com.isti.util
Class IstiEncryptionUtils

java.lang.Object
  extended by com.isti.util.IstiEncryptionUtils

public class IstiEncryptionUtils
extends java.lang.Object

Class IstiEncryptionUtils contains a collection of static utility fields and methods for encryption.

See Also:
com.isti.util.test.IstiEncryptionUtilsTest

Field Summary
static java.lang.String DEFAULT_CHARACTER_ENCODING
          The default character encoding.
static int DEFAULT_KEYSIZE
          The default key size.
static java.lang.String DSA_ALGORITHM
          The DSA algorithm.
static java.lang.String RSA_ALGORITHM
          The RSA algorithm.
static java.lang.String SHA_ALGORITHM
          The SHA algorithm.
static java.lang.String SHA1_WITH_RSA
          The SHA1 with RSA algorithm.
 
Method Summary
static byte[] decodeBuffer(java.io.InputStream inStream)
          Decodes the specified input stream.
static byte[] decodeBuffer(java.lang.String buffer)
          Decodes the specified buffer.
static java.lang.String encode(byte[] byteArray)
          Encodes the specified bytes.
static java.lang.String encrypt(java.lang.String original, java.security.MessageDigest md)
          Encrypts the specified text.
static java.lang.String encrypt(java.lang.String original, java.lang.String algorithm)
          Encrypts the specified text.
static java.security.KeyPair generateKeyPair(java.security.KeyPairGenerator kpg)
          Generates a key pair.
static java.security.KeyPairGenerator generateKeyPairGenerator(java.lang.String algorithm)
          Generates a KeyPairGenerator object that implements the specified digest algorithm.
static java.security.MessageDigest generateMessageDigest(java.lang.String algorithm)
          Generates a MessageDigest object that implements the specified digest algorithm.
static java.security.PrivateKey generatePrivateKey(byte[] data)
          Generates a private key and initializes it with the specified data.
static java.security.PrivateKey generatePrivateKey(java.io.File privFile)
          Generates a private key and initializes it with the data read from the file.
static java.security.PrivateKey generatePrivateKey(java.io.InputStream inStream)
          Generates a private key and initializes it with the data read from the input stream inStream.
static java.security.PrivateKey generatePrivateKey(java.lang.String privFile)
          Generates a private key and initializes it with the data read from the file.
static java.security.PublicKey generatePublicKey(byte[] data)
          Generates a public key and initializes it with the specified data.
static java.security.PublicKey generatePublicKey(java.io.File pubFile)
          Generates a public key and initializes it with the data read from the file.
static java.security.PublicKey generatePublicKey(java.io.InputStream inStream)
          Generates a public key and initializes it with the data read from the input stream inStream.
static java.security.PublicKey generatePublicKey(java.lang.String pubFile)
          Generates a public key and initializes it with the data read from the file.
static java.security.Signature generateSignature(java.lang.String algorithm)
          Generates a Signature object that implements the specified digest algorithm.
static java.lang.String generateSignatureText(java.lang.String msgText, java.security.KeyPair kp)
          Generates the signature text for the specified message text and key pair.
static java.lang.String generateSignatureText(java.lang.String msgText, java.security.PrivateKey priv)
          Generates the signature text for the specified message text and private key.
static java.security.cert.X509Certificate generateX509Certificate(byte[] data)
          Generates a X.509 certificate object and initializes it with the specified data.
static java.security.cert.X509Certificate generateX509Certificate(java.io.File certificateFile)
          Generates a X.509 certificate object and initializes it with the data read from the file.
static java.security.cert.X509Certificate generateX509Certificate(java.io.InputStream inStream)
          Generates a X.509 certificate object and initializes it with the data read from the input stream inStream.
static java.security.cert.X509Certificate generateX509Certificate(java.lang.String certificateFile)
          Generates a X.509 certificate object and initializes it with the data read from the file.
static java.security.cert.X509CRL generateX509CRL(byte[] data)
          Generates a X.509 certificate revocation list (CRL) object and initializes it with the specified data.
static java.security.cert.X509CRL generateX509CRL(java.io.File crlFile)
          Generates a X.509 certificate revocation list (CRL) object and initializes it with the data read from the file.
static java.security.cert.X509CRL generateX509CRL(java.io.InputStream inStream)
          Generates a X.509 certificate revocation list (CRL) object and initializes it with the data read from the input stream inStream.
static java.security.cert.X509CRL generateX509CRL(java.lang.String crlFile)
          Generates a X.509 certificate revocation list (CRL) object and initializes it with the data read from the file.
static java.security.cert.X509CRLEntry getRevokedCertificate(java.security.cert.X509CRL crl, java.math.BigInteger serialNumber)
          Gets the CRL entry, if any, with the given certificate serialNumber.
static java.security.cert.X509CRLEntry getRevokedCertificate(java.security.cert.X509CRL crl, java.security.cert.X509Certificate cert)
          Gets the CRL entry, if any, with the given certificate serialNumber.
static boolean isValidSignatureText(java.lang.String msgText, java.lang.String sigText, java.security.KeyPair kp)
          Validates the signature text.
static boolean isValidSignatureText(java.lang.String msgText, java.lang.String sigText, java.security.PublicKey pub)
          Validates the signature text.
static boolean isValidSignatureText(java.lang.String msgText, java.lang.String sigText, java.security.Signature sig)
          Validates the signature text.
static boolean isValidSignatureText(java.lang.String msgText, java.lang.String sigText, java.security.cert.X509Certificate cert)
          Validates the signature text.
static boolean isValidX509Certificate(java.security.cert.X509Certificate cert)
          Checks that the X.509 certificate is currently valid.
static boolean isValidX509CRL(java.security.cert.X509CRL crl)
          Checks that the X.509 CRL is currently valid.
static boolean verifyX509Certificate(java.security.cert.X509Certificate cert, java.security.PublicKey key)
          Verifies that the X.509 certificate is valid and was signed using the private key that corresponds to the given public key.
static boolean verifyX509CRL(java.security.cert.X509CRL crl, java.security.PublicKey key)
          Verifies that the X.509 certificate revocation list (CRL) is valid and was signed using the private key that corresponds to the given public key.
static boolean verifyX509Information(java.lang.String certificateFile, java.lang.String certificateOfAuthorityFile, java.lang.String crlFile)
          Verifies the X.509 information.
static boolean verifyX509Information(java.security.cert.X509Certificate certificate, java.security.cert.X509Certificate certificateOfAuthority, java.security.cert.X509CRL crl)
          Verifies the X.509 information.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

DEFAULT_CHARACTER_ENCODING

public static final java.lang.String DEFAULT_CHARACTER_ENCODING
The default character encoding.

See Also:
String.getBytes(int, int, byte[], int), Constant Field Values

DEFAULT_KEYSIZE

public static final int DEFAULT_KEYSIZE
The default key size.

See Also:
Constant Field Values

DSA_ALGORITHM

public static final java.lang.String DSA_ALGORITHM
The DSA algorithm.

See Also:
generateKeyPairGenerator, generateSignatureText, isValidSignatureText, Constant Field Values

RSA_ALGORITHM

public static final java.lang.String RSA_ALGORITHM
The RSA algorithm.

See Also:
If this is used with the 'generateSignatureText' or 'isValidSignatureText' methods it is automatically replaced with 'SHA1_WITH_RSA'., generateSignatureText, isValidSignatureText, Constant Field Values

SHA_ALGORITHM

public static final java.lang.String SHA_ALGORITHM
The SHA algorithm.

See Also:
generateMessageDigest, encrypt, Constant Field Values

SHA1_WITH_RSA

public static final java.lang.String SHA1_WITH_RSA
The SHA1 with RSA algorithm.

See Also:
generateSignatureText, isValidSignatureText, Constant Field Values
Method Detail

decodeBuffer

public static byte[] decodeBuffer(java.io.InputStream inStream)
                           throws java.io.IOException
Decodes the specified input stream.

Parameters:
inStream - the input stream.
Returns:
the decoded bytes.
Throws:
java.io.IOException - if error.

decodeBuffer

public static byte[] decodeBuffer(java.lang.String buffer)
                           throws java.io.IOException
Decodes the specified buffer.

Parameters:
buffer - the buffer.
Returns:
the decoded bytes.
Throws:
java.io.IOException - if error.

encode

public static java.lang.String encode(byte[] byteArray)
Encodes the specified bytes.

Parameters:
byteArray - the array of bytes.
Returns:
the encoded buffer.

encrypt

public static java.lang.String encrypt(java.lang.String original,
                                       java.security.MessageDigest md)
Encrypts the specified text.

Parameters:
original - the text to encrypt.
md - the message digest.
Returns:
the text encrypted or an empty string if an error occurred.

encrypt

public static java.lang.String encrypt(java.lang.String original,
                                       java.lang.String algorithm)
Encrypts the specified text.

Parameters:
original - the text to encrypt.
algorithm - the name of the algorithm requested.
Returns:
the text encrypted or an empty string if an error occurred.

generateKeyPair

public static java.security.KeyPair generateKeyPair(java.security.KeyPairGenerator kpg)
Generates a key pair.

Parameters:
kpg - the key pair generator.

If this KeyPairGenerator has not been initialized explicitly, provider-specific defaults will be used for the size and other (algorithm-specific) values of the generated keys.

This will generate a new key pair every time it is called.

This method is functionally equivalent to genKeyPair.

Returns:
the generated key pair

generateKeyPairGenerator

public static java.security.KeyPairGenerator generateKeyPairGenerator(java.lang.String algorithm)
Generates a KeyPairGenerator object that implements the specified digest algorithm. If the default provider package provides an implementation of the requested digest algorithm, an instance of KeyPairGenerator containing that implementation is returned. If the algorithm is not available in the default package, other packages are searched.

Parameters:
algorithm - the standard string name of the algorithm. See Appendix A in the Java Cryptography Architecture API Specification & Reference for information about standard algorithm names.
Returns:
the new KeyPairGenerator object implementing the specified algorithm or null if the algorithm is not available in the environment.

generateMessageDigest

public static java.security.MessageDigest generateMessageDigest(java.lang.String algorithm)
Generates a MessageDigest object that implements the specified digest algorithm. If the default provider package provides an implementation of the requested digest algorithm, an instance of MessageDigest containing that implementation is returned. If the algorithm is not available in the default package, other packages are searched.

Parameters:
algorithm - the name of the algorithm requested. See Appendix A in the Java Cryptography Architecture API Specification & Reference for information about standard algorithm names.
Returns:
a Message Digest object implementing the specified algorithm or null if the algorithm is not available in the caller's environment.

generatePrivateKey

public static java.security.PrivateKey generatePrivateKey(byte[] data)
Generates a private key and initializes it with the specified data.

Parameters:
data - the private key data.
Returns:
the private key or null if error.
See Also:
generatePrivateKey(InputStream)

generatePrivateKey

public static java.security.PrivateKey generatePrivateKey(java.io.File privFile)
Generates a private key and initializes it with the data read from the file.

Parameters:
privFile - a file with the private key.
Returns:
the private key or null if error.
See Also:
generatePrivateKey(InputStream)

generatePrivateKey

public static java.security.PrivateKey generatePrivateKey(java.io.InputStream inStream)
Generates a private key and initializes it with the data read from the input stream inStream.

The private key provided in the data must be in PKCS8 format either binary DER-encoded or in printable (Base64) encoding. If the private key is provided in Base64 encoding, it must be bounded at the beginning by -----BEGIN PRIVATE KEY-----, and must be bounded at the end by -----END PRIVATE KEY-----.

Parameters:
inStream - an input stream with the private key.
Returns:
the private key or null if error.

generatePrivateKey

public static java.security.PrivateKey generatePrivateKey(java.lang.String privFile)
Generates a private key and initializes it with the data read from the file.

Parameters:
privFile - a file with the private key.
Returns:
the private key or null if error.

generatePublicKey

public static java.security.PublicKey generatePublicKey(byte[] data)
Generates a public key and initializes it with the specified data.

Parameters:
data - the private key data.
Returns:
the public key or null if error.

generatePublicKey

public static java.security.PublicKey generatePublicKey(java.io.File pubFile)
Generates a public key and initializes it with the data read from the file.

Parameters:
pubFile - a file with the public key.
Returns:
the public key or null if error.

generatePublicKey

public static java.security.PublicKey generatePublicKey(java.io.InputStream inStream)
Generates a public key and initializes it with the data read from the input stream inStream.

Parameters:
inStream - an input stream with the public key.
Returns:
the public key or null if error.

generatePublicKey

public static java.security.PublicKey generatePublicKey(java.lang.String pubFile)
Generates a public key and initializes it with the data read from the file.

Parameters:
pubFile - a file with the public key.
Returns:
the public key or null if error.

generateSignature

public static java.security.Signature generateSignature(java.lang.String algorithm)
Generates a Signature object that implements the specified digest algorithm. If the default provider package provides an implementation of the requested digest algorithm, an instance of Signature containing that implementation is returned. If the algorithm is not available in the default package, other packages are searched.

Parameters:
algorithm - the standard name of the algorithm requested. See Appendix A in the Java Cryptography Architecture API Specification & Reference for information about standard algorithm names.
Returns:
the new Signature object.
Throws:
java.security.NoSuchAlgorithmException - if the algorithm is not available in the environment.

generateSignatureText

public static java.lang.String generateSignatureText(java.lang.String msgText,
                                                     java.security.KeyPair kp)
Generates the signature text for the specified message text and key pair.

Parameters:
msgText - the message text.
kp - the key pair.
Returns:
the signature text.

generateSignatureText

public static java.lang.String generateSignatureText(java.lang.String msgText,
                                                     java.security.PrivateKey priv)
Generates the signature text for the specified message text and private key.

Parameters:
msgText - the message text.
priv - the private key.
Returns:
the signature text.

generateX509Certificate

public static java.security.cert.X509Certificate generateX509Certificate(byte[] data)
Generates a X.509 certificate object and initializes it with the specified data.

The given data must contain a single certificate.

The X.509 certificate provided in the data must be DER-encoded and may be supplied in binary or printable (Base64) encoding. If the certificate is provided in Base64 encoding, it must be bounded at the beginning by -----BEGIN CERTIFICATE-----, and must be bounded at the end by -----END CERTIFICATE-----.

Note that if the given input stream does not support mark and reset, this method will consume the entire input stream.

Parameters:
data - the certificate data.
Returns:
a certificate object initialized with the data.
Throws:
java.security.cert.CertificateException - on parsing errors.

generateX509Certificate

public static java.security.cert.X509Certificate generateX509Certificate(java.io.File certificateFile)
Generates a X.509 certificate object and initializes it with the data read from the file.

The given file must contain a single certificate.

The X.509 certificate provided in the file must be DER-encoded and may be supplied in binary or printable (Base64) encoding. If the certificate is provided in Base64 encoding, it must be bounded at the beginning by -----BEGIN CERTIFICATE-----, and must be bounded at the end by -----END CERTIFICATE-----.

Note that if the given input stream does not support mark and reset, this method will consume the entire input stream.

Parameters:
certificateFile - the certificate file.
Returns:
a certificate object initialized with the data from the file.
Throws:
java.security.cert.CertificateException - on parsing errors.

generateX509Certificate

public static java.security.cert.X509Certificate generateX509Certificate(java.io.InputStream inStream)
Generates a X.509 certificate object and initializes it with the data read from the input stream inStream.

The given input stream inStream must contain a single certificate.

The X.509 certificate provided in inStream must be DER-encoded and may be supplied in binary or printable (Base64) encoding. If the certificate is provided in Base64 encoding, it must be bounded at the beginning by -----BEGIN CERTIFICATE-----, and must be bounded at the end by -----END CERTIFICATE-----.

Note that if the given input stream does not support mark and reset, this method will consume the entire input stream.

Parameters:
inStream - an input stream with the certificate data.
Returns:
a certificate object initialized with the data from the input stream.
Throws:
java.security.cert.CertificateException - on parsing errors.

generateX509Certificate

public static java.security.cert.X509Certificate generateX509Certificate(java.lang.String certificateFile)
Generates a X.509 certificate object and initializes it with the data read from the file.

The given file must contain a single certificate.

The X.509 certificate provided in the file must be DER-encoded and may be supplied in binary or printable (Base64) encoding. If the certificate is provided in Base64 encoding, it must be bounded at the beginning by -----BEGIN CERTIFICATE-----, and must be bounded at the end by -----END CERTIFICATE-----.

Note that if the given input stream does not support mark and reset, this method will consume the entire input stream.

Parameters:
certificateFile - the certificate file.
Returns:
a certificate object initialized with the data from the input stream.
Throws:
java.security.cert.CertificateException - on parsing errors.

generateX509CRL

public static java.security.cert.X509CRL generateX509CRL(byte[] data)
Generates a X.509 certificate revocation list (CRL) object and initializes it with the specified data.

Parameters:
data - the CRL data.
Returns:
a CRL object initialized with the data.
Throws:
java.security.cert.CRLException - on parsing errors.

generateX509CRL

public static java.security.cert.X509CRL generateX509CRL(java.io.File crlFile)
Generates a X.509 certificate revocation list (CRL) object and initializes it with the data read from the file.

In order to take advantage of the specialized CRL format supported by this certificate factory, the returned CRL object can be typecast to the corresponding CRL class. For example, if this certificate factory implements X.509 CRLs, the returned CRL object can be typecast to the X509CRL class.

Parameters:
crlFile - the CRL file.
Returns:
a CRL object initialized with the data from the file.
Throws:
java.security.cert.CRLException - on parsing errors.

generateX509CRL

public static java.security.cert.X509CRL generateX509CRL(java.io.InputStream inStream)
Generates a X.509 certificate revocation list (CRL) object and initializes it with the data read from the input stream inStream.

Note that if the given input stream does not support mark and reset, this method will consume the entire input stream.

Parameters:
inStream - an input stream with the CRL data.
Returns:
a CRL object initialized with the data from the input stream.
Throws:
java.security.cert.CRLException - on parsing errors.

generateX509CRL

public static java.security.cert.X509CRL generateX509CRL(java.lang.String crlFile)
Generates a X.509 certificate revocation list (CRL) object and initializes it with the data read from the file.

Parameters:
crlFile - the CRL file.
Returns:
a CRL object initialized with the data from the file.
Throws:
java.security.cert.CRLException - on parsing errors.

getRevokedCertificate

public static java.security.cert.X509CRLEntry getRevokedCertificate(java.security.cert.X509CRL crl,
                                                                    java.math.BigInteger serialNumber)
Gets the CRL entry, if any, with the given certificate serialNumber.

Parameters:
crl - the certificate revocation list
serialNumber - the serial number of the certificate for which a CRL entry is to be looked up
Returns:
the entry with the given serial number, or null if no such entry exists in this CRL.
See Also:
X509CRLEntry

getRevokedCertificate

public static java.security.cert.X509CRLEntry getRevokedCertificate(java.security.cert.X509CRL crl,
                                                                    java.security.cert.X509Certificate cert)
Gets the CRL entry, if any, with the given certificate serialNumber.

Parameters:
crl - the certificate revocation list
cert - the certificate for which a CRL entry is to be looked up
Returns:
the entry with the given serial number, or null if no such entry exists in this CRL.
See Also:
X509CRLEntry

isValidSignatureText

public static boolean isValidSignatureText(java.lang.String msgText,
                                           java.lang.String sigText,
                                           java.security.KeyPair kp)
Validates the signature text.

Parameters:
msgText - the message text.
sigText - the signature text.
kp - tke key pair.
Returns:
true if the signature text is valid, false otherwise.

isValidSignatureText

public static boolean isValidSignatureText(java.lang.String msgText,
                                           java.lang.String sigText,
                                           java.security.PublicKey pub)
Validates the signature text.

Parameters:
msgText - the message text.
sigText - the signature text.
pub - tke public key.
Returns:
true if the signature text is valid, false otherwise.

isValidSignatureText

public static boolean isValidSignatureText(java.lang.String msgText,
                                           java.lang.String sigText,
                                           java.security.Signature sig)
Validates the signature text.

Parameters:
msgText - the message text.
sigText - the signature text.
sig - tke signature.
Returns:
true if the signature text is valid, false otherwise.

isValidSignatureText

public static boolean isValidSignatureText(java.lang.String msgText,
                                           java.lang.String sigText,
                                           java.security.cert.X509Certificate cert)
Validates the signature text.

Parameters:
msgText - the message text.
sigText - the signature text.
cert - tke certificate.
Returns:
true if the signature text is valid, false otherwise.

isValidX509Certificate

public static boolean isValidX509Certificate(java.security.cert.X509Certificate cert)
Checks that the X.509 certificate is currently valid. It is if the current date and time are within the validity period given in the certificate.

The validity period consists of two date/time values: the first and last dates (and times) on which the certificate is valid. It is defined in ASN.1 as:

 validity             Validity

Validity ::= SEQUENCE { notBefore CertificateValidityDate, notAfter CertificateValidityDate }

CertificateValidityDate ::= CHOICE { utcTime UTCTime, generalTime GeneralizedTime }

Parameters:
cert - tke certificate.

isValidX509CRL

public static boolean isValidX509CRL(java.security.cert.X509CRL crl)
Checks that the X.509 CRL is currently valid. It is if the current date and time are within the validity period given in the certificate.

Parameters:
crl - the certificate revocation list

verifyX509Certificate

public static boolean verifyX509Certificate(java.security.cert.X509Certificate cert,
                                            java.security.PublicKey key)
Verifies that the X.509 certificate is valid and was signed using the private key that corresponds to the given public key.

Parameters:
cert - tke certificate.
key - the PublicKey used to carry out the verification.
Returns:
true if certificate is from the public key, false otherwise.

verifyX509CRL

public static boolean verifyX509CRL(java.security.cert.X509CRL crl,
                                    java.security.PublicKey key)
Verifies that the X.509 certificate revocation list (CRL) is valid and was signed using the private key that corresponds to the given public key.

Parameters:
crl - the certificate revocation list
key - the PublicKey used to carry out the verification.
Returns:
true if CRL is from the public key, false otherwise.

verifyX509Information

public static boolean verifyX509Information(java.lang.String certificateFile,
                                            java.lang.String certificateOfAuthorityFile,
                                            java.lang.String crlFile)
Verifies the X.509 information.

Parameters:
certificateFile - the certificate file.
certificateOfAuthorityFile - the certificate of authority file.
crlFile - the CRL file.
Returns:
true if the X.509 information is valid, false otherwise.

verifyX509Information

public static boolean verifyX509Information(java.security.cert.X509Certificate certificate,
                                            java.security.cert.X509Certificate certificateOfAuthority,
                                            java.security.cert.X509CRL crl)
Verifies the X.509 information.

Parameters:
certificate - the certificate.
certificateOfAuthority - the certificate of authority.
crl - the CRL.
Returns:
true if the X.509 information is valid, false otherwise.