Database Reference
In-Depth Information
Scroll down to the class body and set the password in the connection string. Also correct any of the
other addresses and names for your connection string.
private static String appsecConnString =
"jdbc:oracle:thin:AppSec/
password
@localhost:1521:Orcl";
Also set the
testingOnServer
boolean
to
true
:
private static boolean testingOnServer =
true
;
Save the file.
You may have already executed the
app_sec_pkg
package specification and body on Oracle, from
earlier in this chapter. If you haven't done so, do that now. This will create the Oracle structures we need
to do secret password encryption.
Consider the Server Portion of the main() Method
This time when we run through the
main()
method of
OracleJavaSecure
, we will pass the
testingOnServer
test, so we will execute the remainder of
main()
, as shown in Listing 6-20. We declare a
couple member variables to hold the error number and error message coming back from Oracle,
errNo
and
errMsg
.
Because we are running from the client (not on Oracle database), we need to load the Oracle-
specific driver (assuming we might not be using JDK 1.6 or later). And we will set up the Oracle
connection for use: note that we will be connecting as
appsec
user.
We will be using an Oracle-specific
OracleCallableStatement
, which allows us to retrieve
OUT
parameters back from Oracle, and to transfer Oracle-specific data types.
Listing 6-20.
Code for Client/Server Testing, from
main()
if( testingOnServer ) {
int
errNo
;
String
errMsg
;
// Since not on the Server, must load Oracle-specific Driver
Class.forName( "oracle.jdbc.driver.OracleDriver" );
// This will set the static member "conn" to a new Connection
conn = DriverManager.
getConnection
( appsecConnString );
OracleCallableStatement
stmt;
Getting the DES Secret Password from Oracle
Our first procedure call, in Listing 6-21, is to
p_get_shared_passphrase
. This will simply test the exchange
of RSA and DES keys between our client and Oracle. We hand the procedure our RSA public key modulus
and exponent, and in return get the DES secret password key artifacts, encrypted by the Oracle database
using the public key. Notice that we register the
OUT
parameters and either set or
setNull
all our
parameters.
Listing 6-21.
Get Shared Passphrase, from
main()
stmt = ( OracleCallableStatement )conn.prepareCall(
"CALL app_sec_pkg.
p_get_shared_passphrase
(?,?,?,?,?,?,?,?)" );
stmt.
registerOutParameter
( 3, OracleTypes.RAW );
stmt.registerOutParameter( 4, OracleTypes.RAW );
