Oracle® Fusion Middleware .NET API Reference for Identity Connector Framework
12c (12.2.1.4.0) E95919-01
|
Secure byte array implementation that solves the problems associated with keeping confidential data as More...
Inherits IDisposable.
Public Member Functions | |
delegate void | Accessor (UnmanagedArray< byte > clearBytes) |
This method will be called with the clear text of the byte array. More... | |
GuardedByteArray () | |
Creates an empty secure byte array. More... | |
GuardedByteArray (UnmanagedArray< byte > clearBytes) | |
void | Access (Accessor accessor) |
Provides access to the clear-text value of the bytes in a controlled fashion. More... | |
void | AppendByte (byte b) |
Appends a single clear-text byte to the secure byte array. More... | |
void | Dispose () |
Clears the in-memory representation of the byte array. More... | |
bool | IsReadOnly () |
Returns true iff this byte array has been marked read-only More... | |
void | MakeReadOnly () |
Mark this byte array as read-only. More... | |
GuardedByteArray | Copy () |
Create a copy of the byte array. More... | |
bool | VerifyBase64SHA1Hash (String hash) |
Verifies that this base-64 encoded SHA1 hash of this byte array matches the given value. More... | |
string | GetBase64SHA1Hash () |
override bool | Equals (Object o) |
override int | GetHashCode () |
Secure byte array implementation that solves the problems associated with keeping confidential data as
byte[]
.
That is, anything represented as a
is kept in memory in clear text and stays in memory at least until it is garbage collected.
The GuardedByteArray class alleviates this problem by storing the bytes in memory in an encrypted form. The encryption key will be a randomly-generated key.
In their serialized form, GuardedByteArray will be encrypted using a known default key. This is to provide a minimum level of protection regardless of the transport. For communications with the Remote Connector Framework it is recommended that deployments enable SSL for true encryption.
Applications may also wish to persist GuardedByteArrays. In the case of Identity Manager, it should convert GuardedByteArrays to EncryptedData so that they can be stored and managed using the Manage Encryption features of Identity Manager. Other applications may wish to serialize APIConfiguration as a whole. These applications are responsible for encrypting the APIConfiguration blob for an additional layer of security (beyond the basic default key encryption provided by GuardedByteArray).
Org.IdentityConnectors.Common.Security.GuardedByteArray.GuardedByteArray | ( | ) |
Creates an empty secure byte array.
void Org.IdentityConnectors.Common.Security.GuardedByteArray.Access | ( | Accessor | accessor | ) |
Provides access to the clear-text value of the bytes in a controlled fashion.
The clear-text bytes will only be available for the duration of the call and automatically zeroed out following the call.
NOTE: Callers are encouraged to use VerifyBase64SHA1Hash(String) where possible if the intended use is merely to verify the contents of the string match an expected hash value.
accessor | Accessor callback. |
IllegalStateException | If the byte array has been disposed |
delegate void Org.IdentityConnectors.Common.Security.GuardedByteArray.Accessor | ( | UnmanagedArray< byte > | clearBytes | ) |
This method will be called with the clear text of the byte array.
After the call the clearBytes array will be automatically zeroed out, thus keeping the window of potential exposure to a bare-minimum.
clearChars |
void Org.IdentityConnectors.Common.Security.GuardedByteArray.AppendByte | ( | byte | b | ) |
Appends a single clear-text byte to the secure byte array.
The in-memory data will be decrypted, the character will be appended, and then it will be re-encrypted.
b | The byte to append. |
IllegalStateException | If the byte array is read-only |
IllegalStateException | If the byte array has been disposed |
GuardedByteArray Org.IdentityConnectors.Common.Security.GuardedByteArray.Copy | ( | ) |
Create a copy of the byte array.
If this instance is read-only, the copy will not be read-only.
IllegalStateException | If the byte array has been disposed |
void Org.IdentityConnectors.Common.Security.GuardedByteArray.Dispose | ( | ) |
Clears the in-memory representation of the byte array.
bool Org.IdentityConnectors.Common.Security.GuardedByteArray.IsReadOnly | ( | ) |
Returns true iff this byte array has been marked read-only
IllegalStateException | If the byte array has been disposed |
void Org.IdentityConnectors.Common.Security.GuardedByteArray.MakeReadOnly | ( | ) |
Mark this byte array as read-only.
IllegalStateException | If the byte array has been disposed |
bool Org.IdentityConnectors.Common.Security.GuardedByteArray.VerifyBase64SHA1Hash | ( | String | hash | ) |
Verifies that this base-64 encoded SHA1 hash of this byte array matches the given value.
hash | The hash to verify against. |
IllegalStateException | If the byte array has been disposed |