole file into memory.
    static final String
    calculateMD5Hash(CharSequence input)
    Creates a MD5 hash from the given string.

    The output string will contain the digits from 0xA to 0xF all as lower case.

    Use this method to create the values for password fields; it is not very efficient for calculating the hash value for (large) files as it would require to load the whole file into memory.
    static final byte[]
    calculateSHA1Hash(byte[] input)
    Creates an SHA-1 hash from the given byte sequence.

    This method is not very efficient for calculating the hash value for (large) files as it would require to load the whole file into memory.
    static final String
    calculateSHA1Hash(CharSequence input)
    Creates an SHA-1 hash from the given string.

    The output string will contain the digits from 0xA to 0xF all as lower case.

    Use this method to create the values for password fields; it is not very efficient for calculating the hash value for (large) files as it would require to load the whole file into memory.
    static final String
    calculateSHA256CheckSum(File file)
    Calculates a checksum for the given file, based on the SHA-256 algorithm.
    static final byte[]
    calculateSHA256Hash(byte[] input)
    Creates an SHA-256 hash from the given byte sequence.

    This method is not very efficient for calculating the hash value for (large) files as it would require to load the whole file into memory.
    static final String
    calculateSHA256Hash(CharSequence input)
    Creates an SHA-256 hash from the given string.

    The output string will contain the digits from 0xA to 0xF all as lower case.

    Use this method to create the values for password fields; it is not very efficient for calculating the hash value for (large) files as it would require to load the whole file into memory.
    static final String
    calculateSHACheckSum(File file)
    Calculates a checksum for the given file, based on the SHA-1 algorithm.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

  • Constructor Details

    • SecurityUtils

      private SecurityUtils()
      No instances are allowed for this class.

  • Method Details

    • calculateDiffieHellmanEncryptionKey

      @API(status=STABLE, since="0.0.5") public static final BigInteger calculateDiffieHellmanEncryptionKey(BigInteger prime, BigInteger localSecret, BigInteger remoteSecret)

      Performs the calculation for the Diffie-Hellmann-Merkle key exchange procedure.

      From Wikipedia:

      Diffie–Hellman establishes a shared secret that can be used for secret communications while exchanging data over a public network. Diffie–Hellman key exchange (D-H) is a specific method of exchanging cryptographic keys. It is one of the earliest practical examples of key exchange implemented within the field of cryptography. The Diffie–Hellman key exchange method allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt subsequent communications using a symmetric key cipher.

      The scheme was first published by Whitfield Diffie and Martin Hellman in 1976, although it had been separately invented a few years earlier within GCHQ, the British signals intelligence agency, by James H. Ellis, Clifford Cocks and Malcolm J. Williamson but was kept classified. In 2002, Hellman suggested the algorithm be called Diffie–Hellman–Merkle key exchange in recognition of Ralph Merkle's contribution to the invention of public-key cryptography (Hellman, 2002).

      Although Diffie–Hellman key agreement itself is an anonymous (non-authenticated) key-agreement protocol, it provides the basis for a variety of authenticated protocols, and is used to provide perfect forward secrecy in Transport Layer Security's ephemeral modes (referred to as EDH or DHE depending on the cipher suite).

      This method performs the following calculation:

      K = remoteSecretlocalSecret mod prime
      Parameters:
      prime - A large prime that is known to both communication partners.
      localSecret - The secret number that was used to create the public value sent to the other party.
      remoteSecret - The public value that the other party created.
      Returns:
      The encryption key K.
      See Also:

    • calculateDiffieHellmanPublicValue

      @API(status=STABLE, since="0.0.5") public static final BigInteger calculateDiffieHellmanPublicValue(BigInteger prime, BigInteger root, BigInteger localSecret)

      Calculates the value that will be transmitted to the other party on the exchange of an encryption key using the Diffie-Hellman-Merkle key exchange scheme.

