The DefaultSecurityManager Class
Table 4–3 lists the methods belonging to the DefaultSecurityManagerclass. This class provides a basic implementation of SecurityManager (see Table 4–5).
128–bit security keys are generated from the pin using MD5 digest. The key is used to reverse a basic pin derivatives algorithm for client authentication. It is also used as the symmetric key for Triple-DES encryption of data at rest on the device.
Table 4–3 Class com.sun.mep.client.api.DefaultSecurityManager|
Method |
Description |
|---|---|
|
public DefaultSecurityManager() |
No-argument constructor. |
|
public final byte[] computeKey(java.lang.String pin) |
Takes an arbitrary-length clear-text pin entered by the user and creates a fixed-length digest suitable for use by the encrypt and decrypt methods. |
|
public static final byte[] computeMD5Digest(byte[] dataBytes) |
Computes and returns an MD5 hash of the specified byte[]. |
|
public static final byte[] computeMD5Digest(java.lang.String data) |
Computes and returns an MD5 hash of the specified string. |
|
public final byte[] decrypt(byte[] cipherText) |
Callback handler to perform decryption of data on device. The MEP runtime will invoke this method whenever it is necessary to decrypt data. |
|
public final byte[] encrypt(byte[] plainText) |
Callback handler to perform encryption of data on device. The MEP runtime will invoke this method whenever it is necessary to encrypt data. |
|
public final byte[] getKey() |
Returns the encryption key computed by computeKey(String). |
|
public final int getValidationAttempts() |
Returns the number of validation attempts. |
|
public final boolean isPinSet() |
Returns true if the user has never logged into the application. Use this method to determine when the credentials need to be stored on the device. |
|
public void setKey(byte[] key) |
Sets the key on the SecurityManager so it can be used during callbacks to encrypt or decrypt data on the device. |
|
public final void storeCredentials(java.lang.String secret) |
Persists derivatives of the pin/key and the supplied secret on the device. These derivatives are used upon subsequent logins to validate the pin. The secret can be any non-null, non-zero length alphanumeric string. Typically, the application developer would prompt the user to enter a random sequence of key presses on the device and pass that value into this method. This is a single-use value, so the user does not need to remember it. This method should only be called once, when the user needs to set their pin number (if isFirstLogin() returns true). |
|
public final boolean validatePin(java.lang.String pin) |
Determines if the pin is able to recompute the derivatives stored on the device in storeCredentials(byte[], String). If so, it returns true; otherwise, it returns false. This method also keeps track of how many times it has been invoked. If it exceeds the maximum number of allowed attempts (getMaxValidationAttempts()), a SecurityException is thrown. |
- © 2010, Oracle Corporation and/or its affiliates