Database Reference
In-Depth Information
handling errors as we described in the previous chapter with
OUT
parameters for the error number and
error text. Additionally, the
p_get_des_crypt_test_data
procedure takes a clear text input parameter and
returns an encrypted
RAW
as an additional
OUT
parameter.
Both of these procedures are for testing in this chapter only and will be moved or removed from the
package in future chapters. The last function,
f_show_algorithm
, is also for testing only in this chapter
and will be removed later.
Application Security Package Body: Functions
The function and procedure definitions in our package specification must be duplicated exactly in our
package body. The body contains not just the definitions, but also the code of the procedures and
functions. You can execute this package body at this time; the package will be created in the Oracle
database.
Here is one example function from the body listing for our consideration, in Listing 6-11. We pass
our RSA public key modulus and exponent to the function
f_get_crypt_secret_pass
. It passes them
along to the Java method named
getCryptSessionSecretDESPassPhrase()
(discussed above). That Java
method returns a
RAW
, the secret password key passphrase, encrypted with the RSA public key. And the
function returns the RAW value that the Java method returned to it.
Listing 6-11.
Function to Return the Secret Passphrase
FUNCTION f_get_crypt_secret_pass( ext_modulus VARCHAR2,
ext_exponent VARCHAR2 )
RETURN RAW
AS LANGUAGE JAVA
NAME 'orajavsec.OracleJavaSecure.getCryptSessionSecretDESPassPhrase( java.lang.String,
java.lang.String )
return oracle.sql.RAW
';
This same approach is taken to get each artifact of the secret password key, and to get encrypted
and decrypted data. We also have a function that takes no input parameters and returns the algorithm
string as an
OUT
parameter. That function,
f_show_algorithm
, is just for testing in this chapter.
Application Security Package Body: Procedures
The procedures in the package body are the locus of our primary efforts. These procedures are shown in
Listings 6-12 and 6-13. Note that both of these procedures are for testing only in this chapter and will be
removed and replaced in future chapters. The first procedure we will look at is
p_get_shared_passphrase
,
which returns the artifacts of a secret password key to the client. If the key does not yet exist, it will be
created when we call
f_get_crypt_secret_salt
. Remember that our encryption keys are specific to an
Oracle session, so we need to keep the session open in order to use the secret password key for
encryption.
Listing 6-12.
Procedure to get the Shared Password Key,
p_get_shared_passphrase
PROCEDURE p_get_shared_passphrase(
ext_modulus VARCHAR2,
ext_exponent VARCHAR2,
secret_pass_salt OUT RAW,
secret_pass_count OUT RAW,