      >

      This method performs the following calculation:

      A = rootrandom mod prime
      .
      Parameters:
      prime - A large prime that is known to both communication partners.
      root - A primitive root mod prime.
      localSecret - The secret random number.
      Returns:
      The value A to transmit to the other party.
      See Also:

    • calculateMD5CheckSum

      @API(status=STABLE, since="0.0.5") public static final String calculateMD5CheckSum(File file) throws IOException
      Calculates a checksum for the given file, based on the MD5 algorithm.
      Parameters:
      file - The file.
      Returns:
      The check sum.
      Throws:
      IOException - Something went wrong on reading the file.

    • calculateSHACheckSum

      @API(status=STABLE, since="0.0.5") public static final String calculateSHACheckSum(File file) throws IOException
      Calculates a checksum for the given file, based on the SHA-1 algorithm.
      Parameters:
      file - The file.
      Returns:
      The check sum.
      Throws:
      IOException - Something went wrong on reading the file.

    • calculateSHA256CheckSum

      @API(status=STABLE, since="0.0.8") public static final String calculateSHA256CheckSum(File file) throws IOException
      Calculates a checksum for the given file, based on the SHA-256 algorithm.
      Parameters:
      file - The file.
      Returns:
      The check sum.
      Throws:
      IOException - Something went wrong on reading the file.

    • calculateMD5Hash

      @API(status=STABLE, since="0.0.5") public static final String calculateMD5Hash(CharSequence input)
      Creates a MD5 hash from the given string.

      The output string will contain the digits from 0xA to 0xF all as lower case.

      Use this method to create the values for password fields; it is not very efficient for calculating the hash value for (large) files as it would require to load the whole file into memory.
      Parameters:
      input - The source String; may be null.
      Returns:
      The String with the hash value or null if the input parameter was already null.
      See Also:

    • calculateMD5Hash

      @API(status=STABLE, since="0.0.5") public static final byte[] calculateMD5Hash(byte[] input)
      Creates a MD5 hash from the given byte sequence.

      This method is not very efficient for calculating the hash value for (large) files as it would require to load the whole file into memory.
      Parameters:
      input - The byte array to hash.
      Returns:
      The byte array with the hash.
      See Also:

    • calculateSHA1Hash

      @API(status=STABLE, since="0.0.5") public static final String calculateSHA1Hash(CharSequence input)
      Creates an SHA-1 hash from the given string.

      The output string will contain the digits from 0xA to 0xF all as lower case.

      Use this method to create the values for password fields; it is not very efficient for calculating the hash value for (large) files as it would require to load the whole file into memory.
      Parameters:
      input - The source String; may be null.
      Returns:
      The String with the hash value or null if the input parameter was already null.
      See Also:

    • calculateSHA1Hash

      @API(status=STABLE, since="0.0.5") public static final byte[] calculateSHA1Hash(byte[] input)
      Creates an SHA-1 hash from the given byte sequence.

      This method is not very efficient for calculating the hash value for (large) files as it would require to load the whole file into memory.
      Parameters:
      input - The byte array to hash.
      Returns:
      The byte array with the hash.
      See Also:

    • calculateSHA256Hash

      @API(status=STABLE, since="0.0.8") public static final String calculateSHA256Hash(CharSequence input)
      Creates an SHA-256 hash from the given string.

      The output string will contain the digits from 0xA to 0xF all as lower case.

      Use this method to create the values for password fields; it is not very efficient for calculating the hash value for (large) files as it would require to load the whole file into memory.
      Parameters:
      input - The source String; may be null.
      Returns:
      The String with the hash value or null if the input parameter was already null.
      See Also:

    • calculateSHA256Hash

      @API(status=STABLE, since="0.0.8") public static final byte[] calculateSHA256Hash(byte[] input)
      Creates an SHA-256 hash from the given byte sequence.

      This method is not very efficient for calculating the hash value for (large) files as it would require to load the whole file into memory.
      Parameters:
      input - The byte array to hash.
      Returns:
      The byte array with the hash.
      See Also: