java.lang.Object
cryptix.sasl.ServerMechanism
cryptix.sasl.srp.SRPServer
- All Implemented Interfaces:
- cryptix.sasl.SaslParams, javax.security.sasl.SaslServer, javax.security.sasl.SaslServerExt, SRPParams
- public class SRPServer
- extends cryptix.sasl.ServerMechanism
- implements javax.security.sasl.SaslServerExt, SRPParams, cryptix.sasl.SaslParams
The Cryptix implementation of an SM2-capable server-side SASL-SRP mechanism.
- Since:
- draft-burdis-cat-sasl-srp-04, draft-naffah-cat-sasl-sm2-00
- Version:
- $Revision: 1.12 $
| Fields inherited from interface cryptix.sasl.srp.SRPParams |
AES, AVAILABLE_OPTIONS, BLOWFISH, CAST5, CHOSEN_OPTIONS, CLIENT_EVIDENCE, CLIENT_PUBLIC_KEY, CONFIDENTIALITY_ALGORITHMS, CONFIG_NDX_FIELD, DEFAULT_CONFIDENTIALITY, DEFAULT_INTEGRITY, DEFAULT_MANDATORY, DEFAULT_PASSWORD_FILE, DEFAULT_REPLAY_DETECTION, FIELD_GENERATOR, HMAC_MD5, HMAC_SHA1, INTEGRITY_ALGORITHMS, MANDATORY_CONFIDENTIALITY, MANDATORY_INTEGRITY, MANDATORY_NONE, MANDATORY_REPLAY_DETECTION, MD_NAME_FIELD, PASSWORD_FILE, PASSWORD_VERIFIER, SALT_FIELD, SERVER_EVIDENCE, SERVER_PUBLIC_KEY, SHARED_MODULUS, SRP_CONFIDENTIALITY, SRP_DEFAULT_DIGEST_NAME, SRP_DIGEST_NAME, SRP_INTEGRITY_PROTECTION, SRP_MANDATORY, SRP_MD5_NAME, SRP_REPLAY_DETECTION, SRP_RIPEMD_128_NAME, SRP_RIPEMD_160_NAME, SRP_SHA_160_NAME, SRP_SHA_256_NAME, SRP_SHA_384_NAME, SRP_SHA_512_NAME, SRP_SHA_NAME, SRP_SHA1_NAME, USER_NAME, USER_ROLE, USER_SALT, USER_VERIFIER_FIELD |
| Fields inherited from interface cryptix.sasl.SaslParams |
AES_CALG, ANONYMOUS_MECHANISM, AUTH_INFO_PROVIDER_PKGS, BUFFER_LIMIT, CRAM_MD5_MECHANISM, FOUR_BYTE_HEADER_LIMIT, HMAC_MD5_IALG, HMAC_SHA_IALG, MD5_MDA, ONE_BYTE_HEADER_LIMIT, OTP_MECHANISM, PASSWORD, PLAIN_MECHANISM, RIJNDAEL_CALG, RIPEMD_160_MDA, SHA_MDA, SM2_MECHANISM, SRP_MECHANISM, TWO_BYTE_HEADER_LIMIT, TWOFISH_CALG, USERNAME |
| Methods inherited from class cryptix.sasl.ServerMechanism |
getAuthorizationID, getMechanismName, getNegotiatedMaxBuffer, getNegotiatedPolicyForwardSecrecy, getNegotiatedPolicyNoActive, getNegotiatedPolicyNoAnonymous, getNegotiatedPolicyNoDictionary, getNegotiatedPolicyNoPlainText, getNegotiatedPolicyPassCredentials, getNegotiatedProperty, getNegotiatedServerAuth, isComplete, unwrap, wrap |
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
cat
private static org.apache.log4j.Category cat
U
private java.lang.String U
mandatory
private java.lang.String mandatory
L
private java.lang.String L
o
private java.lang.String o
chosenIntegrityAlgorithm
private java.lang.String chosenIntegrityAlgorithm
chosenConfidentialityAlgorithm
private java.lang.String chosenConfidentialityAlgorithm
rawSendSize
private int rawSendSize
modulus
private byte[] modulus
generator
private byte[] generator
N
private java.math.BigInteger N
g
private java.math.BigInteger g
A
private java.math.BigInteger A
B
private java.math.BigInteger B
v
private java.math.BigInteger v
s
private byte[] s
kp
private java.security.KeyPair kp
hash
private java.security.MessageDigest hash
ckhash
private java.security.MessageDigest ckhash
srp
private SRP srp
K
private javax.crypto.SecretKey K
replayDetection
private boolean replayDetection
inCounter
private int inCounter
outCounter
private int outCounter
inMac
private IALG inMac
outMac
private IALG outMac
inCipher
private CALG inCipher
outCipher
private CALG outCipher
SRPServer
public SRPServer(java.lang.String mdName,
java.lang.String protocol,
java.lang.String serverName,
java.util.Hashtable props,
javax.security.auth.callback.CallbackHandler cbh)
getSaslSecurityContext
public java.security.spec.AlgorithmParameterSpec getSaslSecurityContext()
throws javax.security.sasl.SaslException
- Description copied from interface:
javax.security.sasl.SaslServerExt
- Retrieves the SASL Security Context of this SASL mechanism object. This
method can be called only after the authentication exchange has completed
(i.e., when SaslServer.isComplete()>
SaslServer.isComplete() 55 returns
true); otherwise, a javax.security.sasl.SaslException
is thrown.
- Specified by:
getSaslSecurityContext in interface javax.security.sasl.SaslServerExt
setSaslSecurityContext
public void setSaslSecurityContext(java.security.spec.AlgorithmParameterSpec ctx)
throws javax.security.sasl.SaslException
- Description copied from interface:
javax.security.sasl.SaslServerExt
- Sets the SASL Security Context of this SASL mechanism object to the
designated value.
- Specified by:
setSaslSecurityContext in interface javax.security.sasl.SaslServerExt
evaluateEvidence
public byte[] evaluateEvidence(byte[] peerEvidence)
throws javax.security.sasl.SaslException
- Description copied from interface:
javax.security.sasl.SaslServerExt
- Given the SASL mechanism peer's evidence, which may be null, this method
is for SASL mechanisms capable of using the designated evidence to update
or recycle their cryptographic data, so security services can still be
provided, in a secure fashion, without the need to go through the
authentication phase again.
- Specified by:
evaluateEvidence in interface javax.security.sasl.SaslServerExt
evaluateResponse
public byte[] evaluateResponse(byte[] response)
throws javax.security.sasl.SaslException
- Description copied from interface:
javax.security.sasl.SaslServer
- Evaluates the response data and generates a challenge. If a response is
received from the client during the authentication process, this method is
called to prepare an appropriate next challenge to submit to the client.
The challenge is
null if the authentication has succeeded and
no more challenge data is to be sent to the client. It is non-null if the
authentication must be continued by sending a challenge to the client, or
if the authentication has succeeded but challenge data needs to be
processed by the client. SaslServer.isComplete()>SaslServer.isComplete() 55 should be called after each
call to evaluateResponse(),to determine if any further
response is needed from the client.
- Specified by:
evaluateResponse in interface javax.security.sasl.SaslServer
engineUnwrap
protected byte[] engineUnwrap(byte[] incoming,
int offset,
int len)
throws javax.security.sasl.SaslException
engineWrap
protected byte[] engineWrap(byte[] outgoing,
int offset,
int len)
throws javax.security.sasl.SaslException
dispose
public void dispose()
throws javax.security.sasl.SaslException
- Description copied from interface:
javax.security.sasl.SaslServer
- Disposes of any system resources or security-sensitive information the
SaslServer might be using. Invoking this method invalidates
the SaslServer instance. This method is idempotent.
- Specified by:
dispose in interface javax.security.sasl.SaslServer
getNegotiatedQOP
protected java.lang.String getNegotiatedQOP()
getNegotiatedStrength
protected java.lang.String getNegotiatedStrength()
getNegotiatedRawSendSize
protected java.lang.String getNegotiatedRawSendSize()
sendNgL
private byte[] sendNgL(byte[] input)
throws javax.security.sasl.SaslException
sendResponse
private byte[] sendResponse(byte[] input)
throws javax.security.sasl.SaslException
sendEvidence
private byte[] sendEvidence(byte[] input)
throws javax.security.sasl.SaslException
createAvailableOptionsList
private java.lang.String createAvailableOptionsList()
parseChosenOptionsList
private void parseChosenOptionsList(java.lang.String o)
throws javax.security.sasl.SaslException
setupSecurityServices
private void setupSecurityServices()
throws javax.security.sasl.SaslException
JAVADOC | 
SOURCE | 
DOWNLOAD | NESTED | FIELD | CONSTR | METHOD