Initial Commit

Author: pointgenesis

.classpath

@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+	<classpathentry kind="src" output="target/classes" path="src/main/java">
+		<attributes>
+			<attribute name="optional" value="true"/>
+			<attribute name="maven.pomderived" value="true"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry kind="src" output="target/test-classes" path="src/test/java">
+		<attributes>
+			<attribute name="optional" value="true"/>
+			<attribute name="maven.pomderived" value="true"/>
+			<attribute name="test" value="true"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.5">
+		<attributes>
+			<attribute name="maven.pomderived" value="true"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry kind="con" path="org.eclipse.m2e.MAVEN2_CLASSPATH_CONTAINER">
+		<attributes>
+			<attribute name="maven.pomderived" value="true"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry kind="output" path="target/classes"/>
+</classpath>

.project

@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+	<name>securehash</name>
+	<comment></comment>
+	<projects>
+	</projects>
+	<buildSpec>
+		<buildCommand>
+			<name>org.eclipse.jdt.core.javabuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.eclipse.m2e.core.maven2Builder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+	</buildSpec>
+	<natures>
+		<nature>org.eclipse.jdt.core.javanature</nature>
+		<nature>org.eclipse.m2e.core.maven2Nature</nature>
+	</natures>
+</projectDescription>

.settings/org.eclipse.core.resources.prefs

@@ -0,0 +1,4 @@
+eclipse.preferences.version=1
+encoding//src/main/java=UTF-8
+encoding//src/test/java=UTF-8
+encoding/<project>=UTF-8

.settings/org.eclipse.jdt.core.prefs

@@ -0,0 +1,2 @@
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning

.settings/org.eclipse.m2e.core.prefs

@@ -0,0 +1,4 @@
+activeProfiles=
+eclipse.preferences.version=1
+resolveWorkspaceProjects=true
+version=1

pom.xml

@@ -0,0 +1,49 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+	<modelVersion>4.0.0</modelVersion>
+
+	<groupId>io.pointgenesis.utilities</groupId>
+	<artifactId>securehash</artifactId>
+	<version>1.0.0.1</version>
+	<packaging>jar</packaging>
+
+	<name>securehash</name>
+	<url>http://maven.apache.org</url>
+
+	<properties>
+		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+		<maven.compiler.target>1.8</maven.compiler.target>
+		<maven.compiler.source>1.8</maven.compiler.source>
+		<junit.version>4.12</junit.version>
+		<log4j2.version>2.12.1</log4j2.version>
+		<jaxb.api.version>2.3.1</jaxb.api.version>
+	</properties>
+
+	<dependencies>
+		<dependency>
+			<groupId>junit</groupId>
+			<artifactId>junit</artifactId>
+			<version>${junit.version}</version>
+			<scope>test</scope>
+		</dependency>
+		<!-- https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-core -->
+		<dependency>
+			<groupId>org.apache.logging.log4j</groupId>
+			<artifactId>log4j-core</artifactId>
+			<version>${log4j2.version}</version>
+		</dependency>
+		<!-- https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-api -->
+		<dependency>
+			<groupId>org.apache.logging.log4j</groupId>
+			<artifactId>log4j-api</artifactId>
+			<version>${log4j2.version}</version>
+		</dependency>
+		<!-- https://mvnrepository.com/artifact/javax.xml.bind/jaxb-api -->
+		<dependency>
+			<groupId>javax.xml.bind</groupId>
+			<artifactId>jaxb-api</artifactId>
+			<version>${jaxb.api.version}</version>
+		</dependency>
+	</dependencies>
+</project>

