org.apache.derby.client.am
Class EncryptionManager

java.lang.Object
  extended by org.apache.derby.client.am.EncryptionManager

public class EncryptionManager
extends java.lang.Object


Field Summary
(package private)  Agent agent_
           
private static java.math.BigInteger base__
           
private static byte[] baseBytes__
           
private static int exponential_length__
           
private static char[] hex_table
          RESOLVE: * The methods and static vars below should go into some 'shared' * package when the capability is put back in (StringUtil.java)
private  javax.crypto.KeyAgreement keyAgreement_
           
private  java.security.KeyPair keyPair_
           
private  java.security.KeyPairGenerator keyPairGenerator_
           
private  java.security.MessageDigest messageDigest
           
private static java.math.BigInteger modulus__
           
private static byte[] modulusBytes__
           
private  javax.crypto.spec.DHParameterSpec paramSpec_
           
private  java.security.Provider provider
           
private  java.lang.String providerName
           
private  byte[] secKey_
           
private static byte[] SECMEC_USRSSBPWD_PWDSEQS
           
private static int SECMEC_USRSSBPWD_SEED_LEN
           
private  javax.crypto.SecretKeyFactory secretKeyFactory_
           
private  java.security.SecureRandom secureRandom
           
static java.lang.String SHA_1_DIGEST_ALGORITHM
           
private static java.lang.String SHA_1_PRNG_ALGORITHM
           
private  byte[] token_
           
 
Constructor Summary
EncryptionManager(Agent agent)
           
EncryptionManager(Agent agent, java.lang.String algorithm)
           
 
Method Summary
private  byte[] calculateEncryptionToken(int securityMechanism, byte[] initVector)
           
 byte[] decryptData(byte[] cipherText, int securityMechanism, byte[] initVector, byte[] targetPublicKey)
           
 byte[] encryptData(byte[] plainText, int securityMechanism, byte[] initVector, byte[] targetPublicKey)
           
private  byte[] generatePrivateKey(byte[] targetPublicKey)
           
 byte[] generateSeed()
          This method generates an 8-Byte random seed for the client (source).
private  void keyParityCheck(byte[] key)
           
 byte[] obtainPublicKey()
           
 void resetSecurityKeys()
           
 void setInitVector(byte[] initVector)
           
 void setSecKey(byte[] secKey)
           
 byte[] substitutePassword(java.lang.String userName, java.lang.String password, byte[] sourceSeed_, byte[] targetSeed_)
          Strong Password Substitution (USRSSBPWD).
private  byte[] toHexByte(java.lang.String str, int offset, int length)
          Convert a string into a byte array in hex format.
private  java.lang.String toHexString(byte[] data, int offset, int length)
          Convert a byte array to a String with a hexidecimal format.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

agent_

transient Agent agent_

modulusBytes__

private static final byte[] modulusBytes__

modulus__

private static final java.math.BigInteger modulus__

baseBytes__

private static final byte[] baseBytes__

base__

private static final java.math.BigInteger base__

exponential_length__

private static final int exponential_length__
See Also:
Constant Field Values

paramSpec_

private javax.crypto.spec.DHParameterSpec paramSpec_

keyPairGenerator_

private java.security.KeyPairGenerator keyPairGenerator_

keyPair_

private java.security.KeyPair keyPair_

keyAgreement_

private javax.crypto.KeyAgreement keyAgreement_

token_

private byte[] token_

secKey_

private byte[] secKey_

secretKeyFactory_

private javax.crypto.SecretKeyFactory secretKeyFactory_

providerName

private java.lang.String providerName

provider

private java.security.Provider provider

messageDigest

private java.security.MessageDigest messageDigest

secureRandom

private java.security.SecureRandom secureRandom

SECMEC_USRSSBPWD_SEED_LEN

private static final int SECMEC_USRSSBPWD_SEED_LEN
See Also:
Constant Field Values

SECMEC_USRSSBPWD_PWDSEQS

private static final byte[] SECMEC_USRSSBPWD_PWDSEQS

SHA_1_PRNG_ALGORITHM

private static final java.lang.String SHA_1_PRNG_ALGORITHM
See Also:
Constant Field Values

