rocks.xmpp.core.sasl.scram

Class ScramClient

java.lang.Object

rocks.xmpp.core.sasl.scram.ScramClient

All Implemented Interfaces:

SaslClient

public final class ScramClient
extends Object
implements SaslClient

The client implementation of the SCRAM-SHA-1 SASL mechanism.

Author:

Christian Schudt

See Also:

Salted Challenge Response Authentication Mechanism (SCRAM)

Field Summary

Fields

Modifier and Type	Field and Description
protected CallbackHandler	callbackHandler
protected String	channelBinding
protected String	clientFirstMessageBare
protected boolean	isComplete
protected String	nonce
protected String	serverFirstMessage

Constructor Summary

Constructors

Constructor and Description
ScramClient(String hashAlgorithm, String authorizationId, CallbackHandler callbackHandler)

Method Summary

Modifier and Type	Method and Description
String	computeAuthMessage() Computes the auth message.
byte[]	computeClientKey(byte[] saltedPassword) Computes the client key.
byte[]	computeClientSignature(byte[] clientKey, String authMessage) Computes the client signature.
byte[]	computeSaltedPassword(char[] password, byte[] salt, int iterationCount) Computes the salted password.
byte[]	computeStoredKey(byte[] clientKey) Computes the stored key.
static String	createClientFirstMessageBare(String username, String nonce) Creates the client-first-message-bare.
void	dispose()
byte[]	evaluateChallenge(byte[] challenge)
static String	generateNonce() Generates a nonce.
static Map<Character,String>	getAttributes(String str) Gets the attributes from a SCRAM string.
String	getMechanismName() Gets the mechanism name, i.e "SCRAM-" + the hash algorithm name.
Object	getNegotiatedProperty(String propName)
byte[]	h(byte[] str) Apply the cryptographic hash function to the octet string "str", producing an octet string as a result.
boolean	hasInitialResponse()
byte[]	hi(byte[] str, byte[] salt, int i) Calculates the salted password.
byte[]	hmac(byte[] key, byte[] str) Apply the HMAC keyed hash algorithm (defined in [RFC2104]) using the octet string represented by "key" as the key and the octet string "str" as the input string.
boolean	isComplete()
byte[]	unwrap(byte[] incoming, int offset, int len)
byte[]	wrap(byte[] outgoing, int offset, int len)
static byte[]	xor(byte[] a, byte[] b) Apply the exclusive-or operation to combine the octet string on the left of this operator with the octet string on the right of this operator.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface javax.security.sasl.SaslClient

getMechanismName

Field Detail

callbackHandler

protected final CallbackHandler callbackHandler

isComplete

protected boolean isComplete

clientFirstMessageBare

protected String clientFirstMessageBare

serverFirstMessage

protected String serverFirstMessage

nonce

protected String nonce

channelBinding

protected String channelBinding

Constructor Detail

ScramClient

public ScramClient(String hashAlgorithm,
                   String authorizationId,
                   CallbackHandler callbackHandler)
            throws SaslException

Throws:

SaslException

Method Detail

hasInitialResponse

public boolean hasInitialResponse()

Specified by:

hasInitialResponse in interface SaslClient

evaluateChallenge

public byte[] evaluateChallenge(byte[] challenge)
                         throws SaslException

Specified by:

evaluateChallenge in interface SaslClient

Throws:

SaslException

isComplete

public boolean isComplete()

Specified by:

isComplete in interface SaslClient

unwrap

public byte[] unwrap(byte[] incoming,
                     int offset,
                     int len)
              throws SaslException

Specified by:

unwrap in interface SaslClient

Throws:

SaslException

wrap

public byte[] wrap(byte[] outgoing,
                   int offset,
                   int len)
            throws SaslException

Specified by:

wrap in interface SaslClient

Throws:

SaslException

getNegotiatedProperty

public Object getNegotiatedProperty(String propName)

Specified by:

getNegotiatedProperty in interface SaslClient

dispose

public void dispose()
             throws SaslException

Specified by:

dispose in interface SaslClient

Throws:

SaslException

xor

public static byte[] xor(byte[] a,
                         byte[] b)

Apply the exclusive-or operation to combine the octet string on the left of this operator with the octet string on the right of this operator. The length of the output and each of the two inputs will be the same for this use.

Parameters:

a - The first byte array.

b - The second byte array.

Returns:

The XOR combined byte array.

generateNonce

public static String generateNonce()
                            throws NoSuchAlgorithmException

Generates a nonce.

Returns:

The nonce.

Throws:

NoSuchAlgorithmException - If the generation algorithm does not exist.

getAttributes

public static Map<Character,String> getAttributes(String str)

Gets the attributes from a SCRAM string.

Parameters:

str - The string.

Returns:

The attributes.

createClientFirstMessageBare

public static String createClientFirstMessageBare(String username,
                                                  String nonce)

Creates the client-first-message-bare.

Parameters:

username - The user name.

nonce - The nonce.

Returns:

The client-first-message-bare.

computeClientSignature

public byte[] computeClientSignature(byte[] clientKey,
                                     String authMessage)
                              throws InvalidKeyException,
                                     NoSuchAlgorithmException

Computes the client signature.

Parameters:

clientKey - The client key.

authMessage - The auth message.

Returns:

The client signature.

Throws:

InvalidKeyException - If the key is invalid.

NoSuchAlgorithmException - If the mac algorithm does not exist.

computeAuthMessage

public String computeAuthMessage()

Computes the auth message.

Returns:

The auth message.

computeSaltedPassword

public byte[] computeSaltedPassword(char[] password,
                                    byte[] salt,
                                    int iterationCount)
                             throws InvalidKeyException,
                                    NoSuchAlgorithmException

Computes the salted password.

Parameters:

password - The password.

salt - The salt.

iterationCount - The iteration count.

Returns:

The salted password.

Throws:

InvalidKeyException - If the key is invalid.

NoSuchAlgorithmException - If the hash algorithm does not exist.

computeClientKey

public byte[] computeClientKey(byte[] saltedPassword)
                        throws InvalidKeyException,
                               NoSuchAlgorithmException

Computes the client key.

Parameters:

saltedPassword - The salted password.

Returns:

The client key.

Throws:

InvalidKeyException - If the key is invalid.

NoSuchAlgorithmException - If the mac algorithm does not exist.

computeStoredKey

public byte[] computeStoredKey(byte[] clientKey)
                        throws NoSuchAlgorithmException

Computes the stored key.

Parameters:

clientKey - The client key.

Returns:

The stored key.

Throws:

NoSuchAlgorithmException - If the hash algorithm does not exist.

h

public byte[] h(byte[] str)
         throws NoSuchAlgorithmException

Apply the cryptographic hash function to the octet string "str", producing an octet string as a result. The size of the result depends on the hash result size for the hash function in use.

Parameters:

str - The byte array.

Returns:

The hash value.

Throws:

NoSuchAlgorithmException - If the hash algorithm does not exist.

hmac

public byte[] hmac(byte[] key,
                   byte[] str)
            throws NoSuchAlgorithmException,
                   InvalidKeyException

Apply the HMAC keyed hash algorithm (defined in [RFC2104]) using the octet string represented by "key" as the key and the octet string "str" as the input string. The size of the result is the hash result size for the hash function in use. For example, it is 20 octets for SHA-1 (see [RFC3174]).

Parameters:

key - The key.

str - The input.

Returns:

The HMAC keyed hash.

Throws:

NoSuchAlgorithmException - If the MAC algorithm does not exist.

InvalidKeyException - If the key does not exist.

hi

public byte[] hi(byte[] str,
                 byte[] salt,
                 int i)
          throws NoSuchAlgorithmException,
                 InvalidKeyException

Calculates the salted password.

Parameters:

str - The input.

salt - The salt.

i - The iteration count.

Returns:

The salted password.

Throws:

InvalidKeyException - If the key is invalid.

NoSuchAlgorithmException - If the mac algorithm does not exist.

getMechanismName

public String getMechanismName()

Gets the mechanism name, i.e "SCRAM-" + the hash algorithm name.

Returns:

The mechanism name.