|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.apache.derby.impl.services.jce.JCECipherFactory
public final class JCECipherFactory
This CipherFactory creates new JCECipherProvider.
CipherFactory
Nested Class Summary | |
---|---|
private static class |
JCECipherFactory.EncryptedKeyResult
|
Field Summary | |
---|---|
private int |
action
|
private StorageFile |
activeFile
|
private java.lang.String |
activePerms
|
private static java.lang.String |
AES
|
private static int |
AES_IV_LENGTH
AES encryption takes in an default Initialization vector length (IV) length of 16 bytes This is needed to generate an IV to use for encryption and decryption process |
private static int |
BLOCK_LENGTH
|
private java.lang.String |
cryptoAlgorithm
|
private java.lang.String |
cryptoAlgorithmShort
|
private java.lang.String |
cryptoProvider
|
private java.lang.String |
cryptoProviderShort
|
private static java.lang.String |
DEFAULT_ALGORITHM
|
private static java.lang.String |
DES
|
private static java.lang.String |
DESede
|
private int |
encodedKeyLength
|
private int |
keyLengthBits
|
private byte[] |
mainIV
|
private javax.crypto.SecretKey |
mainSecretKey
|
private static java.lang.String |
MESSAGE_DIGEST
|
private java.security.MessageDigest |
messageDigest
|
private java.util.Properties |
persistentProperties
|
private static java.lang.String |
TripleDES
|
private static int |
VERIFYKEY_DATALEN
Amount of data that is used for verification of external encryption key This does not include the MD5 checksum bytes |
Fields inherited from interface org.apache.derby.iapi.services.crypto.CipherFactory |
---|
DECRYPT, ENCRYPT, MIN_BOOTPASS_LENGTH |
Constructor Summary | |
---|---|
JCECipherFactory(boolean create,
java.util.Properties props,
boolean newAttributes)
|
Method Summary | |
---|---|
java.lang.String |
changeBootPassword(java.lang.String changeString,
java.util.Properties properties,
CipherProvider verify)
|
CipherProvider |
createNewCipher(int mode)
Returns a CipherProvider which is the encryption or decryption engine. |
private CipherProvider |
createNewCipher(int mode,
javax.crypto.SecretKey secretKey,
byte[] iv)
|
private byte[] |
decryptKey(java.lang.String encryptedKey,
int encodedKeyCharLength,
byte[] bootPassword)
Decrypt the secretKey with the user key . |
private int |
digest(byte[] input)
|
private JCECipherFactory.EncryptedKeyResult |
encryptKey(byte[] secretKey,
byte[] bootPassword)
Encrypt the secretKey with the boot password. |
private byte[] |
generateIV(byte[] secretKey)
Generate an IV using the input secretKey that can be used by JCECipherProvider to encrypt or decrypt. |
private javax.crypto.SecretKey |
generateKey(byte[] secretKey)
Generate a Key object using the input secretKey that can be used by JCECipherProvider to encrypt or decrypt. |
private byte[] |
generateUniqueBytes()
|
private byte[] |
getDatabaseSecretKey(java.util.Properties properties,
byte[] bootPassword,
java.lang.String errorState)
get the secretkey used for encryption and decryption when boot password mechanism is used for encryption Steps include retrieve the stored key, decrypt the stored key and verify if the correct boot password was passed There is a possibility that the decrypted key includes the original key and padded bytes in order to have been block size aligned during encryption phase. |
private byte[] |
getMD5Checksum(byte[] data)
Use MD5 MessageDigest algorithm to generate checksum |
private byte[] |
getMuckFromBootPassword(byte[] bootPassword,
int encodedKeyByteLength)
|
java.security.SecureRandom |
getSecureRandom()
|
private byte[] |
handleBootPassword(boolean create,
java.util.Properties properties,
boolean newPasswd)
|
void |
init(boolean create,
java.util.Properties properties,
boolean newAttrs)
|
private byte[] |
padKey(byte[] secretKey,
int blockSizeAlign)
For block ciphers, and algorithms using the NoPadding scheme, the data that has to be encrypted needs to be a multiple of the expected block size for the cipher Pad the key with appropriate padding to make it blockSize align |
private StorageRandomAccessFile |
privAccessFile(StorageFactory storageFactory,
java.lang.String fileName,
java.lang.String filePerms)
access a file for either read/write |
private java.io.InputStream |
privAccessGetInputStream(StorageFactory storageFactory,
java.lang.String fileName)
access a InputStream for a given file for reading. |
(package private) static java.lang.String |
providerErrorName(java.lang.String cps)
|
java.lang.Object |
run()
perform actions with privileges enabled. |
void |
saveProperties(java.util.Properties properties)
|
private java.lang.String |
saveSecretKey(byte[] secretKey,
byte[] bootPassword)
|
void |
verifyKey(boolean create,
StorageFactory sf,
java.util.Properties properties)
The database can be encrypted with an encryption key given in connection url. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
private static final java.lang.String MESSAGE_DIGEST
private static final java.lang.String DEFAULT_ALGORITHM
private static final java.lang.String DES
private static final java.lang.String DESede
private static final java.lang.String TripleDES
private static final java.lang.String AES
private static final int BLOCK_LENGTH
private static final int AES_IV_LENGTH
CipherProvider
,
Constant Field Valuesprivate int keyLengthBits
private int encodedKeyLength
private java.lang.String cryptoAlgorithm
private java.lang.String cryptoAlgorithmShort
private java.lang.String cryptoProvider
private java.lang.String cryptoProviderShort
private java.security.MessageDigest messageDigest
private javax.crypto.SecretKey mainSecretKey
private byte[] mainIV
private java.util.Properties persistentProperties
private static final int VERIFYKEY_DATALEN
private StorageFile activeFile
private int action
private java.lang.String activePerms
Constructor Detail |
---|
public JCECipherFactory(boolean create, java.util.Properties props, boolean newAttributes) throws StandardException
StandardException
Method Detail |
---|
static java.lang.String providerErrorName(java.lang.String cps)
private byte[] generateUniqueBytes() throws StandardException
StandardException
private JCECipherFactory.EncryptedKeyResult encryptKey(byte[] secretKey, byte[] bootPassword) throws StandardException
StandardException
- Standard Derby error policyprivate byte[] padKey(byte[] secretKey, int blockSizeAlign)
secretKey
- the data that needs blocksize alignmentblockSizeAlign
- secretKey needs to be blocksize aligned
private byte[] decryptKey(java.lang.String encryptedKey, int encodedKeyCharLength, byte[] bootPassword) throws StandardException
StandardException
- Standard Derby error policyprivate byte[] getMuckFromBootPassword(byte[] bootPassword, int encodedKeyByteLength)
private javax.crypto.SecretKey generateKey(byte[] secretKey) throws StandardException
StandardException
- Standard Derby Error Policyprivate byte[] generateIV(byte[] secretKey)
private int digest(byte[] input)
public java.security.SecureRandom getSecureRandom()
getSecureRandom
in interface CipherFactory
public CipherProvider createNewCipher(int mode) throws StandardException
CipherFactory
createNewCipher
in interface CipherFactory
mode
- is either ENCRYPT or DECRYPT. The CipherProvider can only
do encryption or decryption but not both.
StandardException
- Standard Derby Error Policyprivate CipherProvider createNewCipher(int mode, javax.crypto.SecretKey secretKey, byte[] iv) throws StandardException
StandardException
public void init(boolean create, java.util.Properties properties, boolean newAttrs) throws StandardException
StandardException
private byte[] handleBootPassword(boolean create, java.util.Properties properties, boolean newPasswd) throws StandardException
StandardException
public void saveProperties(java.util.Properties properties)
saveProperties
in interface CipherFactory
private byte[] getDatabaseSecretKey(java.util.Properties properties, byte[] bootPassword, java.lang.String errorState) throws StandardException
properties
- properties to retrieve the encrypted keybootPassword
- boot password used to connect to the encrypted databaseerrorState
- errorstate to account for any errors during retrieval /creation of the secretKey
StandardException
private java.lang.String saveSecretKey(byte[] secretKey, byte[] bootPassword) throws StandardException
StandardException
public java.lang.String changeBootPassword(java.lang.String changeString, java.util.Properties properties, CipherProvider verify) throws StandardException
changeBootPassword
in interface CipherFactory
StandardException
public final java.lang.Object run() throws StandardException, java.lang.InstantiationException, java.lang.IllegalAccessException
run
in interface java.security.PrivilegedExceptionAction
StandardException
java.lang.InstantiationException
java.lang.IllegalAccessException
public void verifyKey(boolean create, StorageFactory sf, java.util.Properties properties) throws StandardException
verifyKey
in interface CipherFactory
create
- true means database is being created, whereas false
implies that the database has already been createdsf
- storageFactory is used to access any stored data
that might be needed for verification process of the encryption keyproperties
- properties at time of database connection as well as those in service.properties
StandardException
private byte[] getMD5Checksum(byte[] data) throws StandardException
data
- data to be used to compute the hash value
StandardException
private StorageRandomAccessFile privAccessFile(StorageFactory storageFactory, java.lang.String fileName, java.lang.String filePerms) throws java.io.IOException
storageFactory
- factory used for io accessfileName
- name of the file to create and open for write
The file will be created directly under the database root directoryfilePerms
- file permissions, if "rw" open file with read and write permissions
if "r" , open file with read permissions
java.io.IOException
- Any exception during accessing the file for read/writeprivate java.io.InputStream privAccessGetInputStream(StorageFactory storageFactory, java.lang.String fileName) throws StandardException
storageFactory
- factory used for io accessfileName
- name of the file to open as a stream for reading
java.io.IOException
- Any exception during accessing the file for read
StandardException
|
Built on Thu 2011-03-10 11:54:14+0000, from revision ??? | ||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |