Setting DB2SECURITYLABEL upon insert using Hibernate - java

I have a requirement to set the DB2SECURITYLABEL of a row upon inserting that row into the database via Hibernate. I've been unsuccessful thus far and I'm seeking advice on how to set the DB2SECURITYLABEL in Java and have Hibernate do the insert for me.
Inside of my entity, I have defined the following:
#Column(name="slabel") //this matches the name of the DB2SECURITYLABEL column
private byte[] slabel;
public void setSlabel(byte[] slabel){
this.slabel = slabel;
}
public byte[] getSlabel(){
return this.slabel;
}
In my controller I convert the hex string that represents my security label into a byte[], setSlabel with that byte[], and save the record through a Spring Data Repository .save(entity). Upon saving that record, the db2 driver throws an error:
SQLCODE=-20402 SQLSTATE=42519 .
This error code is indicative of a record being saved without a required DB2SECURITYLABEL.
Assumptions:
I am able to insert/select into/from this table via commandline using the same
security label. insert into schema.table (field1, slabel) values
(123,x'FFF01010101000CABBBBFFF') <-not my real label. I can select the records that I insert via commandline and in my application.
I am able to retrieve existing records with DB2SECURITYLABELS
and read the label as a byte[] and as hex string using my application.
I believe I am inserting a correct label. I have verified the byte[]
that I am applying to the object is correct. I was able to insert a
record with a valid DB2SECURITYLABEL via the commandline, and
retrieved it in my application; the two byte[] for the
DB2SECURITYLABELs are identical and convert back to the same hex
string.
Has anyone set a DB2SECURITYLABEL in a Java object as a byte[] and used Hibernate to save the data to a db2 database?
I appreciate any assistance.

Related

Encrypting specific columns in Hibernate: What to do with existing data and how to correctly implement #ColumnTransformer?

I have built a web application with a MySQL database that holds patients data. According to GDPR patients names must be encrypted inside the database. For connecting and performing operations to db, I use Hibernate 5.
Searching the web, I have found a lot of info regarding how to encrypt a specific column or columns inside a db table. Mainly the following three approaches:
Using #ColumnTransformer annotation of Hibernate which is the least destructive to existing code and requires the least code to be written
Using Jasypt and its Hibernate integration which is more destructive to existing code and requires a few lines of code.
Implementing a JPA Attribute Converter which required quite a few lines to be written
I decided to use #ColumnTransformer which seems to be the easiest implementation. If you think that one of the other approaches is better please say it and also explain the reason.
My question, however, has to do with existing data. My db already has data that is unencrypted which must be encrypted to work with #ColumnTransformer implementation. I intend to use the following annotation:
#ColumnTransformer(
read = "pgp_sym_decrypt(lastName, 'mySecretKey')",
write = "pgp_sym_encrypt(?, 'mySecretKey')"
)
and
#ColumnTransformer(
read = "pgp_sym_decrypt(firstName, 'mySecretKey')",
write = "pgp_sym_encrypt(?, 'mySecretKey')"
)
to the corresponding columns.
How should I encrypt existing data to comply with the above annotations? What SQL code should I use?
MySQL supports the following functions:
AES_ENCRYPT(str, key_str);
AES_DECRYPT(crypt_str,key_str);
However, I can't update all MySQL entries using the following (because aes_encrypt returns binary):
UPDATE Patient SET firstName=AES_ENCRYPT(firstName, "mySecretKey"), lastName=AES_ENCRYPT(lastName, "mySecretKey") //NOT WORKING
The solution is:
Rename existing columns using MySQLcommand:
ALTER TABLE Patient CHANGE firstName firstName-old;
ALTER TABLE Patient CHANGE lastName lastName-old;
Create two new MySQL columns of type varbinary(512) with command:
ALTER TABLE Patient ADD COLUMN lastName VARBINARY(512) NOT NULL;
ALTER TABLE Patient ADD COLUMN firstName VARBINARY(512) NOT NULL;
Update the new columns from the old ones with the following command:
UPDATE `gourvas_platform`.`Patient` SET firstName=aes_encrypt(`firstName-old`, "my secret"), lastName=aes_encrypt(`lastName-old`, "mysecret");
Now we can safely delete the old columns
Finally use the following Hibernate #ColumnTransformer annotations:
#ColumnTransformer(
read = "AES_DECRYPT(lastName, 'mySecretKey')",
write = "AES_ENCRYPT(?, 'mySecretKey')"
)
and
#ColumnTransformer(
read = "AES_DECRYPT(firstName, 'mySecretKey')",
write = "AES_ENCRYPT(?, 'mySecretKey')"
)
Note: Because I'm using MySQL 5.7 and AES_DECRYPT function returns binary[] instead of String, I need to cast to text. So the above #ColumnTransformer needs to be changed to the following:
#ColumnTransformer(
read = "cast(aes_decrypt(lastName, 'my secret') as char(255))",
write = "aes_encrypt(?, 'mysecret')"
)
and
#ColumnTransformer(
read = "cast(aes_decrypt(firstName, 'myscret') as char(255))",
write = "aes_encrypt(?, 'mysecret')"
)

