Package com.iplanet.services.util

Class Crypt

  • public class Crypt
extends Object
    The class Crypt provides generic methods to encryt and decrypt data. This class provides a pluggable architecture to encrypt and decrypt data, using the AMEncryption interface class. A class that implements AMEncryption must be specified via the system property: com.iplanet.security.encryptor. If none is provided, the default provided by iDSAME com.iplanet.services.util.JCEEncryption will be used.

    Additionally, it provides a method to check if the calling class has permission to call these methods. To enable the additional security, the property com.sun.identity.security.checkcaller must be set to true.

    • Constructor Detail

      • Crypt

        public Crypt()

    • Method Detail

      • reinitialize

        public static void reinitialize()

      • checkCaller

        public static boolean checkCaller()
        Check to see if security is enabled and Caller needs to be checked for OpenAM specific Java security permissions
        Returns:
        boolean true if security check enabled, false otherwise

      • getHardcodedKeyEncryptor

        public static AMEncryption getHardcodedKeyEncryptor()
        This is a temporary kludge which always returns an instance of AMEncryption using hardcoded key It is necessary for backward compatibility with 2.0 Java agents This method is to be ONLY used by Session module for session id generation.

      • getEncryptor

        public static AMEncryption getEncryptor()
        Return AMEncryption instance for deployment-specific secret key

      • encrypt

        public static String encrypt​(String clearText)

        Encrypt a String.

        Parameters:
        clearText - The string to be encoded.
        Returns:
        The encoded string.

      • encryptLocal

        public static String encryptLocal​(String clearText)

        Encrypt a String using the client's encryption key

        Parameters:
        clearText - The string to be encoded.
        Returns:
        The encoded string.

      • decrypt

        public static String decrypt​(String encoded)

        Decrypt a String.

        Parameters:
        encoded - The string to be decoded.
        Returns:
        The decoded string.

      • decryptLocal

        public static String decryptLocal​(String encoded)

        Decrypt a String using client's encryption key

        Parameters:
        encoded - The string to be decoded.
        Returns:
        The decoded string.

      • encode

        public static String encode​(String clearText,
                            AMEncryption encr)

        Encode a String.

        Parameters:
        clearText - The string to be encoded.
        encr - instance of AMEncryption to use
        Returns:
        The encoded string.

      • encode

        public static String encode​(String clearText)

        Encode a String.

        Parameters:
        clearText - The string to be encoded.
        Returns:
        The encoded string.

      • decode

        public static String decode​(String encoded,
                            AMEncryption encr)
        Decode an encoded string
        Parameters:
        encoded - The encoded string.
        encr - instance of AMEncryption to use
        Returns:
        The decoded string.

      • decode

        public static String decode​(String encoded)
        Decode an encoded string
        Parameters:
        encoded - The encoded string.
        Returns:
        The decoded string.

      • isCallerValid

        protected static boolean isCallerValid()
        Check to determine if the calling class has the privilege to execute sensitive methods which returns passwords, decrypts data, etc. This method uses the stack trace to determine the calling class.

      • isCallerValid

        public static boolean isCallerValid​(Object obj)
        Check to determine if the calling class has the privilege to execute sensitive methods which returns passwords, decrypts data, etc. This method uses the stack trace to determine the calling class.
        Parameters:
        obj - The Java object that is performing this check

      • isCallerValid

        public static boolean isCallerValid​(String className)
        Check to determine if the calling class has the privilege to execute sensitive methods which returns passwords, decrypts data, etc. This method uses the stack trace to determine the calling class.
        Parameters:
        className - fully qualified class name of Object calling this function

      • getParentClass

        protected static String getParentClass​(String callerClass)