Class SecurityUtils
- java.lang.Object
-
- org.apache.sshd.common.util.security.SecurityUtils
-
public final class SecurityUtils extends Object
Specific security providers related code- Author:
- Apache MINA SSHD Project
-
-
Field Summary
Fields Modifier and Type Field Description static String
BOUNCY_CASTLE
Bouncycastle JCE provider namestatic String
CURVE_ED25519_SHA512
static int
DEFAULT_DHGEX_KEY_SIZE
static List<String>
DEFAULT_SECURITY_PROVIDER_REGISTRARS
static String
ECC_SUPPORTED_PROP
System property used to control whether Elliptic Curves are supported or not.static String
EDDSA
EDDSA support - should matchEdDSAKey.KEY_ALGORITHM
static String
EDDSA_SUPPORTED_PROP
Deprecated.Please use "org.apache.sshd.security.provider.EdDSA.enabled&qupt;static int
MAX_DHGEX_KEY_SIZE
static String
MAX_DHGEX_KEY_SIZE_PROP
System property used to configure the value for the maximum supported Diffie-Hellman Group Exchange key size.static int
MIN_DHGEX_KEY_SIZE
The min.static int
PREFERRED_DHGEX_KEY_SIZE
static String
PROP_DEFAULT_SECURITY_PROVIDER
static String
REGISTER_BOUNCY_CASTLE_PROP
Deprecated.Please use "org.apache.sshd.security.provider.BC.enabled"static String
SECURITY_PROVIDER_REGISTRARS
Comma separated list of fully qualifiedSecurityProviderRegistrar
s to automatically register
-
Method Summary
-
-
-
Field Detail
-
BOUNCY_CASTLE
public static final String BOUNCY_CASTLE
Bouncycastle JCE provider name- See Also:
- Constant Field Values
-
EDDSA
public static final String EDDSA
EDDSA support - should matchEdDSAKey.KEY_ALGORITHM
- See Also:
- Constant Field Values
-
CURVE_ED25519_SHA512
public static final String CURVE_ED25519_SHA512
- See Also:
- Constant Field Values
-
MAX_DHGEX_KEY_SIZE_PROP
public static final String MAX_DHGEX_KEY_SIZE_PROP
System property used to configure the value for the maximum supported Diffie-Hellman Group Exchange key size. If not set, then an internal auto-discovery mechanism is employed. If set to negative value then Diffie-Hellman Group Exchange is disabled. If set to a negative value then Diffie-Hellman Group Exchange is disabled- See Also:
- Constant Field Values
-
MIN_DHGEX_KEY_SIZE
public static final int MIN_DHGEX_KEY_SIZE
The min. key size value used for testing whether Diffie-Hellman Group Exchange is supported or not. According to RFC 4419 section 3: "Servers and clients SHOULD support groups with a modulus length of k bits, where 1024 <= k <= 8192".- See Also:
- Constant Field Values
-
DEFAULT_DHGEX_KEY_SIZE
public static final int DEFAULT_DHGEX_KEY_SIZE
- See Also:
- Constant Field Values
-
PREFERRED_DHGEX_KEY_SIZE
public static final int PREFERRED_DHGEX_KEY_SIZE
- See Also:
- Constant Field Values
-
MAX_DHGEX_KEY_SIZE
public static final int MAX_DHGEX_KEY_SIZE
- See Also:
- Constant Field Values
-
SECURITY_PROVIDER_REGISTRARS
public static final String SECURITY_PROVIDER_REGISTRARS
Comma separated list of fully qualifiedSecurityProviderRegistrar
s to automatically register- See Also:
- Constant Field Values
-
DEFAULT_SECURITY_PROVIDER_REGISTRARS
public static final List<String> DEFAULT_SECURITY_PROVIDER_REGISTRARS
-
REGISTER_BOUNCY_CASTLE_PROP
@Deprecated public static final String REGISTER_BOUNCY_CASTLE_PROP
Deprecated.Please use "org.apache.sshd.security.provider.BC.enabled"System property used to control whether to automatically register theBouncyastle
JCE provider- See Also:
- Constant Field Values
-
ECC_SUPPORTED_PROP
public static final String ECC_SUPPORTED_PROP
System property used to control whether Elliptic Curves are supported or not. If not set then the support is auto-detected. Note: if set totrue
it is up to the user to make sure that indeed there is a provider for them- See Also:
- Constant Field Values
-
EDDSA_SUPPORTED_PROP
@Deprecated public static final String EDDSA_SUPPORTED_PROP
Deprecated.Please use "org.apache.sshd.security.provider.EdDSA.enabled&qupt;System property used to decide whether EDDSA curves are supported or not (in addition or even in spite ofisEDDSACurveSupported()
). If not set or set totrue
, then the existence of the optional support classes determines the support.- See Also:
- Constant Field Values
-
PROP_DEFAULT_SECURITY_PROVIDER
public static final String PROP_DEFAULT_SECURITY_PROVIDER
- See Also:
- Constant Field Values
-
-
Method Detail
-
isAPrioriDisabledProvider
public static boolean isAPrioriDisabledProvider(String name)
- Parameters:
name
- The provider's name - nevernull
/empty- Returns:
true
if the provider is marked as disabled a-priori- See Also:
setAPrioriDisabledProvider(String, boolean)
-
setAPrioriDisabledProvider
public static void setAPrioriDisabledProvider(String name, boolean disabled)
Marks a provider's registrar as "a-priori" programatically so that when itsSecurityProviderRegistrar.isEnabled()
is eventually consulted it will returnfalse
regardless of the configured value for the specific provider registrar instance. Note: has no effect if the provider has already been registered.- Parameters:
name
- The provider's name - nevernull
/emptydisabled
-true
whether to disable it a-priori- See Also:
isAPrioriDisabledProvider(String)
-
getAPrioriDisabledProviders
public static Set<String> getAPrioriDisabledProviders()
- Returns:
- A copy if the current a-priori disabled providers names
-
isECCSupported
public static boolean isECCSupported()
- Returns:
true
if Elliptic Curve Cryptography is supported- See Also:
ECC_SUPPORTED_PROP
-
isDHGroupExchangeSupported
public static boolean isDHGroupExchangeSupported()
- Returns:
true
if Diffie-Hellman Group Exchange is supported- See Also:
getMaxDHGroupExchangeKeySize()
-
isDHOakelyGroupSupported
public static boolean isDHOakelyGroupSupported(int keySize)
- Parameters:
keySize
- The expected key size- Returns:
true
if Oakely Diffie-Hellman Group Exchange is supported for the specified key size- See Also:
getMaxDHGroupExchangeKeySize()
-
getMaxDHGroupExchangeKeySize
public static int getMaxDHGroupExchangeKeySize()
- Returns:
- The maximum supported Diffie-Hellman Group Exchange key size, or non-positive if not supported
-
setMaxDHGroupExchangeKeySize
public static void setMaxDHGroupExchangeKeySize(int keySize)
Set programmatically the reported value forgetMaxDHGroupExchangeKeySize()
- Parameters:
keySize
- The reported key size - if zero, then it will be auto-detected, if negative then DH group exchange will be disabled
-
isDHGroupExchangeSupported
public static boolean isDHGroupExchangeSupported(int maxKeySize)
-
getDefaultProviderChoice
public static SecurityProviderChoice getDefaultProviderChoice()
-
setDefaultProviderChoice
public static void setDefaultProviderChoice(SecurityProviderChoice choice)
-
getRegisteredProviders
public static Set<String> getRegisteredProviders()
- Returns:
- A copy of the currently registered security providers
-
isBouncyCastleRegistered
public static boolean isBouncyCastleRegistered()
-
isProviderRegistered
public static boolean isProviderRegistered(String provider)
-
getRegisteredProvider
public static SecurityProviderRegistrar getRegisteredProvider(String provider)
-
isRegistrationCompleted
public static boolean isRegistrationCompleted()
-
registerSecurityProvider
public static SecurityProviderRegistrar registerSecurityProvider(SecurityProviderRegistrar registrar)
- Parameters:
registrar
- The registrar instance to register- Returns:
- The registered instance - may be different than required
if already registered. Returns
null
if not already registered and not enabled or not supported registrar.
