Package com.jalios.jcms.security

Class BCryptUtil

  • public class BCryptUtil
extends java.lang.Object
    Utility class for generation and validation of BCrypt hash.

    Wraps jBCrypt implementation.

    Since:
    jcms-10.0.6 / JCMS-9014

    • Constructor Summary

      Constructors 
      Constructor Description
      BCryptUtil()  

    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      static boolean checkBCrypt​(java.lang.String candidate_plaintext, java.lang.String hash, int minLog2Rounds, int maxLog2Rounds)
      Check a plain text string against an string encrypted using BCrypt.
      static java.lang.String crypt​(java.lang.String str, int log2Rounds)
      Hash the specified string with the BCrypt encryption algorithm.
      static boolean isBCryptHash​(java.lang.String str)
      Check if specified string has the expect syntax of a BCrypt hash.
      static boolean isOutOfRangeBCryptHash​(java.lang.String hash, int minLog2Rounds, int maxLog2Rounds)
      Checks if the specified BCrypt hash uses a log2 round outside the specified authorized range.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • BCryptUtil

        public BCryptUtil()

    • Method Detail

      • crypt

        public static java.lang.String crypt​(java.lang.String str,
                                     int log2Rounds)
        Hash the specified string with the BCrypt encryption algorithm.

        Use checkBCrypt(String, String, int, int) method to verify the encrypted version against a plain text entry.

        Parameters:
        str - the String to encrypt
        log2Rounds - the log2 of the number of rounds of hashing to apply - the work factor therefore increases as 2**log_rounds. Authorized value is between 4 and 30 (included)
        Returns:
        the encrypted string (or null if null was specified)
        Since:
        jcms-10.0.6 / JCMS-9014
        See Also:
        checkBCrypt(String, String, int, int)

      • checkBCrypt

        public static boolean checkBCrypt​(java.lang.String candidate_plaintext,
                                  java.lang.String hash,
                                  int minLog2Rounds,
                                  int maxLog2Rounds)
        Check a plain text string against an string encrypted using BCrypt.

        This methods ensure that the specified bcrypt hash respects specified BCrypt security settings.

        Parameters:
        candidate_plaintext - the plain text to be tested (information usually received from the client, eg : a plain text password recevied from a login form)
        hash - the encrypted version (information known only on the server side, eg : member.getPassword())
        minLog2Rounds - the mininum log2 of the number of rounds of hashing authorized in the hash for it to be accepted (specified value is inclusive)
        maxLog2Rounds - the maximum log2 of the number of rounds of hashing authorized in the hash for it to be accepted (specified value is inclusive)
        Returns:
        true if the plain text string match the stored hash and hash di, false otherwise
        Since:
        jcms-10.0.6 / JCMS-9014

      • isBCryptHash

        public static boolean isBCryptHash​(java.lang.String str)
        Check if specified string has the expect syntax of a BCrypt hash.

        Note : this method only performs a "surface" check and does NOT verify that the specified string is really a BCrypt hash nor that it is valid. Only use for preliminary verification.

        Parameters:
        str - the string to check
        Returns:
        true if string match the syntax of a BCrypt hash (however, false otherwise
        Since:
        jcms-10.0.6 / JCMS-9072

      • isOutOfRangeBCryptHash

        public static boolean isOutOfRangeBCryptHash​(java.lang.String hash,
                                             int minLog2Rounds,
                                             int maxLog2Rounds)
        Checks if the specified BCrypt hash uses a log2 round outside the specified authorized range.
        Parameters:
        hash - MUST BE a syntaxically valid bcrypt hash (as return by isBCryptHash(String))
        minLog2Rounds - the mininum log2 of the number of rounds of hashing authorized in the hash for it to be accepted (specified value is inclusive)
        maxLog2Rounds - the maximum log2 of the number of rounds of hashing authorized in the hash for it to be accepted (specified value is inclusive)
        Returns:
        true if the specified hash matches the syntax of a bcrypt hash, but with a log2roudn strictly outside the specified boundary, return false
        Throws:
        java.lang.NullPointerException - if specified hash is null
        java.lang.IndexOutOfBoundsException - if length of specified is lower than 6 characters
        java.lang.NumberFormatException - if log2 round cannot be parse in specified hash
        Since:
        10.0.7 / JCMS-9787