Reference Apex Classes

}
}

Asynchronous Apex and Mock Callouts

Similar to DML, asynchronous Apex operations result in pending uncommitted work that prevents callouts from being
performed later in the same transaction. Examples of asynchronous Apex operations are calls to future methods, batch Apex,
or scheduled Apex. These asynchronous calls are typically enclosed within Test.startTest and Test.stopTest statements
in test methods so that they execute after Test.stopTest. In this case, mock callouts can be performed after the asynchronous
calls and no changes are necessary. But if the asynchronous calls aren’t enclosed within Test.startTest and Test.stopTest
statements, you’ll get an exception because of uncommitted work pending. To prevent this exception, do either of the following:
• Enclose the asynchronous call within Test.startTest and Test.stopTest statements.

Test.startTest();
MyClass.asyncCall();
Test.stopTest();

Test.setMock(..); // Takes two arguments

MyClass.mockCallout();

• Follow the same rules as with DML calls: Enclose the portion of your code that performs the callout within
Test.startTest and Test.stopTest statements. The Test.startTest statement must appear before the
Test.setMock statement. Also, the asynchronous calls must not be part of the Test.startTest/Test.stopTest
block.

MyClass.asyncCall();

Test.startTest();
Test.setMock(..); // Takes two arguments
MyClass.mockCallout();
Test.stopTest();

Asynchronous calls that occur after mock callouts are allowed and don’t require any changes in test methods.

See Also:
Callout Limits and Limitations

Crypto Class
The methods in the Crypto class provide standard algorithms for creating digests, message authentication codes, and signatures,
as well as encrypting and decrypting information. These can be used for securing content in Force.com, or for integrating with
external services such as Google or Amazon WebServices (AWS).

Name Arguments Return Type Description

decrypt String Blob Decrypts the blob cipherText using the specified
algorithmName algorithm, private key, and initialization vector. Use this
method to decrypt blobs encrypted using a third party
Blob privateKey
application or the encrypt method.
Valid values for algorithmName are:

627
Reference Apex Classes

Name Arguments Return Type Description

Blob • AES128
initializationVector • AES192
Blob cipherText • AES256

These are all industry standard Advanced Encryption

Standard (AES) algorithms with different size keys. They
use cipher block chaining (CBC) and PKCS5 padding.
The length of privateKey must match the specified
algorithm: 128 bits, 192 bits, or 256 bits, which is 16,
24, or 32 bytes, respectively. You can use a third-party
application or the generateAesKey method to generate
this key for you.
The initialization vector must be 128 bits (16 bytes.)
For an example, see Example Encrypting and
Decrypting.
For more information about possible exceptions thrown
during execution, see Encrypt and Decrypt Exceptions.

decryptWithManagedIV String Blob Decrypts the blob IVAndCipherText using the specified
algorithmName algorithm and private key. Use this method to decrypt
blobs encrypted using a third party application or the
Blob privateKey
encryptWithManagedIV method.
Blob
Valid values for algorithmName are:
IVAndCipherText
• AES128
• AES192
• AES256

These are all industry standard Advanced Encryption

Standard (AES) algorithms with different size keys. They
use cipher block chaining (CBC) and PKCS5 padding.
The length of privateKey must match the specified
algorithm: 128 bits, 192 bits, or 256 bits, which is 16,
24, or 32 bytes, respectively. You can use a third-party
application or the generateAesKey method to generate
this key for you.
The first 128 bits (16 bytes) of IVAndCipherText must
contain the initialization vector.
For an example, see Example Encrypting and
Decrypting.
For more information about possible exceptions thrown
during execution, see Encrypt and Decrypt Exceptions.

628
Reference Apex Classes

Name Arguments Return Type Description

encrypt String Blob Encrypts the blob clearText using the specified
algorithmName algorithm, private key and initialization vector. Use this
method when you want to specify your own initialization
Blob privateKey
vector. The initialization vector must be 128 bits (16
Blob bytes.) Use either a third-party application or the
initializationVector decrypt method to decrypt blobs encrypted using this
method. Use the encryptWithManagedIV method if
Blob clearText
you want Salesforce to generate the initialization vector
for you. It is stored as the first 128 bits (16 bytes) of the
encrypted blob.
Valid values for algorithmName are:

• AES128
• AES192
• AES256

These are all industry standard Advanced Encryption

Standard (AES) algorithms with different size keys. They
use cipher block chaining (CBC) and PKCS5 padding.
The length of privateKey must match the specified
algorithm: 128 bits, 192 bits, or 256 bits, which is 16,
24, or 32 bytes, respectively. You can use a third-party
application or the generateAesKey method to generate
this key for you.
For an example, see Example Encrypting and
Decrypting.
For more information about possible exceptions thrown
during execution, see Encrypt and Decrypt Exceptions.

