Oracle® Fusion Middleware .NET API Reference for Identity Connector Framework
E57662-01
|
Secure string implementation that solves the problems associated with keeping passwords as More...
Inherits IDisposable.
Public Member Functions | |
delegate void | Accessor (UnmanagedArray< char > clearChars) |
This method will be called with the clear text of the string. More... | |
GuardedString () | |
Creates an empty secure string More... | |
GuardedString (SecureString str) | |
void | Access (Accessor accessor) |
Provides access to the clear-text value of the string in a controlled fashion. More... | |
void | AppendChar (char c) |
Appends a single clear-text character to the secure string. More... | |
void | Dispose () |
Clears the in-memory representation of the string. More... | |
bool | IsReadOnly () |
Returns true iff this string has been marked read-only More... | |
void | MakeReadOnly () |
Mark this string as read-only. More... | |
GuardedString | Copy () |
Create a copy of the string. More... | |
bool | VerifyBase64SHA1Hash (String hash) |
Verifies that this base-64 encoded SHA1 hash of this string matches the given value. More... | |
string | GetBase64SHA1Hash () |
override bool | Equals (Object o) |
override int | GetHashCode () |
SecureString | ToSecureString () |
Secure string implementation that solves the problems associated with keeping passwords as
java.lang.String
.
That is, anything represented as a
is kept in memory as a clear text password and stays in memory at least until it is garbage collected.
The GuardedString class alleviates this problem by storing the characters in memory in an encrypted form. The encryption key will be a randomly-generated key.
In their serialized form, GuardedString will be encrypted using a known default key. This is to provide a minimum level of protection regardless of the transport. For communications with the Remote Connector Framework it is recommended that deployments enable SSL for true encryption.
Applications may also wish to persist GuardedStrings. In the case of Identity Manager, it should convert GuardedStrings to EncryptedData so that they can be stored and managed using the Manage Encryption features of Identity Manager. Other applications may wish to serialize APIConfiguration as a whole. These applications are responsible for encrypting the APIConfiguration blob for an additional layer of security (beyond the basic default key encryption provided by GuardedString).
Org.IdentityConnectors.Common.Security.GuardedString.GuardedString | ( | ) |
Creates an empty secure string
void Org.IdentityConnectors.Common.Security.GuardedString.Access | ( | Accessor | accessor | ) |
Provides access to the clear-text value of the string in a controlled fashion.
The clear-text characters will only be available for the duration of the call and automatically zeroed out following the call.
NOTE: Callers are encouraged to use VerifyBase64SHA1Hash(String) where possible if the intended use is merely to verify the contents of the string match an expected hash value.
accessor | Accessor callback. |
IllegalStateException | If the string has been disposed |
delegate void Org.IdentityConnectors.Common.Security.GuardedString.Accessor | ( | UnmanagedArray< char > | clearChars | ) |
This method will be called with the clear text of the string.
After the call the clearChars array will be automatically zeroed out, thus keeping the window of potential exposure to a bare-minimum.
clearChars |
void Org.IdentityConnectors.Common.Security.GuardedString.AppendChar | ( | char | c | ) |
Appends a single clear-text character to the secure string.
The in-memory data will be decrypted, the character will be appended, and then it will be re-encrypted.
c | The character to append. |
IllegalStateException | If the string is read-only |
IllegalStateException | If the string has been disposed |
GuardedString Org.IdentityConnectors.Common.Security.GuardedString.Copy | ( | ) |
Create a copy of the string.
If this instance is read-only, the copy will not be read-only.
IllegalStateException | If the string has been disposed |
void Org.IdentityConnectors.Common.Security.GuardedString.Dispose | ( | ) |
Clears the in-memory representation of the string.
bool Org.IdentityConnectors.Common.Security.GuardedString.IsReadOnly | ( | ) |
Returns true iff this string has been marked read-only
IllegalStateException | If the string has been disposed |
void Org.IdentityConnectors.Common.Security.GuardedString.MakeReadOnly | ( | ) |
Mark this string as read-only.
IllegalStateException | If the string has been disposed |
bool Org.IdentityConnectors.Common.Security.GuardedString.VerifyBase64SHA1Hash | ( | String | hash | ) |
Verifies that this base-64 encoded SHA1 hash of this string matches the given value.
hash | The hash to verify against. |
IllegalStateException | If the string has been disposed |