Package org.apache.derby.client.am
Class EncryptionManager
java.lang.Object
org.apache.derby.client.am.EncryptionManager
-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate Agent
private static final BigInteger
private static final byte[]
private static final int
private static final char[]
RESOLVE: * The methods and static vars below should go into some 'shared' * package when the capability is put back in (StringUtil.java)private KeyAgreement
private KeyPair
private KeyPairGenerator
private MessageDigest
private static final BigInteger
private static final byte[]
private DHParameterSpec
private Provider
private String
private byte[]
private static final byte[]
private static final int
private SecretKeyFactory
private SecureRandom
static final String
private static final String
private byte[]
-
Constructor Summary
ConstructorsConstructorDescriptionEncryptionManager
(Agent agent) EncryptionManager
(Agent agent, String algorithm) -
Method Summary
Modifier and TypeMethodDescriptionprivate byte[]
calculateEncryptionToken
(int securityMechanism, byte[] initVector) byte[]
decryptData
(byte[] cipherText, int securityMechanism, byte[] initVector, byte[] targetPublicKey) byte[]
encryptData
(byte[] plainText, int securityMechanism, byte[] initVector, byte[] targetPublicKey) private byte[]
generatePrivateKey
(byte[] targetPublicKey) byte[]
This method generates an 8-Byte random seed for the client (source).private void
keyParityCheck
(byte[] key) byte[]
void
byte[]
substitutePassword
(String userName, String password, byte[] sourceSeed_, byte[] targetSeed_) Strong Password Substitution (USRSSBPWD).private byte[]
Convert a string into a byte array in hex format.private String
toHexString
(byte[] data, int offset, int length) Convert a byte array to a String with a hexadecimal format.
-
Field Details
-
agent_
-
modulusBytes__
private static final byte[] modulusBytes__ -
modulus__
-
baseBytes__
private static final byte[] baseBytes__ -
base__
-
exponential_length__
private static final int exponential_length__- See Also:
-
paramSpec_
-
keyPairGenerator_
-
keyPair_
-
keyAgreement_
-
token_
private byte[] token_ -
secKey_
private byte[] secKey_ -
secretKeyFactory_
-
providerName
-
provider
-
messageDigest
-
secureRandom
-
SECMEC_USRSSBPWD_SEED_LEN
private static final int SECMEC_USRSSBPWD_SEED_LEN- See Also:
-
SECMEC_USRSSBPWD_PWDSEQS
private static final byte[] SECMEC_USRSSBPWD_PWDSEQS -
SHA_1_PRNG_ALGORITHM
- See Also:
-
SHA_1_DIGEST_ALGORITHM
- See Also:
-
hex_table
private static final char[] hex_tableRESOLVE: * The methods and static vars below should go into some 'shared' * package when the capability is put back in (StringUtil.java). *
-
-
Constructor Details
-
EncryptionManager
- Throws:
SqlException
-
EncryptionManager
- Throws:
SqlException
-
-
Method Details
-
obtainPublicKey
public byte[] obtainPublicKey() -
calculateEncryptionToken
private byte[] calculateEncryptionToken(int securityMechanism, byte[] initVector) -
keyParityCheck
- Throws:
SqlException
-
generatePrivateKey
- Throws:
SqlException
-
encryptData
public byte[] encryptData(byte[] plainText, int securityMechanism, byte[] initVector, byte[] targetPublicKey) throws SqlException - Throws:
SqlException
-
decryptData
public byte[] decryptData(byte[] cipherText, int securityMechanism, byte[] initVector, byte[] targetPublicKey) throws SqlException - Throws:
SqlException
-
resetSecurityKeys
public void resetSecurityKeys() -
generateSeed
public byte[] generateSeed()This method generates an 8-Byte random seed for the client (source).- Returns:
- a random 8-Byte seed.
-
substitutePassword
public byte[] substitutePassword(String userName, String password, byte[] sourceSeed_, byte[] targetSeed_) throws SqlException Strong Password Substitution (USRSSBPWD). This method generates a password substitute to send to the target server. Substitution algorithm works as follow: PW_TOKEN = SHA-1(PW, ID) The password (PW) and user name (ID) can be of any length greater than or equal to 1 byte. The client generates a 20-byte password substitute (PW_SUB) as follows: PW_SUB = SHA-1(PW_TOKEN, RDr, RDs, ID, PWSEQs) w/ (RDs) as the random client seed and (RDr) as the server one. See PWDSSB - Strong Password Substitution Security Mechanism (DRDA Vol.3 - P.650)- Parameters:
userName
- The user's namepassword
- The user's passwordsourceSeed_
- random client seed (RDs)targetSeed_
- random server seed (RDr)- Returns:
- a password substitute.
- Throws:
SqlException
-
toHexString
Convert a byte array to a String with a hexadecimal format. The String may be converted back to a byte array using fromHexString.
For each byte (b) two characters are generated, the first character represents the high nibble (4 bits) in hexadecimal (b & 0xf0
), the second character represents the low nibble (b & 0x0f
).
The byte atdata[offset]
is represented by the first two characters in the returned String.- Parameters:
data
- byte arrayoffset
- starting byte (zero based) to convert.length
- number of bytes to convert.- Returns:
- the String (with hexidecimal format) form of the byte array
-
toHexByte
Convert a string into a byte array in hex format.
For each character (b) two bytes are generated, the first byte represents the high nibble (4 bits) in hexadecimal (b & 0xf0
), the second byte represents the low nibble (b & 0x0f
).
The character atstr.charAt(0)
is represented by the first two bytes in the returned String.- Parameters:
str
- stringoffset
- starting character (zero based) to convert.length
- number of characters to convert.- Returns:
- the byte[] (with hexadecimal format) form of the string (str)
-