EncryptionProvider (Atlassian Seraph 0.38.3 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.atlassian.security.auth.trustedapps
Interface EncryptionProvider

All Known Implementing Classes:: BaseEncryptionProvider, BouncyCastleEncryptionProvider

public interface EncryptionProvider

Abstracts out the provision of encryption to the trusted app service. For two applications to communicate effectively, they must use the same encryption provider. In our experience, even using the same algorithms but different providers will cause issues.

This abstraction is mostly used in unit testing, to avoid having to bring up a fully-fledged crypto provider

Method Summary
`EncryptedCertificate`	`createEncryptedCertificate(java.lang.String userName, java.security.PrivateKey privateKey, java.lang.String appId)` Create a new encrypted certificate for transmission to another application
`ApplicationCertificate`	`decodeEncryptedCertificate(EncryptedCertificate encCert, java.security.PublicKey publicKey, java.lang.String appId)` Decode an encrypted certificate to retrieve its ApplicationCertificate
`java.security.KeyPair`	`generateNewKeyPair()` Generate a new public/private key pair for an application
`java.lang.String`	`generateUID()` Generate a unique 32 character String ID.
`Application`	`getApplicationCertificate(java.lang.String baseUrl)` Retrieve the application certificate from some other application, over HTTP.
`java.security.PrivateKey`	`toPrivateKey(byte[] encodedForm)` Convert an encoded private key into a PrivateKey instance
`java.security.PublicKey`	`toPublicKey(byte[] encodedForm)` Convert an encoded public key into a PublicKey instance

Method Detail

getApplicationCertificate

Application getApplicationCertificate(java.lang.String baseUrl)
                                      throws ApplicationRetriever.RetrievalException

Retrieve the application certificate from some other application, over HTTP. Will look for the certificate at ${baseUrl}/admin/appTrustCertificate. TODO: document the exception policy

Parameters:: baseUrl - the base URL of the application to be queried
Returns:: the retrieved application certificate
Throws:: ApplicationRetriever.RetrievalException - if there are problems with the certificate retrieved from the remote server or the server cannot be contacted; java.lang.RuntimeException - if there are problems retrieving the certificate from the remote server

generateNewKeyPair

java.security.KeyPair generateNewKeyPair()
                                         throws java.security.NoSuchAlgorithmException,
                                                java.security.NoSuchProviderException

Generate a new public/private key pair for an application

Returns:: a new public/private key pair
Throws:: java.security.NoSuchAlgorithmException - if the algorithm to generate the keypair is not available; java.security.NoSuchProviderException - if no appropriate cryptographic provider is available

generateUID

java.lang.String generateUID()

Generate a unique 32 character String ID. The default implementation combines the local IP address, a secure random number, the current time, and the identity hashcode of a newly created object.

Returns:: a 32 character unique ID string

decodeEncryptedCertificate

ApplicationCertificate decodeEncryptedCertificate(EncryptedCertificate encCert,
                                                  java.security.PublicKey publicKey,
                                                  java.lang.String appId)
                                                  throws InvalidCertificateException

Decode an encrypted certificate to retrieve its ApplicationCertificate

Parameters:: encCert - the encrypted certificate of the application; publicKey - the application's public key; appId - the application's ID
Returns:: the decrypted ApplicationCertificate
Throws:: InvalidCertificateException - if the certificate was malformed, or could not be decrypted

createEncryptedCertificate

EncryptedCertificate createEncryptedCertificate(java.lang.String userName,
                                                java.security.PrivateKey privateKey,
                                                java.lang.String appId)

Create a new encrypted certificate for transmission to another application

Parameters:: userName - the username to certify; privateKey - the private key of this application; appId - the ID of this application
Returns:

toPrivateKey

java.security.PrivateKey toPrivateKey(byte[] encodedForm)
                                      throws java.security.NoSuchAlgorithmException,
                                             java.security.spec.InvalidKeySpecException,
                                             java.security.NoSuchProviderException

Convert an encoded private key into a PrivateKey instance

Parameters:: encodedForm - the byte-array representation of the key
Returns:: the object representation of the key
Throws:: java.security.NoSuchAlgorithmException - if the algorithm to generate the keypair is not available; java.security.NoSuchProviderException - if no appropriate cryptographic provider is available; java.security.spec.InvalidKeySpecException - if the encoded form does not contain a valid key

toPublicKey

java.security.PublicKey toPublicKey(byte[] encodedForm)
                                    throws java.security.NoSuchAlgorithmException,
                                           java.security.spec.InvalidKeySpecException,
                                           java.security.NoSuchProviderException

Convert an encoded public key into a PublicKey instance

Parameters:: encodedForm - the byte-array representation of the key
Returns:: the object representation of the key
Throws:: java.security.NoSuchAlgorithmException - if the algorithm to generate the keypair is not available; java.security.NoSuchProviderException - if no appropriate cryptographic provider is available; java.security.spec.InvalidKeySpecException - if the encoded form does not contain a valid key