Package org.apache.derby.client.am
Class EncryptionManager
- java.lang.Object
-
- org.apache.derby.client.am.EncryptionManager
-
public class EncryptionManager extends java.lang.Object
-
-
Field Summary
Fields Modifier and Type Field Description private Agent
agent_
private static java.math.BigInteger
base__
private static byte[]
baseBytes__
private static int
exponential_length__
private static char[]
hex_table
RESOLVE: * The methods and static vars below should go into some 'shared' * package when the capability is put back in (StringUtil.java)private javax.crypto.KeyAgreement
keyAgreement_
private java.security.KeyPair
keyPair_
private java.security.KeyPairGenerator
keyPairGenerator_
private java.security.MessageDigest
messageDigest
private static java.math.BigInteger
modulus__
private static byte[]
modulusBytes__
private javax.crypto.spec.DHParameterSpec
paramSpec_
private java.security.Provider
provider
private java.lang.String
providerName
private byte[]
secKey_
private static byte[]
SECMEC_USRSSBPWD_PWDSEQS
private static int
SECMEC_USRSSBPWD_SEED_LEN
private javax.crypto.SecretKeyFactory
secretKeyFactory_
private java.security.SecureRandom
secureRandom
static java.lang.String
SHA_1_DIGEST_ALGORITHM
private static java.lang.String
SHA_1_PRNG_ALGORITHM
private byte[]
token_
-
Constructor Summary
Constructors Constructor Description EncryptionManager(Agent agent)
EncryptionManager(Agent agent, java.lang.String algorithm)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description private byte[]
calculateEncryptionToken(int securityMechanism, byte[] initVector)
byte[]
decryptData(byte[] cipherText, int securityMechanism, byte[] initVector, byte[] targetPublicKey)
byte[]
encryptData(byte[] plainText, int securityMechanism, byte[] initVector, byte[] targetPublicKey)
private byte[]
generatePrivateKey(byte[] targetPublicKey)
byte[]
generateSeed()
This method generates an 8-Byte random seed for the client (source).private void
keyParityCheck(byte[] key)
byte[]
obtainPublicKey()
void
resetSecurityKeys()
byte[]
substitutePassword(java.lang.String userName, java.lang.String password, byte[] sourceSeed_, byte[] targetSeed_)
Strong Password Substitution (USRSSBPWD).private byte[]
toHexByte(java.lang.String str, int offset, int length)
Convert a string into a byte array in hex format.private java.lang.String
toHexString(byte[] data, int offset, int length)
Convert a byte array to a String with a hexadecimal format.
-
-
-
Field Detail
-
agent_
private transient Agent agent_
-
modulusBytes__
private static final byte[] modulusBytes__
-
modulus__
private static final java.math.BigInteger modulus__
-
baseBytes__
private static final byte[] baseBytes__
-
base__
private static final java.math.BigInteger base__
-
exponential_length__
private static final int exponential_length__
- See Also:
- Constant Field Values
-
paramSpec_
private javax.crypto.spec.DHParameterSpec paramSpec_
-
keyPairGenerator_
private java.security.KeyPairGenerator keyPairGenerator_
-
keyPair_
private java.security.KeyPair keyPair_
-
keyAgreement_
private javax.crypto.KeyAgreement keyAgreement_
-
token_
private byte[] token_
-
secKey_
private byte[] secKey_
-
secretKeyFactory_
private javax.crypto.SecretKeyFactory secretKeyFactory_
-
providerName
private java.lang.String providerName
-
provider
private java.security.Provider provider
-
messageDigest
private java.security.MessageDigest messageDigest
-
secureRandom
private java.security.SecureRandom secureRandom
-
SECMEC_USRSSBPWD_SEED_LEN
private static final int SECMEC_USRSSBPWD_SEED_LEN
- See Also:
- Constant Field Values
-
SECMEC_USRSSBPWD_PWDSEQS
private static final byte[] SECMEC_USRSSBPWD_PWDSEQS
-
SHA_1_PRNG_ALGORITHM
private static final java.lang.String SHA_1_PRNG_ALGORITHM
