JCESecurityModule (jPOS 1.6.7 API Documentation)

Overview

Package

Class

Tree

Deprecated

Index

Help

jPOS 1.6.7 API Documentation

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.jpos.security.jceadapter
Class JCESecurityModule

java.lang.Object
  org.jpos.security.BaseSMAdapter
      org.jpos.security.jceadapter.JCESecurityModule

All Implemented Interfaces:: Configurable, ReConfigurable, SMAdapter, LogSource

public class JCESecurityModule
extends BaseSMAdapter
extends BaseSMAdapter

JCESecurityModule is an implementation of a security module in software. It doesn't require any hardware device to work.
JCESecurityModule also implements the SMAdapter, so you can view it: either as a self contained security module adapter that doesn't need a security module or a security module that plugs directly to jpos, so doesn't need a separate adapter.
It relies on Java(tm) Cryptography Extension (JCE), hence its name.
JCESecurityModule relies on the JCEHandler class to do the low level JCE work.

WARNING: This version of JCESecurityModule is meant for testing purposes and NOT for life operation, since the Local Master Keys are stored in CLEAR on the system's disk. Comming versions of JCESecurity Module will rely on java.security.KeyStore for a better protection of the Local Master Keys.

Version:: $Revision: 2854 $ $Date: 2010-01-02 02:34:31 -0800 (Sat, 02 Jan 2010) $
Author:: Hani Samuel Kirollos

Field Summary

Fields inherited from interface org.jpos.security.SMAdapter
`FORMAT00, FORMAT01, FORMAT02, FORMAT03, FORMAT04, FORMAT05, LENGTH_DES, LENGTH_DES3_2KEY, LENGTH_DES3_3KEY, TYPE_BDK, TYPE_CVK, TYPE_PVK, TYPE_TAK, TYPE_TMK, TYPE_TPK, TYPE_ZAK, TYPE_ZMK, TYPE_ZPK`

Constructor Summary
`JCESecurityModule()` Creates an uninitialized JCE Security Module, you need to setConfiguration to initialize it
`JCESecurityModule(Configuration cfg, Logger logger, java.lang.String realm)`
`JCESecurityModule(java.lang.String lmkFile)`
`JCESecurityModule(java.lang.String lmkFile, java.lang.String jceProviderClassName)`

Method Summary
`java.lang.String`	`decryptPINImpl(EncryptedPIN pinUnderLmk)` Your SMAdapter should override this method if it has this functionality
`EncryptedPIN`	`encryptPINImpl(java.lang.String pin, java.lang.String accountNumber)` Your SMAdapter should override this method if it has this functionality
`byte[]`	`exportKeyImpl(SecureDESKey key, SecureDESKey kek)` Your SMAdapter should override this method if it has this functionality
`EncryptedPIN`	`exportPINImpl(EncryptedPIN pinUnderLmk, SecureDESKey kd2, byte destinationPINBlockFormat)` Your SMAdapter should override this method if it has this functionality
`SecureDESKey`	`generateKeyImpl(short keyLength, java.lang.String keyType)` Your SMAdapter should override this method if it has this functionality
`SecureDESKey`	`importKeyImpl(short keyLength, java.lang.String keyType, byte[] encryptedKey, SecureDESKey kek, boolean checkParity)` Your SMAdapter should override this method if it has this functionality
`EncryptedPIN`	`importPINImpl(EncryptedPIN pinUnderKd1, SecureDESKey kd1)` Your SMAdapter should override this method if it has this functionality
`void`	`setConfiguration(Configuration cfg)` Configures a JCESecurityModule
`EncryptedPIN`	`translatePINImpl(EncryptedPIN pinUnderKd1, SecureDESKey kd1, SecureDESKey kd2, byte destinationPINBlockFormat)` Your SMAdapter should override this method if it has this functionality

Methods inherited from class org.jpos.security.BaseSMAdapter
`decryptPIN, encryptPIN, eraseOldLMK, eraseOldLMKImpl, exportKey, exportPIN, generateCBC_MAC, generateEDE_MAC, generateKey, generateKeyCheckValue, getLogger, getName, getRealm, getSMAdapter, importKey, importPIN, importPIN, setLogger, setName, translateKeyFromOldLMK, translateKeyFromOldLMKImpl, translatePIN, translatePIN`

Methods inherited from class java.lang.Object
`equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

JCESecurityModule

public JCESecurityModule()

Creates an uninitialized JCE Security Module, you need to setConfiguration to initialize it

JCESecurityModule

public JCESecurityModule(java.lang.String lmkFile)
                  throws SMException

Parameters:: lmkFile - Local Master Keys filename of the JCE Security Module
Throws:: SMException

JCESecurityModule

public JCESecurityModule(java.lang.String lmkFile,
                         java.lang.String jceProviderClassName)
                  throws SMException

Throws:: SMException

JCESecurityModule

public JCESecurityModule(Configuration cfg,
                         Logger logger,
                         java.lang.String realm)
                  throws ConfigurationException

Throws:: ConfigurationException

Method Detail

setConfiguration

public void setConfiguration(Configuration cfg)
                      throws ConfigurationException

Configures a JCESecurityModule

Specified by:: setConfiguration in interface Configurable
Overrides:: setConfiguration in class BaseSMAdapter

Parameters:: cfg - The following properties are read:
lmk: Local Master Keys file (The only required parameter)
jce: JCE Provider Class Name, if not provided, it defaults to: com.sun.crypto.provider.SunJCE
rebuildlmk: (true/false), rebuilds the Local Master Keys file with new keys (WARNING: old keys will be erased)
cbc-mac: Cipher Block Chaining MAC algorithm name for given JCE Provider.
Default is ISO9797ALG3MACWITHISO7816-4PADDING from BouncyCastle provider (known as Retail-MAC)
that is suitable for most of interfaces with double length MAC key
ANSI X9.19 aka ISO/IEC 9797-1 MAC algorithm 3 padding method 2 - ISO7816
ede-mac: Encrypt Decrypt Encrypt MAC algorithm name for given JCE Provider.
Default is DESEDEMAC from BouncyCastle provider
that is suitable for BASE24 with double length MAC key
ANSI X9.19
Throws:: ConfigurationException