Package com.ibm.websphere.crypto

Class PasswordUtil

java.lang.Object
com.ibm.websphere.crypto.PasswordUtil
public class PasswordUtil extends Object
Password related utilities.

  • Field Details

    • PROPERTY_CRYPTO_KEY

      public static final String PROPERTY_CRYPTO_KEY

      Constant that holds the name of the property for specifying the encryption algorithm for the encode and encode_password method.

      See Also:

    • PROPERTY_NO_TRIM

      public static final String PROPERTY_NO_TRIM

      Constant that holds the name of the property for specifying whether the leading and trailing whitespace omitted from the string for the encode and encode_password method. When the value is true, the whitespace will not be omitted. Otherwise, the whitespace will be omitted. The default value is false.

      See Also:

    • PROPERTY_HASH_ALGORITHM

      public static final String PROPERTY_HASH_ALGORITHM

      Reserved for future use.

      See Also:

    • PROPERTY_HASH_ITERATION

      public static final String PROPERTY_HASH_ITERATION

      Reserved for future use.

      See Also:

    • PROPERTY_HASH_SALT

      public static final String PROPERTY_HASH_SALT

      Reserved for future use.

      See Also:

    • PROPERTY_HASH_ENCODED

      public static final String PROPERTY_HASH_ENCODED

      Reserved for future use.

      See Also:

    • PROPERTY_HASH_LENGTH

      public static final String PROPERTY_HASH_LENGTH

      Reserved for future use.

      See Also:

    • PROPERTY_KEYRING

      public static final String PROPERTY_KEYRING

      Constant that holds the name of the property for specifying keyring where the encryption key is stored.

      See Also:

    • PROPERTY_KEYRING_TYPE

      public static final String PROPERTY_KEYRING_TYPE

      Constant that holds the name of the property for secifying the type of the keyring where the encryption key is stored.

      See Also:

    • PROPERTY_KEY_LABEL

      public static final String PROPERTY_KEY_LABEL

      Constant that holds the name of the property for specifying the label for the encryption key stored in the keyring.

      See Also:

  • Constructor Details

    • PasswordUtil

      public PasswordUtil()

  • Method Details

    • getDefaultEncoding

      public static final String getDefaultEncoding()
      Return the default algorithm for the encoding or decoding.
      Returns:
      The default algorithm.

    • decode

      public static String decode(String encoded_string) throws InvalidPasswordDecodingException, UnsupportedCryptoAlgorithmException
      Decode the provided string. The string should consist of the algorithm to be used for decoding and encoded string. For example, {xor}CDo9Hgw=. Use this method unless the encryption key needs to be specified for the AES encryption.

      An empty algorithm "{}" is treated as not encoded. However, a missing algorithm will trigger the InvalidPasswordDecodingException.

      Parameters:
      encoded_string - the string to be decoded.
      Returns:
      The decoded string
      Throws:
      InvalidPasswordDecodingException - If the encoded_string is null or invalid. Or the decoded_string is null.
      UnsupportedCryptoAlgorithmException - If the specified algorithm is not supported for decoding.

    • encode

      public static String encode(String decoded_string) throws InvalidPasswordEncodingException, UnsupportedCryptoAlgorithmException
      Encode the provided password by using the default encoding algorithm. The encoded string consists of the algorithm of the encoding and the encoded value. For example, {xor}CDo9Hgw=. If the decoded_string is already encoded, the string will be decoded and then encoded by using the default encoding algorithm. Use this method for encoding the string by using the default encoding algorithm.
      Parameters:
      decoded_string - the string to be encoded.
      Returns:
      The encoded string.
      Throws:
      InvalidPasswordEncodingException - If the decoded_string is null or invalid. Or the encoded_string is null.
      UnsupportedCryptoAlgorithmException - If the algorithm is not supported.

    • encode

      public static String encode(String decoded_string, String crypto_algorithm) throws InvalidPasswordEncodingException, UnsupportedCryptoAlgorithmException
      Encode the provided password by using the specified encoding algorithm. The encoded string consistes of the algorithm of the encoding and the encoded value. If the decoded_string is already encoded, the string will be decoded and then encoded by using the specified crypto algorithm. Use this method for encoding the string by using specific encoding algorithm. Use securityUtility encode --listCustom command line utility to see if any additional custom encryptions are supported.
      Parameters:
      decoded_string - the string to be encoded.
      crypto_algorithm - the algorithm to be used for encoding. The supported values are xor, aes, or hash.
      Returns:
      The encoded string.
      Throws:
      InvalidPasswordEncodingException - If the decoded_string is null or invalid. Or the encoded_string is null.
      UnsupportedCryptoAlgorithmException - If the algorithm is not supported.

    • encode

      public static String encode(String decoded_string, String crypto_algorithm, String crypto_key) throws InvalidPasswordEncodingException, UnsupportedCryptoAlgorithmException
      Encode the provided string with the specified algorithm and the crypto key If the decoded_string is already encoded, the string will be decoded and then encoded by using the specified crypto algorithm. Use this method for encoding the string by using the AES encryption with the specific crypto key. Note that this method is only avaiable for the Liberty profile.
      Parameters:
      decoded_string - the string to be encoded.
      crypto_algorithm - the algorithm to be used for encoding.
      crypto_key - the key for the encryption. This value is only valid for aes algorithm.
      Returns:
      The encoded string.
      Throws:
      InvalidPasswordEncodingException - If the decoded_string is null or invalid. Or the encoded_string is null.
      UnsupportedCryptoAlgorithmException - If the algorithm is not supported.

