org.openmrs.util

Class Security

java.lang.Object

org.openmrs.util.Security

public class Security
extends java.lang.Object

OpenMRS's security class deals with the hashing of passwords.

Field Summary

Fields

Modifier and Type	Field and Description
static org.apache.commons.logging.Log	log encryption settings

Constructor Summary

Constructors

Constructor and Description
Security()

Method Summary

Modifier and Type	Method and Description
static java.lang.String	decrypt(java.lang.String text) decrypt text using stored initVector and securityKey
static java.lang.String	decrypt(java.lang.String text, byte[] initVector, byte[] secretKey) decrypt text to a string with specific initVector and secretKey; rarely used except in testing and where specifically necessary
static java.lang.String	encodeString(java.lang.String strToEncode) This method will hash strToEncode using the preferred algorithm.
static java.lang.String	encrypt(java.lang.String text) encrypt text using stored initVector and securityKey
static java.lang.String	encrypt(java.lang.String text, byte[] initVector, byte[] secretKey) encrypt text to a string with specific initVector and secretKey; rarely used except in testing and where specifically necessary
static byte[]	generateNewInitVector() generate a new cipher initialization vector; should only be called once in order to not invalidate all encrypted data
static byte[]	generateNewSecretKey() generate a new secret key; should only be called once in order to not invalidate all encrypted data
static java.lang.String	getRandomToken() This method will generate a random string
static byte[]	getSavedInitVector() retrieve the stored init vector from runtime properties
static byte[]	getSavedSecretKey() retrieve the secret key from runtime properties
static boolean	hashMatches(java.lang.String hashedPassword, java.lang.String passwordToHash) Compare the given hash and the given string-to-hash to see if they are equal.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

log

public static org.apache.commons.logging.Log log

encryption settings

Constructor Detail

Security

public Security()

Method Detail

hashMatches

public static boolean hashMatches(java.lang.String hashedPassword,
                                  java.lang.String passwordToHash)

Compare the given hash and the given string-to-hash to see if they are equal. The string-to-hash is usually of the form password + salt.

This should be used so that this class can compare against the new correct hashing algorithm and the old incorrect hashin algorithm.

Parameters:

hashedPassword - a stored password that has been hashed previously

passwordToHash - a string to encode/hash and compare to hashedPassword

Returns:

true/false whether the two are equal

Since:

1.5

encodeString

public static java.lang.String encodeString(java.lang.String strToEncode)
                                     throws APIException

This method will hash strToEncode using the preferred algorithm. Currently, OpenMRS's preferred algorithm is hard coded to be SHA-512.

Parameters:

strToEncode - string to encode

Returns:

the SHA-512 encryption of a given string

Throws:

APIException

getRandomToken

public static java.lang.String getRandomToken()
                                       throws APIException

This method will generate a random string

Returns:

a secure random token.

Throws:

APIException

encrypt

public static java.lang.String encrypt(java.lang.String text,
                                       byte[] initVector,
                                       byte[] secretKey)

encrypt text to a string with specific initVector and secretKey; rarely used except in testing and where specifically necessary

Parameters:

text - string to be encrypted

initVector - custom init vector byte array

secretKey - custom secret key byte array

Returns:

encrypted text

Since:

1.9

See Also:

encrypt(String)

encrypt

public static java.lang.String encrypt(java.lang.String text)

encrypt text using stored initVector and securityKey

Parameters:

text -

Returns:

encrypted text

Since:

1.9

decrypt

public static java.lang.String decrypt(java.lang.String text,
                                       byte[] initVector,
                                       byte[] secretKey)

decrypt text to a string with specific initVector and secretKey; rarely used except in testing and where specifically necessary

Parameters:

text - text to be decrypted

initVector - custom init vector byte array

secretKey - custom secret key byte array

Returns:

decrypted text

Since:

1.9

See Also:

decrypt(String)

decrypt

public static java.lang.String decrypt(java.lang.String text)

decrypt text using stored initVector and securityKey

Parameters:

text - text to be decrypted

Returns:

decrypted text

Since:

1.9

getSavedInitVector

public static byte[] getSavedInitVector()

retrieve the stored init vector from runtime properties

Returns:

stored init vector byte array

Since:

1.9

generateNewInitVector

public static byte[] generateNewInitVector()

generate a new cipher initialization vector; should only be called once in order to not invalidate all encrypted data

Returns:

a random array of 16 bytes

Since:

1.9

getSavedSecretKey

public static byte[] getSavedSecretKey()

retrieve the secret key from runtime properties

Returns:

stored secret key byte array

Since:

1.9

generateNewSecretKey

public static byte[] generateNewSecretKey()

generate a new secret key; should only be called once in order to not invalidate all encrypted data

Returns:

generated secret key byte array

Since:

1.9