Class DecryptionManager

java.lang.Object
org.apache.derby.impl.drda.DecryptionManager

class DecryptionManager extends Object
This class is used to decrypt password and/or userid. It uses Diffie_Hellman algorithm to get the publick key and secret key, and then DES encryption is done using certain token (based on security mechanism) and this side's own public key. Basically, this class is called when using a security mechanism that encrypts user ID and password (eusridpwd). This class uses IBM JCE to do Diffie_Hellman algorithm and DES encryption.
  • Field Details

    • modulusBytes__

      private static final byte[] modulusBytes__
    • modulus__

      private static final BigInteger modulus__
    • baseBytes__

      private static final byte[] baseBytes__
    • base__

      private static final BigInteger base__
    • exponential_length__

      private static final int exponential_length__
      See Also:
    • keyPairGenerator_

      private KeyPairGenerator keyPairGenerator_
    • keyPair_

      private KeyPair keyPair_
    • keyAgreement_

      private KeyAgreement keyAgreement_
    • paramSpec_

      private DHParameterSpec paramSpec_
    • SHA_1_PRNG_ALGORITHM

      private static final String SHA_1_PRNG_ALGORITHM
      See Also:
    • SECMEC_USRSSBPWD_SEED_LEN

      private static final int SECMEC_USRSSBPWD_SEED_LEN
      See Also:
    • hex_table

      private static char[] hex_table
      RESOLVE: * The methods and static vars below should go into some 'shared' * package when the capability is put back in (StringUtil.java). *
  • Constructor Details

    • DecryptionManager

      DecryptionManager() throws SQLException
      EncryptionManager constructor. In this constructor,DHParameterSpec, KeyPairGenerator, KeyPair, and KeyAgreement are initialized.
      Throws:
      SQLException - that wraps any error
  • Method Details

    • obtainPublicKey

      public byte[] obtainPublicKey()
      This method generates the public key and returns it. This shared public key is the application server's connection key and will be exchanged with the application requester's connection key. This connection key will be put in the sectkn in ACCSECRD command and send to the application requester.
      Returns:
      a byte array that is the application server's public key
    • calculateDecryptionToken

      private byte[] calculateDecryptionToken(int securityMechanism, byte[] initVector)
      This method is used to calculate the decryption token. DES encrypts the data using a token and the generated shared private key. The token used depends on the type of security mechanism being used: USRENCPWD - The userid is used as the token. The USRID is zero-padded to 8 bytes if less than 8 bytes or truncated to 8 bytes if greater than 8 bytes. EUSRIDPWD - The middle 8 bytes of the server's connection key is used as the token. Decryption needs to use exactly the same token as encryption.
      Parameters:
      securityMechanism - security mechanism
      initVector - userid or server(this side)'s connection key
      Returns:
      byte[] the decryption token
    • decryptData

      public byte[] decryptData(byte[] cipherText, int securityMechanism, byte[] initVector, byte[] sourcePublicKey) throws SQLException
      This method generates a secret key using the application requester's public key, and decrypts the usreid/password with the middle 8 bytes of the generated secret key and a decryption token. Then it returns the decrypted data in a byte array.
      Parameters:
      cipherText - The byte array form userid/password to decrypt.
      securityMechanism - security mechanism
      initVector - The byte array which is used to calculate the decryption token for initializing the cipher
      sourcePublicKey - application requester (encrypter)'s public key.
      Returns:
      the decrypted data (plain text) in a byte array.
      Throws:
      SQLException
    • generateSeed

      protected static byte[] generateSeed() throws SQLException
      This method generates an 8-Byte random seed. Required for the SECMEC_USRSSBPWD security mechanism
      Returns:
      a random 8-Byte seed.
      Throws:
      SQLException
    • toHexString

      protected static String toHexString(byte[] data, int offset, int length)
      Convert a byte array to a String with a hexidecimal format. The String may be converted back to a byte array using fromHexString.
      For each byte (b) two characaters are generated, the first character represents the high nibble (4 bits) in hexidecimal (b & 0xf0), the second character represents the low nibble (b & 0x0f).
      The byte at data[offset] is represented by the first two characters in the returned String.
      Parameters:
      data - byte array
      offset - starting byte (zero based) to convert.
      length - number of bytes to convert.
      Returns:
      the String (with hexidecimal format) form of the byte array
    • toHexByte

      protected static byte[] toHexByte(String str, int offset, int length)
      Convert a string into a byte array in hex format.
      For each character (b) two bytes are generated, the first byte represents the high nibble (4 bits) in hexidecimal (b & 0xf0), the second byte represents the low nibble (b & 0x0f).
      The character at str.charAt(0) is represented by the first two bytes in the returned String.
      Parameters:
      str - string
      offset - starting character (zero based) to convert.
      length - number of characters to convert.
      Returns:
      the byte[] (with hexidecimal format) form of the string (str)