Reading file content to Mysql stored procedure

i have a scenario where i have a file of the form,
id,class,type
1,234,gg
2,235,kk
3,236,hth
4,237,rgg
5,238,rgr
I also have a table in my database of the form PROPS,
id,class,property
1,7735,abc
2,3454,efg
3,235,hij
4,238,klm
5,24343,xyx
Now the first file and the db table are joined based on class so that final output will be of the form:
id,class,type,property
1,235,kk,hij
2,238,rgr,klm
Now, i can search the db table for each class record of the first file and so forth.
But this will take too much time.
Is there any way to do this same thing through a MySQL STORED PROCEDURE?
My question is whether there is a way to read the first file content line by line(WITHOUT MAKING USE OF A TEMPORARY TABLE), check the class with the class in the db table and insert the result into an output file and return the output file using MYSQL STORED PROCEDURE?

how to transform byte[] value of blob field in mysql to insert into statement

I want to select data from a mysql table, and then generate a sql script file for importing to another db.
The value type of blob in mysql is byte array in java. I have try to use new String(byte[], Charset) to transform it to String, using all charsets that java support. It can import successfully, but the imported value is incorrect. All the generated strings are not equal to what SQLyog generates.
how can i do?

How to create a Text type field in db via Hibernate+Java

I do have a Java Web Applicaiton (struts2, hibernate, beans) + PostreSQL as DB. The task is to save the base64 encoded text in the db for some specific table. That base64 is generated from pdf file, which is then ciphered with a specific algorithm. The pdf files <1mb, mostly <300kb.
I did a search and it's suggested to save the base64 as a Text field in the DB. It's not problem to create it within the PostgreSQL itself, but I have to create it via a Model class + hibernate.
What I did:
Imported import org.apache.struts2.components.Text;
Generated getters/setters. Added one row to my *.hbm.xml file.
<property name="base64signed" column="base64signed" />
And I got this error:
Could not determine type for: org.apache.struts2.components.Text
I think you should go with this annotation :
#Lob(type = LobType.CLOB)
I don't think Hibernate supports conversion of org.apache.struts2.components.Text to DB's varchar.
So you store it as LOB or CLOB as mentioned in above
#Lob
private Text base64signed;
Or you can make it easy by declaring your 'base64signed' field as String, it will take less memory in DB
#Column
private String base64signed;

Blob field in MySQL DB

I have a public key value that I want to store it in DB. I stored it as Blob. The Java concerned lines are:
byte[] pk = ((BigInteger) Modulus ).toByteArray();
and
preparedStmt.setBytes(1, pk);
When I open MySQL DB in the workbench GUI, I don't see the value itself as bytes. Rather, I see the following:
Not sure if this is how it should appear or there is something missing.

Categories