Class CryptoPolicy
java.lang.Object
cloud.opencode.base.crypto.policy.CryptoPolicy
Immutable cryptographic algorithm policy for enforcing allowed/denied algorithms and minimum key sizes.
不可变的加密算法策略,用于强制允许/拒绝的算法和最小密钥长度。
Provides predefined policies (strict(), standard(), legacy())
and a CryptoPolicy.Builder for custom policies. Algorithm name matching is case-insensitive.
提供预定义策略(strict()、standard()、legacy())
以及用于自定义策略的 CryptoPolicy.Builder。算法名称匹配不区分大小写。
Features | 主要功能:
- Predefined strict/standard/legacy policies - 预定义严格/标准/兼容策略
- Custom policy via Builder pattern - 通过 Builder 模式自定义策略
- Minimum key size enforcement - 最小密钥长度强制
- Case-insensitive algorithm matching - 大小写不敏感的算法匹配
Usage Examples | 使用示例:
// Use predefined strict policy
CryptoPolicy policy = CryptoPolicy.strict();
policy.check("AES-256-GCM", 256); // OK
policy.check("MD5", 0); // throws PolicyViolationException
// Custom policy
CryptoPolicy custom = CryptoPolicy.builder()
.allow("AES-256-GCM", "SHA-256")
.deny("MD5", "SHA-1")
.minKeyBits("RSA", 2048)
.build();
Security | 安全性:
- Thread-safe: Yes (immutable) - 线程安全: 是(不可变)
- Since:
- JDK 25, opencode-base-crypto V1.0.3
- Author:
- Leon Soo www.LeonSoo.com
- See Also:
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic final classBuilder for constructing customCryptoPolicyinstances. -
Method Summary
Modifier and TypeMethodDescriptionstatic CryptoPolicy.Builderbuilder()Creates a new Builder for constructing a custom CryptoPolicy.voidChecks whether the given algorithm with key size is allowed, throwing an exception if not.Returns an unmodifiable set of allowed algorithm names (uppercase).Returns an unmodifiable set of denied algorithm names (uppercase).Returns an unmodifiable map of minimum key size requirements (uppercase algorithm name to bits).booleanReturns whether the given algorithm with key size is allowed by this policy.static CryptoPolicylegacy()Returns a legacy policy allowing older algorithms for backward compatibility.static CryptoPolicystandard()Returns a standard policy allowing commonly used secure algorithms.static CryptoPolicystrict()Returns a strict policy allowing only the strongest modern algorithms.
-
Method Details
-
strict
Returns a strict policy allowing only the strongest modern algorithms. 返回仅允许最强现代算法的严格策略。Allowed: AES-256-GCM, ChaCha20-Poly1305, Ed25519, X25519, SHA-256, SHA-384, SHA-512, SHA3-256, SHA3-512, Argon2id, ECDSA-P256, ECDSA-P384, RSA-PSS(>=4096)
- Returns:
- strict policy instance | 严格策略实例
-
standard
Returns a standard policy allowing commonly used secure algorithms. 返回允许常用安全算法的标准策略。Includes all strict algorithms plus: AES-128-GCM, AES-256-CBC, RSA-OAEP(>=2048), ECDSA-P521, PBKDF2, BCrypt, SCrypt, Ed448, X448, RSA(>=2048)
- Returns:
- standard policy instance | 标准策略实例
-
legacy
Returns a legacy policy allowing older algorithms for backward compatibility. 返回允许旧算法以实现向后兼容的兼容策略。Includes all standard algorithms plus: AES-128-CBC, RSA(>=1024), 3DES, SHA-1 (non-signature), MD5 (non-security)
- Returns:
- legacy policy instance | 兼容策略实例
-
builder
Creates a new Builder for constructing a custom CryptoPolicy. 创建用于构建自定义 CryptoPolicy 的 Builder。- Returns:
- a new Builder instance | 新的 Builder 实例
-
check
Checks whether the given algorithm with key size is allowed, throwing an exception if not. 检查给定算法和密钥长度是否被允许,如果不允许则抛出异常。- Parameters:
algorithm- the algorithm name (case-insensitive) | 算法名称(不区分大小写)keyBits- the key size in bits | 密钥长度(比特)- Throws:
PolicyViolationException- if the algorithm or key size violates the policy | 当算法或密钥长度违反策略时抛出
-
isAllowed
Returns whether the given algorithm with key size is allowed by this policy. 返回给定算法和密钥长度是否被此策略允许。- Parameters:
algorithm- the algorithm name (case-insensitive) | 算法名称(不区分大小写)keyBits- the key size in bits | 密钥长度(比特)- Returns:
- true if allowed, false otherwise | 如果允许则返回 true,否则返回 false
-
getAllowedAlgorithms
-
getDeniedAlgorithms
-
getMinKeyBits
-