com.neurosys.utils

Class SecurityUtils

java.lang.Object

com.neurosys.utils.SecurityUtils

public class SecurityUtils
extends Object

Common security related routines for Hashing & encryption

Author:

Arjun Dhar

Field Summary

Fields

Modifier and Type	Field and Description
static String	CIPHER Cipher
static String	CIPHER_TYPE Cipher Type
static String	HASH_ALGO Hash - MD5
static Pattern	SECURITY_XSS_BLACK_PATTERN If any string matches this pattern in the Result, it case a SecurityException.
static Pattern	SECURITY_XSS_WHITE_PATTERN If any exception to the BLACK Pattern

Constructor Summary

Constructors

Constructor and Description
SecurityUtils()

Method Summary

Modifier and Type	Method and Description
static Key	decodeKey(String encodedKey) Reconstruct a secret key from a string representation.
static String	decrypt(String toDecrypt, Key key) This is a decryption Algorithm; it supports double byte characters also please ensure the encrypt method is used to decrypt whatever is encrypted through this (Not to confuse with URL Decoder) It accepts null parameters
static String	decrypt(String toDecrypt, Key key, String cipherType) This is a decryption Algorithm; it supports double byte characters also please ensure the encrypt method is used to decrypt whatever is encrypted through this (Not to confuse with URL Decoder) It accepts null parameters
static Key	deSerializeKey(String serializedKey)
static String	encodeKey(Key key) Encode a secret key as a string that can be stored for later use.
static String	encrypt(String toEncrypt, Key key) This is a decryption Algorithm; it supports double byte characters also please ensure the decrypt method is used to decrypt whatever is encrypted through this (Not to confuse with URL Encoder) It accepts null parameters
static String	encrypt(String toEncrypt, Key key, String cipherType) This is a decryption Algorithm; it supports double byte characters also please ensure the decrypt method is used to decrypt whatever is encrypted through this (Not to confuse with URL Encoder) It accepts null parameters
static String	genRandomString(int len)
static String	getHashedId(String id, int size, Function<Integer,Boolean> f) Convert a Sequential unique Id to a String of a specified size.
static Key	getSecretKey() This method generates a new Key each time it is called Create a key for use in the cipher code
static Key	getSecretKey(String cipher) This method generates a new Key each time it is called Create a key for use in the cipher code
static String	getSecretKeyString() Generate a 7 byte (56-bit) String
static String	hash(String toEncrypt) Hashes the string with MD5 algorithm
static X509Certificate	readCertificate(org.springframework.core.io.Resource resource)
static Object	secureAgainstXSS(Object value) Data may come from anywhere, including user interfaces.
static String	serializeKey(Key key)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

CIPHER_TYPE

public static final String CIPHER_TYPE

Cipher Type

See Also:

Constant Field Values

CIPHER

public static final String CIPHER

Cipher

See Also:

Constant Field Values

HASH_ALGO

public static final String HASH_ALGO

Hash - MD5

See Also:

Constant Field Values

SECURITY_XSS_BLACK_PATTERN

public static Pattern SECURITY_XSS_BLACK_PATTERN

If any string matches this pattern in the Result, it case a SecurityException. Can override during bootup if required.

SECURITY_XSS_WHITE_PATTERN

public static Pattern SECURITY_XSS_WHITE_PATTERN

If any exception to the BLACK Pattern

Constructor Detail

SecurityUtils

public SecurityUtils()

Method Detail

secureAgainstXSS

public static Object secureAgainstXSS(Object value)
                               throws SecurityException

Data may come from anywhere, including user interfaces. This makes it prone to CSRF and XSS kind of attacks.
A basic/convenience method to ensure the data to be rendered is safe for Web display.
By default it employs some basic testing, but for more advanced checks one should use alternative as ESAPI , OWASP Anti-Samy toolkit etc.

Parameters:

value - as Object

fieldName - as String (provided for any conditional checks; optional). Its advised that all checks be on all data without exceptions.

Returns:

Object (Sanized value Object) or throw a SecurityException if not interested in Sanitizing TODO: Add unit Test case

Throws:

SecurityException

encrypt

public static String encrypt(String toEncrypt,
                             Key key,
                             String cipherType)
                      throws Exception

This is a decryption Algorithm; it supports double byte characters also
please ensure the decrypt method is used to decrypt whatever is encrypted through this (Not to confuse with URL Encoder)
It accepts null parameters

Parameters:

toEncrypt - as String; if null returns null

key - as Key; If null returns the input string

cipherType - as a valid Cipher type

Returns:

String

Throws:

Exception

encrypt

public static String encrypt(String toEncrypt,
                             Key key)
                      throws Exception

This is a decryption Algorithm; it supports double byte characters also
please ensure the decrypt method is used to decrypt whatever is encrypted through this (Not to confuse with URL Encoder)
It accepts null parameters

Parameters:

toEncrypt - as String; if null returns null

key - as Key; If null returns the input string

Returns:

String

Throws:

Exception

decrypt

public static String decrypt(String toDecrypt,
                             Key key,
                             String cipherType)
                      throws Exception

This is a decryption Algorithm; it supports double byte characters also
please ensure the encrypt method is used to decrypt whatever is encrypted through this (Not to confuse with URL Decoder)
It accepts null parameters

Parameters:

toDecrypt - as String; if null returns null

key - as Key; If null returns the input string

cipherType - as a valid Cipher type

Returns:

String

Throws:

Exception

decrypt

public static String decrypt(String toDecrypt,
                             Key key)
                      throws Exception

This is a decryption Algorithm; it supports double byte characters also
please ensure the encrypt method is used to decrypt whatever is encrypted through this (Not to confuse with URL Decoder)
It accepts null parameters

Parameters:

toDecrypt - as String; if null returns null

key - as Key; If null returns the input string

Returns:

String

Throws:

Exception

getSecretKey

public static Key getSecretKey(String cipher)
                        throws NoSuchAlgorithmException

This method generates a new Key each time it is called Create a key for use in the cipher code

Parameters:

cipher - as a valid KeyGenerator type

Throws:

NoSuchAlgorithmException

serializeKey

public static String serializeKey(Key key)
                           throws IOException

Throws:

IOException

deSerializeKey

public static Key deSerializeKey(String serializedKey)
                          throws IOException,
                                 ClassNotFoundException

Throws:

IOException

ClassNotFoundException

getSecretKey

public static Key getSecretKey()
                        throws NoSuchAlgorithmException

This method generates a new Key each time it is called Create a key for use in the cipher code

Throws:

NoSuchAlgorithmException

encodeKey

public static String encodeKey(Key key)

Encode a secret key as a string that can be stored for later use.

Parameters:

key - as Key

Returns:

String

decodeKey

public static Key decodeKey(String encodedKey)
                     throws IOException

Reconstruct a secret key from a string representation.

Parameters:

encodedKey - as String

Returns:

Key

Throws:

IOException

hash

public static String hash(String toEncrypt)
                   throws Exception

Hashes the string with MD5 algorithm

Parameters:

toEncrypt -

The string to be hashed

Returns:

String

Encrypted with MD5

Throws:

Exception -

When MD5 algorithm is not available

getSecretKeyString

public static String getSecretKeyString()
                                 throws NoSuchAlgorithmException

Generate a 7 byte (56-bit) String

Returns:

String (7 byte String)

Throws:

NoSuchAlgorithmException

getHashedId

public static String getHashedId(String id,
                                 int size,
                                 Function<Integer,Boolean> f)
                          throws UnsupportedEncodingException,
                                 NoSuchAlgorithmException

Convert a Sequential unique Id to a String of a specified size.

Parameters:

id - as String (intended to be unique)

size - as int

f - as Function that takes in index and returns if it should be a character (true) or number (false)

Returns:

String hashed String of size

Throws:

UnsupportedEncodingException

NoSuchAlgorithmException

readCertificate

public static X509Certificate readCertificate(org.springframework.core.io.Resource resource)
                                       throws IOException,
                                              GeneralSecurityException

Throws:

IOException

GeneralSecurityException

genRandomString

public static String genRandomString(int len)