Package com.pingidentity.access

Class JCEAccessor

  • public class JCEAccessor
extends Object
    Allows access to the JCE implementation used by PingFederate. There are 3 JCE implementations used by PingFederate, depending upon the configuration.
    They are:
    1. The default SUN implementation.
    2. The Thales Luna implementation, used in conjunction with one of the Thales FIPS compatible devices.
    3. The Entrust nShield Connect (nCipher) implementation.

    • Constructor Detail

      • JCEAccessor

        public JCEAccessor()

    • Method Detail

      • isFIPSCompliant

        public boolean isFIPSCompliant()
        Tells whether PingFederate is configured with an HSM or is operating in BCFIPS mode. The name of this method may be misleading as integration with an HSM for private key storage does not mean that PingFederate is operating in a FIPS-compliant fashion.
        Returns:
        true if PingFederate is configured with an HSM or is operating in BCFIPS mode.

      • allowPrivateKeyExport

        public boolean allowPrivateKeyExport()
        Tells whether it is possible for the JCE manager to export private keys. By default, the SUN implementation allows private keys to be exported. Other implementations may not allow private keys to be exported.
        Returns:
        true if private keys can be exported, false otherwise.

      • getDefaultEncryptionCipher

        @Deprecated
public Cipher getDefaultEncryptionCipher()
        Deprecated.
        No replacement.
        This provides access to the legacy encryption cipher used by PingFederate. If PingFederate is operating in default configuration, this will either be Blowfish for the default JCE manager, or AES for the other JCE manager implementations.
        Returns:
        A Cipher object initialized to use the legacy algorithm and the hard-coded key

      • getDefaultDecryptionCipher

        @Deprecated
public Cipher getDefaultDecryptionCipher()
        Deprecated.
        No replacement.
        Provides access to the legacy decryption cipher used by PingFederate. If PingFederate is operating in default configuration, this will either be Blowfish for the default JCE manager, or AES for the other JCE manager implementations.
        Returns:
        A Cipher object initialized to use the legacy algorithm and the hard-coded key

      • getDefaultSecretKeySpec

        @Deprecated
public SecretKeySpec getDefaultSecretKeySpec()
        Deprecated.
        No replacement.
        Provides a SecretKeySpec object that was initialized using the legacy encryption algorithm and the hard-coded key.
        Returns:
        the SecretKeySpec object.

      • getDefaultAlgorithm

        @Deprecated
public String getDefaultAlgorithm()
        Deprecated.
        No replacement.
        Gets the legacy encryption algorithm as a string. This will either be Blowfish for the default JCE manager, or AES for the other JCE manager implementations.
        Returns:
        Blowfish or AES, depending on which JCE manager implementation is used.

      • obfuscate

        @Deprecated
public byte[] obfuscate​(byte[] clearBytes)
        Deprecated.
        No replacement.
        This method is deprecated.
        Parameters:
        clearBytes - The bytes to obfuscate.
        Returns:
        The obfuscated bytes.

      • unobfuscate

        @Deprecated
public byte[] unobfuscate​(byte[] obfuscatedBytes)
        Deprecated.
        No replacement.
        This method is deprecated.
        Parameters:
        obfuscatedBytes - The obfuscated bytes that need to be unobfuscated.
        Returns:
        The unobfuscated bytes.