public class CryptoUtils
Modifier and Type | Method and Description |
---|---|
static NonExistentClass |
byKeys(java.lang.Iterable<net.corda.core.crypto.TransactionSignature> $receiver)
Returns the set of all PublicKeys of the signatures.
|
static java.security.PrivateKey |
component1(java.security.KeyPair $receiver) |
static java.security.PublicKey |
component2(java.security.KeyPair $receiver) |
static SecureHash |
componentHash(OpaqueBytes opaqueBytes,
PrivacySalt privacySalt,
int componentGroupIndex,
int internalIndex)
Deprecated.
|
static SecureHash |
componentHash(SecureHash nonce,
OpaqueBytes opaqueBytes)
Deprecated.
|
static SecureHash.SHA256 |
computeNonce(PrivacySalt privacySalt,
int groupIndex,
int internalIndex)
Deprecated.
|
static boolean |
containsAny(java.security.PublicKey $receiver,
java.lang.Iterable<? extends java.security.PublicKey> otherKeys)
Checks whether any of the given
CryptoUtils.getKeys matches a leaf on the class CompositeKey tree or a single PublicKey. |
static java.security.KeyPair |
entropyToKeyPair(java.math.BigInteger entropy)
Returns a key pair derived from the given private key entropy. This is useful for unit tests and other cases where
you want hard-coded private keys.
|
static java.security.KeyPair |
generateKeyPair()
A simple wrapper that will make it easier to swap out the signature algorithm we use in future.
|
static java.util.Set<java.security.PublicKey> |
getKeys(java.security.PublicKey $receiver)
Return a Set of the contained leaf keys if this is a
class CompositeKey .
Otherwise, return a Set with a single element (this PublicKey).
Note that leaf keys cannot be of type class CompositeKey . |
static boolean |
isFulfilledBy(java.security.PublicKey $receiver,
java.security.PublicKey otherKey)
Return true if otherKey fulfils the requirements of this PublicKey.
|
static boolean |
isFulfilledBy(java.security.PublicKey $receiver,
java.lang.Iterable<? extends java.security.PublicKey> otherKeys)
Return true if otherKeys fulfil the requirements of this PublicKey.
|
static boolean |
isValid(java.security.PublicKey $receiver,
byte[] content,
DigitalSignature signature)
Utility to simplify the act of verifying a signature. In comparison to
CryptoUtils.verify if the key and signature
do not match it returns false rather than throwing an exception. Normally you should use the function which throws,
as it avoids the risk of failing to test the result, but this is for uses such as java.security.Signature.verify
implementations. |
static java.security.SecureRandom |
newSecureRandom()
Get an instance of SecureRandom to avoid blocking, due to waiting for additional entropy, when possible.
In this version, the NativePRNGNonBlocking is exclusively used on Linux OS to utilize dev/urandom because in high traffic
/dev/random may wait for a certain amount of "noise" to be generated on the host machine before returning a result.
|
static long |
random63BitValue()
Returns a random positive non-zero long generated using a secure RNG. This function sacrifies a bit of entropy in order
to avoid potential bugs where the value is used in a context where negative numbers or zero are not expected.
|
static byte[] |
secureRandomBytes(int numOfBytes)
Generate a securely random ByteArray of requested number of bytes. Usually used for seeds, nonces and keys.
|
static <T> SecureHash |
serializedHash(T x)
Deprecated.
|
static DigitalSignature |
sign(java.security.PrivateKey $receiver,
byte[] bytesToSign)
Utility to simplify the act of signing a byte array.
|
static DigitalSignature.WithKey |
sign(java.security.PrivateKey $receiver,
byte[] bytesToSign,
java.security.PublicKey publicKey)
Utility to simplify the act of signing a byte array and return a
class DigitalSignature.WithKey object.
