org.opcfoundation.ua.utils
Class CryptoUtil

java.lang.Object
  extended by org.opcfoundation.ua.utils.CryptoUtil

public class CryptoUtil
extends Object

This is class contains Cryptographic utilities http://www.ietf.org/rfc/rfc2437.txt


Constructor Summary
CryptoUtil()
           
 
Method Summary
static byte[] asymmEncrypt(byte[] input, Key key, SecurityAlgorithm algorithm)
          Deprecated. 
static byte[] base64Decode(String string)
          base64Decode.
static String base64Encode(byte[] bytes)
          base64Encode a byte array to string
static Mac createMac(SecurityAlgorithm algorithm, byte[] secret)
          Create Message Authentication Code (MAC)
static ByteString createNonce(int bytes)
          Create a non-repeatable set of bytes.
static ByteString createNonce(SecurityAlgorithm algorithm)
          createNonce.
static void decryptAsymm(PrivateKey decryptingKey, SecurityConfiguration profile, byte[] dataToDecrypt, byte[] output, int outputOffset)
          Convenience method for CryptoProvider.decryptAsymm(PrivateKey, SecurityAlgorithm, byte[], byte[], int) Possible to use only SecurityConfiguration instead of specifying SecurityAlgorithm explicitly.
static byte[] encryptAsymm(byte[] input, PublicKey key, SecurityAlgorithm algorithm)
          Convenience method for CryptoProvider.encryptAsymm(java.security.PublicKey, org.opcfoundation.ua.transport.security.SecurityAlgorithm, byte[], byte[], int).
static void encryptAsymm(Certificate encryptingCertificate, SecurityConfiguration profile, byte[] dataToEncrypt, byte[] output, int outputOffset)
          Convenience method for CryptoProvider.encryptAsymm(PublicKey, SecurityAlgorithm, byte[], byte[], int) Possible to use only Certificate and SecurityConfiguration instead of specifying PublicKey and SecurityAlgorithm explicitly.
static String[] filterCipherSuiteList(String[] cipherSuiteSet, String[] cipherSuitePatterns)
          filterCipherSuiteList.
static Cipher getAsymmetricCipher(SecurityAlgorithm algorithm)
          Create signer instance using an algorithm uri.
static int getAsymmInputBlockSize(SecurityAlgorithm algorithm)
          getAsymmInputBlockSize.
static int getCipherBlockSize(SecurityAlgorithm algorithm, Key key)
          Get cipher block (=output) size in bytes
static String[] getCipherSuiteIntersection(String[] cipherSuiteSet1, String[] cipherSuiteSet2, boolean omitProtocol)
          Create an intersection of two lists of cipher suite lists
static CryptoProvider getCryptoProvider()
          Getter for the field cryptoProvider.
static int getNonceLength(SecurityAlgorithm algorithm)
          Returns the length of the nonce to be used with an asymmetric or symmetric encryption algorithm.
static int getPlainTextBlockSize(SecurityAlgorithm securityAlgorithm, Key key)
          Get plain text block (=input) size in bytes
static SecureRandom getRandom()
          Getter for the field random.
static String getSecurityProviderName()
          The Preferred Security Provider name.
static String getSecurityProviderName(Class<?> class1)
          Getter for the field securityProviderName.
static int getSignatureSize(SecurityAlgorithm signatureAlgorithm, Key key)
          Get signature size in bytes
static byte[] hexToBytes(String s)
          hexToBytes.
static void setCryptoProvider(CryptoProvider cryptoProvider)
          Define the preferred CryptoProvider.
static void setSecurityProviderName(String securityProviderName)
          Define the preferred SecurityProvider.
static SignatureData signAsymm(PrivateKey signerKey, SecurityAlgorithm algorithm, byte[] dataToSign)
          signAsymm.
static String toHex(byte[] bytes)
          Convenience method for "displaying" a hex-string of a given byte array.
static String toHex(byte[] bytes, int bytesPerRow)
          Convenience method for "displaying" a hex-string of a given byte array.
static boolean verifyAsymm(X509Certificate certificate, SecurityAlgorithm algorithm, byte[] data, byte[] signature)
          Verify a signature.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

CryptoUtil

public CryptoUtil()
Method Detail

asymmEncrypt

@Deprecated
public static byte[] asymmEncrypt(byte[] input,
                                             Key key,
                                             SecurityAlgorithm algorithm)
                           throws InvalidKeyException,
                                  IllegalBlockSizeException,
                                  BadPaddingException,
                                  ServiceResultException,
                                  NoSuchAlgorithmException,
                                  NoSuchPaddingException
Deprecated. 

Convenience method for CryptoProvider.encryptAsymm(java.security.PublicKey, org.opcfoundation.ua.transport.security.SecurityAlgorithm, byte[], byte[], int). Deprecated: Use encryptAsymm(byte[], java.security.PublicKey, org.opcfoundation.ua.transport.security.SecurityAlgorithm) instead.

Parameters:
input - an array of byte.
key - a Key object.
algorithm - a SecurityAlgorithm object.
Returns:
an array of byte.
Throws:
InvalidKeyException - if any.
IllegalBlockSizeException - if any.
BadPaddingException - if any.
ServiceResultException - if any.
NoSuchAlgorithmException - if any.
NoSuchPaddingException - if any.

base64Decode

public static byte[] base64Decode(String string)

base64Decode.

Parameters:
string - a String object.
Returns:
an array of byte.

base64Encode

public static String base64Encode(byte[] bytes)

base64Encode a byte array to string

Parameters:
bytes - the array of byte to convert.
Returns:
a String representing the byte array in base64 encoded string.

createMac

public static Mac createMac(SecurityAlgorithm algorithm,
                            byte[] secret)
                     throws ServiceResultException
Create Message Authentication Code (MAC)

Parameters:
algorithm - encryption algorithm
secret - an array of byte.
Returns:
MAC
Throws:
ServiceResultException - Bad_SecurityPolicyRejected algorithm not supported

createNonce

public static ByteString createNonce(int bytes)
Create a non-repeatable set of bytes.

Parameters:
bytes - number of byte
Returns:
nonce

createNonce

public static ByteString createNonce(SecurityAlgorithm algorithm)
                              throws ServiceResultException

createNonce.

Parameters:
algorithm - a SecurityAlgorithm object.
Returns:
an array of byte.
Throws:
ServiceResultException - if any.

decryptAsymm

public static void decryptAsymm(PrivateKey decryptingKey,
                                SecurityConfiguration profile,
                                byte[] dataToDecrypt,
                                byte[] output,
                                int outputOffset)
                         throws ServiceResultException
Convenience method for CryptoProvider.decryptAsymm(PrivateKey, SecurityAlgorithm, byte[], byte[], int) Possible to use only SecurityConfiguration instead of specifying SecurityAlgorithm explicitly.

Parameters:
decryptingKey - a PrivateKey object.
profile - a SecurityConfiguration object.
dataToDecrypt - an array of byte.
output - output
outputOffset - output offset
Throws:
ServiceResultException - if any.

encryptAsymm

public static byte[] encryptAsymm(byte[] input,
                                  PublicKey key,
                                  SecurityAlgorithm algorithm)
                           throws InvalidKeyException,
                                  IllegalBlockSizeException,
                                  BadPaddingException,
                                  ServiceResultException,
                                  NoSuchAlgorithmException,
                                  NoSuchPaddingException
Convenience method for CryptoProvider.encryptAsymm(java.security.PublicKey, org.opcfoundation.ua.transport.security.SecurityAlgorithm, byte[], byte[], int).

Parameters:
input - an array of byte.
key - a PublicKey object.
algorithm - a SecurityAlgorithm object.
Returns:
an array of byte.
Throws:
InvalidKeyException - if any.
IllegalBlockSizeException - if any.
BadPaddingException - if any.
ServiceResultException - if any.
NoSuchAlgorithmException - if any.
NoSuchPaddingException - if any.

encryptAsymm

public static void encryptAsymm(Certificate encryptingCertificate,
                                SecurityConfiguration profile,
                                byte[] dataToEncrypt,
                                byte[] output,
                                int outputOffset)
                         throws ServiceResultException
Convenience method for CryptoProvider.encryptAsymm(PublicKey, SecurityAlgorithm, byte[], byte[], int) Possible to use only Certificate and SecurityConfiguration instead of specifying PublicKey and SecurityAlgorithm explicitly.

Parameters:
encryptingCertificate - Certificate which public key will be used during encryption.
profile - Asymmetric encryption algorithm will be taken from this SecurityConfiguration
dataToEncrypt - Data to encrypt
output - output
outputOffset - output offset
Throws:
ServiceResultException - if any.

filterCipherSuiteList

public static String[] filterCipherSuiteList(String[] cipherSuiteSet,
                                             String[] cipherSuitePatterns)

filterCipherSuiteList.

Parameters:
cipherSuiteSet - an array of String objects.
cipherSuitePatterns - an array of String objects.
Returns:
an array of String objects.

getAsymmetricCipher

public static Cipher getAsymmetricCipher(SecurityAlgorithm algorithm)
                                  throws ServiceResultException
Create signer instance using an algorithm uri. http://www.ietf.org/rfc/rfc2437.txt Ciphers are defined in PKCS #1: RSA Cryptography Specifications

Parameters:
algorithm - UA Specified algorithm
Returns:
Cipher
Throws:
ServiceResultException - if algorithm is not supported by the stack

getAsymmInputBlockSize

public static int getAsymmInputBlockSize(SecurityAlgorithm algorithm)
                                  throws ServiceResultException

getAsymmInputBlockSize.

