CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl/maven-com-networknt--utility

A comprehensive utility library for Light-4J microservices framework providing string manipulation, networking, I/O, security, and configuration utilities.

Pending
Overview
Eval results
Files

security-cryptography.mddocs/

Security & Cryptography

Security utilities including hash calculation, UUID generation, PKCE (Proof Key for Code Exchange) implementation, and certificate fingerprinting for OAuth and authentication workflows. These utilities provide cryptographically secure operations for microservices security requirements.

Capabilities

Hash Utilities

Comprehensive hashing and UUID generation utilities with support for MD5, PBKDF2 password hashing, and secure UUID generation.

/**
 * Hash calculation utilities (MD5, PBKDF2, UUID generation)
 */
public class HashUtil {
    // UUID generation
    public static String generateUUID();
    
    // MD5 hashing
    public static String md5(String input);
    public static String md5Hex(String message);
    
    // Utility conversion
    public static String hex(byte[] array);
    
    // Password hashing with PBKDF2
    public static String generateStrongPasswordHash(String password) throws NoSuchAlgorithmException, InvalidKeySpecException;
    public static boolean validatePassword(char[] originalPassword, String storedPassword) throws NoSuchAlgorithmException, InvalidKeySpecException;
}

Usage Examples:

import com.networknt.utility.HashUtil;

// UUID generation (Base64 URL-safe)
String uuid = HashUtil.generateUUID(); // "aBcDeFgHiJkLmNoPqRsTuVwXyZ012345"

// MD5 hashing
String hash = HashUtil.md5("hello world");
String hexHash = HashUtil.md5Hex("hello world"); // "5d41402abc4b2a76b9719d911017c592"

// Secure password hashing
String hashedPassword = HashUtil.generateStrongPasswordHash("mySecretPassword");
// Result: "1000:hex_salt:hex_hash" format using PBKDF2

// Password validation
boolean isValid = HashUtil.validatePassword(
    "mySecretPassword".toCharArray(), 
    hashedPassword
); // true

// Byte array to hex conversion
byte[] data = "hello".getBytes();
String hexString = HashUtil.hex(data); // "68656c6c6f"

PKCE (Proof Key for Code Exchange) Utilities

OAuth 2.0 PKCE implementation for secure authorization code flows, commonly used in mobile and single-page applications.

/**
 * PKCE (Proof Key for Code Exchange) implementation for OAuth
 */
public class CodeVerifierUtil {
    // Constants
    public static final String CODE_CHALLENGE_METHOD_S256 = "S256";
    public static final String CODE_CHALLENGE_METHOD_PLAIN = "plain";
    public static final int MIN_CODE_VERIFIER_LENGTH = 43;
    public static final int MAX_CODE_VERIFIER_LENGTH = 128;
    public static final int DEFAULT_CODE_VERIFIER_ENTROPY = 64;
    public static final int MIN_CODE_VERIFIER_ENTROPY = 32;
    public static final int MAX_CODE_VERIFIER_ENTROPY = 96;
    public static final Pattern VALID_CODE_CHALLENGE_PATTERN = Pattern.compile("^[0-9a-zA-Z\\-\\.~_]+$");
    
    // Code verifier generation
    public static String generateRandomCodeVerifier();
    public static String generateRandomCodeVerifier(SecureRandom entropySource, int entropyBytes);
    
    // Challenge derivation
    public static String deriveCodeVerifierChallenge(String codeVerifier);
    public static String getCodeVerifierChallengeMethod();
}

Usage Examples:

import com.networknt.utility.CodeVerifierUtil;
import java.security.SecureRandom;

// Generate PKCE code verifier
String codeVerifier = CodeVerifierUtil.generateRandomCodeVerifier();
// Result: 43-128 character string, e.g., "aBcDeFgHiJkLmNoPqRsTuVwXyZ0123456789aBcDeFgHiJ"

// Generate with custom entropy
SecureRandom random = new SecureRandom();
String customVerifier = CodeVerifierUtil.generateRandomCodeVerifier(random, 32);

// Derive code challenge for OAuth flow
String codeChallenge = CodeVerifierUtil.deriveCodeVerifierChallenge(codeVerifier);
// Result: Base64 URL-encoded SHA256 hash

// Get challenge method
String method = CodeVerifierUtil.getCodeVerifierChallengeMethod(); // "S256"

// Complete OAuth PKCE flow example
String verifier = CodeVerifierUtil.generateRandomCodeVerifier();
String challenge = CodeVerifierUtil.deriveCodeVerifierChallenge(verifier);

// Use in OAuth authorization URL
String authUrl = "https://auth.example.com/oauth/authorize?" +
    "client_id=myapp&" +
    "response_type=code&" +
    "redirect_uri=https://myapp.com/callback&" +
    "code_challenge=" + challenge + "&" +
    "code_challenge_method=" + CodeVerifierUtil.getCodeVerifierChallengeMethod();

// Later, exchange code with verifier
// POST to token endpoint with code_verifier=verifier

Certificate Fingerprinting

Certificate fingerprint calculation for certificate validation and identification.

/**
 * Certificate fingerprint calculation
 */
public class FingerPrintUtil {
    /**
     * Generates SHA-1 fingerprint of certificate
     * @param cert - X.509 certificate
     * @return SHA-1 fingerprint as hex string
     */
    public static String getCertFingerPrint(Certificate cert);
}

Usage Examples:

import com.networknt.utility.FingerPrintUtil;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;

// Get certificate fingerprint
X509Certificate cert = // ... obtain certificate
String fingerprint = FingerPrintUtil.getCertFingerPrint(cert);
// Result: "A1:B2:C3:D4:E5:F6:07:08:09:0A:1B:2C:3D:4E:5F:60:71:82:93:A4"

// Use case: Certificate pinning validation
public boolean validateCertificatePin(Certificate cert, String expectedFingerprint) {
    String actualFingerprint = FingerPrintUtil.getCertFingerPrint(cert);
    return expectedFingerprint.equalsIgnoreCase(actualFingerprint);
}

// Use case: Certificate identification in logs
public void logCertificateInfo(Certificate cert) {
    String fingerprint = FingerPrintUtil.getCertFingerPrint(cert);
    logger.info("Certificate fingerprint: {}", fingerprint);
}

Common Security Patterns

API Authentication Token Generation:

// Generate secure API tokens
String apiToken = HashUtil.generateUUID(); // URL-safe, no special characters
// Store hashed version
String hashedToken = HashUtil.md5Hex(apiToken + "salt");

OAuth 2.0 PKCE Flow:

// Authorization request
String codeVerifier = CodeVerifierUtil.generateRandomCodeVerifier();
String codeChallenge = CodeVerifierUtil.deriveCodeVerifierChallenge(codeVerifier);

// Store codeVerifier securely for token exchange
// Send codeChallenge in authorization URL

// Token exchange (later)
// Use stored codeVerifier in token request

Password Security:

// User registration
String userPassword = "userEnteredPassword";
String hashedPassword = HashUtil.generateStrongPasswordHash(userPassword);
// Store hashedPassword in database

// User login
boolean isValidLogin = HashUtil.validatePassword(
    enteredPassword.toCharArray(),
    storedHashedPassword
);

Certificate Validation:

// Validate certificate against known fingerprints
Set<String> trustedFingerprints = Set.of(
    "A1:B2:C3:D4:E5:F6:07:08:09:0A:1B:2C:3D:4E:5F:60:71:82:93:A4",
    "B2:C3:D4:E5:F6:07:08:09:0A:1B:2C:3D:4E:5F:60:71:82:93:A4:B5"
);

String certFingerprint = FingerPrintUtil.getCertFingerPrint(certificate);
boolean isTrusted = trustedFingerprints.contains(certFingerprint);

Install with Tessl CLI

npx tessl i tessl/maven-com-networknt--utility

docs

configuration-management.md

data-structure-utilities.md

framework-integration.md

index.md

io-file-operations.md

network-operations.md

path-template-matching.md

security-cryptography.md

string-processing.md

time-date-operations.md

tile.json