Note that there is no check if the public key matches with the signing private key. |
static DigitalSignature.WithKey |
sign(java.security.KeyPair $receiver,
byte[] bytesToSign)
Helper function to sign with a key pair.
|
static DigitalSignature.WithKey |
sign(java.security.KeyPair $receiver,
OpaqueBytes bytesToSign)
Helper function to sign the bytes of bytesToSign with a key pair.
|
static TransactionSignature |
sign(java.security.KeyPair $receiver,
SignableData signableData)
Helper function for signing a
class SignableData object. |
static java.lang.String |
toStringShort(java.security.PublicKey $receiver)
Render a public key to its hash (in Base58) of its serialised form using the DL prefix.
|
static boolean |
verify(java.security.PublicKey $receiver,
byte[] content,
DigitalSignature signature)
Utility to simplify the act of verifying a signature.
|
static boolean |
verify(java.security.PublicKey $receiver,
byte[] signatureData,
byte[] clearData)
Helper function to verify a signature.
|
static boolean |
verify(java.security.KeyPair $receiver,
byte[] signatureData,
byte[] clearData)
Helper function for the signers to verify their own signature.
|
public static DigitalSignature sign(java.security.PrivateKey $receiver, byte[] bytesToSign)
Utility to simplify the act of signing a byte array.
bytesToSign
- the data/message to be signed in ByteArray form (usually the Merkle root).class DigitalSignature
object on the input message.public static DigitalSignature.WithKey sign(java.security.PrivateKey $receiver, byte[] bytesToSign, java.security.PublicKey publicKey)
Utility to simplify the act of signing a byte array and return a class DigitalSignature.WithKey
object.
Note that there is no check if the public key matches with the signing private key.
bytesToSign
- the data/message to be signed in ByteArray form (usually the Merkle root).class DigitalSignature.WithKey
object on the input message bytesToSign and publicKey.class DigitalSignature.WithKey
public static DigitalSignature.WithKey sign(java.security.KeyPair $receiver, byte[] bytesToSign)
Helper function to sign with a key pair.
bytesToSign
- the data/message to be signed in ByteArray form (usually the Merkle root).public static DigitalSignature.WithKey sign(java.security.KeyPair $receiver, OpaqueBytes bytesToSign)
Helper function to sign the bytes of bytesToSign with a key pair.
public static TransactionSignature sign(java.security.KeyPair $receiver, SignableData signableData)
Helper function for signing a class SignableData
object.
signableData
- the object to be signed.class TransactionSignature
object.class SignableData
public static boolean verify(java.security.PublicKey $receiver, byte[] content, DigitalSignature signature)
Utility to simplify the act of verifying a signature.
public static boolean isValid(java.security.PublicKey $receiver, byte[] content, DigitalSignature signature)
Utility to simplify the act of verifying a signature. In comparison to CryptoUtils.verify
if the key and signature
do not match it returns false rather than throwing an exception. Normally you should use the function which throws,
as it avoids the risk of failing to test the result, but this is for uses such as java.security.Signature.verify
implementations.
class CompositeKey
, because verification of composite key signatures is not supported.CryptoUtils.verify
,
java.security.Signature.verifypublic static java.lang.String toStringShort(java.security.PublicKey $receiver)
Render a public key to its hash (in Base58) of its serialised form using the DL prefix.
public static java.util.Set<java.security.PublicKey> getKeys(java.security.PublicKey $receiver)
Return a Set of the contained leaf keys if this is a class CompositeKey
.
Otherwise, return a Set with a single element (this PublicKey).
Note that leaf keys cannot be of type class CompositeKey
.
class CompositeKey
,
Set,
PublicKey,
class CompositeKey
public static boolean isFulfilledBy(java.security.PublicKey $receiver, java.security.PublicKey otherKey)
Return true if otherKey fulfils the requirements of this PublicKey.
public static boolean isFulfilledBy(java.security.PublicKey $receiver, java.lang.Iterable<? extends java.security.PublicKey> otherKeys)
Return true if otherKeys fulfil the requirements of this PublicKey.
public static boolean containsAny(java.security.PublicKey $receiver, java.lang.Iterable<? extends java.security.PublicKey> otherKeys)
Checks whether any of the given CryptoUtils.getKeys
matches a leaf on the class CompositeKey
tree or a single PublicKey.
Note that this function checks against leaves, which cannot be of type class CompositeKey
. Due to that, if any of the
otherKeys is a class CompositeKey
, this function will not find a match.
public static NonExistentClass byKeys(java.lang.Iterable<net.corda.core.crypto.TransactionSignature> $receiver)
Returns the set of all PublicKeys of the signatures.
public static java.security.PrivateKey component1(java.security.KeyPair $receiver)
public static java.security.PublicKey component2(java.security.KeyPair $receiver)
public static java.security.KeyPair generateKeyPair()
A simple wrapper that will make it easier to swap out the signature algorithm we use in future.
public static java.security.KeyPair entropyToKeyPair(java.math.BigInteger entropy)
Returns a key pair derived from the given private key entropy. This is useful for unit tests and other cases where you want hard-coded private keys.
entropy
- a BigInteger value.Crypto.getDEFAULT_SIGNATURE_SCHEME
.public static boolean verify(java.security.PublicKey $receiver, byte[] signatureData, byte[] clearData)
Helper function to verify a signature.
signatureData
- the signature on a message.clearData
- the clear data/message that was signed (usually the Merkle root).public static boolean verify(java.security.KeyPair $receiver, byte[] signatureData, byte[] clearData)
Helper function for the signers to verify their own signature.
signatureData
- the signature on a message.clearData
- the clear data/message that was signed (usually the Merkle root).public static byte[] secureRandomBytes(int numOfBytes)
Generate a securely random ByteArray of requested number of bytes. Usually used for seeds, nonces and keys.
numOfBytes
- how many random bytes to output.public static java.security.SecureRandom newSecureRandom()
Get an instance of SecureRandom to avoid blocking, due to waiting for additional entropy, when possible. In this version, the NativePRNGNonBlocking is exclusively used on Linux OS to utilize dev/urandom because in high traffic /dev/random may wait for a certain amount of "noise" to be generated on the host machine before returning a result.
On Solaris, Linux, and OS X, if the entropy gathering device in java.security is set to file:/dev/urandom or file:/dev/random, then NativePRNG is preferred to SHA1PRNG. Otherwise, SHA1PRNG is preferred.
public static long random63BitValue()
Returns a random positive non-zero long generated using a secure RNG. This function sacrifies a bit of entropy in order to avoid potential bugs where the value is used in a context where negative numbers or zero are not expected.
public static SecureHash componentHash(OpaqueBytes opaqueBytes, PrivacySalt privacySalt, int componentGroupIndex, int internalIndex)
Compute the hash of each serialised component so as to be used as Merkle tree leaf. The resultant output (leaf) is
calculated using the SHA256d algorithm, thus SHA256(SHA256(nonce || serializedComponent)), where nonce is computed
from CryptoUtils.computeNonce
.
CryptoUtils.computeNonce
public static SecureHash componentHash(SecureHash nonce, OpaqueBytes opaqueBytes)
Return the SHA256(SHA256(nonce || serializedComponent)).
public static <T> SecureHash serializedHash(T x)
Serialise the object and return the hash of the serialized bytes. Note that the resulting hash may not be deterministic across platform versions: serialization can produce different values if any of the types being serialized have changed, or if the version of serialization specified by the context changes.
public static SecureHash.SHA256 computeNonce(PrivacySalt privacySalt, int groupIndex, int internalIndex)
Method to compute a nonce based on privacySalt, component group index and component internal index. SHA256d (double SHA256) is used to prevent length extension attacks.
privacySalt
- a class PrivacySalt
.groupIndex
- the fixed index (ordinal) of this component group.internalIndex
- the internal index of this object in its corresponding components list.