org.openmrs.util

Class Security

java.lang.Object

org.openmrs.util.Security

public class Security
extends Object

OpenMRS's security class deals with the hashing of passwords.

Method Summary

Modifier and Type	Method and Description
static String	decrypt(String text) Deprecated. As of version 2.4.0, this method is not referenced in openmrs-core or any other projects under the GitHub OpenMRS organisation.
static String	decrypt(String text, byte[] initVector, byte[] secretKey) decrypt text to a string with specific initVector and secretKey; rarely used except in testing and where specifically necessary
static String	encodeString(String strToEncode) /** This method will hash strToEncode using the preferred algorithm.
static String	encrypt(String text) Deprecated. As of version 2.4.0, this method is not referenced in openmrs-core or any other projects under the GitHub OpenMRS organisation.
static String	encrypt(String text, byte[] initVector, byte[] secretKey) encrypt text to a string with specific initVector and secretKey; rarely used except in testing and where specifically necessary
static byte[]	generateNewInitVector() generate a new cipher initialization vector; should only be called once in order to not invalidate all encrypted data
static byte[]	generateNewSecretKey() generate a new secret key; should only be called once in order to not invalidate all encrypted data
static String	getRandomToken() This method will generate a random string
static byte[]	getSavedInitVector() retrieve the stored init vector from runtime properties
static byte[]	getSavedSecretKey() retrieve the secret key from runtime properties
static boolean	hashMatches(String hashedPassword, String passwordToHash) Compare the given hash and the given string-to-hash to see if they are equal.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

hashMatches

public static boolean hashMatches(String hashedPassword,
                                  String passwordToHash)

Compare the given hash and the given string-to-hash to see if they are equal. The string-to-hash is usually of the form password + salt.

This should be used so that this class can compare against the new correct hashing algorithm and the old incorrect hashing algorithm.

Parameters:

hashedPassword - a stored password that has been hashed previously

passwordToHash - a string to encode/hash and compare to hashedPassword

Returns:

true/false whether the two are equal

Since:

1.5 Should match strings hashed with incorrect sha1 algorithm Should match strings hashed with sha1 algorithm Should match strings hashed with sha512 algorithm and 128 characters salt

encodeString

public static String encodeString(String strToEncode)
                           throws APIException

/** This method will hash strToEncode using the preferred algorithm. Currently, OpenMRS's preferred algorithm is hard coded to be SHA-512.

Parameters:

strToEncode - string to encode

Returns:

the SHA-512 encryption of a given string Should encode strings to 128 characters

Throws:

APIException

getRandomToken

public static String getRandomToken()
                             throws APIException

This method will generate a random string

Returns:

a secure random token.

Throws:

APIException

encrypt

public static String encrypt(String text,
                             byte[] initVector,
                             byte[] secretKey)

encrypt text to a string with specific initVector and secretKey; rarely used except in testing and where specifically necessary

Parameters:

text - string to be encrypted

initVector - custom init vector byte array

secretKey - custom secret key byte array

Returns:

encrypted text

Since:

1.9

See Also:

encrypt(String)

encrypt

@Deprecated
public static String encrypt(String text)

Deprecated. As of version 2.4.0, this method is not referenced in openmrs-core or any other projects under the GitHub OpenMRS organisation.

encrypt text using stored initVector and securityKey

Parameters:

text - the text to encrypt

Returns:

encrypted text

Since:

1.9 Should encrypt short and long text

decrypt

public static String decrypt(String text,
                             byte[] initVector,
                             byte[] secretKey)

decrypt text to a string with specific initVector and secretKey; rarely used except in testing and where specifically necessary

Parameters:

text - text to be decrypted

initVector - custom init vector byte array

secretKey - custom secret key byte array

Returns:

decrypted text

Since:

1.9

See Also:

decrypt(String)

decrypt

@Deprecated
public static String decrypt(String text)

Deprecated. As of version 2.4.0, this method is not referenced in openmrs-core or any other projects under the GitHub OpenMRS organisation.

decrypt text using stored initVector and securityKey

Parameters:

text - text to be decrypted

Returns:

decrypted text

Since:

1.9 Should decrypt short and long text

getSavedInitVector

public static byte[] getSavedInitVector()

retrieve the stored init vector from runtime properties

Returns:

stored init vector byte array

Since:

1.9

generateNewInitVector

public static byte[] generateNewInitVector()

generate a new cipher initialization vector; should only be called once in order to not invalidate all encrypted data

Returns:

a random array of 16 bytes

Since:

1.9

getSavedSecretKey

public static byte[] getSavedSecretKey()

retrieve the secret key from runtime properties

Returns:

stored secret key byte array

Since:

1.9

generateNewSecretKey

public static byte[] generateNewSecretKey()

generate a new secret key; should only be called once in order to not invalidate all encrypted data

Returns:

generated secret key byte array

Since:

1.9