Database Reference
In-Depth Information
}
return rtrnArray;
}
We can normally convert these array types back and forth just by casting, as in the following
example. However, we need to be aware of the implications of narrowing and widening conversions. We
must restrict the char values in our array to standard ASCII characters, not 16-bit Unicode characters, in
order to not lose information in the conversions.
byte[] bAr = new byte[10];
char[] cAr = (char[])bAr;
bAr = (byte[])cAr;
That kind of array casting is not supported from within the JDeveloper IDE (and possibly
elsewhere), so we will instead rely on our ancillary methods. JDeveloper is nice because it is free, and it is
highly tailored for working with Oracle databases; it handles Oracle views better than any other IDE. You
can find JDeveloper on the Oracle corporate web site at www.oracle.com .
You may wonder why we maintain the passphrase as a char array. That is the format we need when
we build the PBEKeySpec .
Method Used to Show Actual Algorithm
Listing 6-18 presents the showAlgorithm() method. This is actually duplicative functionality. Take a look
at the code for the decryptSessionSecretDESPassPhrase() method (shown previously) and you will see
that we get sessionSecretDESAlgorithm from Oracle database to a String on the client that we could
simply print out.
The only additional assurance in selecting this directly from the Oracle database (via the function
f_show_algorithm ) is that there is no mix up during transfer. We have already built the function in
app_sec_pkg that will call this method to return the algorithm name. We can also call this method from
the client (before calling the server) and compare the algorithms used.
Listing 6-18. Display the Secret Password Algorithm Name in Use, showAlgorithm()
public static final String showAlgorithm() {
String rtrnString = "showAlgorithm failed";
try {
rtrnString = sessionSecretDESKey.getAlgorithm();
} catch( Exception x ) {
rtrnString = x.toString();
} finally {
return rtrnString;
}
}
This is a temporary method for testing only in the chapter, and we will remove it, and the Oracle
function that calls it, from the code in future chapters.
Testing DES Encryption on the Client Only
Once again, we are going to do our client-side-only testing by calling our methods from the main()
method of OracleJavaSecure . The code for the first part of main() is shown in Listing 6-19. Start out by
 
Search WWH ::




Custom Search