Parameters:
algorithm - a SecurityAlgorithm object.
Returns:
a int.
Throws:
ServiceResultException - if any.

getCipherBlockSize

public static int getCipherBlockSize(SecurityAlgorithm algorithm,
                                     Key key)
                              throws ServiceResultException
Get cipher block (=output) size in bytes

Parameters:
algorithm - algorithm
key - Optional, required for asymmetric encryption algorithms
Returns:
cipher block size
Throws:
ServiceResultException - Bad_SecurityPolicyRejected algorithm not supported

getCipherSuiteIntersection

public static String[] getCipherSuiteIntersection(String[] cipherSuiteSet1,
                                                  String[] cipherSuiteSet2,
                                                  boolean omitProtocol)
Create an intersection of two lists of cipher suite lists

Parameters:
cipherSuiteSet1 - enabled cipher suites
cipherSuiteSet2 - filter list
omitProtocol - if true the first 3 characters are ignored in compare
Returns:
an intersection of suites

getCryptoProvider

public static CryptoProvider getCryptoProvider()

Getter for the field cryptoProvider.

Returns:
a CryptoProvider object.

getNonceLength

public static int getNonceLength(SecurityAlgorithm algorithm)
                          throws ServiceResultException
Returns the length of the nonce to be used with an asymmetric or symmetric encryption algorithm.

For symmetric algorithms, returns the algorithm key size (in bytes). For asymmetric algorithms, returns 32.

Parameters:
algorithm - encryption algorithm or null (=no encryption)
Returns:
the length of the nonce in bytes
Throws:
ServiceResultException - Bad_SecurityPolicyRejected, if the algorithm is not supported

getPlainTextBlockSize

public static int getPlainTextBlockSize(SecurityAlgorithm securityAlgorithm,
                                        Key key)
                                 throws ServiceResultException
Get plain text block (=input) size in bytes

Parameters:
securityAlgorithm - algorithm
key - Optional, required for asymmetric encryption algorithms
Returns:
cipher block size
Throws:
ServiceResultException - Bad_SecurityPolicyRejected algorithm not supported

getRandom

public static SecureRandom getRandom()

Getter for the field random.

Returns:
the random

getSecurityProviderName

public static String getSecurityProviderName()
The Preferred Security Provider name. Will check if a Spongy Castle (on Android) or Bouncy Castle provider is already available or if such can be initialized from the respective class.

Returns:
the provider name to use for specific crypto tasks
Throws:
RuntimeException - if none is available and none cannot be initialized.

getSecurityProviderName

public static String getSecurityProviderName(Class<?> class1)

Getter for the field securityProviderName.

Parameters:
class1 - a Class object.
Returns:
a String object.

getSignatureSize

public static int getSignatureSize(SecurityAlgorithm signatureAlgorithm,
                                   Key key)
                            throws ServiceResultException
Get signature size in bytes

Parameters:
signatureAlgorithm - a SecurityAlgorithm object.
key - a Key object.
Returns:
signature size in bytes
Throws:
ServiceResultException - Bad_SecurityPolicyRejected algorithm not supported

hexToBytes

public static byte[] hexToBytes(String s)

hexToBytes.

Parameters:
s - a String object.
Returns:
an array of byte.

setCryptoProvider

public static void setCryptoProvider(CryptoProvider cryptoProvider)
Define the preferred CryptoProvider. Usually this is determined automatically, but you may define the provider that you wish to use yourself.

Parameters:
cryptoProvider - the cryptoProvider to set

setSecurityProviderName

public static void setSecurityProviderName(String securityProviderName)
Define the preferred SecurityProvider. Usually this is determined automatically if SpongyCastle (on Android) or BouncyCastle is found, but you may define the provider name that you wish to use yourself.

Parameters:
securityProviderName - the securityProviderName to set, e.g. "BC" for BouncyCastleProvider

signAsymm

public static SignatureData signAsymm(PrivateKey signerKey,
                                      SecurityAlgorithm algorithm,
                                      byte[] dataToSign)
                               throws ServiceResultException

signAsymm.

Parameters:
signerKey - the private key used to sign the data
algorithm - asymmetric signer algorithm, See SecurityAlgorithm
dataToSign - the data to sign
Returns:
SignatureData
Throws:
ServiceResultException - if the signing fails. Read the StatusCode and cause for more details

toHex

public static String toHex(byte[] bytes)
Convenience method for "displaying" a hex-string of a given byte array. Calls toHex(byte[], int) with bytesPerRow=0 (no line breaks)

Parameters:
bytes - the byte array to "display"
Returns:
a String object.

toHex

public static String toHex(byte[] bytes,
                           int bytesPerRow)
Convenience method for "displaying" a hex-string of a given byte array. Breaks the string to lines, if bytesPerRow > 0.

Parameters:
bytes - the byte array to "display"
bytesPerRow - number of bytes to include on a text row. If it is 0, no line breaks are added.
bytesPerRow - number of bytes to include on a text row. If it is 0, no line breaks are added.
Returns:
a String object.

verifyAsymm

public static boolean verifyAsymm(X509Certificate certificate,
                                  SecurityAlgorithm algorithm,
                                  byte[] data,
                                  byte[] signature)
                           throws ServiceResultException
Verify a signature.

Parameters:
certificate - the certificate used to verify the signature
algorithm - the signature algorithm
data - data to verify
signature - the signature to verify
Returns:
true if the signature is valid
Throws:
ServiceResultException - if the verification fails


Copyright © 2018. All rights reserved.