- See Also:
- Constant Field Values
-
SHA_1_DIGEST_ALGORITHM
public static final java.lang.String SHA_1_DIGEST_ALGORITHM
- See Also:
- Constant Field Values
-
hex_table
private static final char[] hex_table
RESOLVE: * The methods and static vars below should go into some 'shared' * package when the capability is put back in (StringUtil.java). *
-
-
Constructor Detail
-
EncryptionManager
public EncryptionManager(Agent agent) throws SqlException
- Throws:
SqlException
-
EncryptionManager
public EncryptionManager(Agent agent, java.lang.String algorithm) throws SqlException
- Throws:
SqlException
-
-
Method Detail
-
obtainPublicKey
public byte[] obtainPublicKey()
-
calculateEncryptionToken
private byte[] calculateEncryptionToken(int securityMechanism, byte[] initVector)
-
keyParityCheck
private void keyParityCheck(byte[] key) throws SqlException
- Throws:
SqlException
-
generatePrivateKey
private byte[] generatePrivateKey(byte[] targetPublicKey) throws SqlException
- Throws:
SqlException
-
encryptData
public byte[] encryptData(byte[] plainText, int securityMechanism, byte[] initVector, byte[] targetPublicKey) throws SqlException
- Throws:
SqlException
-
decryptData
public byte[] decryptData(byte[] cipherText, int securityMechanism, byte[] initVector, byte[] targetPublicKey) throws SqlException
- Throws:
SqlException
-
resetSecurityKeys
public void resetSecurityKeys()
-
generateSeed
public byte[] generateSeed()
This method generates an 8-Byte random seed for the client (source).- Returns:
- a random 8-Byte seed.
-
substitutePassword
public byte[] substitutePassword(java.lang.String userName, java.lang.String password, byte[] sourceSeed_, byte[] targetSeed_) throws SqlException
Strong Password Substitution (USRSSBPWD). This method generates a password substitute to send to the target server. Substitution algorithm works as follow: PW_TOKEN = SHA-1(PW, ID) The password (PW) and user name (ID) can be of any length greater than or equal to 1 byte. The client generates a 20-byte password substitute (PW_SUB) as follows: PW_SUB = SHA-1(PW_TOKEN, RDr, RDs, ID, PWSEQs) w/ (RDs) as the random client seed and (RDr) as the server one. See PWDSSB - Strong Password Substitution Security Mechanism (DRDA Vol.3 - P.650)- Parameters:
userName
- The user's namepassword
- The user's passwordsourceSeed_
- random client seed (RDs)targetSeed_
- random server seed (RDr)- Returns:
- a password substitute.
- Throws:
SqlException
-
toHexString
private java.lang.String toHexString(byte[] data, int offset, int length)
Convert a byte array to a String with a hexadecimal format. The String may be converted back to a byte array using fromHexString.
For each byte (b) two characters are generated, the first character represents the high nibble (4 bits) in hexadecimal (b & 0xf0
), the second character represents the low nibble (b & 0x0f
).
The byte atdata[offset]
is represented by the first two characters in the returned String.- Parameters:
data
- byte arrayoffset
- starting byte (zero based) to convert.length
- number of bytes to convert.- Returns:
- the String (with hexidecimal format) form of the byte array
-
toHexByte
private byte[] toHexByte(java.lang.String str, int offset, int length)
Convert a string into a byte array in hex format.
For each character (b) two bytes are generated, the first byte represents the high nibble (4 bits) in hexadecimal (b & 0xf0
), the second byte represents the low nibble (b & 0x0f
).
The character atstr.charAt(0)
is represented by the first two bytes in the returned String.- Parameters:
str
- stringoffset
- starting character (zero based) to convert.length
- number of characters to convert.- Returns:
- the byte[] (with hexadecimal format) form of the string (str)
-
-