ca.randolf.security

Class Hash

Object

ca.randolf.security.Hash

public class Hash
extends Object

Produces various basic types of hash values.

Field Summary

Fields

Modifier and Type	Field and Description
static String	VERSION Version number of this Package (read-only).

Method Summary

Modifier and Type	Method and Description
static byte[]	HMACMD5(byte[] key, byte[] challenge) Generates an HMAC-MD5 hash.
static byte[]	HMACMD5(String key, String challenge) Generates an HMAC-MD5 hash.
static String	HMACMD5h(byte[] key, byte[] challenge) Generates an HMAC-MD5 hash.
static String	HMACMD5h(String key, String challenge) Generates an HMAC-MD5 hash.
static byte[]	MD5(byte... secret) Generates an MD5 hash.
static byte[]	MD5(String secret) Generates an MD5 hash.
static String	MD5h(byte... secret) Generates an MD5 hash.
static String	MD5h(String secret) Generates an MD5 hash.
static String	SASLDigestResponse(String nonce, String nc, String cnonce, String qop, String realm, String username, String password, boolean rspauth, String digesturi, String authzid) Calculates and generates the string value for one of two of the following SASL keywords:

Methods inherited from class Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

VERSION

public static final String VERSION

Version number of this Package (read-only).

See Also:

Constant Field Values

Method Detail

HMACMD5

public static byte[] HMACMD5(byte[] key,
                             byte[] challenge)

Generates an HMAC-MD5 hash.

Parameters:

key - Data that is to be kept secret, such as a password

challenge - Data known by all parties that the message is scrambled with

Returns:

128-bit HMAC-MD5 hash value as a byte array

Throws:

MissingResourceException - This exception doesn't normally need to be caught because it will only be thrown if the MD5 algorithm isn't available (it's always available, so this exception should never be thrown)

HMACMD5

public static byte[] HMACMD5(String key,
                             String challenge)

Generates an HMAC-MD5 hash.

Parameters:

key - Data that is to be kept secret, such as a password

challenge - Data known by all parties that the message is scrambled with

Returns:

128-bit HMAC-MD5 hash value as a byte array

Throws:

MissingResourceException - This exception doesn't normally need to be caught because it will only be thrown if the MD5 algorithm isn't available (it's always available, so this exception should never be thrown)

HMACMD5h

public static String HMACMD5h(byte[] key,
                              byte[] challenge)

Generates an HMAC-MD5 hash.

Parameters:

key - Data that is to be kept secret, such as a password

challenge - Data known by all parties that the message is scrambled with

Returns:

128-bit HMAC-MD5 hash value as a String of hexadecimal nybbles

Throws:

MissingResourceException - This exception doesn't normally need to be caught because it will only be thrown if the MD5 algorithm isn't available (it's always available, so this exception should never be thrown)

HMACMD5h

public static String HMACMD5h(String key,
                              String challenge)

Generates an HMAC-MD5 hash.

Parameters:

key - Data that is to be kept secret, such as a password

challenge - Data known by all parties that the message is scrambled with

Returns:

128-bit HMAC-MD5 hash value as a String of hexadecimal nybbles

Throws:

MissingResourceException - This exception doesn't normally need to be caught because it will only be thrown if the MD5 algorithm isn't available (it's always available, so this exception should never be thrown)

MD5

public static byte[] MD5(byte... secret)

Generates an MD5 hash.

Parameters:

secret - Data to generate an MD5 hash for

Returns:

128-bit MD5 hash value as a byte array

Throws:

MissingResourceException - This exception doesn't normally need to be caught because it will only be thrown if the MD5 algorithm isn't available (it's always available, so this exception should never be thrown)

MD5

public static byte[] MD5(String secret)

Generates an MD5 hash.

Parameters:

secret - Data to generate an MD5 hash for

Returns:

128-bit MD5 hash value as a byte array

Throws:

MissingResourceException - This exception doesn't normally need to be caught because it will only be thrown if the MD5 algorithm isn't available (it's always available, so this exception should never be thrown)

MD5h

public static String MD5h(byte... secret)

Generates an MD5 hash.

Parameters:

secret - Data to generate an MD5 hash for

Returns:

128-bit MD5 hash value as a String of hexadecimal nybbles

Throws:

MissingResourceException - This exception doesn't normally need to be caught because it will only be thrown if the MD5 algorithm isn't available (it's always available, so this exception should never be thrown)

MD5h

public static String MD5h(String secret)

Generates an MD5 hash.

Parameters:

secret - Data to generate an MD5 hash for

Returns:

128-bit MD5 hash value as a String of hexadecimal nybbles

Throws:

MissingResourceException - This exception doesn't normally need to be caught because it will only be thrown if the MD5 algorithm isn't available (it's always available, so this exception should never be thrown)

SASLDigestResponse

public static String SASLDigestResponse(String nonce,
                                        String nc,
                                        String cnonce,
                                        String qop,
                                        String realm,
                                        String username,
                                        String password,
                                        boolean rspauth,
                                        String digesturi,
                                        String authzid)

Calculates and generates the string value for one of two of the following SASL keywords:

• "response" (see RFC2831, section 2.1.2.1)
• "rspauth" (see RFC2831, section 2.1.3)

  See the "rspauth" boolean parameter for more details concerning which of the above values is to be calculated (server uses TRUE before sending the initial challenge to the client, then uses FALSE to validate the "response" from the client).

  The entire theme seems to include a variety of consistent characters and strings (which just create additional overhead, most of which appears to be nothing more than "security by obscurity") combined with user-supplied and server-supplied data (which is not supposed to be consistent, and is desirable for data protection algorithms).

  One interesting aspect of this algorithm is that some of the data being hashed using the MD5 algorithm is a combination of both hexadecimal and raw 8-bit binary MD5 hashes based on mixtures of consistent and user-supplied data. In short, some MD5 hash values are included in the data supplied to the final MD5 hash calculation.

Parameters:

nonce - Unique server-specified string

nc - Nonce count (normally "00000001")

cnonce - Unique client-specified string

qop - Quality Of Protection specifier string; if null or blank, defaults to "auth"

realm - The user's realm (usually an IDN {Internet Domain Name})

username - The user's login name (often an eMail address, in which case it is usually either localpart or addr-spec)

password - The user's password

rspauth - TRUE = prefix the "digest-uri" value with ":" in accordance with RFC2831, section 2.3.1, to generate the value associated with the "rspauth" keyword; FALSE = prefix the "digest-uri" value with "AUTHENTICATE:" in accordance with RFC2831, section 2.1.2.1, to generate the value associated with the "response" keyword (if this matches what the client provided, then it's extremely like that the client is providing the correct password)

digesturi - The principal name of the service this authentication is for (provided in the "digest-uri" keyword during a typical SASL negotiation)

authzid - The authorization ID (may be null)

Returns:

128-bit SASL response-value as a String of hexadecimal nybbles

See Also:

StringParser.refineSASLExchange(java.lang.String)