org.apache.derby.client.am
Class EncryptionManager

java.lang.Object
  org.apache.derby.client.am.EncryptionManager

public class EncryptionManager
extends java.lang.Object

Field Summary

(package private) Agent	agent_
private static java.math.BigInteger	base__
private static byte[]	baseBytes__
private static int	exponential_length__
private static char[]	hex_table RESOLVE: * The methods and static vars below should go into some 'shared' * package when the capability is put back in (StringUtil.java)
private javax.crypto.KeyAgreement	keyAgreement_
private java.security.KeyPair	keyPair_
private java.security.KeyPairGenerator	keyPairGenerator_
private java.security.MessageDigest	messageDigest
private static java.math.BigInteger	modulus__
private static byte[]	modulusBytes__
private javax.crypto.spec.DHParameterSpec	paramSpec_
private java.security.Provider	provider
private java.lang.String	providerName
private byte[]	secKey_
private static byte[]	SECMEC_USRSSBPWD_PWDSEQS
private static int	SECMEC_USRSSBPWD_SEED_LEN
private javax.crypto.SecretKeyFactory	secretKeyFactory_
private java.security.SecureRandom	secureRandom
static java.lang.String	SHA_1_DIGEST_ALGORITHM
private static java.lang.String	SHA_1_PRNG_ALGORITHM
private byte[]	token_

Constructor Summary

EncryptionManager(Agent agent)

EncryptionManager(Agent agent, java.lang.String algorithm)

Method Summary

private byte[]	calculateEncryptionToken(int securityMechanism, byte[] initVector)
byte[]	decryptData(byte[] cipherText, int securityMechanism, byte[] initVector, byte[] targetPublicKey)
byte[]	encryptData(byte[] plainText, int securityMechanism, byte[] initVector, byte[] targetPublicKey)
private byte[]	generatePrivateKey(byte[] targetPublicKey)
byte[]	generateSeed() This method generates an 8-Byte random seed for the client (source).
private void	keyParityCheck(byte[] key)
byte[]	obtainPublicKey()
void	resetSecurityKeys()
void	setInitVector(byte[] initVector)
void	setSecKey(byte[] secKey)
byte[]	substitutePassword(java.lang.String userName, java.lang.String password, byte[] sourceSeed_, byte[] targetSeed_) Strong Password Substitution (USRSSBPWD).
private byte[]	toHexByte(java.lang.String str, int offset, int length) Convert a string into a byte array in hex format.
private java.lang.String	toHexString(byte[] data, int offset, int length) Convert a byte array to a String with a hexidecimal format.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

agent_

transient Agent agent_

modulusBytes__

private static final byte[] modulusBytes__

modulus__

private static final java.math.BigInteger modulus__

baseBytes__

private static final byte[] baseBytes__

base__

private static final java.math.BigInteger base__

exponential_length__

private static final int exponential_length__

See Also:

Constant Field Values

paramSpec_

private javax.crypto.spec.DHParameterSpec paramSpec_

keyPairGenerator_

private java.security.KeyPairGenerator keyPairGenerator_

keyPair_

private java.security.KeyPair keyPair_

keyAgreement_

private javax.crypto.KeyAgreement keyAgreement_

token_

private byte[] token_

secKey_

private byte[] secKey_

secretKeyFactory_

private javax.crypto.SecretKeyFactory secretKeyFactory_

providerName

private java.lang.String providerName

provider

private java.security.Provider provider

messageDigest

private java.security.MessageDigest messageDigest

secureRandom

private java.security.SecureRandom secureRandom

SECMEC_USRSSBPWD_SEED_LEN

private static final int SECMEC_USRSSBPWD_SEED_LEN

See Also:

Constant Field Values

SECMEC_USRSSBPWD_PWDSEQS

private static final byte[] SECMEC_USRSSBPWD_PWDSEQS

SHA_1_PRNG_ALGORITHM

private static final java.lang.String SHA_1_PRNG_ALGORITHM

See Also:

Constant Field Values

SHA_1_DIGEST_ALGORITHM

public static final java.lang.String SHA_1_DIGEST_ALGORITHM

See Also:

Constant Field Values

hex_table

private static final char[] hex_table

RESOLVE: * The methods and static vars below should go into some 'shared' * package when the capability is put back in (StringUtil.java). *

Constructor Detail

EncryptionManager

public EncryptionManager(Agent agent)
                  throws SqlException

Throws:

SqlException

EncryptionManager

public EncryptionManager(Agent agent,
                         java.lang.String algorithm)
                  throws SqlException

Throws:

SqlException

Method Detail

obtainPublicKey

public byte[] obtainPublicKey()

calculateEncryptionToken

private byte[] calculateEncryptionToken(int securityMechanism,
                                        byte[] initVector)

keyParityCheck

private void keyParityCheck(byte[] key)
                     throws SqlException

Throws:

SqlException

generatePrivateKey

private byte[] generatePrivateKey(byte[] targetPublicKey)
                           throws SqlException

Throws:

SqlException

encryptData

public byte[] encryptData(byte[] plainText,
                          int securityMechanism,
                          byte[] initVector,
                          byte[] targetPublicKey)
                   throws SqlException

Throws:

SqlException

decryptData

public byte[] decryptData(byte[] cipherText,
                          int securityMechanism,
                          byte[] initVector,
                          byte[] targetPublicKey)
                   throws SqlException

Throws:

SqlException

setInitVector

public void setInitVector(byte[] initVector)

setSecKey

public void setSecKey(byte[] secKey)

resetSecurityKeys

public void resetSecurityKeys()

generateSeed

public byte[] generateSeed()

This method generates an 8-Byte random seed for the client (source).

Returns:

a random 8-Byte seed.

substitutePassword

public byte[] substitutePassword(java.lang.String userName,
                                 java.lang.String password,
                                 byte[] sourceSeed_,
                                 byte[] targetSeed_)
                          throws SqlException

Strong Password Substitution (USRSSBPWD). This method generates a password substitute to send to the target server. Substitution algorithm works as follow: PW_TOKEN = SHA-1(PW, ID) The password (PW) and user name (ID) can be of any length greater than or equal to 1 byte. The client generates a 20-byte password substitute (PW_SUB) as follows: PW_SUB = SHA-1(PW_TOKEN, RDr, RDs, ID, PWSEQs) w/ (RDs) as the random client seed and (RDr) as the server one. See PWDSSB - Strong Password Substitution Security Mechanism (DRDA Vol.3 - P.650)

Parameters:

userName - The user's name

password - The user's password

sourceSeed_ - random client seed (RDs)

targetSeed_ - random server seed (RDr)

Returns:

a password substitute.

Throws:

SqlException

toHexString

private java.lang.String toHexString(byte[] data,
                                     int offset,
                                     int length)

Convert a byte array to a String with a hexidecimal format. The String may be converted back to a byte array using fromHexString.
For each byte (b) two characaters are generated, the first character represents the high nibble (4 bits) in hexidecimal (b & 0xf0), the second character represents the low nibble (b & 0x0f).
The byte at data[offset] is represented by the first two characters in the returned String.

Parameters:

data - byte array

offset - starting byte (zero based) to convert.

length - number of bytes to convert.

Returns:

the String (with hexidecimal format) form of the byte array

toHexByte

private byte[] toHexByte(java.lang.String str,
                         int offset,
                         int length)

Convert a string into a byte array in hex format.
For each character (b) two bytes are generated, the first byte represents the high nibble (4 bits) in hexidecimal (b & 0xf0), the second byte represents the low nibble (b & 0x0f).
The character at str.charAt(0) is represented by the first two bytes in the returned String.

Parameters:

str - string

offset - starting character (zero based) to convert.

length - number of characters to convert.

Returns:

the byte[] (with hexidecimal format) form of the string (str)