public ScramFinalClientMessage handleInitialChallenge(ScramInitialClientMessage initialResponse, ScramInitialServerMessage initialChallenge) throws AuthenticationMechanismException { boolean trace = saslScram.isTraceEnabled(); if (initialResponse.getMechanism() != mechanism) { throw saslScram.mechUnmatchedMechanism(mechanism.toString(), initialResponse.getMechanism().toString()); encoded.append(',').append('r').append('=').append(initialResponse.getRawNonce()).append(initialChallenge.getRawServerNonce()); ); ScramDigestPassword password = MechanismUtil.getPasswordCredential( initialResponse.getAuthenticationName(), callbackHandler, ScramDigestPassword.class, if(trace) saslScram.tracef("[C] Stored key: %s%n", ByteIterator.ofBytes(storedKey).hexEncode().drainToString()); mac.init(new SecretKeySpec(storedKey, mac.getAlgorithm())); final byte[] initialResponseBytes = initialResponse.getRawMessageBytes(); mac.update(initialResponseBytes, initialResponse.getInitialPartIndex(), initialResponseBytes.length - initialResponse.getInitialPartIndex()); if (trace) saslScram.tracef("[C] Using client first message: %s%n", ByteIterator.ofBytes(initialResponseBytes, initialResponse.getInitialPartIndex(), initialResponseBytes.length - initialResponse.getInitialPartIndex()).hexEncode().drainToString()); mac.update((byte) ','); mac.update(initialChallenge.getRawMessageBytes());
final byte[] clientFirstMessage = clientMessage.getInitialResponse().getRawMessageBytes(); final int clientFirstMessageBareStart = clientMessage.getInitialResponse().getInitialPartIndex(); mac.update(clientFirstMessage, clientFirstMessageBareStart, clientFirstMessage.length - clientFirstMessageBareStart); if(trace) saslScram.tracef("[S] Using client first message: %s%n", ByteIterator.ofBytes(copyOfRange(clientFirstMessage, clientFirstMessageBareStart, clientFirstMessage.length)).hexEncode().drainToString()); String userName = clientMessage.getInitialResponse().getAuthenticationName(); String authorizationID = clientMessage.getInitialResponse().getAuthorizationId(); if (authorizationID == null || authorizationID.isEmpty()) { authorizationID = userName;
encoded.append(nonce); return new ScramInitialClientMessage(this, name, binding, nonce, initialPartIndex, encoded.toArray());
if(trace) saslScram.tracef("[C] Server key: %s%n", ByteIterator.ofBytes(serverKey).hexEncode().drainToString()); mac.init(new SecretKeySpec(serverKey, mac.getAlgorithm())); byte[] clientFirstMessage = finalResponse.getInitialResponse().getRawMessageBytes(); int bareStart = finalResponse.getInitialResponse().getInitialPartIndex(); mac.update(clientFirstMessage, bareStart, clientFirstMessage.length - bareStart); mac.update((byte) ',');
public ScramInitialServerResult evaluateInitialResponse(final ScramInitialClientMessage clientMessage) throws AuthenticationMechanismException { final boolean trace = saslScram.isTraceEnabled(); if (clientMessage.getMechanism() != mechanism) { throw saslScram.mechUnmatchedMechanism(mechanism.toString(), clientMessage.getMechanism().toString()); final NameCallback nameCallback = new NameCallback("Remote authentication name", clientMessage.getAuthenticationName()); max(minimumIterationCount, min(maximumIterationCount, ScramDigestPassword.DEFAULT_ITERATION_COUNT)) ); final ScramDigestPassword password = MechanismUtil.getPasswordCredential(clientMessage.getAuthenticationName(), callbackHandler, ScramDigestPassword.class, mechanism.getPasswordAlgorithm(), null, generateParameters, providers, saslScram); b.append(clientMessage.getRawNonce()); final byte[] serverNonce = ScramUtil.generateNonce(28, getRandom()); b.append(serverNonce);
