Class CaptchaSecurity

java.lang.Object
cloud.opencode.base.captcha.security.CaptchaSecurity
public final class CaptchaSecurity extends Object
Captcha Security - Security utilities for CAPTCHA 验证码安全 - 验证码安全工具

This class provides security-related utilities for CAPTCHA operations.

此类提供验证码操作的安全相关工具。

Features | 主要功能:

  • Secure random ID generation - 安全随机ID生成
  • Hash-based answer comparison - 基于哈希的答案比较
  • Timing-safe comparison - 时间安全的比较

Usage Examples | 使用示例:

String id = CaptchaSecurity.generateId();
String hash = CaptchaSecurity.hashAnswer("abc123");
boolean match = CaptchaSecurity.verifyAnswer(hash, "abc123");

Security | 安全性:

  • Thread-safe: Yes (stateless utility, uses static SecureRandom) - 线程安全: 是(无状态工具,使用静态SecureRandom)
  • Null-safe: No (arguments must not be null) - 空值安全: 否(参数不能为null)
Since:
JDK 25, opencode-base-captcha V1.0.0
Author:
Leon Soo www.LeonSoo.com
See Also:

  • Method Details

    • generateSecureId

      public static String generateSecureId()
      Generates a secure random ID. 生成安全随机 ID。
      Returns:
      the random ID | 随机 ID

    • generateSecureToken

      public static String generateSecureToken(int length)
      Generates a secure random token. 生成安全随机令牌。
      Parameters:
      length - the token length in bytes | 令牌字节长度
      Returns:
      the random token | 随机令牌

    • hashAnswer

      public static String hashAnswer(String answer, String salt)
      Hashes an answer for secure storage. 对答案进行哈希以安全存储。
      Parameters:
      answer - the answer | 答案
      salt - the salt | 盐
      Returns:
      the hashed answer | 哈希后的答案

    • hashAnswer

      public static String hashAnswer(String answer, String salt, boolean caseSensitive)
      Hashes an answer for secure storage. 对答案进行哈希以安全存储。
      Parameters:
      answer - the answer | 答案
      salt - the salt | 盐
      caseSensitive - whether to preserve case | 是否保留大小写
      Returns:
      the hashed answer | 哈希后的答案

    • verifyHashedAnswer

      public static boolean verifyHashedAnswer(String answer, String hashedAnswer, String salt)
      Verifies a hashed answer. 验证哈希后的答案。
      Parameters:
      answer - the answer to verify | 要验证的答案
      hashedAnswer - the hashed answer | 哈希后的答案
      salt - the salt | 盐
      Returns:
      true if matches | 如果匹配返回 true

    • verifyHashedAnswer

      public static boolean verifyHashedAnswer(String answer, String hashedAnswer, String salt, boolean caseSensitive)
      Verifies a hashed answer with case sensitivity control. 验证哈希后的答案,支持大小写敏感控制。
      Parameters:
      answer - the answer to verify | 要验证的答案
      hashedAnswer - the hashed answer | 哈希后的答案
      salt - the salt | 盐
      caseSensitive - whether to preserve case | 是否保留大小写
      Returns:
      true if matches | 如果匹配返回 true

    • constantTimeEquals

      public static boolean constantTimeEquals(String a, String b)
      Constant-time string comparison to prevent timing attacks. 常量时间字符串比较以防止时序攻击。
      Parameters:
      a - first string | 第一个字符串
      b - second string | 第二个字符串
      Returns:
      true if equal | 如果相等返回 true

    • generateSalt

      public static String generateSalt()
      Generates a random salt. 生成随机盐。
      Returns:
      the salt | 盐