    • encode

      public static String encode(String decoded_string, String crypto_algorithm, Map<String,String> properties) throws InvalidPasswordEncodingException, UnsupportedCryptoAlgorithmException
      Encode the provided string with the specified algorithm and the properties If the decoded_string is already encoded, the string will be decoded and then encoded by using the specified crypto algorithm. Note that this method is only avaiable for the Liberty profile.
      Parameters:
      decoded_string - the string to be encoded.
      crypto_algorithm - the algorithm to be used for encoding. The supported values are xor, aes, or hash.
      properties - the properties for the encryption.
      Returns:
      The encoded string.
      Throws:
      InvalidPasswordEncodingException - If the decoded_string is null or invalid. Or the encoded_string is null.
      UnsupportedCryptoAlgorithmException - If the algorithm is not supported.

    • getCryptoAlgorithm

      public static String getCryptoAlgorithm(String password)
      Return the crypto algorithm of the provided password. For example, if the password is {xor}CDo9Hgw=, "xor" will be returned.
      Parameters:
      password - the encoded string with encoding algorithm.
      Returns:
      The encoding algorithm. Null if not present.

    • getCryptoAlgorithmTag

      public static String getCryptoAlgorithmTag(String password)
      Return the algorithm tag of the provided string. For example, if the password is {xor}CDo9Hgw=, "{xor}" will be returned.
      Parameters:
      password - the encoded string with encoding algorithm.
      Returns:
      The encoding algorithm with algorithm tags. Null if not present.

    • isEncrypted

      public static boolean isEncrypted(String encoded_string)
      Check whether the encoded string contains a valid crypto algorithm. For example, "{xor}CDo9Hgw=" returns true, while "{unknown}CDo9Hgw=" or "CDo9Hgw=" returns false.
      Parameters:
      encoded_string - the encoded string.
      Returns:
      true if the encoding algorithm is supported.

    • isValidCryptoAlgorithm

      public static boolean isValidCryptoAlgorithm(String crypto_algorithm)
      Determine if the provided algorithm string is valid. The valid values are xor, aes, or hash. Use securityUtility encode --listCustom command line utility to see if any additional custom encryptions are supported.
      Parameters:
      crypto_algorithm - the string of algorithm.
      Returns:
      true if the algorithm is supported. false otherwise.

    • isValidCryptoAlgorithmTag

      public static boolean isValidCryptoAlgorithmTag(String tag)
      Determine if the provided algorithm tag is valid. the algorithm tag consists of "{}" such as "{xor}". The valid values are {xor}, {aes}, or {hash}. Use securityUtility encode --listCustom command line utility to see if any additional custom encryptions are supported.
      Parameters:
      tag - the string of algorithm tag to be examined.
      Returns:
      true if the algorithm is supported. false otherwise.

    • isHashed

      public static boolean isHashed(String encoded_string)
      Determine if the provided string is hashed by examining the algorithm tag. Note that this method is only avaiable for the Liberty profile.
      Parameters:
      encoded_string - the string with the encoded algorithm tag.
      Returns:
      true if the encoded algorithm is hash. false otherwise.

    • passwordDecode

      public static String passwordDecode(String encoded_string)
      Decode the provided string. The string should consist of the algorithm to be used for decoding and encoded string. For example, {xor}CDo9Hgw=.
      Parameters:
      encoded_string - the string to be decoded.
      Returns:
      The decoded string, null if there is any failure during decoding, or invalid or null encoded_string.

    • passwordEncode

      public static String passwordEncode(String decoded_string)
      Encode the provided password by using the default encoding algorithm. The encoded string consists of the algorithm of the encoding and the encoded value. For example, {xor}CDo9Hgw=.
      Parameters:
      decoded_string - the string to be encoded.
      Returns:
      The encoded string. null if there is any failure during encoding, or invalid or null decoded_string

    • passwordEncode

      public static String passwordEncode(String decoded_string, String crypto_algorithm)
      Encode the provided password with the algorithm. If another algorithm is already applied, it will be removed and replaced with the new algorithm.
      Parameters:
      decoded_string - the string to be encoded, or the encoded string. If the string contains an "{}", it is treated as a crypto algorithm tag and not as a decoded string.
      crypto_algorithm - the algorithm to be used for encoding. The supported values are xor, aes, or hash.
      Returns:
      The encoded string. Null if there is any failure during encoding, or invalid or null decoded_string

    • removeCryptoAlgorithmTag

      public static String removeCryptoAlgorithmTag(String password)
      Remove the algorithm tag from the input encoded password.
      Parameters:
      password - the string which contains the crypto algorithm tag.
      Returns:
      The string which the crypto algorithm tag is removed.

    • encode_password

      public static String encode_password(String decoded_string, String crypto_algorithm, Map<String,String> properties)
      Encode the provided string by using the specified encoding algorithm and properties
      Parameters:
      decoded_string - the string to be encoded.
      crypto_algorithm - the algorithm to be used for encoding. The supported values are xor, aes, or hash.
      properties - the properties for the encryption.
      Returns:
      The encoded string. null if there is any failure during encoding, or invalid or null decoded_string