com.atlassian.security.auth.trustedapps
Interface EncryptionProvider

All Known Implementing Classes:

BaseEncryptionProvider

public interface EncryptionProvider

Abstracts out the provision of encryption to the trusted app service. For two applications to communicate effectively, they must use the same encryption provider. In our experience, even using the same algorithms but different providers will cause issues.

This abstraction is mostly used in unit testing, to avoid having to bring up a fully-fledged crypto provider

Method Summary

EncryptedCertificate	createEncryptedCertificate(java.lang.String userName, java.security.PrivateKey privateKey, java.lang.String appId) Create a new encrypted certificate for transmission to another application
ApplicationCertificate	decodeEncryptedCertificate(EncryptedCertificate encCert, java.security.PublicKey publicKey, java.lang.String appId) Decode an encrypted certificate to retrieve its ApplicationCertificate
java.security.KeyPair	generateNewKeyPair() Generate a new public/private key pair for an application
java.lang.String	generateUID() Generate a unique 32 character String ID.
Application	getApplicationCertificate(java.lang.String baseUrl) Retrieve the application certificate from some other application, over HTTP.
java.security.PrivateKey	toPrivateKey(byte[] encodedForm) Convert an encoded private key into a PrivateKey instance
java.security.PublicKey	toPublicKey(byte[] encodedForm) Convert an encoded public key into a PublicKey instance

Method Detail

getApplicationCertificate

public Application getApplicationCertificate(java.lang.String baseUrl)
                                      throws ApplicationRetriever.RetrievalException

Retrieve the application certificate from some other application, over HTTP. Will look for the certificate at ${baseUrl}/admin/appTrustCertificate. TODO: document the exception policy

Parameters:

baseUrl - the base URL of the application to be queried

Returns:

the retrieved application certificate

Throws:

RetrievalException - if there are problems with the certificate retrieved from the remote server or the server cannot be contacted

java.lang.RuntimeException - if there are problems retrieving the certificate from the remote server

ApplicationRetriever.RetrievalException

generateNewKeyPair

public java.security.KeyPair generateNewKeyPair()
                                         throws java.security.NoSuchAlgorithmException,
                                                java.security.NoSuchProviderException

Generate a new public/private key pair for an application

Returns:

a new public/private key pair

Throws:

java.security.NoSuchAlgorithmException - if the algorithm to generate the keypair is not available

java.security.NoSuchProviderException - if no appropriate cryptographic provider is available

generateUID

public java.lang.String generateUID()

Generate a unique 32 character String ID. The default implementation combines the local IP address, a secure random number, the current time, and the identity hashcode of a newly created object.

Returns:

a 32 character unique ID string

decodeEncryptedCertificate

public ApplicationCertificate decodeEncryptedCertificate(EncryptedCertificate encCert,
                                                         java.security.PublicKey publicKey,
                                                         java.lang.String appId)
                                                  throws InvalidCertificateException

Decode an encrypted certificate to retrieve its ApplicationCertificate

Parameters:

encCert - the encrypted certificate of the application

publicKey - the application's public key

appId - the application's ID

Returns:

the decrypted ApplicationCertificate

Throws:

InvalidCertificateException - if the certificate was malformed, or could not be decrypted

createEncryptedCertificate

public EncryptedCertificate createEncryptedCertificate(java.lang.String userName,
                                                       java.security.PrivateKey privateKey,
                                                       java.lang.String appId)

Create a new encrypted certificate for transmission to another application

Parameters:

userName - the username to certify

privateKey - the private key of this application

appId - the ID of this application

Returns:

toPrivateKey

public java.security.PrivateKey toPrivateKey(byte[] encodedForm)
                                      throws java.security.NoSuchAlgorithmException,
                                             java.security.spec.InvalidKeySpecException,
                                             java.security.NoSuchProviderException

Convert an encoded private key into a PrivateKey instance

Parameters:

encodedForm - the byte-array representation of the key

Returns:

the object representation of the key

Throws:

java.security.NoSuchAlgorithmException - if the algorithm to generate the keypair is not available

java.security.NoSuchProviderException - if no appropriate cryptographic provider is available

java.security.spec.InvalidKeySpecException - if the encoded form does not contain a valid key

toPublicKey

public java.security.PublicKey toPublicKey(byte[] encodedForm)
                                    throws java.security.NoSuchAlgorithmException,
                                           java.security.spec.InvalidKeySpecException,
                                           java.security.NoSuchProviderException

Convert an encoded public key into a PublicKey instance

Parameters:

encodedForm - the byte-array representation of the key

Returns:

the object representation of the key

Throws:

java.security.NoSuchAlgorithmException - if the algorithm to generate the keypair is not available

java.security.NoSuchProviderException - if no appropriate cryptographic provider is available

java.security.spec.InvalidKeySpecException - if the encoded form does not contain a valid key