Package org.wildfly.security.http.digest
Class NonceManager
- java.lang.Object
-
- org.wildfly.security.http.digest.NonceManager
-
public class NonceManager extends Object
A utility responsible for managing nonces.- Author:
- Darran Lofthouse
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description private static classNonceManager.NonceState
-
Field Summary
Fields Modifier and Type Field Description private Stringalgorithmprivate ScheduledExecutorServiceexecutorprivate ElytronMessageslogprivate AtomicIntegernonceCounterprivate longnonceSessionTimeprivate static intPREFIX_LENGTHprivate byte[]privateKeyprivate booleansingleUseprivate Map<String,NonceManager.NonceState>usedNoncesprivate longvalidityPeriodNano
-
Constructor Summary
Constructors Constructor Description NonceManager(long validityPeriod, long nonceSessionTime, boolean singleUse, int keySize, String algorithm)Deprecated.NonceManager(long validityPeriod, long nonceSessionTime, boolean singleUse, int keySize, String algorithm, ElytronMessages log)NonceManager(long validityPeriod, long nonceSessionTime, boolean singleUse, int keySize, String algorithm, ElytronMessages log, ScheduledExecutorService customExecutor)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description private byte[]digest(byte[] prefix, int prefixOffset, int prefixLength, byte[] salt, MessageDigest messageDigest)(package private) StringgenerateNonce()Generate a new encoded nonce to send to the client.(package private) StringgenerateNonce(byte[] salt)Generate a new encoded nonce to send to the client.voidshutdown()(package private) booleanuseNonce(String nonce, byte[] salt, int nonceCount)Attempt to use the supplied nonce.(package private) booleanuseNonce(String nonce, int nonceCount)Attempt to use the supplied nonce.
-
-
-
Field Detail
-
PREFIX_LENGTH
private static final int PREFIX_LENGTH
- See Also:
- Constant Field Values
-
executor
private final ScheduledExecutorService executor
-
nonceCounter
private final AtomicInteger nonceCounter
-
usedNonces
private final Map<String,NonceManager.NonceState> usedNonces
-
privateKey
private final byte[] privateKey
-
validityPeriodNano
private final long validityPeriodNano
-
nonceSessionTime
private final long nonceSessionTime
-
singleUse
private final boolean singleUse
-
algorithm
private final String algorithm
-
log
private ElytronMessages log
-
-
Constructor Detail
-
NonceManager
@Deprecated NonceManager(long validityPeriod, long nonceSessionTime, boolean singleUse, int keySize, String algorithm)
Deprecated.- Parameters:
validityPeriod- the time in ms that nonces are valid for in ms.nonceSessionTime- the time in ms a nonce is usable for after it's last use where nonce counts are in use.singleUse- are nonces single use?keySize- the number of bytes to use in the private key of this node.algorithm- the message digest algorithm to use when creating the digest portion of the nonce.
-
NonceManager
NonceManager(long validityPeriod, long nonceSessionTime, boolean singleUse, int keySize, String algorithm, ElytronMessages log)- Parameters:
validityPeriod- the time in ms that nonces are valid for in ms.nonceSessionTime- the time in ms a nonce is usable for after it's last use where nonce counts are in use.singleUse- are nonces single use?keySize- the number of bytes to use in the private key of this node.algorithm- the message digest algorithm to use when creating the digest portion of the nonce.log- mechanism specific logger.
-
NonceManager
NonceManager(long validityPeriod, long nonceSessionTime, boolean singleUse, int keySize, String algorithm, ElytronMessages log, ScheduledExecutorService customExecutor)- Parameters:
validityPeriod- the time in ms that nonces are valid for in ms.nonceSessionTime- the time in ms a nonce is usable for after it's last use where nonce counts are in use.singleUse- are nonces single use?keySize- the number of bytes to use in the private key of this node.algorithm- the message digest algorithm to use when creating the digest portion of the nonce.log- mechanism specific logger.customExecutor- a custom ScheduledExecutorService to be used
-
-
Method Detail
-
generateNonce
String generateNonce()
Generate a new encoded nonce to send to the client.- Returns:
- a new encoded nonce to send to the client.
-
generateNonce
String generateNonce(byte[] salt)
Generate a new encoded nonce to send to the client.- Parameters:
salt- additional data to use when creating the overall signature for the nonce.- Returns:
- a new encoded nonce to send to the client.
-
digest
private byte[] digest(byte[] prefix, int prefixOffset, int prefixLength, byte[] salt, MessageDigest messageDigest) throws DigestException- Throws:
DigestException
-
useNonce
boolean useNonce(String nonce, int nonceCount) throws AuthenticationMechanismException
Attempt to use the supplied nonce. A nonce might not be usable for a couple of different reasons: -- It was created too far in the past.
- Validation of the signature fails.
- The nonce has been used previously and re-use is disabled.
- Parameters:
nonce- the nonce supplied by the client.nonceCount- the nonce count, or -1 if not present- Returns:
trueif the nonce can be used,falseotherwise.- Throws:
AuthenticationMechanismException
-
useNonce
boolean useNonce(String nonce, byte[] salt, int nonceCount) throws AuthenticationMechanismException
Attempt to use the supplied nonce. A nonce might not be usable for a couple of different reasons: -- It was created too far in the past.
- Validation of the signature fails.
- The nonce has been used previously and re-use is disabled.
- Parameters:
nonce- the nonce supplied by the client.salt- additional data to use when creating the overall signature for the nonce.- Returns:
trueif the nonce can be used,falseotherwise.- Throws:
AuthenticationMechanismException
-
shutdown
public void shutdown()
-
-