digesttool.java

JXTA&#8482 is a set of open, generalized peer-to-peer (P2P) protocols that allow any networked devi

/*
 * Copyright (c) 2001-2007 Sun Microsystems, Inc.  All rights reserved.
 *  
 *  The Sun Project JXTA(TM) Software License
 *  
 *  Redistribution and use in source and binary forms, with or without 
 *  modification, are permitted provided that the following conditions are met:
 *  
 *  1. Redistributions of source code must retain the above copyright notice,
 *     this list of conditions and the following disclaimer.
 *  
 *  2. Redistributions in binary form must reproduce the above copyright notice, 
 *     this list of conditions and the following disclaimer in the documentation 
 *     and/or other materials provided with the distribution.
 *  
 *  3. The end-user documentation included with the redistribution, if any, must 
 *     include the following acknowledgment: "This product includes software 
 *     developed by Sun Microsystems, Inc. for JXTA(TM) technology." 
 *     Alternately, this acknowledgment may appear in the software itself, if 
 *     and wherever such third-party acknowledgments normally appear.
 *  
 *  4. The names "Sun", "Sun Microsystems, Inc.", "JXTA" and "Project JXTA" must 
 *     not be used to endorse or promote products derived from this software 
 *     without prior written permission. For written permission, please contact 
 *     Project JXTA at http://www.jxta.org.
 *  
 *  5. Products derived from this software may not be called "JXTA", nor may 
 *     "JXTA" appear in their name, without prior written permission of Sun.
 *  
 *  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES,
 *  INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND 
 *  FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL SUN 
 *  MICROSYSTEMS OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 
 *  INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 
 *  LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, 
 *  OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 
 *  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 
 *  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, 
 *  EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *  
 *  JXTA is a registered trademark of Sun Microsystems, Inc. in the United 
 *  States and other countries.
 *  
 *  Please see the license information page at :
 *  <http://www.jxta.org/project/www/license.html> for instructions on use of 
 *  the license in source files.
 *  
 *  ====================================================================
 *  
 *  This software consists of voluntary contributions made by many individuals 
 *  on behalf of Project JXTA. For more information on Project JXTA, please see 
 *  http://www.jxta.org.
 *  
 *  This license is based on the BSD license adopted by the Apache Foundation. 
 */

package net.jxta.impl.id.binaryID;


import java.util.logging.Level;
import net.jxta.logging.Logging;
import java.util.logging.Logger;

import java.security.MessageDigest;


/**
 * This is a utility class used to create pipe advertisement named and BinaryID for the pipeID to create
 * a private address space that can be hosted in the public discovery system or sent over unencrypted
 * channeds without revealing their intent or purpose. <p>
 * <p/>
 * We use a one-way hashing algorythum to create an ID from private information like
 * a user's social security number or a user's email address.
 * We search for the pipe by with this private information securly by creating the
 * matching hash using the same methods. <p>
 * <p/>
 * The purpose of this system is to create a way to search
 * for a pipe (or other BinaryID based system) without exposing the
 * pipe owner's clearTextID while allowing for  people that
 * know what they are looking for to find the right pipe. The
 * system also has the ability to create pipes that have a specific purpose.
 * For example, the email address is appended with a function name. Say you
 * have a pipe for messages and one for administrative purposes. You would
 * supply the email and a string for the function. The same combination can be
 * created by another peer to search for either of these pipes. <p>
 * <p/>
 * This implementation uses the "SHA-1" algorythum. This was selected for relitive
 * speed. It is used as a one-way conversion that cannot be reversed engineered to
 * create the original string. This allows you to publish the hash without the
 * possibility of the contents being decoded. This allows for public indexing of
 * data that is only known by the parties involved.<p>
 * <p/>
 * Note that this can also be used to generate safe password verification hash codes.
 * Sample useage:
 * <code>
 * String clearTextID = "turbogeek@cluck.com";
 * String function = "eventPipe";
 * System.out.println("clear text ID: "+clearTextID);
 * System.out.println("function text: "+function);
 * String digest1 = DigestID.generateHashString(clearTextID, function);
 * String digest2 = DigestID.generateHashString(clearTextID);
 * System.out.println("Digest1: '"+digest1+"'");
 * System.out.println("Digest2: '"+digest2+"'");
 * System.out.println("test1: "+DigestID.test(clearTextID, function,digest1));
 * System.out.println("test2: "+DigestID.test(clearTextID, digest2));
 * System.out.println("Digest1 != Digest2: "+DigestID.test(clearTextID, function,digest2));
 * </code><p>
 * <p/>
 * To use an algorythum other than SHA-1, you will need stronger encyption.
 * The BouncyCastle that comes with JXTA is just a minimum implimentation so
 * a good choice is  the normal bouncy castle (it is much larger, nearing a meg,
 * which is why it is not a part of the normal JXTA distribution. The full version
 * of bouncy includes SHA-128, SHA-256, SHA-384, and SHA-512.<p>
 * <p/>
 * Here is how you create a provider from the full version of Bouncy. Once you do this, you can access the extended
 * Digest ecryption levels.
 * <code>
 * provider = new org.bouncycastle.jce.provider.BouncyCastleProvider();
 * System.out.println("provider:"+provider.getName());
 * Security.addProvider(provider);
 * </code><p>
 * Security Note<p>
 * <p/>
 * This class should have all of its fields and properties marked as 'final' to prevent overriding the default behavior.
 * Failure to do so could allow a less scrupulous person to cause the BinaryID or hash codes to contain the original information.
 * Note that the class itself is not final to allow for additional convienience methods to be added. There
 * a no methods for creating ModuleClassBinaryID, ModuleSpecBinaryID, or CodatID because this is meant for general'
 * use, not for extending platform (you can write your own using similar code). <p>
 *
 * @author Daniel Brookshier <a HREF="mailto:turbogeek@cluck.com">turbogeek@cluck.com</a>
 * @version $Revision: 1.9 $
 */
public class DigestTool {
    private final static transient Logger LOG = Logger.getLogger(DigestTool.class.getName());

    /**
     * varaible used for conditional compile of debug printing.
     */
    public static final boolean debug = true;

    /**
     * Defualt SHA-1 digest algorithm type. This is a 20 byte hash function (note: that MD5 is only 16 so we don't use it).
     */
    public static final String SHAOne = "SHA-1";

    /**
     * SHA-128 digest algorithm type. This is a 128 bit hash function (note: must have another provider registered to use).
     */
    public static final String SHA128 = "SHA-128";

    /**
     * SHA-256 digest algorithm type. This is a 256 bit hash function (note: must have another provider registered to use).
     */
    public static final String SHA256 = "SHA-256";

    /**
     * SHA-384 digest algorithm type. This is a 384 bit hash function (note: must have another provider registered to use).
     */
    public static final String SHA384 = "SHA-384";

    /**
     * SHA-512 digest algorithm type. This is a 512 bit hash function (note: must have another provider registered to use).
     */
    public static final String SHA512 = "SHA-512";

    /**
     * Tilde character used to seperate candidate strings from a function.
     */
    public final String functionSeperator = "~";
    String algorithmType;

    public DigestTool() {
        algorithmType = SHAOne;
    }

    public DigestTool(String algorithmType) {
        this.algorithmType = algorithmType;
    }

    /**
     * Create a PipeID based on the BinaryID type with a digest of the clearTextID and function.
     *
     * @param peerGroupID Parent peer group ID.
     * @param clearTextID String used as the significant part of the address
     * @param function    String used to diferentiate different clearTextID addresses (can be null).
     * @return PipeBinaryID with the digest hash of the string: clearTextID+"~"+function.
     */
    public final PipeBinaryID createPipeID(net.jxta.peergroup.PeerGroupID peerGroupID, String clearTextID, String function) {
        byte[] digest = generateHash(clearTextID, function);
        PipeBinaryID pipe = new PipeBinaryID(peerGroupID, digest, false);

        return pipe;
    }

    /**
     * Create a PeerGroupID based on the BinaryID type with a digest of the clearTextID and function.
     *
     * @param parentPeerGroupID Parent peer group ID.
     * @param clearTextID       String used as the significant part of the address
     * @param function          String used to diferentiate different clearTextID addresses (can be null).
     * @return PeerGroupBinaryID with the digest hash of the string: clearTextID+"~"+function.
     */
    public final PeerGroupBinaryID createPeerGroupID(net.jxta.peergroup.PeerGroupID parentPeerGroupID, String clearTextID, String function) {
        byte[] digest = generateHash(clearTextID, function);
        PeerGroupBinaryID peerGroupID = new PeerGroupBinaryID(parentPeerGroupID, digest, false);

        return peerGroupID;
    }