📄 srpclient.java
字号:
+ Util.dumpString(sCB)); } catch (IOException x) { if (x instanceof SaslException) { throw (SaslException) x; } throw new AuthenticationException("receiveEvidence()", x); } final byte[] expected; try { expected = srp.generateM2(A, M1, K, U, authorizationID, o, sid, ttl, cIV, sIV, sCB); } catch (UnsupportedEncodingException x) { throw new AuthenticationException("receiveEvidence()", x); } if (DEBUG && debuglevel > 6) debug(TRACE, "Expected: " + Util.dumpString(expected)); if (!Arrays.equals(M2, expected)) { throw new AuthenticationException("M2 mismatch"); } setupSecurityServices(false); if (DEBUG && debuglevel > 8) debug(TRACE, "<== receiveEvidence()"); return null; } private void getUsernameAndPassword() throws AuthenticationException { try { if ((!properties.containsKey(Registry.SASL_USERNAME)) && (!properties.containsKey(Registry.SASL_PASSWORD))) { final NameCallback nameCB; final String defaultName = System.getProperty("user.name"); if (defaultName == null) { nameCB = new NameCallback("username: "); } else { nameCB = new NameCallback("username: ", defaultName); } final PasswordCallback pwdCB = new PasswordCallback("password: ", false); handler.handle(new Callback[] { nameCB, pwdCB }); U = nameCB.getName(); password = new Password(pwdCB.getPassword()); } else { if (properties.containsKey(Registry.SASL_USERNAME)) { this.U = (String) properties.get(Registry.SASL_USERNAME); } else { final NameCallback nameCB; final String defaultName = System.getProperty("user.name"); if (defaultName == null) { nameCB = new NameCallback("username: "); } else { nameCB = new NameCallback("username: ", defaultName); } this.handler.handle(new Callback[] { nameCB }); this.U = nameCB.getName(); } if (properties.containsKey(Registry.SASL_PASSWORD)) { Object pw = properties.get(Registry.SASL_PASSWORD); if (pw instanceof char[]) password = new Password((char[]) pw); else if (pw instanceof Password) password = (Password) pw; else if (pw instanceof String) password = new Password(((String) pw).toCharArray()); else throw new IllegalArgumentException( pw.getClass().getName() + "is not a valid password class"); } else { final PasswordCallback pwdCB = new PasswordCallback( "password: ", false); this.handler.handle(new Callback[] { pwdCB }); password = new Password(pwdCB.getPassword()); } } if (U == null) { throw new AuthenticationException("null username supplied"); } if (password == null) { throw new AuthenticationException("null password supplied"); } } catch (UnsupportedCallbackException x) { throw new AuthenticationException("getUsernameAndPassword()", x); } catch (IOException x) { throw new AuthenticationException("getUsernameAndPassword()", x); } } // We go through the list of available services and for each available one // we decide whether or not we want it enabled, based on properties passed // to us by the client. private String createO(final String aol) throws AuthenticationException { if (DEBUG && debuglevel > 8) debug(TRACE, "==> createO(\"" + aol + "\")"); boolean replaydetectionAvailable = false; boolean integrityAvailable = false; boolean confidentialityAvailable = false; String option, mandatory = SRPRegistry.DEFAULT_MANDATORY; int i; String mdName = SRPRegistry.SRP_DEFAULT_DIGEST_NAME; final StringTokenizer st = new StringTokenizer(aol, ","); while (st.hasMoreTokens()) { option = st.nextToken(); if (option.startsWith(SRPRegistry.OPTION_SRP_DIGEST + "=")) { option = option.substring(option.indexOf('=') + 1); if (DEBUG && debuglevel > 6) debug(TRACE, "mda: <" + option + ">"); for (i = 0; i < SRPRegistry.INTEGRITY_ALGORITHMS.length; i++) { if (SRPRegistry.SRP_ALGORITHMS[i].equals(option)) { mdName = option; break; } } } else if (option.equals(SRPRegistry.OPTION_REPLAY_DETECTION)) { replaydetectionAvailable = true; } else if (option.startsWith(SRPRegistry.OPTION_INTEGRITY + "=")) { option = option.substring(option.indexOf('=') + 1); if (DEBUG && debuglevel > 6) debug(TRACE, "ialg: <" + option + ">"); for (i = 0; i < SRPRegistry.INTEGRITY_ALGORITHMS.length; i++) { if (SRPRegistry.INTEGRITY_ALGORITHMS[i].equals(option)) { chosenIntegrityAlgorithm = option; integrityAvailable = true; break; } } } else if (option.startsWith(SRPRegistry.OPTION_CONFIDENTIALITY + "=")) { option = option.substring(option.indexOf('=') + 1); if (DEBUG && debuglevel > 6) debug(TRACE, "calg: <" + option + ">"); for (i = 0; i < SRPRegistry.CONFIDENTIALITY_ALGORITHMS.length; i++) { if (SRPRegistry.CONFIDENTIALITY_ALGORITHMS[i].equals(option)) { chosenConfidentialityAlgorithm = option; confidentialityAvailable = true; break; } } } else if (option.startsWith(SRPRegistry.OPTION_MANDATORY + "=")) { mandatory = option.substring(option.indexOf('=') + 1); } else if (option.startsWith(SRPRegistry.OPTION_MAX_BUFFER_SIZE + "=")) { final String maxBufferSize = option.substring(option.indexOf('=') + 1); try { rawSendSize = Integer.parseInt(maxBufferSize); if (rawSendSize > Registry.SASL_BUFFER_MAX_LIMIT || rawSendSize < 1) { throw new AuthenticationException( "Illegal value for 'maxbuffersize' option"); } } catch (NumberFormatException x) { throw new AuthenticationException( SRPRegistry.OPTION_MAX_BUFFER_SIZE + "=" + String.valueOf(maxBufferSize), x); } } } replayDetection = replaydetectionAvailable && Boolean.valueOf( (String) properties.get(SRPRegistry.SRP_REPLAY_DETECTION)).booleanValue(); boolean integrity = integrityAvailable && Boolean.valueOf( (String) properties.get(SRPRegistry.SRP_INTEGRITY_PROTECTION)).booleanValue(); boolean confidentiality = confidentialityAvailable && Boolean.valueOf( (String) properties.get(SRPRegistry.SRP_CONFIDENTIALITY)).booleanValue(); // make sure we do the right thing if (SRPRegistry.OPTION_REPLAY_DETECTION.equals(mandatory)) { replayDetection = true; integrity = true; } else if (SRPRegistry.OPTION_INTEGRITY.equals(mandatory)) { integrity = true; } else if (SRPRegistry.OPTION_CONFIDENTIALITY.equals(mandatory)) { confidentiality = true; } if (replayDetection) { if (chosenIntegrityAlgorithm == null) { throw new AuthenticationException( "Replay detection is required but no " + "integrity protection algorithm was chosen"); } } if (integrity) { if (chosenIntegrityAlgorithm == null) { throw new AuthenticationException( "Integrity protection is required but no " + "algorithm was chosen"); } } if (confidentiality) { if (chosenConfidentialityAlgorithm == null) { throw new AuthenticationException( "Confidentiality protection is required " + "but no algorithm was chosen"); } } // 1. check if we'll be using confidentiality; if not set IV to 0-byte if (chosenConfidentialityAlgorithm == null) { cIV = new byte[0]; } else { // 2. get the block size of the cipher final IBlockCipher cipher = CipherFactory.getInstance(chosenConfidentialityAlgorithm); if (cipher == null) { throw new AuthenticationException("createO()", new NoSuchAlgorithmException()); } final int blockSize = cipher.defaultBlockSize(); // 3. generate random iv cIV = new byte[blockSize]; getDefaultPRNG().nextBytes(cIV); } srp = SRP.instance(mdName); // Now create the options list specifying which of the available options // we have chosen. // For now we just select the defaults. Later we need to add support for // properties (perhaps in a file) where a user can specify the list of // algorithms they would prefer to use. final StringBuffer sb = new StringBuffer(); sb.append(SRPRegistry.OPTION_SRP_DIGEST).append("=").append(mdName).append( ","); if (replayDetection) { sb.append(SRPRegistry.OPTION_REPLAY_DETECTION).append(","); } if (integrity) { sb.append(SRPRegistry.OPTION_INTEGRITY).append("=").append( chosenIntegrityAlgorithm).append( ","); } if (confidentiality) { sb.append(SRPRegistry.OPTION_CONFIDENTIALITY).append("=").append( chosenConfidentialityAlgorithm).append( ","); } final String result = sb.append(SRPRegistry.OPTION_MAX_BUFFER_SIZE).append( "=").append( Registry.SASL_BUFFER_MAX_LIMIT).toString(); if (DEBUG && debuglevel > 8) debug(TRACE, "<== createO() --> " + result); return result; } private void setupSecurityServices(final boolean sessionReUse) throws SaslException { complete = true; // signal end of authentication phase if (!sessionReUse) { outCounter = inCounter = 0; // instantiate cipher if confidentiality protection filter is active if (chosenConfidentialityAlgorithm != null) { if (DEBUG && debuglevel > 2) debug(INFO, "Activating confidentiality protection filter"); inCipher = CALG.getInstance(chosenConfidentialityAlgorithm); outCipher = CALG.getInstance(chosenConfidentialityAlgorithm); } // instantiate hmacs if integrity protection filter is active if (chosenIntegrityAlgorithm != null) { if (DEBUG && debuglevel > 2) debug(INFO, "Activating integrity protection filter"); inMac = IALG.getInstance(chosenIntegrityAlgorithm); outMac = IALG.getInstance(chosenIntegrityAlgorithm); } } else { // same session new Keys K = srp.generateKn(K, cn, sn); } final KDF kdf = KDF.getInstance(K); // initialise in/out ciphers if confidentiality protection is used if (inCipher != null) { inCipher.init(kdf, sIV, Direction.REVERSED); outCipher.init(kdf, cIV, Direction.FORWARD); } // initialise in/out macs if integrity protection is used if (inMac != null) { inMac.init(kdf); outMac.init(kdf); } if (sid != null && sid.length != 0) { // update the security context and save in map if (DEBUG && debuglevel > 2) debug(INFO, "Updating security context for UID = " + uid); ClientStore.instance().cacheSession( uid, ttl, new SecurityContext( srp.getAlgorithm(), sid, K, cIV, sIV, replayDetection, inCounter, outCounter, inMac, outMac, inCipher, outCipher)); } } private PRNG getDefaultPRNG() { if (prng == null) prng = PRNG.getInstance(); return prng; }}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -