Database Reference
In-Depth Information
SAT DEC 04 11:58:31 EST 2010
On the other hand, the Java client automatically informs Oracle database of its time zone name, so we do
not need to manually set it. There is more complexity to time zones that I am not covering here, especially
as it relates to daylight saving time.
Loading OracleJavaSecure Java into Oracle Database
Now that we have our Oracle function and procedure defined, we are ready to put our Java logic (code)
into the Oracle Database. There are a couple ways to do this. The first would be to use the
loadjava
utility that comes with the Oracle client and server software. We have made that a bit difficult for
ourselves since the role that is needed to accomplish that command as the application security,
appsec
user is not a default role. Instead of using
loadjava
, let's just connect to Oracle Database (or remain
connected) as
appsec
.
The next line is at the top of our Java code in the
OracleJavaSecure.java
file. Uncomment it and copy
the entire code into your Oracle client.
CREATE OR REPLACE AND RESOLVE JAVA SOURCE NAMED appsec."orajavsec/OracleJavaSecure" AS
…
For security, scroll down to the class body and
assure you do not have a valid password
in the
connection string. If you do, remove the password from the connection string before executing this
command in Oracle Database. You do not want to store any passwords in the code on Oracle - they are
not needed there, and having them there makes them available to hackers.
private static String appsecConnString =
"jdbc:oracle:thin:AppSec/password@localhost:1521:Orcl";
Execute the script in your Oracle client (e.g., SQL*Plus) to load the Java code into the Oracle
Database, which compiles it.
Encrypting Data with Public Key
We saw in our definition of the Oracle function
f_get_rsa_crypt
, previously, that we intended to call a
method named
getRSACryptData()
. We have just loaded that Java method into Oracle Database in the
last section. The code for
getRSACryptData()
is shown in Listing 5-13. We will have the Oracle Database
encrypt data with the public key - later we will decrypt it at the client with the private key.
Listing 5-13.
Encrypt Data with Public Key,
getRSACryptData()
public static final RAW getRSACryptData( String extRSAPubMod,
String extRSAPubExp, String clearText )
{
RAW rtrnRaw =
new RAW( "getRSACryptData() failed".getBytes() );
try {
if ( ( null == extRSAPubKey ) ||
( !saveExtRSAPubMod.equals( extRSAPubMod ) ) )
makeExtRSAPubKey( extRSAPubMod, extRSAPubExp );
cipherRSA.init( Cipher.ENCRYPT_MODE, extRSAPubKey, random );
rtrnRaw = new RAW( cipherRSA.doFinal( clearText.getBytes() ) );
} catch ( Exception x ) {}