Assert.checkNotNullParam("initialResponse", initialResponse); Assert.checkNotNullParam("initialChallenge", initialChallenge); final ScramMechanism mechanism = initialResponse.getMechanism(); if (mechanism != initialChallenge.getMechanism()) { throw saslScram.mechUnmatchedMechanism(mechanism.toString(), initialChallenge.getMechanism().toString()); final String bindingType = initialResponse.getBindingType(); final byte[] bindingData = initialResponse.getRawBindingData(); final boolean binding = initialResponse.isBinding(); if (cbindFlag == 'p') { if (! binding) { if (! authorizationID.equals(initialResponse.getAuthorizationId())) { throw saslScram.mechAuthorizationIdChanged(); if (initialResponse.getAuthorizationId() != null) { throw saslScram.mechAuthorizationIdChanged(); throw saslScram.mechInvalidClientMessage(); final byte[] clientNonce = initialResponse.getRawNonce(); final byte[] serverNonce = initialChallenge.getRawServerNonce(); if (! bi.delimitedBy(',').limitedTo(clientNonce.length).contentEquals(ByteIterator.ofBytes(clientNonce)) ||
this.initialClientMessage = initialClientMessage; this.initialServerResult = initialServerResult; final String authorizationId = initialClientMessage.getAuthorizationId(); this.authorizationId = authorizationId == null ? initialClientMessage.getAuthenticationName() : authorizationId; setNegotiationState(S_FINAL_MESSAGE); ok = true;
public ScramMechanism getMechanism() { return initialResponse.getMechanism(); }
throw saslScram.mechInvalidMessageReceived(); final byte[] clientNonce = initialResponse.getRawNonce(); if (! bi.limitedTo(clientNonce.length).contentEquals(ByteIterator.ofBytes(clientNonce))) { throw saslScram.mechNoncesDoNotMatch();
setNegotiationState(ST_R1_SENT); ok = true; return initialResponse.getMessageBytes();
Assert.checkNotNullParam("initialResponse", initialResponse); Assert.checkNotNullParam("initialChallenge", initialChallenge); final ScramMechanism mechanism = initialResponse.getMechanism(); if (mechanism != initialChallenge.getMechanism()) { throw saslScram.mechUnmatchedMechanism(mechanism.toString(), initialChallenge.getMechanism().toString()); final String bindingType = initialResponse.getBindingType(); final byte[] bindingData = initialResponse.getRawBindingData(); final boolean binding = initialResponse.isBinding(); if (cbindFlag == 'p') { if (! binding) { if (! authorizationID.equals(initialResponse.getAuthorizationId())) { throw saslScram.mechAuthorizationIdChanged(); if (initialResponse.getAuthorizationId() != null) { throw saslScram.mechAuthorizationIdChanged(); throw saslScram.mechInvalidClientMessage(); final byte[] clientNonce = initialResponse.getRawNonce(); final byte[] serverNonce = initialChallenge.getRawServerNonce(); if (! bi.delimitedBy(',').limitedTo(clientNonce.length).contentEquals(ByteIterator.ofBytes(clientNonce)) ||
public ScramInitialServerResult evaluateInitialResponse(final ScramInitialClientMessage clientMessage) throws AuthenticationMechanismException { final boolean trace = saslScram.isTraceEnabled(); if (clientMessage.getMechanism() != mechanism) { throw saslScram.mechUnmatchedMechanism(mechanism.toString(), clientMessage.getMechanism().toString()); final NameCallback nameCallback = new NameCallback("Remote authentication name", clientMessage.getAuthenticationName()); max(minimumIterationCount, min(maximumIterationCount, ScramDigestPassword.DEFAULT_ITERATION_COUNT)) ); final ScramDigestPassword password = MechanismUtil.getPasswordCredential(clientMessage.getAuthenticationName(), callbackHandler, ScramDigestPassword.class, mechanism.getPasswordAlgorithm(), null, generateParameters, providers, saslScram); b.append(clientMessage.getRawNonce()); final byte[] serverNonce = ScramUtil.generateNonce(28, getRandom()); b.append(serverNonce);
this.initialClientMessage = initialClientMessage; this.initialServerResult = initialServerResult; final String authorizationId = initialClientMessage.getAuthorizationId(); this.authorizationId = authorizationId == null ? initialClientMessage.getAuthenticationName() : authorizationId; setNegotiationState(S_FINAL_MESSAGE); ok = true;