src/main/java/io/pointgenesis/utilities/security/hash/FastHash.java

@@ -0,0 +1,126 @@
+package io.pointgenesis.utilities.security.hash;
+
+import java.nio.charset.StandardCharsets;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+
+import javax.xml.bind.DatatypeConverter;
+
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+
+/**
+ * A one-way hash generator for the SHA-2 family of algorithms. The preferred hash mechanism is
+ * shown in SecureHash.java. The fast hash methodology is provided for comparison only.
+ * 
+ * <ul>
+ * <li>SHA-224</li>
+ * <li>SHA-256</li>
+ * <li>SHA-384</li>
+ * <li>SHA-512</li>
+ * <li>SHA-512/224</li>
+ * <li>SHA-512/256</li>
+ * </ul>
+ * 
+ * References:
+ * [1] https://en.wikipedia.org/wiki/Secure_Hash_Algorithms
+ * [2] https://www.mkyong.com/java/java-sha-hashing-example
+ * [3] https://stackoverflow.com/questions/33085493/hash-a-password-with-sha-512-in-java
+ * 
+ * @author Travis L. Steinmetz
+ *
+ * Copyright 2019 Point Genesis Solutions, LLC
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+public class FastHash {
+	private static final Logger log = LogManager.getLogger();
+	
+	/** Marked private to prevent unwanted instantiation. **/
+	private FastHash() {
+	}
+
+	/**
+	 * Generates a one-way hash from the given parameters.
+	 * 
+	 * @param value the clear-text value to hash.
+	 * @param salt the salt to apply while generating the hash. 
+	 * 
+	 * @return the hashed representation of {@code}value + "." + {@code}salt.
+	 */
+	public static String getHash(final String value, final String salt) {
+		String DEFAULT_HASH_ALGORITHM = "SHA-512";
+		return getHash(value, salt, DEFAULT_HASH_ALGORITHM);
+	}
+	
+	/**
+	 * Generates a one-way hash from the given parameters.
+	 * 
+	 * @param value the clear-text value to hash.
+	 * @param salt the salt to apply while generating the hash. 
+	 * @param algorithm the SHA-2 algorithm that will be used to generate the hash.
+	 * 
+	 * @return the hashed representation of {@code}value + "." + {@code}salt.
+	 */
+	public static String getHash(final String value, final String salt, final String algorithm) {
+		byte[] bytes = null;
+		
+		try {
+			MessageDigest md = MessageDigest.getInstance(algorithm);
+			md.update(DatatypeConverter.parseHexBinary(salt));
+			
+			bytes = md.digest(value.getBytes(StandardCharsets.UTF_8));
+			log.debug("hashed value: {}", DatatypeConverter.printHexBinary(bytes));
+		} catch (NoSuchAlgorithmException e) {
+			String valueAsHex = null;
+			if (value != null) {
+				valueAsHex = DatatypeConverter.printHexBinary(value.getBytes(StandardCharsets.UTF_8));
+			}
+			log.error("Error encountered while generating hash. value: {} | salt: {} | algorithm: {}", valueAsHex, salt, algorithm);
+			throw new IllegalArgumentException("Error encountered while generating hash");
+		}
+		
+		return DatatypeConverter.printHexBinary(bytes) + "." + salt;
+	}
+	
+	/**
+	 * Compares a previously hashed value to another value that is hashed with the same
+	 * salt value as the previously hashed value. If the resulting hash values are equal, 
+	 * then the provided input matches the previously pre-hashed value.
+	 * 
+	 * @param rawValue the plain-text value to hash and compare against a previously hashed value.
+	 * @param hashedValueAndSalt the previously hashed value and the salt used in the hash operation.
+	 * 
+	 * @return true if the hashed values are equal, otherwise false.
+	 */
+	public static boolean compare(String rawValue, String hashedValueAndSalt) {
+		String[] values = hashedValueAndSalt.split("\\.");
+		
+		if (values.length != 2) {
+			log.error("Expected exactly two tokens. But found {} tokens in hashedValueAndSalt: {}.", values.length, hashedValueAndSalt);
+			throw new IllegalArgumentException("Incorrect number of tokens found in \"hashedValueAndSalt\" value.");
+		}
+		
+		String hashedValue = values[0];
+		String saltValue = values[1];
+		
+		String generatedHashAndSalt = getHash(rawValue, saltValue);
+		
+		String[] generatedValues = generatedHashAndSalt.split("\\.");
+		String generatedHash = generatedValues[0];
+		
+		log.debug("Generated hash: {}", generatedHash);
+		
+		return hashedValue.contentEquals(generatedHash);
+	}
+}

src/main/java/io/pointgenesis/utilities/security/hash/SecureHash.java

@@ -0,0 +1,148 @@
+package io.pointgenesis.utilities.security.hash;
+
+import java.security.NoSuchAlgorithmException;
+import java.security.spec.InvalidKeySpecException;
+
+import javax.crypto.SecretKey;
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.PBEKeySpec;
+import javax.xml.bind.DatatypeConverter;
+
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+
+/**
+ * Generates a hash following the OWASP recommended practices for password hashing.
+ * 
+ * References:
+ * 
+ * [1] https://www.owasp.org/index.php/Hashing_Java
+ * 
+ * @author Travis L. Steinmetz
+ *
+ * Copyright 2019 Point Genesis Solutions, LLC
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+public class SecureHash {
+	private static final Logger log = LogManager.getLogger();
+	
+	/** Marked private to prevent outside instantiation. **/
+	private SecureHash() {
+	}
+
+	/**
+	 * Generates a one-way hash from the given inputs.
+	 * 
+	 * @param value the clear text value to transform.
+	 * @param salt the salt value to apply while hashing {@code}value.
+	 * 
+	 * @return the hashed representation of {@code}value.
+	 */
+	public static String getHash(final String value, final String salt) {
+		int DEFAULT_ITERATIONS = 65536;
+		return getHash(value, salt, DEFAULT_ITERATIONS);
+	}
+	
+	/**
+	 * Generates a one-way hash from the given inputs.
+	 * 
+	 * @param value the clear text value to transform.
+	 * @param salt the salt value to apply while hashing {@code}value.
+	 * @param iterations the number of hash iterations to execute against {@code}value.
+	 * 
+	 * @return the hashed representation of {@code}value.
+	 */
+	public static String getHash(final String value, final String salt, final int iterations) {
+		int DEFAULT_LENGTH = 256;
+		return getHash(value, salt, iterations, DEFAULT_LENGTH);
+	}
+	
+	/**
+	 * Generates a one-way hash from the given inputs.
+	 * 
+	 * @param value the clear text value to transform.
+	 * @param salt the salt value to apply while hashing {@code}value.
+	 * @param iterations the number of hash iterations to execute against {@code}value.
+	 * @param length the key length.
+	 * 
+	 * @return the hashed representation of {@code}value.
+	 */
+	public static String getHash(
+			final String value, final String salt, 
+			final int iterations, final int length) {
+		String DEFAULT_ALGORITHM = "PBKDF2WithHmacSHA512";
+		return getHash(value, salt, iterations, length, DEFAULT_ALGORITHM);
+	}
+	
+	/**
+	 * Generates a one-way hash from the given inputs.
+	 * 
+	 * @param value the clear text value to transform.
+	 * @param salt the salt value to apply while hashing {@code}value.
+	 * @param iterations the number of hash iterations to execute against {@code}value.
+	 * @param length the key length.
+	 * @param algorithm the algorithm used in the hash generation.
+	 * 
+	 * @return the hashed representation of {@code}value.
+	 */
+	public static String getHash(
+			final String value, final String salt, 
+			final int iterations, final int length, final String algorithm) {
+		boolean isValidInput = true;
+		
+		if (value == null || value.isEmpty()) {
+			isValidInput = false;
+			log.error("\"value\" cannot be null or empty.");
+		}
+		
+		if (salt == null || salt.isEmpty()) {
+			isValidInput = false;
+			log.error("\"salt\" cannot be null or empty.");
+		}
+		
+		if (algorithm == null || algorithm.isEmpty()) {
+			isValidInput = false;
+			log.error("\"algorithm\" cannot be null or empty.");
+		}
+		
+		try {
+			if (isValidInput == false) {
+				throw new IllegalArgumentException("One or more inputs do not conform to the expected format.");
+			}
+			
+			SecretKeyFactory skf = SecretKeyFactory.getInstance(algorithm);
+			PBEKeySpec spec = new PBEKeySpec(value.toCharArray(), DatatypeConverter.parseHexBinary(salt), iterations, length);
+			SecretKey key = skf.generateSecret(spec);
+			
+			return DatatypeConverter.printHexBinary(key.getEncoded());
+		} catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
+			String valueAsString = null;
+			if (value != null) {
+				valueAsString = new String(value);
+				try {
+					/*Obfuscate the value passed into the method for security purposes.*/
+					valueAsString = DatatypeConverter.printHexBinary(valueAsString.getBytes());
+				} catch (Exception ex) {
+					log.warn("Unable to convert given \"value\" to hex binary format.");
+				}
+			}
+			log.error(
+					"Unable to compute hash of the following inputs -> value: {} | salt: {} | iterations: {} | length: {} | algorithm: {}",
+					valueAsString, salt, iterations, length, algorithm);
+			throw new IllegalArgumentException("Unable to generate a hash using the provided inputs.", e);
+		}
+	}
+	
+}