Class EncryptionManager

java.lang.Object
org.apache.derby.client.am.EncryptionManager

public class EncryptionManager extends Object
  • Field Details

    • agent_

      private transient Agent agent_
    • modulusBytes__

      private static final byte[] modulusBytes__
    • modulus__

      private static final BigInteger modulus__
    • baseBytes__

      private static final byte[] baseBytes__
    • base__

      private static final BigInteger base__
    • exponential_length__

      private static final int exponential_length__
      See Also:
    • paramSpec_

      private DHParameterSpec paramSpec_
    • keyPairGenerator_

      private KeyPairGenerator keyPairGenerator_
    • keyPair_

      private KeyPair keyPair_
    • keyAgreement_

      private KeyAgreement keyAgreement_
    • token_

      private byte[] token_
    • secKey_

      private byte[] secKey_
    • secretKeyFactory_

      private SecretKeyFactory secretKeyFactory_
    • providerName

      private String providerName
    • provider

      private Provider provider
    • messageDigest

      private MessageDigest messageDigest
    • secureRandom

      private SecureRandom secureRandom
    • SECMEC_USRSSBPWD_SEED_LEN

      private static final int SECMEC_USRSSBPWD_SEED_LEN
      See Also:
    • SECMEC_USRSSBPWD_PWDSEQS

      private static final byte[] SECMEC_USRSSBPWD_PWDSEQS
    • SHA_1_PRNG_ALGORITHM

      private static final String SHA_1_PRNG_ALGORITHM
      See Also:
    • SHA_1_DIGEST_ALGORITHM

      public static final String SHA_1_DIGEST_ALGORITHM
      See Also:
    • hex_table

      private static final char[] hex_table
      RESOLVE: * The methods and static vars below should go into some 'shared' * package when the capability is put back in (StringUtil.java). *
  • Constructor Details

  • Method Details

    • obtainPublicKey

      public byte[] obtainPublicKey()
    • calculateEncryptionToken

      private byte[] calculateEncryptionToken(int securityMechanism, byte[] initVector)
    • keyParityCheck

      private void keyParityCheck(byte[] key) throws SqlException
      Throws:
      SqlException
    • generatePrivateKey

      private byte[] generatePrivateKey(byte[] targetPublicKey) throws SqlException
      Throws:
      SqlException
    • encryptData

      public byte[] encryptData(byte[] plainText, int securityMechanism, byte[] initVector, byte[] targetPublicKey) throws SqlException
      Throws:
      SqlException
    • decryptData

      public byte[] decryptData(byte[] cipherText, int securityMechanism, byte[] initVector, byte[] targetPublicKey) throws SqlException
      Throws:
      SqlException
    • resetSecurityKeys

      public void resetSecurityKeys()
    • generateSeed

      public byte[] generateSeed()
      This method generates an 8-Byte random seed for the client (source).
      Returns:
      a random 8-Byte seed.
    • substitutePassword

      public byte[] substitutePassword(String userName, String password, byte[] sourceSeed_, byte[] targetSeed_) throws SqlException
      Strong Password Substitution (USRSSBPWD). This method generates a password substitute to send to the target server. Substitution algorithm works as follow: PW_TOKEN = SHA-1(PW, ID) The password (PW) and user name (ID) can be of any length greater than or equal to 1 byte. The client generates a 20-byte password substitute (PW_SUB) as follows: PW_SUB = SHA-1(PW_TOKEN, RDr, RDs, ID, PWSEQs) w/ (RDs) as the random client seed and (RDr) as the server one. See PWDSSB - Strong Password Substitution Security Mechanism (DRDA Vol.3 - P.650)
      Parameters:
      userName - The user's name
      password - The user's password
      sourceSeed_ - random client seed (RDs)
      targetSeed_ - random server seed (RDr)
      Returns:
      a password substitute.
      Throws:
      SqlException
    • toHexString

      private String toHexString(byte[] data, int offset, int length)
      Convert a byte array to a String with a hexadecimal format. The String may be converted back to a byte array using fromHexString.
      For each byte (b) two characters are generated, the first character represents the high nibble (4 bits) in hexadecimal (b & 0xf0), the second character represents the low nibble (b & 0x0f).
      The byte at data[offset] is represented by the first two characters in the returned String.
      Parameters:
      data - byte array
      offset - starting byte (zero based) to convert.
      length - number of bytes to convert.
      Returns:
      the String (with hexidecimal format) form of the byte array
    • toHexByte

      private byte[] toHexByte(String str, int offset, int length)
      Convert a string into a byte array in hex format.
      For each character (b) two bytes are generated, the first byte represents the high nibble (4 bits) in hexadecimal (b & 0xf0), the second byte represents the low nibble (b & 0x0f).
      The character at str.charAt(0) is represented by the first two bytes in the returned String.
      Parameters:
      str - string
      offset - starting character (zero based) to convert.
      length - number of characters to convert.
      Returns:
      the byte[] (with hexadecimal format) form of the string (str)