|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.owasp.esapi.crypto.SecurityProviderLoader
public class SecurityProviderLoader
This class provides a generic static method that loads a
java.security.Provider
either by some generic name
(i.e., Provider.getName()
) or by a fully-qualified class name.
It is intended to be called dynamically by an application to add a
specific JCE provider at runtime.
If the ESAPI.properties
file has a the property
ESAPI.PreferredJCEProvider
defined to either a recognized
JCE provider (see below for list) or a fully qualified path name of
that JCE provider's Provider
class, then the reference implementation
of ESAPI cryptography (org.owasp.esapi.reference.crypto.JavaEncryptor
)
tries to load this specified JCE provider via
insertProviderAt(String,int)
.
Constructor Summary | |
---|---|
SecurityProviderLoader()
|
Method Summary | |
---|---|
static int |
insertProviderAt(String algProvider,
int pos)
This methods adds a provider to the SecurityManager
either by some generic name or by the class name. |
static int |
loadESAPIPreferredJCEProvider()
Load the preferred JCE provider for ESAPI based on the ESAPI.properties property Encryptor.PreferredJCEProvider . |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public SecurityProviderLoader()
Method Detail |
---|
public static int insertProviderAt(String algProvider, int pos) throws NoSuchProviderException
SecurityManager
either by some generic name or by the class name.
The following generic JCE provider names are built-in:
ESAPI.properties
property Encryptor.cipher_modes.combined_modes
for details.)
For those working in the U.S. federal government, it should be noted that none of the providers listed here are considered validated by NIST's Cryptographic Module Validation Program and are therefore not considered FIPS 140-2 compliant. There are a few approved JCE compatible Java libraries that are on NIST's CMVP list, but this list changes constantly so they are not listed here. For further details on NIST's CMVP, see "http://csrc.nist.gov/groups/STM/cmvp/index.html".
Finally, if you wish to use some other JCE provider not recognized above, you must specify the provider's fully-qualified class name (which in turn must have a public, no argument constructor).
The application must be given the SecurityPermission
with a
value of insertProvider.<provider_name>
(where
<provider_name> is the name of the algorithm provider if
a security manager is installed.
algProvider
- Name of the JCE algorithm provider. If the name
contains a ".", this is interpreted as the name
of a java.security.Provider
class name.pos
- The preference position (starting at 1) that the
caller would like for this provider. If you wish
for it to be installed as the last provider
(as of the time of this call), set pos
to -1.
NoSuchProviderException
- - thrown if the provider class
could not be loaded or added to the SecurityManager
or
any other reason for failure.public static int loadESAPIPreferredJCEProvider() throws NoSuchProviderException
Encryptor.PreferredJCEProvider
. If this property is null
(i.e., unset) or set to an empty string, then no JCE provider is inserted
at the "preferred" position and thus the Java VM continues to use whatever
the default it was using for this (generally specified in the file
$JAVA_HOME/jre/security/java.security
).
Encryptor.PreferredJCEProvider
was not set
or set to an empty string, i.e., if the application has no
preferred JCE provider.
NoSuchProviderException
- - thrown if the provider class
could not be loaded or added to the SecurityManager
or
any other reason for failure.
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |