Package | Description |
---|---|
org.owasp.esapi |
The ESAPI interfaces and
Exception classes model the most
important security functions to enterprise web applications. |
org.owasp.esapi.crypto |
This package contains ESAPI cryptography-related classes used throughout
ESAPI.
|
org.owasp.esapi.reference |
This package contains reference implementations of the ESAPI interfaces.
|
org.owasp.esapi.reference.crypto |
This package contains the reference implementation for some of
the ESAPI cryptography-related classes used throughout ESAPI.
|
Modifier and Type | Method and Description |
---|---|
void |
User.changePassword(String oldPassword,
String newPassword1,
String newPassword2)
Sets the user's password, performing a verification of the user's old password, the equality of the two new
passwords, and the strength of the new password.
|
PlainText |
Encryptor.decrypt(CipherText ciphertext)
Decrypts the provided
CipherText using the information from it
and the master encryption key as specified by the property
Encryptor.MasterKey as defined in the ESAPI.properties
file. |
PlainText |
Encryptor.decrypt(SecretKey key,
CipherText ciphertext)
Decrypts the provided
CipherText using the information from it
and the specified secret key. |
Map<String,String> |
HTTPUtilities.decryptQueryString(String encrypted)
Takes an encrypted querystring and returns a Map containing the original parameters.
|
Map<String,String> |
HTTPUtilities.decryptStateFromCookie()
Calls decryptStateFromCookie with the *current* request.
|
Map<String,String> |
HTTPUtilities.decryptStateFromCookie(javax.servlet.http.HttpServletRequest request)
Retrieves a map of data from a cookie encrypted with encryptStateInCookie().
|
CipherText |
Encryptor.encrypt(PlainText plaintext)
Encrypts the provided plaintext bytes using the cipher transformation
specified by the property
Encryptor.CipherTransformation
and the master encryption key as specified by the property
Encryptor.MasterKey as defined in the ESAPI.properties file. |
CipherText |
Encryptor.encrypt(SecretKey key,
PlainText plaintext)
Encrypts the provided plaintext bytes using the cipher transformation
specified by the property
Encryptor.CipherTransformation
as defined in the ESAPI.properties file and the
specified secret key. |
String |
HTTPUtilities.encryptHiddenField(String value)
Encrypts a hidden field value for use in HTML.
|
String |
HTTPUtilities.encryptQueryString(String query)
Takes a querystring (everything after the question mark in the URL) and returns an encrypted string containing the parameters.
|
void |
HTTPUtilities.encryptStateInCookie(javax.servlet.http.HttpServletResponse response,
Map<String,String> cleartext)
Stores a Map of data in an encrypted cookie.
|
void |
HTTPUtilities.encryptStateInCookie(Map<String,String> cleartext)
Calls encryptStateInCookie with the *current* response.
|
String |
EncryptedProperties.getProperty(String key)
Gets the property value from the encrypted store, decrypts it, and
returns the plaintext value to the caller.
|
String |
Randomizer.getRandomGUID()
Generates a random GUID.
|
String |
Encryptor.hash(String plaintext,
String salt)
Returns a string representation of the hash of the provided plaintext and
salt.
|
String |
Encryptor.hash(String plaintext,
String salt,
int iterations)
Returns a string representation of the hash of the provided plaintext and
salt.
|
String |
Authenticator.hashPassword(String password,
String accountName)
Returns a string representation of the hashed password, using the
accountName as the salt.
|
String |
EncryptedProperties.setProperty(String key,
String value)
Encrypts the plaintext property value and stores the ciphertext value
in the encrypted store.
|
String |
Encryptor.sign(String data)
Create a digital signature for the provided data and return it in a
string.
|
String |
Encryptor.unseal(String seal)
Unseals data (created with the seal method) and throws an exception
describing any of the various problems that could exist with a seal, such
as an invalid seal format, expired timestamp, or decryption error.
|
boolean |
User.verifyPassword(String password)
Verify that the supplied password matches the password for this user.
|
Modifier and Type | Method and Description |
---|---|
byte[] |
CipherText.asPortableSerializedByteArray()
Return this
CipherText object as a portable (i.e., network byte
ordered) serialized byte array. |
SecretKey |
KeyDerivationFunction.computeDerivedKey(SecretKey keyDerivationKey,
int keySize,
String purpose)
The method is ESAPI's Key Derivation Function (KDF) that computes a
derived key from the
keyDerivationKey for either
encryption / decryption or for authentication. |
static SecretKey |
CryptoHelper.computeDerivedKey(SecretKey keyDerivationKey,
int keySize,
String purpose)
Deprecated.
Use same method in
KeyDerivationFunction instead. This method will be removed as of
ESAPI release 2.3 so if you are using this, please CHANGE YOUR CODE. Note that the replacement
is not a static method, so create your own wrapper if you wish, but this will soon disappear. |
static CipherText |
CipherText.fromPortableSerializedBytes(byte[] bytes)
Create a
CipherText object from what is supposed to be a
portable serialized byte array, given in network byte order, that
represents a valid, previously serialized CipherText object
using CipherText.asPortableSerializedByteArray() . |
static SecretKey |
CryptoHelper.generateSecretKey(String alg,
int keySize)
Generate a random secret key appropriate to the specified cipher algorithm
and key size.
|
String |
CryptoToken.getToken()
Return the new encrypted token as a base64-encoded string, encrypted with
the specified
SecretKey with which this object was constructed. |
String |
CryptoToken.getToken(SecretKey skey)
Return the new encrypted token as a base64-encoded string, encrypted with
the specified
SecretKey which may be a different key than what the
token was originally encrypted with. |
void |
CipherText.setCiphertext(byte[] ciphertext)
Set the raw ciphertext.
|
void |
CipherText.setIVandCiphertext(byte[] iv,
byte[] ciphertext)
Set the IV and raw ciphertext.
|
String |
CryptoToken.updateToken(int additionalSecs)
Update the (current) expiration time by adding the specified number of
seconds to it and then re-encrypting with the current
SecretKey
that was used to construct this object. |
Constructor and Description |
---|
CipherText(CipherSpec cipherSpec,
byte[] cipherText)
Construct from a
CipherSpec object and the raw ciphertext. |
CipherTextSerializer(byte[] cipherTextSerializedBytes)
Given byte array in network byte order (i.e., big-endian order), convert
it so that a
CipherText can be constructed from it. |
CryptoToken(SecretKey skey,
String token)
Create cryptographic token using previously encrypted token that was
encrypted with specified secret key.
|
CryptoToken(String token)
Create using previously encrypted token encrypted with default secret
key from ESAPI.properties.
|
Modifier and Type | Method and Description |
---|---|
void |
DefaultUser.changePassword(String oldPassword,
String newPassword1,
String newPassword2)
Sets the user's password, performing a verification of the user's old password, the equality of the two new
passwords, and the strength of the new password.
|
Map<String,String> |
DefaultHTTPUtilities.decryptQueryString(String encrypted)
Takes an encrypted querystring and returns a Map containing the original parameters.
|
Map<String,String> |
DefaultHTTPUtilities.decryptStateFromCookie()
Calls decryptStateFromCookie with the *current* request.
|
Map<String,String> |
DefaultHTTPUtilities.decryptStateFromCookie(javax.servlet.http.HttpServletRequest request)
Retrieves a map of data from a cookie encrypted with encryptStateInCookie().
|
String |
DefaultHTTPUtilities.encryptHiddenField(String value)
Encrypts a hidden field value for use in HTML.
|
String |
DefaultHTTPUtilities.encryptQueryString(String query)
Takes a querystring (everything after the question mark in the URL) and returns an encrypted string containing the parameters.
|
void |
DefaultHTTPUtilities.encryptStateInCookie(javax.servlet.http.HttpServletResponse response,
Map<String,String> cleartext)
Stores a Map of data in an encrypted cookie.
|
void |
DefaultHTTPUtilities.encryptStateInCookie(Map<String,String> cleartext)
Calls encryptStateInCookie with the *current* response.
|
String |
DefaultRandomizer.getRandomGUID()
Generates a random GUID.
|
String |
FileBasedAuthenticator.hashPassword(String password,
String accountName)
Returns a string representation of the hashed password, using the
accountName as the salt.
|
Modifier and Type | Method and Description |
---|---|
PlainText |
JavaEncryptor.decrypt(CipherText ciphertext)
Decrypts the provided
CipherText using the information from it
and the master encryption key as specified by the property
Encryptor.MasterKey as defined in the ESAPI.properties
file. |
PlainText |
JavaEncryptor.decrypt(SecretKey key,
CipherText ciphertext)
Decrypts the provided
CipherText using the information from it
and the specified secret key. |
CipherText |
JavaEncryptor.encrypt(PlainText plaintext)
Encrypts the provided plaintext bytes using the cipher transformation
specified by the property
Encryptor.CipherTransformation
and the master encryption key as specified by the property
Encryptor.MasterKey as defined in the ESAPI.properties file. |
CipherText |
JavaEncryptor.encrypt(SecretKey key,
PlainText plain)
Encrypts the provided plaintext bytes using the cipher transformation
specified by the property
Encryptor.CipherTransformation
as defined in the ESAPI.properties file and the
specified secret key. |
static Encryptor |
JavaEncryptor.getInstance() |
String |
DefaultEncryptedProperties.getProperty(String key)
Gets the property value from the encrypted store, decrypts it, and
returns the plaintext value to the caller.
|
String |
JavaEncryptor.hash(String plaintext,
String salt)
Returns a string representation of the hash of the provided plaintext and
salt.
|
String |
JavaEncryptor.hash(String plaintext,
String salt,
int iterations)
Returns a string representation of the hash of the provided plaintext and
salt.
|
String |
DefaultEncryptedProperties.setProperty(String key,
String value)
Encrypts the plaintext property value and stores the ciphertext value
in the encrypted store.
|
String |
JavaEncryptor.sign(String data)
Create a digital signature for the provided data and return it in a
string.
|
String |
JavaEncryptor.unseal(String seal)
Unseals data (created with the seal method) and throws an exception
describing any of the various problems that could exist with a seal, such
as an invalid seal format, expired timestamp, or decryption error.
|
Copyright © 2022 The Open Web Application Security Project (OWASP). All rights reserved.