|
All LDAP Classes Internal LDAP Classes |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object com.novell.sasl.client.DigestMD5SaslClient
Implements the Client portion of DigestMD5 Sasl mechanism.
Field Summary | |
private static java.lang.String |
DIGEST_METHOD
|
private java.lang.String |
m_authorizationId
|
private javax.security.auth.callback.CallbackHandler |
m_cbh
|
private java.lang.String |
m_clientNonce
|
private DigestChallenge |
m_dc
|
private java.lang.String |
m_digestURI
|
private char[] |
m_HA1
|
private java.lang.String |
m_name
|
private java.util.Map |
m_props
|
private java.lang.String |
m_protocol
|
private java.lang.String |
m_qopValue
|
private java.lang.String |
m_realm
|
private java.lang.String |
m_serverName
|
private int |
m_state
|
private static int |
NONCE_BYTE_COUNT
|
private static int |
NONCE_HEX_COUNT
|
private static int |
STATE_DIGEST_RESPONSE_SENT
|
private static int |
STATE_DISPOSED
|
private static int |
STATE_INITIAL
|
private static int |
STATE_INVALID_SERVER_RESPONSE
|
private static int |
STATE_VALID_SERVER_RESPONSE
|
Constructor Summary | |
private |
DigestMD5SaslClient(java.lang.String authorizationId,
java.lang.String protocol,
java.lang.String serverName,
java.util.Map props,
javax.security.auth.callback.CallbackHandler cbh)
Creates an DigestMD5SaslClient object using the parameters supplied. |
Method Summary | |
(package private) boolean |
checkServerResponseAuth(byte[] serverResponse)
This function validates the server response. |
(package private) char[] |
convertToHex(byte[] hash)
This function takes a 16 byte binary md5-hash value and creates a 32 character (plus a terminating null character) hex-digit representation of binary data. |
private java.lang.String |
createDigestResponse(byte[] challenge)
Creates the intial response to be sent to the server. |
(package private) char[] |
DigestCalcHA1(java.lang.String algorithm,
java.lang.String userName,
java.lang.String realm,
java.lang.String password,
java.lang.String nonce,
java.lang.String clientNonce)
Calculates the HA1 portion of the response |
(package private) char[] |
DigestCalcResponse(char[] HA1,
java.lang.String serverNonce,
java.lang.String nonceCount,
java.lang.String clientNonce,
java.lang.String qop,
java.lang.String method,
java.lang.String digestUri,
boolean clientResponseFlag)
This function calculates the response-value of the response directive of the digest-response as documented in RFC 2831 |
void |
dispose()
Disposes of any system resources or security-sensitive information the SaslClient might be using. |
byte[] |
evaluateChallenge(byte[] challenge)
Evaluates the challenge data and generates a response. |
static SaslClient |
getClient(java.lang.String authorizationId,
java.lang.String protocol,
java.lang.String serverName,
java.util.Map props,
javax.security.auth.callback.CallbackHandler cbh)
Creates an DigestMD5SaslClient object using the parameters supplied. |
(package private) java.lang.String |
getClientNonce()
Calculates the Nonce value of the Client |
private static char |
getHexChar(byte value)
This function returns hex character representing the value of the input |
java.lang.String |
getMechanismName()
Returns the IANA-registered mechanism name of this SASL client. |
java.lang.Object |
getNegotiatedProperty(java.lang.String propName)
Retrieves the negotiated property. |
boolean |
hasInitialResponse()
Determines if this mechanism has an optional initial response. |
boolean |
isComplete()
Determines if the authentication exchange has completed. |
byte[] |
unwrap(byte[] incoming,
int offset,
int len)
Unwraps a byte array received from the server. |
byte[] |
wrap(byte[] outgoing,
int offset,
int len)
Wraps a byte array to be sent to the server. |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
private java.lang.String m_authorizationId
private java.lang.String m_protocol
private java.lang.String m_serverName
private java.util.Map m_props
private javax.security.auth.callback.CallbackHandler m_cbh
private int m_state
private java.lang.String m_qopValue
private char[] m_HA1
private java.lang.String m_digestURI
private DigestChallenge m_dc
private java.lang.String m_clientNonce
private java.lang.String m_realm
private java.lang.String m_name
private static final int STATE_INITIAL
private static final int STATE_DIGEST_RESPONSE_SENT
private static final int STATE_VALID_SERVER_RESPONSE
private static final int STATE_INVALID_SERVER_RESPONSE
private static final int STATE_DISPOSED
private static final int NONCE_BYTE_COUNT
private static final int NONCE_HEX_COUNT
private static final java.lang.String DIGEST_METHOD
Constructor Detail |
private DigestMD5SaslClient(java.lang.String authorizationId, java.lang.String protocol, java.lang.String serverName, java.util.Map props, javax.security.auth.callback.CallbackHandler cbh)
authorizationId
- The possibly null protocol-dependent
identification to be used for authorization. If
null or empty, the server derives an authorization
ID from the client's authentication credentials.
When the SASL authentication completes
successfully, the specified entity is granted
access.protocol
- The non-null string name of the protocol for which
the authentication is being performed (e.g. "ldap")serverName
- The non-null fully qualified host name of the server
to authenticate toprops
- The possibly null set of properties used to select
the SASL mechanism and to configure the
authentication exchange of the selected mechanism.
See the Sasl class for a list of standard properties.
Other, possibly mechanism-specific, properties can
be included. Properties not relevant to the selected
mechanism are ignored.cbh
- The possibly null callback handler to used by the
SASL mechanisms to get further information from the
application/library to complete the authentication.
For example, a SASL mechanism might require the
authentication ID, password and realm from the
caller. The authentication ID is requested by using
a NameCallback. The password is requested by using
a PasswordCallback. The realm is requested by using
a RealmChoiceCallback if there is a list of realms
to choose from, and by using a RealmCallback if the
realm must be entered.Method Detail |
public static SaslClient getClient(java.lang.String authorizationId, java.lang.String protocol, java.lang.String serverName, java.util.Map props, javax.security.auth.callback.CallbackHandler cbh)
authorizationId
- The possibly null protocol-dependent
identification to be used for authorization. If
null or empty, the server derives an authorization
ID from the client's authentication credentials.
When the SASL authentication completes
successfully, the specified entity is granted
access.protocol
- The non-null string name of the protocol for which
the authentication is being performed (e.g. "ldap")serverName
- The non-null fully qualified host name of the server
to authenticate toprops
- The possibly null set of properties used to select
the SASL mechanism and to configure the
authentication exchange of the selected mechanism.
See the Sasl class for a list of standard properties.
Other, possibly mechanism-specific, properties can
be included. Properties not relevant to the selected
mechanism are ignored.cbh
- The possibly null callback handler to used by the
SASL mechanisms to get further information from the
application/library to complete the authentication.
For example, a SASL mechanism might require the
authentication ID, password and realm from the
caller. The authentication ID is requested by using
a NameCallback. The password is requested by using
a PasswordCallback. The realm is requested by using
a RealmChoiceCallback if there is a list of realms
to choose from, and by using a RealmCallback if the
realm must be entered.
SaslException
- If a SaslClient instance cannot be created
because of an errorpublic boolean hasInitialResponse()
hasInitialResponse
in interface SaslClient
public boolean isComplete()
isComplete
in interface SaslClient
public byte[] unwrap(byte[] incoming, int offset, int len) throws SaslException
unwrap
in interface SaslClient
incoming
- A non-null byte array containing the encoded bytes
from the serveroffset
- The starting position at incoming of the bytes to uselen
- The number of bytes from incoming to use
SaslException
- If this method is called before
the authentictaion process has completed.A SaslException
is thrown also if incoming cannot be successfully unwrappedpublic byte[] wrap(byte[] outgoing, int offset, int len) throws SaslException
wrap
in interface SaslClient
outgoing
- A non-null byte array containing the bytes to encodeoffset
- The starting position at outgoing of the bytes to uselen
- The number of bytes from outgoing to use
SaslException
- if incoming cannot be successfully unwrapped.
java.lang.IllegalStateException
- if the authentication exchange has
not completed, or if the negotiated quality of
protection has neither integrity nor privacy.public java.lang.Object getNegotiatedProperty(java.lang.String propName)
getNegotiatedProperty
in interface SaslClient
propName
- The non-null property name
java.lang.IllegalStateException
- if this authentication exchange has
not completedpublic void dispose() throws SaslException
dispose
in interface SaslClient
SaslException
- if a problem was encountered while disposing
of the resourcespublic byte[] evaluateChallenge(byte[] challenge) throws SaslException
evaluateChallenge
in interface SaslClient
challenge
- The non-null challenge sent from the server. The
challenge array may have zero length.
SaslException
- If an error occurred while processing the
challenge or generating a response.char[] convertToHex(byte[] hash)
hash
- 16 byte binary md5-hash value in bytes
char[] DigestCalcHA1(java.lang.String algorithm, java.lang.String userName, java.lang.String realm, java.lang.String password, java.lang.String nonce, java.lang.String clientNonce) throws SaslException
algorithm
- Algorith to use.userName
- User being authenticatedrealm
- realm informationpassword
- password of teh usernonce
- nonce valueclientNonce
- Clients Nonce value
SaslException
- If an error occurschar[] DigestCalcResponse(char[] HA1, java.lang.String serverNonce, java.lang.String nonceCount, java.lang.String clientNonce, java.lang.String qop, java.lang.String method, java.lang.String digestUri, boolean clientResponseFlag) throws SaslException
HA1
- H(A1)serverNonce
- nonce from servernonceCount
- 8 hex digitsclientNonce
- client nonceqop
- qop-value: "", "auth", "auth-int"method
- method from the requestdigestUri
- requested URLclientResponseFlag
- request-digest or response-digest
SaslException
- If an error occursprivate java.lang.String createDigestResponse(byte[] challenge) throws SaslException
challenge
- Challenge in bytes recived form the Server
SaslException
boolean checkServerResponseAuth(byte[] serverResponse) throws SaslException
serverResponse
- Response recived form Server
SaslException
- If an error occursprivate static char getHexChar(byte value)
value
- Input value in byte
java.lang.String getClientNonce() throws SaslException
SaslException
- If an error Occurspublic java.lang.String getMechanismName()
getMechanismName
in interface SaslClient
|
All LDAP Classes Internal LDAP Classes |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |