From d6a592e10da7f6fc347bb3355f70e89ef2c1b08d Mon Sep 17 00:00:00 2001 From: Robinson Date: Fri, 13 Jan 2023 00:50:32 +0100 Subject: [PATCH] Added ability to check if crypto restrictions are in place --- src/dorkbox/util/crypto/Crypto.java | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/src/dorkbox/util/crypto/Crypto.java b/src/dorkbox/util/crypto/Crypto.java index 67aac23..c3ec0ff 100644 --- a/src/dorkbox/util/crypto/Crypto.java +++ b/src/dorkbox/util/crypto/Crypto.java @@ -22,6 +22,7 @@ import java.io.IOException; import java.io.InputStream; import java.nio.ByteBuffer; import java.nio.charset.StandardCharsets; +import java.security.NoSuchAlgorithmException; import java.security.Provider; import java.security.Security; import java.util.Arrays; @@ -29,6 +30,8 @@ import java.util.Enumeration; import java.util.jar.JarEntry; import java.util.jar.JarFile; +import javax.crypto.Cipher; + import org.bouncycastle.crypto.Digest; import org.bouncycastle.crypto.PBEParametersGenerator; import org.bouncycastle.crypto.digests.MD5Digest; @@ -84,6 +87,21 @@ class Crypto { } } + /** + * Determines if cryptography restrictions apply. + * Restrictions apply if the value of {@link Cipher#getMaxAllowedKeyLength(String)} returns a value smaller than {@link Integer#MAX_VALUE} if there are any restrictions according to the JavaDoc of the method. + * This method is used with the transform "AES/CBC/PKCS5Padding" as this is an often used algorithm that is an implementation requirement for Java SE. + * + * @return true if restrictions apply, false otherwise + */ + public static boolean restrictedCryptography() { + try { + return Cipher.getMaxAllowedKeyLength("AES/CBC/PKCS5Padding") < Integer.MAX_VALUE; + } catch (final NoSuchAlgorithmException e) { + throw new IllegalStateException("The transform \"AES/CBC/PKCS5Padding\" is not available (the availability of this algorithm is mandatory for Java SE implementations)", e); + } + } + public static byte[] hashFileMD5(File file) {