-
loadKeyPairIdentities
public static Iterable<KeyPair> loadKeyPairIdentities(SessionContext session, NamedResource resourceKey, InputStream inputStream, FilePasswordProvider provider) throws IOException, GeneralSecurityException
- Parameters:
session
- TheSessionContext
for invoking this load command - may benull
if not invoked within a session context (e.g., offline tool).resourceKey
- An identifier of the key being loaded - used as argument to theFilePasswordProvider#getPassword
invocationinputStream
- TheInputStream
for the private keyprovider
- AFilePasswordProvider
- may benull
if the loaded key is guaranteed not to be encrypted- Returns:
- The loaded
KeyPair
-s - ornull
if none loaded - Throws:
IOException
- If failed to read/parse the input streamGeneralSecurityException
- If failed to generate the keys
-
createGeneratorHostKeyProvider
public static AbstractGeneratorHostKeyProvider createGeneratorHostKeyProvider(Path path)
-
getBouncycastleKeyPairResourceParser
public static KeyPairResourceParser getBouncycastleKeyPairResourceParser()
-
getRandomFactory
public static RandomFactory getRandomFactory()
- Returns:
- If
isBouncyCastleRegistered()
then aBouncyCastleRandomFactory
instance, otherwise aJceRandomFactory
one
-
isEDDSACurveSupported
public static boolean isEDDSACurveSupported()
- Returns:
true
if EDDSA curves (e.g.,ed25519
) are supported
-
getEDDSAPublicKeyEntryDecoder
public static PublicKeyEntryDecoder<? extends PublicKey,? extends PrivateKey> getEDDSAPublicKeyEntryDecoder()
-
getOpenSSHEDDSAPrivateKeyEntryDecoder
public static PrivateKeyEntryDecoder<? extends PublicKey,? extends PrivateKey> getOpenSSHEDDSAPrivateKeyEntryDecoder()
-
getEDDSASigner
public static Signature getEDDSASigner()
-
getEDDSAKeySize
public static int getEDDSAKeySize(Key key)
-
getEDDSAPrivateKeyType
public static Class<? extends PrivateKey> getEDDSAPrivateKeyType()
-
compareEDDSAPrivateKeys
public static boolean compareEDDSAPrivateKeys(PrivateKey k1, PrivateKey k2)
-
recoverEDDSAPublicKey
public static PublicKey recoverEDDSAPublicKey(PrivateKey key) throws GeneralSecurityException
- Throws:
GeneralSecurityException
-
generateEDDSAPublicKey
public static PublicKey generateEDDSAPublicKey(String keyType, byte[] seed) throws GeneralSecurityException
- Throws:
GeneralSecurityException
-
putRawEDDSAPublicKey
public static <B extends Buffer> B putRawEDDSAPublicKey(B buffer, PublicKey key)
-
putEDDSAKeyPair
public static <B extends Buffer> B putEDDSAKeyPair(B buffer, PublicKey pubKey, PrivateKey prvKey)
-
extractEDDSAKeyPair
public static KeyPair extractEDDSAKeyPair(Buffer buffer, String keyType) throws GeneralSecurityException
- Throws:
GeneralSecurityException
-
getKeyPairResourceParser
public static KeyPairResourceParser getKeyPairResourceParser()
-
setKeyPairResourceParser
public static void setKeyPairResourceParser(KeyPairResourceParser parser)
- Parameters:
parser
- The system-wideKeyPairResourceParser
to use. If set tonull
, then the default parser will be re-constructed on next call togetKeyPairResourceParser()
-
resolveSecurityEntityFactory
public static <T> SecurityEntityFactory<T> resolveSecurityEntityFactory(Class<T> entityType, String algorithm, Predicate<? super SecurityProviderRegistrar> entitySelector)
-
createSecurityEntityFactory
public static <T> SecurityEntityFactory<T> createSecurityEntityFactory(Class<T> entityType, Predicate<? super SecurityProviderRegistrar> entitySelector)
-
getKeyFactory
public static KeyFactory getKeyFactory(String algorithm) throws GeneralSecurityException
- Throws:
GeneralSecurityException
-
getCipher
public static Cipher getCipher(String transformation) throws GeneralSecurityException
- Throws:
GeneralSecurityException
-
getMessageDigest
public static MessageDigest getMessageDigest(String algorithm) throws GeneralSecurityException
- Throws:
GeneralSecurityException
-
getKeyPairGenerator
public static KeyPairGenerator getKeyPairGenerator(String algorithm) throws GeneralSecurityException
- Throws:
GeneralSecurityException
-
getKeyAgreement
public static KeyAgreement getKeyAgreement(String algorithm) throws GeneralSecurityException
- Throws:
GeneralSecurityException
-
getMac
public static Mac getMac(String algorithm) throws GeneralSecurityException
- Throws:
GeneralSecurityException
-
getSignature
public static Signature getSignature(String algorithm) throws GeneralSecurityException
- Throws:
GeneralSecurityException
-
getCertificateFactory
public static CertificateFactory getCertificateFactory(String type) throws GeneralSecurityException
- Throws:
GeneralSecurityException
-
-