Class CryptoUtil

java.lang.Object
cloud.opencode.base.crypto.util.CryptoUtil
public final class CryptoUtil extends Object
Cryptographic utility class providing security-focused operations - Thread-safe utility for secure random generation, constant-time comparison, and key validation 加密工具类提供安全相关操作 - 线程安全的工具类,用于安全随机数生成、常量时间比较和密钥验证

Features | 主要功能:

  • General cryptographic utility methods - 通用加密工具方法

Usage Examples | 使用示例:

// General cryptographic utility methods
CryptoUtil.ensureAlgorithmAvailable("AES");

Security | 安全性:

  • Thread-safe: Yes - 线程安全: 是
  • Null-safe: Yes - 空值安全: 是

Performance | 性能特性:

  • Time complexity: O(n) - 时间复杂度: O(n),n为数据长度
  • Space complexity: O(1) - 空间复杂度: O(1)
Since:
JDK 25, opencode-base-crypto V1.0.0
Author:
Leon Soo www.LeonSoo.com
See Also:

  • Method Summary

    Modifier and Type
    Method
    Description
    static boolean
    constantTimeEquals(byte[] a, byte[] b)
    Constant-time byte array comparison to prevent timing attacks 常量时间字节数组比较,防止时序攻击
    static boolean
    constantTimeEquals(String a, String b)
    Constant-time string comparison to prevent timing attacks 常量时间字符串比较,防止时序攻击
    static Set<String>
    getAvailableAlgorithms(String type)
    Get all available algorithms of specified type 获取指定类型的所有可用算法
    static SecureRandom
    getSecureRandom()
    Get a thread-safe SecureRandom instance 获取线程安全的SecureRandom实例
    static boolean
    isAlgorithmAvailable(String algorithm)
    Check if cryptographic algorithm is available 检查加密算法是否可用
    static boolean
    isKeyPairStrengthSufficient(KeyPair keyPair, int minBits)
    Check if key pair has sufficient strength 检查密钥对是否具有足够的强度
    static boolean
    isKeyStrengthSufficient(SecretKey key, int minBits)
    Check if secret key has sufficient strength 检查密钥是否具有足够的强度
    static byte[]
    randomBytes(int length)
    Generate cryptographically secure random bytes 生成密码学安全的随机字节
    static byte[]
    randomIv(int length)
    Generate cryptographically secure random initialization vector 生成密码学安全的随机初始化向量
    static byte[]
    randomNonce(int length)
    Generate cryptographically secure random nonce 生成密码学安全的随机nonce
    static byte[]
    randomSalt(int length)
    Generate cryptographically secure random salt 生成密码学安全的随机盐值
    static void
    secureErase(byte[] data)
    Securely erase byte array by overwriting with zeros 通过用零覆盖来安全擦除字节数组
    static void
    secureErase(char[] data)
    Securely erase char array by overwriting with zeros 通过用零覆盖来安全擦除字符数组
    static void
    secureErase(ByteBuffer buffer)
    Securely erase ByteBuffer by overwriting with zeros 通过用零覆盖来安全擦除ByteBuffer

    Methods inherited from class Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Method Details

    • constantTimeEquals

      public static boolean constantTimeEquals(byte[] a, byte[] b)
      Constant-time byte array comparison to prevent timing attacks 常量时间字节数组比较,防止时序攻击
      Parameters:
      a - first byte array
      b - second byte array
      Returns:
      true if arrays are equal, false otherwise

    • constantTimeEquals

      public static boolean constantTimeEquals(String a, String b)
      Constant-time string comparison to prevent timing attacks 常量时间字符串比较,防止时序攻击
      Parameters:
      a - first string
      b - second string
      Returns:
      true if strings are equal, false otherwise

    • secureErase

      public static void secureErase(byte[] data)
      Securely erase byte array by overwriting with zeros 通过用零覆盖来安全擦除字节数组
      Parameters:
      data - byte array to erase

    • secureErase

      public static void secureErase(char[] data)
      Securely erase char array by overwriting with zeros 通过用零覆盖来安全擦除字符数组
      Parameters:
      data - char array to erase

    • secureErase

      public static void secureErase(ByteBuffer buffer)
      Securely erase ByteBuffer by overwriting with zeros 通过用零覆盖来安全擦除ByteBuffer
      Parameters:
      buffer - ByteBuffer to erase

    • getSecureRandom

      public static SecureRandom getSecureRandom()
      Get a thread-safe SecureRandom instance 获取线程安全的SecureRandom实例
      Returns:
      SecureRandom instance

    • randomBytes

      public static byte[] randomBytes(int length)
      Generate cryptographically secure random bytes 生成密码学安全的随机字节
      Parameters:
      length - number of bytes to generate
      Returns:
      random byte array
      Throws:
      IllegalArgumentException - if length is negative

    • randomNonce

      public static byte[] randomNonce(int length)
      Generate cryptographically secure random nonce 生成密码学安全的随机nonce
      Parameters:
      length - number of bytes to generate
      Returns:
      random nonce byte array
      Throws:
      IllegalArgumentException - if length is negative

    • randomIv

      public static byte[] randomIv(int length)
      Generate cryptographically secure random initialization vector 生成密码学安全的随机初始化向量
      Parameters:
      length - number of bytes to generate
      Returns:
      random IV byte array
      Throws:
      IllegalArgumentException - if length is negative

    • randomSalt

      public static byte[] randomSalt(int length)
      Generate cryptographically secure random salt 生成密码学安全的随机盐值
      Parameters:
      length - number of bytes to generate
      Returns:
      random salt byte array
      Throws:
      IllegalArgumentException - if length is negative

    • isKeyStrengthSufficient

      public static boolean isKeyStrengthSufficient(SecretKey key, int minBits)
      Check if secret key has sufficient strength 检查密钥是否具有足够的强度
      Parameters:
      key - secret key to check
      minBits - minimum required key length in bits
      Returns:
      true if key strength is sufficient
      Throws:
      IllegalArgumentException - if key is null or minBits is negative

    • isKeyPairStrengthSufficient

      public static boolean isKeyPairStrengthSufficient(KeyPair keyPair, int minBits)
      Check if key pair has sufficient strength 检查密钥对是否具有足够的强度
      Parameters:
      keyPair - key pair to check
      minBits - minimum required key length in bits
      Returns:
      true if key pair strength is sufficient
      Throws:
      IllegalArgumentException - if keyPair is null or minBits is negative

    • isAlgorithmAvailable

      public static boolean isAlgorithmAvailable(String algorithm)
      Check if cryptographic algorithm is available 检查加密算法是否可用
      Parameters:
      algorithm - algorithm name to check
      Returns:
      true if algorithm is available
      Throws:
      IllegalArgumentException - if algorithm is null or empty

    • getAvailableAlgorithms

      public static Set<String> getAvailableAlgorithms(String type)
      Get all available algorithms of specified type 获取指定类型的所有可用算法
      Parameters:
      type - algorithm type (e.g., "Cipher", "MessageDigest", "Mac", "KeyGenerator", "Signature")
      Returns:
      set of available algorithm names
      Throws:
      IllegalArgumentException - if type is null or empty