com.pega.pegarules.pub.crypto

Interface IPRCrypto

public interface IPRCrypto

Nested Class Summary

Nested Classes

Modifier and Type	Interface and Description
static class	IPRCrypto.CryptoPrefix
static class	IPRCrypto.DigestAlgorithm
static class	IPRCrypto.Scope

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	ENCRYPTED_ACTION_ATTRIBUTE_NAME
static java.lang.String	IS_ENCRYPTED_ACTION
static java.lang.String	VERSION

Method Summary

Modifier and Type	Method and Description
java.lang.String	decrypt(java.lang.String aInput) Decrypts the specified string.
java.lang.String	decrypt(java.lang.String aInput, int[] aType) Alternate decryption entry for use during initialization of PegaRULES.
byte[]	decryptPortable(byte[] aInput) Decrypts the specified byte array using PegaRULES default portable and reversible encryption cipher.
java.lang.String	decryptPropertyValue(java.lang.String aInput) Decrypts the specified property value using a site specific cipher.
java.lang.String	decryptUsingKeyStore(java.lang.String aInput) Decrypts the specified string using keystore configured at security landing page
java.lang.String	digestString(java.lang.String aString, int aMethod) Encrypts a string using PegaRULES v7 algorithm The entire string, converted to a byte array using UTF-8 encoding, is passed through the hashing algorithm.
java.lang.String	digestString(java.lang.String aInput, IPRCrypto.DigestAlgorithm aAlgorithm) Returns the hashed value of a String input.
java.lang.String	encrypt(java.lang.String aInput) Encrypts the specified string using keystore or site-specific reversible encryption cipher if it exists, otherwise the PegaRULES default portable and reversible encryption cipher.
java.lang.String	encryptOneWay(java.lang.String aInput) One-way encrypts the specified string.
byte[]	encryptPortable(byte[] aInput) Encrypts the specified byte array using PegaRULES default portable and reversible encryption cipher.
java.lang.String	encryptPortable(java.lang.String aInput) Encrypts the specified string using PegaRULES default portable and reversible encryption cipher.
java.lang.String	encryptPropertyValue(java.lang.String aInput) Encrypts the specified property value using a site specific cipher.
java.lang.String	encryptURLActionString(PRThread thread, java.lang.String scope, java.lang.String input)
java.lang.String	encryptURLActionString(PublicAPI aTools, java.lang.String scope, java.lang.String input)
java.lang.String	encryptURLActionStringWithGlobalScope(PRThread thread, java.lang.String input)
java.lang.String	encryptUsingKeyStore(java.lang.String aInput) Encrypts the specified string using keystore configured at security landing page
java.lang.String	encryptUsingKeyStoreDoNotCheckCurrentKeyExpiry(java.lang.String aInput) Encrypts the specified string using keystore configured at security landing page.
java.lang.String	generateRandomPassword(PublicAPI tools, int minOperPwdLen, int minNumerics, int minLowerCase, int minUpperCase, int minSpecials)
java.lang.String	getActivatedDataEncryptionType() Return "AWS" if AWS KMS Cipher is enabled in Encryption landing page Return "SITE_SPECIFIC" if site-specific cipher is enabled in Encryption landing page.
IPRCipher	getCipher(java.lang.String aAlgorithm, byte[] aKey, int aKeylen, byte[] aParams) Constructs an IPRCipher implementation with the specified parameters.
IPRCipher	getCipher(java.lang.String aProvider, java.lang.String aAlgorithm, byte[] aKey, int aKeylen, byte[] aParams) Constructs an IPRCipher implementation with the specified parameters.
IPRCipher	getPortableCipher() returns the PegaRULES default portable cipher implementation.
IPRCipher	getSiteCipher() returns the site-specific cipher implementation.
boolean	isValidKeyStoreKMSType(java.lang.String kmsType)
boolean	samePassword(java.lang.String pw1, java.lang.String pw2) Returns true if the two passwords represent the same cleartext value.
IPasswordResult	samePasswordAndUpgradeIfRequired(java.lang.String pw1, java.lang.String pw2) Returns "true" if the two passwords represent the same cleartext value and if both are hashed using same algorithm.

Field Detail

VERSION

static final java.lang.String VERSION

ENCRYPTED_ACTION_ATTRIBUTE_NAME

static final java.lang.String ENCRYPTED_ACTION_ATTRIBUTE_NAME

See Also:

Constant Field Values

IS_ENCRYPTED_ACTION

static final java.lang.String IS_ENCRYPTED_ACTION

See Also:

Constant Field Values

Method Detail

getPortableCipher

IPRCipher getPortableCipher()

returns the PegaRULES default portable cipher implementation.

