Class DecryptionManager


  • class DecryptionManager
    extends java.lang.Object
    This class is used to decrypt password and/or userid. It uses Diffie_Hellman algorithm to get the publick key and secret key, and then DES encryption is done using certain token (based on security mechanism) and this side's own public key. Basically, this class is called when using a security mechanism that encrypts user ID and password (eusridpwd). This class uses IBM JCE to do Diffie_Hellman algorithm and DES encryption.
    • Constructor Summary

      Constructors 
      Constructor Description
      DecryptionManager()
      EncryptionManager constructor.
    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      private byte[] calculateDecryptionToken​(int securityMechanism, byte[] initVector)
      This method is used to calculate the decryption token.
      byte[] decryptData​(byte[] cipherText, int securityMechanism, byte[] initVector, byte[] sourcePublicKey)
      This method generates a secret key using the application requester's public key, and decrypts the usreid/password with the middle 8 bytes of the generated secret key and a decryption token.
      protected static byte[] generateSeed()
      This method generates an 8-Byte random seed.
      byte[] obtainPublicKey()
      This method generates the public key and returns it.
      protected static byte[] toHexByte​(java.lang.String str, int offset, int length)
      Convert a string into a byte array in hex format.
      protected static java.lang.String toHexString​(byte[] data, int offset, int length)
      Convert a byte array to a String with a hexidecimal format.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Field Detail

      • modulusBytes__

        private static final byte[] modulusBytes__
      • modulus__

        private static final java.math.BigInteger modulus__
      • baseBytes__

        private static final byte[] baseBytes__
      • base__

        private static final java.math.BigInteger base__
      • keyPairGenerator_

        private java.security.KeyPairGenerator keyPairGenerator_
      • keyPair_

        private java.security.KeyPair keyPair_
      • keyAgreement_

        private javax.crypto.KeyAgreement keyAgreement_
      • paramSpec_

        private javax.crypto.spec.DHParameterSpec paramSpec_
      • SHA_1_PRNG_ALGORITHM

        private static final java.lang.String SHA_1_PRNG_ALGORITHM
        See Also:
        Constant Field Values
      • SECMEC_USRSSBPWD_SEED_LEN

        private static final int SECMEC_USRSSBPWD_SEED_LEN
        See Also:
        Constant Field Values
      • hex_table

        private static char[] hex_table
        RESOLVE: * The methods and static vars below should go into some 'shared' * package when the capability is put back in (StringUtil.java). *
    • Constructor Detail

      • DecryptionManager

        DecryptionManager()
                   throws java.sql.SQLException
        EncryptionManager constructor. In this constructor,DHParameterSpec, KeyPairGenerator, KeyPair, and KeyAgreement are initialized.
        Throws:
        java.sql.SQLException - that wraps any error
    • Method Detail

      • obtainPublicKey

        public byte[] obtainPublicKey()
        This method generates the public key and returns it. This shared public key is the application server's connection key and will be exchanged with the application requester's connection key. This connection key will be put in the sectkn in ACCSECRD command and send to the application requester.
        Returns:
        a byte array that is the application server's public key
      • calculateDecryptionToken

        private byte[] calculateDecryptionToken​(int securityMechanism,
                                                byte[] initVector)
        This method is used to calculate the decryption token. DES encrypts the data using a token and the generated shared private key. The token used depends on the type of security mechanism being used: USRENCPWD - The userid is used as the token. The USRID is zero-padded to 8 bytes if less than 8 bytes or truncated to 8 bytes if greater than 8 bytes. EUSRIDPWD - The middle 8 bytes of the server's connection key is used as the token. Decryption needs to use exactly the same token as encryption.
        Parameters:
        securityMechanism - security mechanism
        initVector - userid or server(this side)'s connection key
        Returns:
        byte[] the decryption token
      • decryptData

        public byte[] decryptData​(byte[] cipherText,
                                  int securityMechanism,
                                  byte[] initVector,
                                  byte[] sourcePublicKey)
                           throws java.sql.SQLException
        This method generates a secret key using the application requester's public key, and decrypts the usreid/password with the middle 8 bytes of the generated secret key and a decryption token. Then it returns the decrypted data in a byte array.
        Parameters:
        cipherText - The byte array form userid/password to decrypt.
        securityMechanism - security mechanism
        initVector - The byte array which is used to calculate the decryption token for initializing the cipher
        sourcePublicKey - application requester (encrypter)'s public key.
        Returns:
        the decrypted data (plain text) in a byte array.
        Throws:
        java.sql.SQLException
      • generateSeed

        protected static byte[] generateSeed()
                                      throws java.sql.SQLException
        This method generates an 8-Byte random seed. Required for the SECMEC_USRSSBPWD security mechanism
        Returns:
        a random 8-Byte seed.
        Throws:
        java.sql.SQLException
      • toHexString

        protected static java.lang.String toHexString​(byte[] data,
                                                      int offset,
                                                      int length)
        Convert a byte array to a String with a hexidecimal format. The String may be converted back to a byte array using fromHexString.
        For each byte (b) two characaters are generated, the first character represents the high nibble (4 bits) in hexidecimal (b & 0xf0), the second character represents the low nibble (b & 0x0f).
        The byte at data[offset] is represented by the first two characters in the returned String.
        Parameters:
        data - byte array
        offset - starting byte (zero based) to convert.
        length - number of bytes to convert.
        Returns:
        the String (with hexidecimal format) form of the byte array
      • toHexByte

        protected static byte[] toHexByte​(java.lang.String str,
                                          int offset,
                                          int length)
        Convert a string into a byte array in hex format.
        For each character (b) two bytes are generated, the first byte represents the high nibble (4 bits) in hexidecimal (b & 0xf0), the second byte represents the low nibble (b & 0x0f).
        The character at str.charAt(0) is represented by the first two bytes in the returned String.
        Parameters:
        str - string
        offset - starting character (zero based) to convert.
        length - number of characters to convert.
        Returns:
        the byte[] (with hexidecimal format) form of the string (str)