com.pingidentity.access
Class JCEAccessor

java.lang.Object
  extended by com.pingidentity.access.JCEAccessor

public class JCEAccessor
extends java.lang.Object

Allows access to the JCE implementation used by PingFederate. There are 2 JCE implementations used by PingFederate, depending upon the configuration.
They are: The default SUN implmentation The Luna implementation is used in conjunction with one of the SafeNet FIPS compatible devices.


Constructor Summary
JCEAccessor()
          Default constructor.
 
Method Summary
 boolean allowPrivateKeyExport()
          Tells whether it is possible to export private keys.
 java.lang.String getDefaultAlgorithm()
          Gets the appropriate alorithm as a string.
 javax.crypto.Cipher getDefaultDecryptionCipher()
          Provides access to the default decryption cipher used by PingFederate.
 javax.crypto.Cipher getDefaultEncryptionCipher()
          This provides access to the default encryption cipher used by PingFederate.
 javax.crypto.spec.SecretKeySpec getDefaultSecretKeySpec()
          Provides a SecretKeySpec object that was initialized using SHA1PRNG and the default algorithm.
 boolean inLunaMode()
          Tells whether PF is operating with a SafeNet HSM.
 byte[] obfuscate(byte[] clearBytes)
          Helper method that obfuscates the incoming bytes using getDefaultAlgorithm(), getDefaultSecretKeySpec() and getDefaultEncryptionCipher().
 byte[] unobfuscate(byte[] obfuscatedBytes)
          Helper method that unobfuscates the incoming bytes using getDefaultAlgorithm(), getDefaultSecretKeySpec() and getDefaultDecryptionCipher().
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

JCEAccessor

public JCEAccessor()
Default constructor.

Method Detail

inLunaMode

public boolean inLunaMode()
Tells whether PF is operating with a SafeNet HSM.

Returns:
true if a SafeNet Luna HSM is being used to store certificates & private keys. false otherwise.

allowPrivateKeyExport

public boolean allowPrivateKeyExport()
Tells whether it is possible to export private keys. By default, the SUN implemntation allows private keys to be exported. The SafeNet Luna FIPS implementation does not allow private keys to be exported - under any circumstances.

Returns:
true if private keys can be exported, false otherwise.

getDefaultEncryptionCipher

public javax.crypto.Cipher getDefaultEncryptionCipher()
                                               throws com.pingidentity.common.util.ObfuscationException
This provides access to the default encryption cipher used by PingFederate. If PingFederate is operating in default configuration, this will be the blowfish algorithm. If operating inLunaMode(), then default is "AES".

Returns:
A Cipher object initialized to use the default algorithm.
Throws:
com.pingidentity.common.util.ObfuscationException

getDefaultDecryptionCipher

public javax.crypto.Cipher getDefaultDecryptionCipher()
                                               throws com.pingidentity.common.util.ObfuscationException
Provides access to the default decryption cipher used by PingFederate. If PingFederate is operating in default configuration, this will be the blowfish algorithm. If operating inLunaMode(), then the default is "AES".

Returns:
A Cipher object initialized to use the default algorithm.
Throws:
com.pingidentity.common.util.ObfuscationException

getDefaultSecretKeySpec

public javax.crypto.spec.SecretKeySpec getDefaultSecretKeySpec()
Provides a SecretKeySpec object that was initialized using SHA1PRNG and the default algorithm. The SecretKeySpec is used when creating the appropriate Cipher object.

Returns:
the SecretKeySpec object.

getDefaultAlgorithm

public java.lang.String getDefaultAlgorithm()
Gets the appropriate alorithm as a string. Depending upon the inLunaMode(), this will either be 'Blowfish' for default processing, or 'AES' if PF is operating with a SafeNet Luna HSM.

Returns:
'Blowfish' or 'AES', depending upon whether PingFederate is in luna mode.

obfuscate

public byte[] obfuscate(byte[] clearBytes)
                 throws com.pingidentity.common.util.ObfuscationException
Helper method that obfuscates the incoming bytes using getDefaultAlgorithm(), getDefaultSecretKeySpec() and getDefaultEncryptionCipher().

Parameters:
clearBytes - The bytes to obfuscate using the default algorithm.
Returns:
The obfuscated bytes.
Throws:
com.pingidentity.common.util.ObfuscationException

unobfuscate

public byte[] unobfuscate(byte[] obfuscatedBytes)
                   throws com.pingidentity.common.util.ObfuscationException
Helper method that unobfuscates the incoming bytes using getDefaultAlgorithm(), getDefaultSecretKeySpec() and getDefaultDecryptionCipher().

Parameters:
obfuscatedBytes - The obfuscated bytes that need to be unobfuscated.
Returns:
The unobfuscated bytes.
Throws:
com.pingidentity.common.util.ObfuscationException


Copyright 2007 Ping Identity Corp. All rights reserved.