Database Reference
In-Depth Information
artifacts of our local RSA public key, the modulus and exponent, and the two-factor authentication code
(if provided).
Our
OUT
parameters, besides the error message, are the four encrypted artifacts of our shared secret
password key and the
connsHash
object associated with the application ID object that we are submitting.
Listing 10-41.
Procedure Call to Get List of Application Connection Strings, p_get_app_conns
stmt = ( OracleCallableStatement )conn.prepareCall(
"CALL appsec.appsec_public_pkg.p_get_app_conns(?,?,?,?,?,?,?,?,?,?,?,?)" );
stmt.registerOutParameter( 5, OracleTypes.RAW );
stmt.registerOutParameter( 6, OracleTypes.RAW );
stmt.registerOutParameter( 7, OracleTypes.RAW );
stmt.registerOutParameter( 8, OracleTypes.RAW );
stmt.registerOutParameter( 9, OracleTypes.RAW );
stmt.registerOutParameter(11, OracleTypes.NUMBER );
stmt.registerOutParameter(12, OracleTypes.VARCHAR );
stmt.setString( 1, locModulus );
stmt.setString( 2, locExponent );
stmt.
setString( 3, twoFactorAuth )
;
stmt.
setBytes( 4, appClassBytes )
;
stmt.setNull( 5, OracleTypes.RAW );
stmt.setNull( 6, OracleTypes.RAW );
stmt.setNull( 7, OracleTypes.RAW );
stmt.setNull( 8, OracleTypes.RAW );
stmt.setNull( 9, OracleTypes.RAW );
stmt.
setString(10, applicationID )
;
stmt.setInt( 11, 0 );
stmt.setNull( 12, OracleTypes.VARCHAR );
stmt.executeUpdate();
...
if( null == stmt.getRAW( 9 ) ) {
System.out.println( "Please rerun with two-factor Auth Code!" );
return
;
}
if( null == sessionSecretDESKey ) {
makeDESKey
( stmt.getRAW( 9 ), stmt.getRAW( 8 ),
stmt.getRAW( 6 ), stmt.getRAW( 7 ) );
We check to see whether any error is being reported. If not, we test one of the values returned as our
shared password key artifacts,
stmt.getRAW( 9 )
. If it is null, we assume that the Oracle database has just
now sent a two-factor code and must wait until the client application returns with a two-factor code to
proceed. We ask the client to rerun this method with a two-factor code and exit (return from) this
method.
Based on the artifacts of our shared password key, we build the key by calling the
makeDESKey()
method. The test of whether the
sessionSecretDESKey
is currently
null
is unnecessary during normal
operation, but feels more complete. I can't think of an instance where we would arrive here and the
sessionSecretDESKey
not be
null
.