de.aristaflow.adept2.util

Class SecurityTools

java.lang.Object

de.aristaflow.adept2.util.SecurityTools

public final class SecurityTools
extends java.lang.Object

Tool class for creating java.security related objects, ie. objects which use the Provider service for creating security algorithms.

Using the default like e.g. KeyFactory.getInstance(String) is not recommended, since 3rd party jar files may set additional providers for algorithms. Although they may promise to be compliant, they are not tested and may lead to errors at various critical parts in our system. Example: WildFly uses Bouncy Castle which does not like padding in RSA encrypted passwords in our configuration.

Author:

Kevin Goeser, Ulrich Kreher

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	SIGNING_ALGORITHM The algorithm to use for signing SignedObject and similar usages.

Constructor Summary

Constructors

Constructor and Description
SecurityTools()

Method Summary

Modifier and Type	Method and Description
static java.security.Signature	getCommonSignatureInstance() Returns a Signature instance of the algorithm defined in SIGNING_ALGORITHM.
static javax.net.ssl.KeyManagerFactory	getDefaultKeyManagerFactoryInstance()
static javax.xml.crypto.dsig.XMLSignatureFactory	getDOMXMLSignatureFactory()
static javax.crypto.Cipher	getRsaCipher()
static java.security.KeyFactory	getRSAKeyFactoryInstance()
static java.security.KeyPairGenerator	getRSAKeyPairGenerator()
static java.security.SecureRandom	getSecureRandom()
static java.security.MessageDigest	getSHA1MessageDigest()
static java.security.MessageDigest	getSHA512MessageDigest()
static java.util.Map<java.lang.String,java.lang.String>	getSunProviderConfiguration() Gets a configuration that uses the corresponding Sun providers.
static javax.net.ssl.SSLContext	getTLSContext()
static javax.net.ssl.TrustManagerFactory	getTrustManagerFactory()
static void	initialise(java.util.Map<java.lang.String,java.lang.String> properties, boolean allowMultiInit) Initialises the providers and checks for whether secure randoms can be created with the corresponding provider The designated map can provide the following properties: security.keyfactory.rsa security.keyfactory security.signature security.digest security.cipher.rsa security.random security.trustmanager security.context.ssl security.xml.signature If a property is not set, the default provider will be used.
static void	terminate() Signals the termination to the security tools.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

SIGNING_ALGORITHM

public static final java.lang.String SIGNING_ALGORITHM

The algorithm to use for signing SignedObject and similar usages.

See Also:

Constant Field Values

Constructor Detail

SecurityTools

public SecurityTools()

Method Detail

getSunProviderConfiguration

public static java.util.Map<java.lang.String,java.lang.String> getSunProviderConfiguration()

Gets a configuration that uses the corresponding Sun providers.

Returns:

A configuration that uses the corresponding Sun providers.

initialise

public static void initialise(java.util.Map<java.lang.String,java.lang.String> properties,
                              boolean allowMultiInit)
                       throws java.lang.Exception

Initialises the providers and checks for whether secure randoms can be created with the corresponding provider The designated map can provide the following properties:

• security.keyfactory.rsa
• security.keyfactory
• security.signature
• security.digest
• security.cipher.rsa
• security.random
• security.trustmanager
• security.context.ssl
• security.xml.signature

If a property is not set, the default provider will be used.
This method will be called when bootstrapping and must only be called once. So only call this method in case you do not need to bootstrap the AristaFlow-platform.

Parameters:

properties - The map providing the necessary global properties. Boolean properties need to be set appropriately using the usual string representations.

allowMultiInit - Whether multiple initialisations should not lead to a ConfigurationException. If set, there will only be a warning in the log.

Throws:

java.lang.Exception - If the security tools have already been initialised (this method has been called before) and no multi instances are allowed, a ConfigurationException will be thrown.

terminate

public static void terminate()

Signals the termination to the security tools.

getRSAKeyFactoryInstance

public static java.security.KeyFactory getRSAKeyFactoryInstance()
                                                         throws java.security.NoSuchAlgorithmException

Throws:

java.security.NoSuchAlgorithmException

getDefaultKeyManagerFactoryInstance

public static javax.net.ssl.KeyManagerFactory getDefaultKeyManagerFactoryInstance()
                                                                           throws java.security.NoSuchAlgorithmException

Throws:

java.security.NoSuchAlgorithmException

getCommonSignatureInstance

public static java.security.Signature getCommonSignatureInstance()
                                                          throws java.security.NoSuchAlgorithmException

Returns a Signature instance of the algorithm defined in SIGNING_ALGORITHM.

Returns:

Throws:

java.security.NoSuchAlgorithmException

getSHA1MessageDigest

public static java.security.MessageDigest getSHA1MessageDigest()
                                                        throws java.security.NoSuchAlgorithmException

Throws:

java.security.NoSuchAlgorithmException

getSHA512MessageDigest

public static java.security.MessageDigest getSHA512MessageDigest()
                                                          throws java.security.NoSuchAlgorithmException

Throws:

java.security.NoSuchAlgorithmException

getRSAKeyPairGenerator

public static java.security.KeyPairGenerator getRSAKeyPairGenerator()
                                                             throws java.security.NoSuchAlgorithmException

Throws:

java.security.NoSuchAlgorithmException

getRsaCipher

public static javax.crypto.Cipher getRsaCipher()
                                        throws java.security.NoSuchAlgorithmException,
                                               javax.crypto.NoSuchPaddingException

Throws:

java.security.NoSuchAlgorithmException

javax.crypto.NoSuchPaddingException

getSecureRandom

public static java.security.SecureRandom getSecureRandom()

getTrustManagerFactory

public static javax.net.ssl.TrustManagerFactory getTrustManagerFactory()
                                                                throws java.security.NoSuchAlgorithmException

Throws:

java.security.NoSuchAlgorithmException

getTLSContext

public static javax.net.ssl.SSLContext getTLSContext()
                                              throws java.security.NoSuchAlgorithmException

Throws:

java.security.NoSuchAlgorithmException

getDOMXMLSignatureFactory

public static javax.xml.crypto.dsig.XMLSignatureFactory getDOMXMLSignatureFactory()