encryptWithManagedIV String Blob Encrypts the blob clearText using the specified
algorithmName algorithm and private key. Use this method when you
want Salesforce to generate the initialization vector for
Blob privateKey
you. It is stored as the first 128 bits (16 bytes) of the
Blob clearText encrypted blob. Use either third-party applications or
the decryptWithManagedIV method to decrypt blobs
encrypted with this method. Use the encrypt method
if you want to generate your own initialization vector.
Valid values for algorithmName are:

• AES128
• AES192
• AES256

These are all industry standard Advanced Encryption

Standard (AES) algorithms with different size keys. They
use cipher block chaining (CBC) and PKCS5 padding.

629
Reference Apex Classes

Name Arguments Return Type Description

The length of privateKey must match the specified
algorithm: 128 bits, 192 bits, or 256 bits, which is 16,
24, or 32 bytes, respectively. You can use a third-party
application or the generateAesKey method to generate
this key for you.
For an example, see Example Encrypting and
Decrypting.
For more information about possible exceptions thrown
during execution, see Encrypt and Decrypt Exceptions.

generateAesKey Integer size Blob Generates an Advanced Encryption Standard (AES)

key. Use size to specify the key's size in bits. Valid
values are:
• 128
• 192
• 256

generateDigest String Blob Computes a secure, one-way hash digest based on the
algorithmName supplied input string and algorithm name. Valid values
for algorithmName are:
Blob input
• MD5
• SHA1
• SHA-256
• SHA-512

generateMac Blob Computes a message authentication code (MAC) for

String
the input string, using the private key and the specified
algorithmName
algorithm. The valid values for algorithmName are:
Blob input • hmacMD5
Blob privateKey • hmacSHA1
• hmacSHA256
• hmacSHA512

The value of privateKey does not need to be in

decoded form. The value cannot exceed 4 KB.

getRandomInteger Integer Returns a random Integer.

getRandomLong Long Returns a random Long.
sign Blob Computes a unique digital signature for the input string,
String
using the supplied private key and the specified
algorithmName
algorithm. The valid values for algorithmName are
Blob input RSA-SHA1 or RSA. Both values represent the same
algorithm.

630
Reference Apex Classes

Name Arguments Return Type Description

Blob privateKey The value of privateKey must be decoded using the
EncodingUtil base64Decode method, and should
be in RSA's PKCS #8 (1.2) Private-Key Information
Syntax Standard form. The value cannot exceed 4 KB.
The following snippet is an example declaration and
initialization:

String algorithmName = 'RSA';

String key = 'pkcs8 format private key';
Blob privateKey =
EncodingUtil.base64Decode(key);
Blob input =
Blob.valueOf('12345qwerty');
Crypto.sign(algorithmName, input,
privateKey);

Example Integrating Amazon WebServices

The following example demonstrates an integration of Amazon WebServices with Salesforce:

public class HMacAuthCallout {

public void testAlexaWSForAmazon() {

// The date format is yyyy-MM-dd'T'HH:mm:ss.SSS'Z'

DateTime d = System.now();
String timestamp = ''+ d.year() + '-' +
d.month() + '-' +
d.day() + '\'T\'' +
d.hour() + ':' +
d.minute() + ':' +
d.second() + '.' +
d.millisecond() + '\'Z\'';
String timeFormat = d.formatGmt(timestamp);

String urlEncodedTimestamp = EncodingUtil.urlEncode(timestamp, 'UTF-8');

String action = 'UrlInfo';
String inputStr = action + timeFormat;
String algorithmName = 'HMacSHA1';
Blob mac = Crypto.generateMac(algorithmName, Blob.valueOf(inputStr),
Blob.valueOf('your_signing_key'));
String macUrl = EncodingUtil.urlEncode(EncodingUtil.base64Encode(mac), 'UTF-8');

String urlToTest = 'amazon.com';

String version = '2005-07-11';
String endpoint = 'http://awis.amazonaws.com/';
String accessKey = 'your_key';

HttpRequest req = new HttpRequest();

req.setEndpoint(endpoint +
'?AWSAccessKeyId=' + accessKey +
'&Action=' + action +
'&ResponseGroup=Rank&Version=' + version +
'&Timestamp=' + urlEncodedTimestamp +
'&Url=' + urlToTest +
'&Signature=' + macUrl);

req.setMethod('GET');

631