Package org.apache.derby.impl.drda
Class DecryptionManager
java.lang.Object
org.apache.derby.impl.drda.DecryptionManager
This class is used to decrypt password and/or userid.
It uses Diffie_Hellman algorithm to get the publick key and secret key, and then
DES encryption is done using certain token (based on security mechanism) and
this side's own public key. Basically, this class is called when using a security
mechanism that encrypts user ID and password (eusridpwd). This class uses IBM JCE
to do Diffie_Hellman algorithm and DES encryption.
-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate static final BigInteger
private static final byte[]
private static final int
private static char[]
RESOLVE: * The methods and static vars below should go into some 'shared' * package when the capability is put back in (StringUtil.java)private KeyAgreement
private KeyPair
private KeyPairGenerator
private static final BigInteger
private static final byte[]
private DHParameterSpec
private static final int
private static final String
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprivate byte[]
calculateDecryptionToken
(int securityMechanism, byte[] initVector) This method is used to calculate the decryption token.byte[]
decryptData
(byte[] cipherText, int securityMechanism, byte[] initVector, byte[] sourcePublicKey) This method generates a secret key using the application requester's public key, and decrypts the usreid/password with the middle 8 bytes of the generated secret key and a decryption token.protected static byte[]
This method generates an 8-Byte random seed.byte[]
This method generates the public key and returns it.protected static byte[]
Convert a string into a byte array in hex format.protected static String
toHexString
(byte[] data, int offset, int length) Convert a byte array to a String with a hexidecimal format.
-
Field Details
-
modulusBytes__
private static final byte[] modulusBytes__ -
modulus__
-
baseBytes__
private static final byte[] baseBytes__ -
base__
-
exponential_length__
private static final int exponential_length__- See Also:
-
keyPairGenerator_
-
keyPair_
-
keyAgreement_
-
paramSpec_
-
SHA_1_PRNG_ALGORITHM
- See Also:
-
SECMEC_USRSSBPWD_SEED_LEN
private static final int SECMEC_USRSSBPWD_SEED_LEN- See Also:
-
hex_table
private static char[] hex_tableRESOLVE: * The methods and static vars below should go into some 'shared' * package when the capability is put back in (StringUtil.java). *
-
-
Constructor Details
-
DecryptionManager
DecryptionManager() throws SQLExceptionEncryptionManager constructor. In this constructor,DHParameterSpec, KeyPairGenerator, KeyPair, and KeyAgreement are initialized.- Throws:
SQLException
- that wraps any error
-
-
Method Details
-
obtainPublicKey
public byte[] obtainPublicKey()This method generates the public key and returns it. This shared public key is the application server's connection key and will be exchanged with the application requester's connection key. This connection key will be put in the sectkn in ACCSECRD command and send to the application requester.- Returns:
- a byte array that is the application server's public key
-
calculateDecryptionToken
private byte[] calculateDecryptionToken(int securityMechanism, byte[] initVector) This method is used to calculate the decryption token. DES encrypts the data using a token and the generated shared private key. The token used depends on the type of security mechanism being used: USRENCPWD - The userid is used as the token. The USRID is zero-padded to 8 bytes if less than 8 bytes or truncated to 8 bytes if greater than 8 bytes. EUSRIDPWD - The middle 8 bytes of the server's connection key is used as the token. Decryption needs to use exactly the same token as encryption.- Parameters:
securityMechanism
- security mechanisminitVector
- userid or server(this side)'s connection key- Returns:
- byte[] the decryption token
-
decryptData
public byte[] decryptData(byte[] cipherText, int securityMechanism, byte[] initVector, byte[] sourcePublicKey) throws SQLException This method generates a secret key using the application requester's public key, and decrypts the usreid/password with the middle 8 bytes of the generated secret key and a decryption token. Then it returns the decrypted data in a byte array.- Parameters:
cipherText
- The byte array form userid/password to decrypt.securityMechanism
- security mechanisminitVector
- The byte array which is used to calculate the decryption token for initializing the ciphersourcePublicKey
- application requester (encrypter)'s public key.- Returns:
- the decrypted data (plain text) in a byte array.
- Throws:
SQLException
-
generateSeed
This method generates an 8-Byte random seed. Required for the SECMEC_USRSSBPWD security mechanism- Returns:
- a random 8-Byte seed.
- Throws:
SQLException
-
toHexString
Convert a byte array to a String with a hexidecimal format. The String may be converted back to a byte array using fromHexString.
For each byte (b) two characaters are generated, the first character represents the high nibble (4 bits) in hexidecimal (b & 0xf0
), the second character represents the low nibble (b & 0x0f
).
The byte atdata[offset]
is represented by the first two characters in the returned String.- Parameters:
data
- byte arrayoffset
- starting byte (zero based) to convert.length
- number of bytes to convert.- Returns:
- the String (with hexidecimal format) form of the byte array
-
toHexByte
Convert a string into a byte array in hex format.
For each character (b) two bytes are generated, the first byte represents the high nibble (4 bits) in hexidecimal (b & 0xf0
), the second byte represents the low nibble (b & 0x0f
).
The character atstr.charAt(0)
is represented by the first two bytes in the returned String.- Parameters:
str
- stringoffset
- starting character (zero based) to convert.length
- number of characters to convert.- Returns:
- the byte[] (with hexidecimal format) form of the string (str)
-