if(trace) saslScram.tracef("[C] Server key: %s%n", ByteIterator.ofBytes(serverKey).hexEncode().drainToString()); mac.init(new SecretKeySpec(serverKey, mac.getAlgorithm())); byte[] clientFirstMessage = finalResponse.getInitialResponse().getRawMessageBytes(); int bareStart = finalResponse.getInitialResponse().getInitialPartIndex(); mac.update(clientFirstMessage, bareStart, clientFirstMessage.length - bareStart); mac.update((byte) ',');
public ScramMechanism getMechanism() { return initialResponse.getMechanism(); }
throw saslScram.mechInvalidMessageReceived(); final byte[] clientNonce = initialResponse.getRawNonce(); if (! bi.limitedTo(clientNonce.length).contentEquals(ByteIterator.ofBytes(clientNonce))) { throw saslScram.mechNoncesDoNotMatch();
setNegotiationState(ST_R1_SENT); ok = true; return initialResponse.getMessageBytes();
Assert.checkNotNullParam("initialResponse", initialResponse); Assert.checkNotNullParam("initialChallenge", initialChallenge); final ScramMechanism mechanism = initialResponse.getMechanism(); if (mechanism != initialChallenge.getMechanism()) { throw saslScram.mechUnmatchedMechanism(mechanism.toString(), initialChallenge.getMechanism().toString()); final String bindingType = initialResponse.getBindingType(); final byte[] bindingData = initialResponse.getRawBindingData(); final boolean binding = initialResponse.isBinding(); if (cbindFlag == 'p') { if (! binding) { if (! authorizationID.equals(initialResponse.getAuthorizationId())) { throw saslScram.mechAuthorizationIdChanged(); if (initialResponse.getAuthorizationId() != null) { throw saslScram.mechAuthorizationIdChanged(); throw saslScram.mechInvalidClientMessage(); final byte[] clientNonce = initialResponse.getRawNonce(); final byte[] serverNonce = initialChallenge.getRawServerNonce(); if (! bi.delimitedBy(',').limitedTo(clientNonce.length).contentEquals(ByteIterator.ofBytes(clientNonce)) ||
public ScramFinalClientMessage handleInitialChallenge(ScramInitialClientMessage initialResponse, ScramInitialServerMessage initialChallenge) throws AuthenticationMechanismException { boolean trace = saslScram.isTraceEnabled(); if (initialResponse.getMechanism() != mechanism) { throw saslScram.mechUnmatchedMechanism(mechanism.toString(), initialResponse.getMechanism().toString()); encoded.append(',').append('r').append('=').append(initialResponse.getRawNonce()).append(initialChallenge.getRawServerNonce()); ); ScramDigestPassword password = MechanismUtil.getPasswordCredential( initialResponse.getAuthenticationName(), callbackHandler, ScramDigestPassword.class, if(trace) saslScram.tracef("[C] Stored key: %s%n", ByteIterator.ofBytes(storedKey).hexEncode().drainToString()); mac.init(new SecretKeySpec(storedKey, mac.getAlgorithm())); final byte[] initialResponseBytes = initialResponse.getRawMessageBytes(); mac.update(initialResponseBytes, initialResponse.getInitialPartIndex(), initialResponseBytes.length - initialResponse.getInitialPartIndex()); if (trace) saslScram.tracef("[C] Using client first message: %s%n", ByteIterator.ofBytes(initialResponseBytes, initialResponse.getInitialPartIndex(), initialResponseBytes.length - initialResponse.getInitialPartIndex()).hexEncode().drainToString()); mac.update((byte) ','); mac.update(initialChallenge.getRawMessageBytes());
final byte[] clientFirstMessage = clientMessage.getInitialResponse().getRawMessageBytes(); final int clientFirstMessageBareStart = clientMessage.getInitialResponse().getInitialPartIndex(); mac.update(clientFirstMessage, clientFirstMessageBareStart, clientFirstMessage.length - clientFirstMessageBareStart); if(trace) saslScram.tracef("[S] Using client first message: %s%n", ByteIterator.ofBytes(copyOfRange(clientFirstMessage, clientFirstMessageBareStart, clientFirstMessage.length)).hexEncode().drainToString()); String userName = clientMessage.getInitialResponse().getAuthenticationName(); String authorizationID = clientMessage.getInitialResponse().getAuthorizationId(); if (authorizationID == null || authorizationID.isEmpty()) { authorizationID = userName;