Returns:

IPRCipher instance

getSiteCipher

IPRCipher getSiteCipher()

returns the site-specific cipher implementation.

Returns:

IPRCipher instance or null

getCipher

IPRCipher getCipher(java.lang.String aAlgorithm,
                    byte[] aKey,
                    int aKeylen,
                    byte[] aParams)

Constructs an IPRCipher implementation with the specified parameters.

Parameters:

aAlgorithm - Algorithm or transform to be used (e.g. desede or des/none/pkcs5padding)

aKey - algorithm specific key or null to use a generated key

aKeylen - length of key to be used

aParams - initialization vector (for padding)

Returns:

IPRCipher instance

getCipher

IPRCipher getCipher(java.lang.String aProvider,
                    java.lang.String aAlgorithm,
                    byte[] aKey,
                    int aKeylen,
                    byte[] aParams)

Constructs an IPRCipher implementation with the specified parameters.

Parameters:

aProvider - specific provider name to use or null if a JDK default provider should be used

aAlgorithm - Algorithm or transform to be used (e.g. desede or des/none/pkcs5padding)

aKey - algorithm specific key or null to use a generated key

aKeylen - length of key to be used

aParams - initialization vector (for padding)

Returns:

IPRCipher instance

encryptOneWay

java.lang.String encryptOneWay(java.lang.String aInput)

One-way encrypts the specified string.

Parameters:

aInput - cleartext string to encrypt

Returns:

resulting value

encryptPortable

java.lang.String encryptPortable(java.lang.String aInput)

Encrypts the specified string using PegaRULES default portable and reversible encryption cipher.

Parameters:

aInput - cleartext string to encrypt

Returns:

resulting value

encryptPortable

byte[] encryptPortable(byte[] aInput)

Encrypts the specified byte array using PegaRULES default portable and reversible encryption cipher.

Parameters:

aInput - byte array to encrypt

Returns:

resulting value

decryptPortable

byte[] decryptPortable(byte[] aInput)

Decrypts the specified byte array using PegaRULES default portable and reversible encryption cipher.

Parameters:

aInput - byte array to encrypt

Returns:

resulting value

encrypt

java.lang.String encrypt(java.lang.String aInput)

Encrypts the specified string using keystore or site-specific reversible encryption cipher if it exists, otherwise the PegaRULES default portable and reversible encryption cipher.

Parameters:

aInput - cleartext string to encrypt

Returns:

resulting value

isValidKeyStoreKMSType

boolean isValidKeyStoreKMSType(java.lang.String kmsType)

Parameters:

kmsType -

Returns:

whether the specified kms type is valid kms or not.

encryptUsingKeyStore

java.lang.String encryptUsingKeyStore(java.lang.String aInput)

Encrypts the specified string using keystore configured at security landing page

Parameters:

aInput - cleartext string to encrypt

Returns:

resulting value

encryptUsingKeyStoreDoNotCheckCurrentKeyExpiry

java.lang.String encryptUsingKeyStoreDoNotCheckCurrentKeyExpiry(java.lang.String aInput)

Encrypts the specified string using keystore configured at security landing page. This API will not rotate the CDK if it the current CDK is expired. BLOB encryption uses this API to avoid nested commit issue INC-168922.

Parameters:

aInput - cleartext string to encrypt

Returns:

Ciphertext

decryptUsingKeyStore

java.lang.String decryptUsingKeyStore(java.lang.String aInput)

Decrypts the specified string using keystore configured at security landing page

Parameters:

aInput - cleartext string to encrypt

Returns:

resulting value

encryptPropertyValue

java.lang.String encryptPropertyValue(java.lang.String aInput)

Encrypts the specified property value using a site specific cipher. If it does not exist a CryptographicException is thrown.

Parameters:

aInput - cleartext string to encrypt

Returns:

resulting value

decryptPropertyValue

java.lang.String decryptPropertyValue(java.lang.String aInput)

Decrypts the specified property value using a site specific cipher. If it does not exist a CryptographicException is thrown.

Parameters:

aInput - cleartext string to decrypt

Returns:

resulting value

decrypt

java.lang.String decrypt(java.lang.String aInput)

Decrypts the specified string.

If input is ONEWAY encrypted, the ONEWAY value (after being unwrapped from the V5 envelope, if necessary) is returned.

If input is SITE_SPECIFIC encrypted and no site-specific cipher is available, a CryptographicException is thrown.

If input uses an unrecognized cipher or is otherwise opaque to this routine (including a cleartext value), the input value is returned unchanged.

