Package org.apache.derby.impl.drda
Class DecryptionManager
- java.lang.Object
-
- org.apache.derby.impl.drda.DecryptionManager
-
class DecryptionManager extends java.lang.Object
This class is used to decrypt password and/or userid. It uses Diffie_Hellman algorithm to get the publick key and secret key, and then DES encryption is done using certain token (based on security mechanism) and this side's own public key. Basically, this class is called when using a security mechanism that encrypts user ID and password (eusridpwd). This class uses IBM JCE to do Diffie_Hellman algorithm and DES encryption.
-
-
Field Summary
Fields Modifier and Type Field Description private static java.math.BigInteger
base__
private static byte[]
baseBytes__
private static int
exponential_length__
private static char[]
hex_table
RESOLVE: * The methods and static vars below should go into some 'shared' * package when the capability is put back in (StringUtil.java)private javax.crypto.KeyAgreement
keyAgreement_
private java.security.KeyPair
keyPair_
private java.security.KeyPairGenerator
keyPairGenerator_
private static java.math.BigInteger
modulus__
private static byte[]
modulusBytes__
private javax.crypto.spec.DHParameterSpec
paramSpec_
private static int
SECMEC_USRSSBPWD_SEED_LEN
private static java.lang.String
SHA_1_PRNG_ALGORITHM
-
Constructor Summary
Constructors Constructor Description DecryptionManager()
EncryptionManager constructor.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description private byte[]
calculateDecryptionToken(int securityMechanism, byte[] initVector)
This method is used to calculate the decryption token.byte[]
decryptData(byte[] cipherText, int securityMechanism, byte[] initVector, byte[] sourcePublicKey)
This method generates a secret key using the application requester's public key, and decrypts the usreid/password with the middle 8 bytes of the generated secret key and a decryption token.protected static byte[]
generateSeed()
This method generates an 8-Byte random seed.byte[]
obtainPublicKey()
This method generates the public key and returns it.protected static byte[]
toHexByte(java.lang.String str, int offset, int length)
Convert a string into a byte array in hex format.protected static java.lang.String
toHexString(byte[] data, int offset, int length)
Convert a byte array to a String with a hexidecimal format.
-
-
-
Field Detail
-
modulusBytes__
private static final byte[] modulusBytes__
-
modulus__
private static final java.math.BigInteger modulus__
-
baseBytes__
private static final byte[] baseBytes__
-
base__
private static final java.math.BigInteger base__
-
exponential_length__
private static final int exponential_length__
- See Also:
- Constant Field Values
-
keyPairGenerator_
private java.security.KeyPairGenerator keyPairGenerator_
-
keyPair_
private java.security.KeyPair keyPair_
-
keyAgreement_
private javax.crypto.KeyAgreement keyAgreement_
-
paramSpec_
private javax.crypto.spec.DHParameterSpec paramSpec_
-
SHA_1_PRNG_ALGORITHM
private static final java.lang.String SHA_1_PRNG_ALGORITHM
- See Also:
- Constant Field Values
-
SECMEC_USRSSBPWD_SEED_LEN
private static final int SECMEC_USRSSBPWD_SEED_LEN
- See Also:
- Constant Field Values
-
hex_table
private static char[] hex_table
RESOLVE: * The methods and static vars below should go into some 'shared' * package when the capability is put back in (StringUtil.java). *
-
-
Method Detail
-
obtainPublicKey
public byte[] obtainPublicKey()
This method generates the public key and returns it. This shared public key is the application server's connection key and will be exchanged with the application requester's connection key. This connection key will be put in the sectkn in ACCSECRD command and send to the application requester.- Returns:
- a byte array that is the application server's public key
-
calculateDecryptionToken
private byte[] calculateDecryptionToken(int securityMechanism, byte[] initVector)
This method is used to calculate the decryption token. DES encrypts the data using a token and the generated shared private key. The token used depends on the type of security mechanism being used: USRENCPWD - The userid is used as the token. The USRID is zero-padded to 8 bytes if less than 8 bytes or truncated to 8 bytes if greater than 8 bytes. EUSRIDPWD - The middle 8 bytes of the server's connection key is used as the token. Decryption needs to use exactly the same token as encryption.- Parameters:
securityMechanism
- security mechanisminitVector
- userid or server(this side)'s connection key- Returns:
- byte[] the decryption token
-
decryptData
public byte[] decryptData(byte[] cipherText, int securityMechanism, byte[] initVector, byte[] sourcePublicKey) throws java.sql.SQLException
This method generates a secret key using the application requester's public key, and decrypts the usreid/password with the middle 8 bytes of the generated secret key and a decryption token. Then it returns the decrypted data in a byte array.- Parameters:
cipherText
- The byte array form userid/password to decrypt.securityMechanism
- security mechanisminitVector
- The byte array which is used to calculate the decryption token for initializing the ciphersourcePublicKey
- application requester (encrypter)'s public key.- Returns:
- the decrypted data (plain text) in a byte array.
- Throws:
java.sql.SQLException
-
generateSeed
protected static byte[] generateSeed() throws java.sql.SQLException
This method generates an 8-Byte random seed. Required for the SECMEC_USRSSBPWD security mechanism- Returns:
- a random 8-Byte seed.
- Throws:
java.sql.SQLException
-
toHexString
protected static java.lang.String toHexString(byte[] data, int offset, int length)
Convert a byte array to a String with a hexidecimal format. The String may be converted back to a byte array using fromHexString.
For each byte (b) two characaters are generated, the first character represents the high nibble (4 bits) in hexidecimal (b & 0xf0
), the second character represents the low nibble (b & 0x0f
).
The byte atdata[offset]
is represented by the first two characters in the returned String.- Parameters:
data
- byte arrayoffset
- starting byte (zero based) to convert.length
- number of bytes to convert.- Returns:
- the String (with hexidecimal format) form of the byte array
-
toHexByte
protected static byte[] toHexByte(java.lang.String str, int offset, int length)
Convert a string into a byte array in hex format.
For each character (b) two bytes are generated, the first byte represents the high nibble (4 bits) in hexidecimal (b & 0xf0
), the second byte represents the low nibble (b & 0x0f
).
The character atstr.charAt(0)
is represented by the first two bytes in the returned String.- Parameters:
str
- stringoffset
- starting character (zero based) to convert.length
- number of characters to convert.- Returns:
- the byte[] (with hexidecimal format) form of the string (str)
-
-