Class EncryptionManager


  • public class EncryptionManager
    extends java.lang.Object
    • Field Detail

      • agent_

        private transient Agent agent_
      • modulusBytes__

        private static final byte[] modulusBytes__
      • modulus__

        private static final java.math.BigInteger modulus__
      • baseBytes__

        private static final byte[] baseBytes__
      • base__

        private static final java.math.BigInteger base__
      • paramSpec_

        private javax.crypto.spec.DHParameterSpec paramSpec_
      • keyPairGenerator_

        private java.security.KeyPairGenerator keyPairGenerator_
      • keyPair_

        private java.security.KeyPair keyPair_
      • keyAgreement_

        private javax.crypto.KeyAgreement keyAgreement_
      • token_

        private byte[] token_
      • secKey_

        private byte[] secKey_
      • secretKeyFactory_

        private javax.crypto.SecretKeyFactory secretKeyFactory_
      • providerName

        private java.lang.String providerName
      • provider

        private java.security.Provider provider
      • messageDigest

        private java.security.MessageDigest messageDigest
      • secureRandom

        private java.security.SecureRandom secureRandom
      • SECMEC_USRSSBPWD_SEED_LEN

        private static final int SECMEC_USRSSBPWD_SEED_LEN
        See Also:
        Constant Field Values
      • SECMEC_USRSSBPWD_PWDSEQS

        private static final byte[] SECMEC_USRSSBPWD_PWDSEQS
      • SHA_1_PRNG_ALGORITHM

        private static final java.lang.String SHA_1_PRNG_ALGORITHM
        See Also:
        Constant Field Values
      • SHA_1_DIGEST_ALGORITHM

        public static final java.lang.String SHA_1_DIGEST_ALGORITHM
        See Also:
        Constant Field Values
      • hex_table

        private static final char[] hex_table
        RESOLVE: * The methods and static vars below should go into some 'shared' * package when the capability is put back in (StringUtil.java). *
    • Method Detail

      • obtainPublicKey

        public byte[] obtainPublicKey()
      • calculateEncryptionToken

        private byte[] calculateEncryptionToken​(int securityMechanism,
                                                byte[] initVector)
      • generatePrivateKey

        private byte[] generatePrivateKey​(byte[] targetPublicKey)
                                   throws SqlException
        Throws:
        SqlException
      • encryptData

        public byte[] encryptData​(byte[] plainText,
                                  int securityMechanism,
                                  byte[] initVector,
                                  byte[] targetPublicKey)
                           throws SqlException
        Throws:
        SqlException
      • decryptData

        public byte[] decryptData​(byte[] cipherText,
                                  int securityMechanism,
                                  byte[] initVector,
                                  byte[] targetPublicKey)
                           throws SqlException
        Throws:
        SqlException
      • resetSecurityKeys

        public void resetSecurityKeys()
      • generateSeed

        public byte[] generateSeed()
        This method generates an 8-Byte random seed for the client (source).
        Returns:
        a random 8-Byte seed.
      • substitutePassword

        public byte[] substitutePassword​(java.lang.String userName,
                                         java.lang.String password,
                                         byte[] sourceSeed_,
                                         byte[] targetSeed_)
                                  throws SqlException
        Strong Password Substitution (USRSSBPWD). This method generates a password substitute to send to the target server. Substitution algorithm works as follow: PW_TOKEN = SHA-1(PW, ID) The password (PW) and user name (ID) can be of any length greater than or equal to 1 byte. The client generates a 20-byte password substitute (PW_SUB) as follows: PW_SUB = SHA-1(PW_TOKEN, RDr, RDs, ID, PWSEQs) w/ (RDs) as the random client seed and (RDr) as the server one. See PWDSSB - Strong Password Substitution Security Mechanism (DRDA Vol.3 - P.650)
        Parameters:
        userName - The user's name
        password - The user's password
        sourceSeed_ - random client seed (RDs)
        targetSeed_ - random server seed (RDr)
        Returns:
        a password substitute.
        Throws:
        SqlException
      • toHexString

        private java.lang.String toHexString​(byte[] data,
                                             int offset,
                                             int length)
        Convert a byte array to a String with a hexadecimal format. The String may be converted back to a byte array using fromHexString.
        For each byte (b) two characters are generated, the first character represents the high nibble (4 bits) in hexadecimal (b & 0xf0), the second character represents the low nibble (b & 0x0f).
        The byte at data[offset] is represented by the first two characters in the returned String.
        Parameters:
        data - byte array
        offset - starting byte (zero based) to convert.
        length - number of bytes to convert.
        Returns:
        the String (with hexidecimal format) form of the byte array
      • toHexByte

        private byte[] toHexByte​(java.lang.String str,
                                 int offset,
                                 int length)
        Convert a string into a byte array in hex format.
        For each character (b) two bytes are generated, the first byte represents the high nibble (4 bits) in hexadecimal (b & 0xf0), the second byte represents the low nibble (b & 0x0f).
        The character at str.charAt(0) is represented by the first two bytes in the returned String.
        Parameters:
        str - string
        offset - starting character (zero based) to convert.
        length - number of characters to convert.
        Returns:
        the byte[] (with hexadecimal format) form of the string (str)