toolarium-security

Java library with security utilities. Some of the classes of the [jpTools] (https://jptools.sourceforge.net/) have been adopted with the permission of the project.

Built With

• cb - The toolarium common build

Versioning

We use SemVer for versioning. For the versions available, see the tags on this repository.

Gradle:

dependencies {
    implementation "com.github.toolarium:toolarium-security:1.1.2"
}

Maven:

<dependency>
    <groupId>com.github.toolarium</groupId>
    <artifactId>toolarium-security</artifactId>
    <version>1.1.2</version>
</dependency>

Samples:

Create hashes, e.g. SHA-256, SHA-512...

byte[] digest1 = CryptoHashUtil.getInstance().sha256("content".getBytes());
byte[] digest2 = CryptoHashUtil.getInstance().createHash(/*provider*/null, "SHA-256", "content")

Create a self signed certificate:

// create new certificate
CertificateStore certificateStore = 
    CertificateUtilFactory.getInstance().getGenerator().createCreateCertificate(
        PKIUtil.getInstance().generateKeyPair("RSA", 2048), "MyCertificate", "localhost", new Date(), 2 * 365);  // from now until 2 years  

certificateStore.write("mypkc12-cert.p12", "alias", "password");
certificateStore.writeCertificate("mycertificate.crt");
certificateStore.writePublicKey("mypublickey.pub");
certificateStore.writePrivateKey("myprivatekey.pem");

Create a self-signed certificate and use it for a service and client

ISecurityManagerProvider securityManagerProvider = SecurityManagerProviderFactory.getInstance().getSecurityManagerProvider("toolarium", "changit");
...
    // create SSL context with self-signed certificate for a SSL server / service
    SSLContext sslContext = SSLContextFactory.getInstance().createSslContext(securityManagerProvider);
    SSLServerSocket s  = SSLUtil.getInstance().getSSLServerSocket(sslContext, port, true, LOG::debug);
...
    // create ssl context with added self-signed certificate in trust store for a SSL client
    SSLContext sslContext = SSLContextFactory.getInstance().createSslContext(securityManagerProvider);

Sign JSON requests accodringly to https://global.alipay.com/docs/ac/gr/signature#d2e38597

// add bouncy castle as provider
Security.addProvider(new BouncyCastleProvider());

final KeyPair keyPair = PKIUtil.getInstance().generateKeyPair("BC", "EC", 256);
String privateKeyStr = KeyConverterFactory.getInstance().getConverter("EC").formatPrivateKey(keyPair.getPrivate());
String publicKeyStr = KeyConverterFactory.getInstance().getConverter("EC").formatPublicKey(keyPair.getPublic());
...

// read key from configuration and convert to objects
PrivateKey privateKey = KeyConverterFactory.getInstance().getConverter("EC").getPrivateKey(privateKeyStr);
PublicKey publicKey = KeyConverterFactory.getInstance().getConverter("EC").getPublicKey(publicKeyStr);
...

// sign JSON
String jsonResponse = JsonSignatureUtil.getInstance().sign("BC", "SHA256withECDSA", privateKey, content);

// verify: decode signature and compare
boolean result = JsonSignatureUtil.getInstance().verify("BC", "SHA256withECDSA", publicKey, jsonResponse);

Use of the challenge / response util

String provider = null;
KeyPair keyPair = PKIUtil.getInstance().generateKeyPair(provider, "RSA", 1024);

// generate challenge
byte[] challenge = ChallengeResponseUtil.getInstance().getChallenge(128);

// generate response of the given challenge
byte[] response = ChallengeResponseUtil.getInstance().generateResponse(provider, "RSA", keyPair.getPrivate(), challenge);

// verify the response and the challenge
assertTrue(ChallengeResponseUtil.getInstance().checkResponse(provider, "RSA", keyPair.getPublic(), challenge, response));