Package org.wildfly.security.sasl.digest

Class DigestSaslClient

java.lang.Object

org.wildfly.security.sasl.util.AbstractSaslParticipant

org.wildfly.security.sasl.digest.AbstractDigestMechanism

org.wildfly.security.sasl.digest.DigestSaslClient

All Implemented Interfaces:

SaslClient, SaslWrapper

final class DigestSaslClient
extends AbstractDigestMechanism
implements SaslClient

A client implementation of RFC 2831 DIGEST SASL mechanism.

Author:

Peter Skopek

Nested Class Summary

Nested classes/interfaces inherited from class org.wildfly.security.sasl.digest.AbstractDigestMechanism

AbstractDigestMechanism.DigestWrapper, AbstractDigestMechanism.FORMAT

Field Summary

Fields

Modifier and Type	Field	Description
private String	cipher_opts
private String[]	clientQops
private String[]	demandedCiphers
private byte[]	digest_urp
private boolean	hasInitialResponse
private int	maxbuf
private String[]	realms
private boolean	stale
private static byte	STEP_FOUR
private static byte	STEP_TWO

Fields inherited from class org.wildfly.security.sasl.digest.AbstractDigestMechanism

authorizationId, charset, cipher, CIPHER_OPTS, cnonce, DEFAULT_MAXBUF, DELIMITER, digest, digestURI, hA1, hmacMD5, messageDigest, nonce, qop, realm, secureRandomGenerator, unwrapCipher, unwrapHmacKeyIntegrity, unwrapSeqNum, username, wrapCipher, wrapHmacKeyIntegrity, wrapSeqNum

Fields inherited from class org.wildfly.security.sasl.util.AbstractSaslParticipant

COMPLETE_STATE, FAILED_STATE, NO_BYTES

Fields inherited from interface org.wildfly.security.sasl.util.SaslWrapper

IDENTITY

Constructor Summary

Constructors

Constructor	Description
DigestSaslClient(String mechanism, String protocol, String serverName, CallbackHandler callbackHandler, String authorizationId, boolean hasInitialResponse, Charset charset, String[] qops, String[] ciphers, Supplier<Provider[]> providers)

Method Summary

Modifier and Type	Method	Description
private void	checkResponseAuth(HashMap<String,byte[]> parsedChallenge)
private byte[]	createResponse(HashMap<String,byte[]> parsedChallenge)	Method creates client response to the server challenge: digest-response = 1#( username | realm | nonce | cnonce | nonce-count | qop | digest-uri | response | maxbuf | charset | cipher | authzid | auth-param ) username = "username" "=" <"> username-value <"> username-value = qdstr-val cnonce = "cnonce" "=" <"> cnonce-value <"> cnonce-value = qdstr-val nonce-count = "nc" "=" nc-value nc-value = 8LHEX qop = "qop" "=" qop-value digest-uri = "digest-uri" "=" <"> digest-uri-value <"> digest-uri-value = serv-type "/" host [ "/" serv-name ] serv-type = 1*ALPHA host = 1*( ALPHA | DIGIT | "-" | "." ) serv-name = host response = "response" "=" response-value response-value = 32LHEX LHEX = "0" | "1" | "2" | "3" | "4" | "5" | "6" | "7" | "8" | "9" | "a" | "b" | "c" | "d" | "e" | "f" cipher = "cipher" "=" cipher-value authzid = "authzid" "=" <"> authzid-value <"> authzid-value = qdstr-val
byte[]	evaluateChallenge(byte[] challenge)
protected byte[]	evaluateMessage(int state, byte[] message)
private int	getNonceCount()	For now it returns always 1
boolean	hasInitialResponse()
void	init()
private void	noteChallengeData(HashMap<String,byte[]> parsedChallenge)
private String	selectCipher(String ciphersFromServer)
private String	selectQop(String[] serverQops, String[] clientQops)

Methods inherited from class org.wildfly.security.sasl.digest.AbstractDigestMechanism

arrayContains, createCipher, createCiphersAndKeys, createIntegrityKey, generateNonce, getCharset, getSupportedCiphers, handleUserRealmPasswordCallbacks

Methods inherited from class org.wildfly.security.sasl.util.AbstractSaslParticipant

assertComplete, dispose, evaluateMessage, getCallbackHandler, getIntProperty, getMechanismName, getNegotiatedProperty, getProtocol, getServerName, getStringProperty, getWrapper, handleCallbacks, isComplete, negotiationComplete, setNegotiationState, setWrapper, tryHandleCallbacks, unwrap, wrap

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface javax.security.sasl.SaslClient

dispose, getMechanismName, getNegotiatedProperty, isComplete, unwrap, wrap

Field Detail

STEP_TWO

private static final byte STEP_TWO

See Also:

Constant Field Values

STEP_FOUR

private static final byte STEP_FOUR

See Also:

Constant Field Values

realms

private String[] realms

clientQops

private String[] clientQops

stale

private boolean stale

maxbuf

private int maxbuf

cipher_opts

private String cipher_opts

digest_urp

private byte[] digest_urp

hasInitialResponse

private final boolean hasInitialResponse

demandedCiphers

private final String[] demandedCiphers

Constructor Detail

DigestSaslClient

DigestSaslClient(String mechanism,
                 String protocol,
                 String serverName,
                 CallbackHandler callbackHandler,
                 String authorizationId,
                 boolean hasInitialResponse,
                 Charset charset,
                 String[] qops,
                 String[] ciphers,
                 Supplier<Provider[]> providers)
          throws SaslException

Throws:

SaslException

Method Detail

noteChallengeData

private void noteChallengeData(HashMap<String,byte[]> parsedChallenge)
                        throws SaslException

Throws:

SaslException

selectQop

private String selectQop(String[] serverQops,
                         String[] clientQops)
                  throws SaslException

Throws:

SaslException

selectCipher

private String selectCipher(String ciphersFromServer)
                     throws SaslException

Throws:

SaslException

createResponse

private byte[] createResponse(HashMap<String,byte[]> parsedChallenge)
                       throws SaslException

Method creates client response to the server challenge: digest-response = 1#( username | realm | nonce | cnonce | nonce-count | qop | digest-uri | response | maxbuf | charset | cipher | authzid | auth-param ) username = "username" "=" <"> username-value <"> username-value = qdstr-val cnonce = "cnonce" "=" <"> cnonce-value <"> cnonce-value = qdstr-val nonce-count = "nc" "=" nc-value nc-value = 8LHEX qop = "qop" "=" qop-value digest-uri = "digest-uri" "=" <"> digest-uri-value <"> digest-uri-value = serv-type "/" host [ "/" serv-name ] serv-type = 1*ALPHA host = 1*( ALPHA | DIGIT | "-" | "." ) serv-name = host response = "response" "=" response-value response-value = 32LHEX LHEX = "0" | "1" | "2" | "3" | "4" | "5" | "6" | "7" | "8" | "9" | "a" | "b" | "c" | "d" | "e" | "f" cipher = "cipher" "=" cipher-value authzid = "authzid" "=" <"> authzid-value <"> authzid-value = qdstr-val

Parameters:

parsedChallenge -

Returns:

Throws:

SaslException

getNonceCount

private int getNonceCount()

For now it returns always 1

Returns:

checkResponseAuth

private void checkResponseAuth(HashMap<String,byte[]> parsedChallenge)
                        throws SaslException

Throws:

SaslException

init

public void init()

Overrides:

init in class AbstractSaslParticipant

hasInitialResponse

public boolean hasInitialResponse()

Specified by:

hasInitialResponse in interface SaslClient

evaluateChallenge

public byte[] evaluateChallenge(byte[] challenge)
                         throws SaslException

Specified by:

evaluateChallenge in interface SaslClient

Throws:

SaslException

evaluateMessage

protected byte[] evaluateMessage(int state,
                                 byte[] message)
                          throws SaslException

Specified by:

evaluateMessage in class AbstractSaslParticipant

Throws:

SaslException