java.lang.Object
cryptix.sasl.ClientMechanism
cryptix.sasl.srp.SRPClient
- All Implemented Interfaces:
- javax.security.sasl.SaslClient, javax.security.sasl.SaslClientExt, cryptix.sasl.SaslParams, SRPParams
- public class SRPClient
- extends cryptix.sasl.ClientMechanism
- implements javax.security.sasl.SaslClientExt, SRPParams, cryptix.sasl.SaslParams
The Cryptix implementation of an SM2-capable client-side SASL-SRP mechanism.
- Since:
- draft-burdis-cat-sasl-srp-04, draft-naffah-cat-sasl-sm2-00
- Version:
- $Revision: 1.10 $
| Fields inherited from interface cryptix.sasl.srp.SRPParams |
AES, AVAILABLE_OPTIONS, BLOWFISH, CAST5, CHOSEN_OPTIONS, CLIENT_EVIDENCE, CLIENT_PUBLIC_KEY, CONFIDENTIALITY_ALGORITHMS, CONFIG_NDX_FIELD, DEFAULT_CONFIDENTIALITY, DEFAULT_INTEGRITY, DEFAULT_MANDATORY, DEFAULT_PASSWORD_FILE, DEFAULT_REPLAY_DETECTION, FIELD_GENERATOR, HMAC_MD5, HMAC_SHA1, INTEGRITY_ALGORITHMS, MANDATORY_CONFIDENTIALITY, MANDATORY_INTEGRITY, MANDATORY_NONE, MANDATORY_REPLAY_DETECTION, MD_NAME_FIELD, PASSWORD_FILE, PASSWORD_VERIFIER, SALT_FIELD, SERVER_EVIDENCE, SERVER_PUBLIC_KEY, SHARED_MODULUS, SRP_CONFIDENTIALITY, SRP_DEFAULT_DIGEST_NAME, SRP_DIGEST_NAME, SRP_INTEGRITY_PROTECTION, SRP_MANDATORY, SRP_MD5_NAME, SRP_REPLAY_DETECTION, SRP_RIPEMD_128_NAME, SRP_RIPEMD_160_NAME, SRP_SHA_160_NAME, SRP_SHA_256_NAME, SRP_SHA_384_NAME, SRP_SHA_512_NAME, SRP_SHA_NAME, SRP_SHA1_NAME, USER_NAME, USER_ROLE, USER_SALT, USER_VERIFIER_FIELD |
| Fields inherited from interface cryptix.sasl.SaslParams |
AES_CALG, ANONYMOUS_MECHANISM, AUTH_INFO_PROVIDER_PKGS, BUFFER_LIMIT, CRAM_MD5_MECHANISM, FOUR_BYTE_HEADER_LIMIT, HMAC_MD5_IALG, HMAC_SHA_IALG, MD5_MDA, ONE_BYTE_HEADER_LIMIT, OTP_MECHANISM, PASSWORD, PLAIN_MECHANISM, RIJNDAEL_CALG, RIPEMD_160_MDA, SHA_MDA, SM2_MECHANISM, SRP_MECHANISM, TWO_BYTE_HEADER_LIMIT, TWOFISH_CALG, USERNAME |
| Methods inherited from class cryptix.sasl.ClientMechanism |
getAuthorizationID, getMechanismName, getNegotiatedMaxBuffer, getNegotiatedPolicyForwardSecrecy, getNegotiatedPolicyNoActive, getNegotiatedPolicyNoAnonymous, getNegotiatedPolicyNoDictionary, getNegotiatedPolicyNoPlainText, getNegotiatedPolicyPassCredentials, getNegotiatedProperty, getNegotiatedServerAuth, isComplete, unwrap, wrap |
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
cat
private static org.apache.log4j.Category cat
U
private java.lang.String U
salt
private byte[] salt
password
private char[] password
M1
private byte[] M1
L
private java.lang.String L
o
private java.lang.String o
chosenIntegrityAlgorithm
private java.lang.String chosenIntegrityAlgorithm
chosenConfidentialityAlgorithm
private java.lang.String chosenConfidentialityAlgorithm
rawSendSize
private int rawSendSize
kp
private java.security.KeyPair kp
A
private java.math.BigInteger A
N
private java.math.BigInteger N
g
private java.math.BigInteger g
srp
private SRP srp
K
private javax.crypto.SecretKey K
replayDetection
private boolean replayDetection
inCounter
private int inCounter
outCounter
private int outCounter
inMac
private IALG inMac
outMac
private IALG outMac
inCipher
private CALG inCipher
outCipher
private CALG outCipher
SRPClient
public SRPClient(java.lang.String mdName,
java.lang.String authorizationID,
java.lang.String protocol,
java.lang.String serverName,
java.util.Hashtable props,
javax.security.auth.callback.CallbackHandler cbh)
getSaslSecurityContext
public java.security.spec.AlgorithmParameterSpec getSaslSecurityContext()
throws javax.security.sasl.SaslException
- Description copied from interface:
javax.security.sasl.SaslClientExt
- Retrieves the SASL Security Context of this SASL mechanism object. This
method can be called only after the authentication exchange has completed
(i.e., when SaslClient.isComplete()>
SaslClient.isComplete() 55 returns
true); otherwise, a javax.security.sasl.SaslException
is thrown.
- Specified by:
getSaslSecurityContext in interface javax.security.sasl.SaslClientExt
setSaslSecurityContext
public void setSaslSecurityContext(java.security.spec.AlgorithmParameterSpec ctx)
throws javax.security.sasl.SaslException
- Description copied from interface:
javax.security.sasl.SaslClientExt
- Sets the SASL Security Context of this SASL mechanism object to the
designated value.
- Specified by:
setSaslSecurityContext in interface javax.security.sasl.SaslClientExt
evaluateEvidence
public byte[] evaluateEvidence(byte[] peerEvidence)
throws javax.security.sasl.SaslException
- Description copied from interface:
javax.security.sasl.SaslClientExt
- Given the SASL mechanism peer's evidence, which may be null, this method
is for SASL mechanisms capable of using the designated evidence to update
or recycle their cryptographic data, so security services can still be
provided, in a secure fashion, without the need to go through the
authentication phase again.
- Specified by:
evaluateEvidence in interface javax.security.sasl.SaslClientExt
hasInitialResponse
public boolean hasInitialResponse()
- Description copied from interface:
javax.security.sasl.SaslClient
- Determines if this mechanism has an optional initial response. If
true, caller should call SaslClient.evaluateChallenge(byte[])>SaslClient.evaluateChallenge(byte[]) 55
with an empty array to get the initial response.
- Specified by:
hasInitialResponse in interface javax.security.sasl.SaslClient
evaluateChallenge
public byte[] evaluateChallenge(byte[] challenge)
throws javax.security.sasl.SaslException
- Description copied from interface:
javax.security.sasl.SaslClient
- Evaluates the challenge data and generates a response. If a challenge is
received from the server during the authentication process, this method is
called to prepare an appropriate next response to submit to the server.
- Specified by:
evaluateChallenge in interface javax.security.sasl.SaslClient
engineUnwrap
protected byte[] engineUnwrap(byte[] incoming,
int offset,
int len)
throws javax.security.sasl.SaslException
engineWrap
protected byte[] engineWrap(byte[] outgoing,
int offset,
int len)
throws javax.security.sasl.SaslException
dispose
public void dispose()
throws javax.security.sasl.SaslException
- Description copied from interface:
javax.security.sasl.SaslClient
- Disposes of any system resources or security-sensitive information the
SaslClient might be using. Invoking this method invalidates
the SaslClient instance. This method is idempotent.
- Specified by:
dispose in interface javax.security.sasl.SaslClient
getNegotiatedQOP
protected java.lang.String getNegotiatedQOP()
getNegotiatedStrength
protected java.lang.String getNegotiatedStrength()
getNegotiatedRawSendSize
protected java.lang.String getNegotiatedRawSendSize()
sendIdentity
private byte[] sendIdentity()
throws javax.security.sasl.SaslException
sendRequest
private byte[] sendRequest(byte[] input)
throws javax.security.sasl.SaslException
sendEvidence
private byte[] sendEvidence(byte[] input)
throws javax.security.sasl.SaslException
verifyEvidence
private byte[] verifyEvidence(byte[] input)
throws javax.security.sasl.SaslException
getUsernameAndPassword
private void getUsernameAndPassword()
throws javax.security.sasl.SaslException
createOptionsList
private java.lang.String createOptionsList(java.lang.String availableOptionsList)
throws javax.security.sasl.SaslException
setupSecurityServices
private void setupSecurityServices()
throws javax.security.sasl.SaslException
JAVADOC | 
SOURCE | 
DOWNLOAD | NESTED | FIELD | CONSTR | METHOD