SHA_1_DIGEST_ALGORITHM

public static final java.lang.String SHA_1_DIGEST_ALGORITHM
See Also:
Constant Field Values

hex_table

private static final char[] hex_table
RESOLVE: * The methods and static vars below should go into some 'shared' * package when the capability is put back in (StringUtil.java). *

Constructor Detail

EncryptionManager

public EncryptionManager(Agent agent)
                  throws SqlException
Throws:
SqlException

EncryptionManager

public EncryptionManager(Agent agent,
                         java.lang.String algorithm)
                  throws SqlException
Throws:
SqlException
Method Detail

obtainPublicKey

public byte[] obtainPublicKey()

calculateEncryptionToken

private byte[] calculateEncryptionToken(int securityMechanism,
                                        byte[] initVector)

keyParityCheck

private void keyParityCheck(byte[] key)
                     throws SqlException
Throws:
SqlException

generatePrivateKey

private byte[] generatePrivateKey(byte[] targetPublicKey)
                           throws SqlException
Throws:
SqlException

encryptData

public byte[] encryptData(byte[] plainText,
                          int securityMechanism,
                          byte[] initVector,
                          byte[] targetPublicKey)
                   throws SqlException
Throws:
SqlException

decryptData

public byte[] decryptData(byte[] cipherText,
                          int securityMechanism,
                          byte[] initVector,
                          byte[] targetPublicKey)
                   throws SqlException
Throws:
SqlException

setInitVector

public void setInitVector(byte[] initVector)

setSecKey

public void setSecKey(byte[] secKey)

resetSecurityKeys

public void resetSecurityKeys()

generateSeed

public byte[] generateSeed()
This method generates an 8-Byte random seed for the client (source).

Returns:
a random 8-Byte seed.

substitutePassword

public byte[] substitutePassword(java.lang.String userName,
                                 java.lang.String password,
                                 byte[] sourceSeed_,
                                 byte[] targetSeed_)
                          throws SqlException
Strong Password Substitution (USRSSBPWD). This method generates a password substitute to send to the target server. Substitution algorithm works as follow: PW_TOKEN = SHA-1(PW, ID) The password (PW) and user name (ID) can be of any length greater than or equal to 1 byte. The client generates a 20-byte password substitute (PW_SUB) as follows: PW_SUB = SHA-1(PW_TOKEN, RDr, RDs, ID, PWSEQs) w/ (RDs) as the random client seed and (RDr) as the server one. See PWDSSB - Strong Password Substitution Security Mechanism (DRDA Vol.3 - P.650)

Parameters:
userName - The user's name
password - The user's password
sourceSeed_ - random client seed (RDs)
targetSeed_ - random server seed (RDr)
Returns:
a password substitute.
Throws:
SqlException

toHexString

private java.lang.String toHexString(byte[] data,
                                     int offset,
                                     int length)
Convert a byte array to a String with a hexidecimal format. The String may be converted back to a byte array using fromHexString.
For each byte (b) two characaters are generated, the first character represents the high nibble (4 bits) in hexidecimal (b & 0xf0), the second character represents the low nibble (b & 0x0f).
The byte at data[offset] is represented by the first two characters in the returned String.

Parameters:
data - byte array
offset - starting byte (zero based) to convert.
length - number of bytes to convert.
Returns:
the String (with hexidecimal format) form of the byte array

toHexByte

private byte[] toHexByte(java.lang.String str,
                         int offset,
                         int length)
Convert a string into a byte array in hex format.
For each character (b) two bytes are generated, the first byte represents the high nibble (4 bits) in hexidecimal (b & 0xf0), the second byte represents the low nibble (b & 0x0f).
The character at str.charAt(0) is represented by the first two bytes in the returned String.

Parameters:
str - string
offset - starting character (zero based) to convert.
length - number of characters to convert.
Returns:
the byte[] (with hexidecimal format) form of the string (str)

Built on Thu 2010-12-23 20:49:13+0000, from revision ???

Apache Derby V10.6 Internals - Copyright © 2004,2007 The Apache Software Foundation. All Rights Reserved.