Parameters:

aInput - value to decrypt to cleartext

Returns:

resulting value

decrypt

java.lang.String decrypt(java.lang.String aInput,
                         int[] aType)

Alternate decryption entry for use during initialization of PegaRULES. Supplies int array to avoid use of factories at an early stage of initialization. See decrypt(String) for usage.

Parameters:

aInput - value to decrypt to cleartext

aType - int[2] array for internal use

Returns:

resulting value

samePassword

boolean samePassword(java.lang.String pw1,
                     java.lang.String pw2)

Returns true if the two passwords represent the same cleartext value. If both passwords are null, the result is true, otherwise they must match as defined herein.

If both passwords use the same encryption algorithm (including values treated as cleartext due to unrecognized format), the result of calling decrypt on both strings is compared.

If exactly one of the passwords is oneway encrypted, the other value's decrypt result is oneway encrypted and the (unwrapped) oneway values are compared.

Otherwise, the result of calling decrypt on both strings is compared, although the result is almost certainly false.

Parameters:

pw1 - first comparand

pw2 - second comparand

Returns:

result of comparision

samePasswordAndUpgradeIfRequired

IPasswordResult samePasswordAndUpgradeIfRequired(java.lang.String pw1,
                                                 java.lang.String pw2)

Returns "true" if the two passwords represent the same cleartext value and if both are hashed using same algorithm. Returns "true|newlyHashedPassword" if the two passowrds represent the same clear text and if both are hashed using different algorithms. If both passwords are null, the result is true, otherwise they must match as defined herein.

If both passwords use the same encryption algorithm (including values treated as cleartext due to unrecognized format), the result of calling decrypt on both strings is compared.

If exactly one of the passwords is oneway encrypted, the other value's decrypt result is oneway encrypted and the (unwrapped) oneway values are compared.

Otherwise, the result of calling decrypt on both strings is compared, although the result is almost certainly false.

Parameters:

pw1 - first comparand

pw2 - second comparand

Returns:

result of comparision

digestString

java.lang.String digestString(java.lang.String aInput,
                              IPRCrypto.DigestAlgorithm aAlgorithm)

Returns the hashed value of a String input. Note that these values are hashes, and depending on their use, are subject to dictionary attacks.

Parameters:

aInput - The value to hash

aAlgorithm - The algorithm to use; null uses MD5

Returns:

The hashed value

digestString

java.lang.String digestString(java.lang.String aString,
                              int aMethod)

Encrypts a string using PegaRULES v7 algorithm The entire string, converted to a byte array using UTF-8 encoding, is passed through the hashing algorithm. The resulting 16-byte digest value is converted to a base-16 character string and returned.

Parameters:

aString - cleartext string

Returns:

32-character string

generateRandomPassword

java.lang.String generateRandomPassword(PublicAPI tools,
                                        int minOperPwdLen,
                                        int minNumerics,
                                        int minLowerCase,
                                        int minUpperCase,
                                        int minSpecials)

Parameters:

tools -

minOperPwdLen -

minNumerics -

minLowerCase -

minUpperCase -

minSpecials -

Returns:

randomly generated password string

encryptURLActionString

java.lang.String encryptURLActionString(PublicAPI aTools,
                                        java.lang.String scope,
                                        java.lang.String input)

Parameters:

aTools -

scope - Thread,requestor, persistent key to be used for encryption

input -

Returns:

encrypted Value of the input provided

encryptURLActionString

java.lang.String encryptURLActionString(PRThread thread,
                                        java.lang.String scope,
                                        java.lang.String input)

Parameters:

thread -

scope - Thread,requestor, persistent key to be used for encryption

input -

Returns:

encrypted Value of the input provided

encryptURLActionStringWithGlobalScope

java.lang.String encryptURLActionStringWithGlobalScope(PRThread thread,
                                                       java.lang.String input)

Parameters:

thread -

input -

Returns:

encrypted Value of the input provided

getActivatedDataEncryptionType

java.lang.String getActivatedDataEncryptionType()

Return "AWS" if AWS KMS Cipher is enabled in Encryption landing page Return "SITE_SPECIFIC" if site-specific cipher is enabled in Encryption landing page. Or If no cipher activated in Encryption landing page and site-specific cipher settings provided in DSS settings or Prconfig setting, then return "SITE_SPECIFIC" Return null if no cipher ("AWS" & "SITE_SPECIFIC") activated and site-specific cipher settings are not configured.

Returns:

activated encryption type value "AWS", "SITE_SPECIFIC" or ""