Modifier and Type | Field and Description |
---|---|
private static final int | |
private byte[] | |
private static final int | |
private static final int | |
private static final String | |
private byte[] | |
private static final String[] | |
private static final int | |
private static final String | |
private static final int | |
private int | |
private char[] | |
private static final int | |
private static final int | |
private static final int | |
private String | |
private static final int | |
private String |
Access | Constructor and Description |
---|---|
pack-priv | DigestMD5Client(String
A non-null String representing the principal
for which authorization is being granted.. authzid, String A non-null String representing detailing the
combined protocol and host being used for authentication. protocol, String serverName, Map<String, ?> The possibly null properties to be used by the SASL
mechanism to configure the authentication exchange. props, CallbackHandler The non-null CallbackHanlder object for callbacks cbh)Constructor for DIGEST-MD5 mechanism. |
Modifier and Type | Method and Description |
---|---|
private void | |
private void | |
private void | |
public byte[] | Returns: A possibly null byte array containing the response to be sent to the server.A non-null byte array containing the challenge
data from the server. challengeData)Implements javax. |
private String | Returns: The agreed cipher.The array of cipher tokens sent by server tokens)Steps through the ordered 'strength' array, and compares it with the 'supportedCiphers' array. |
private byte[] | Returns: digest-response in a byte arrayReturns digest-response suitable for an initial authentication. |
private static int | getNonceCount(byte[] nonceValue)
Returns the number of requests (including current request) that the client has sent in response to nonceValue. |
public boolean | Returns: falseImplements javax. |
private void | processChallenge(byte[][] challengeVal, List<byte[]> realmChoices)
Record information from the challengeVal array into variables/fields. |
private void | validateResponseValue(byte[] fromServer)
From RFC 2831, Section 2.1.3: Step Three [Server] sends a message formatted as follows: response-auth = "rspauth" "=" response-value where response-value is calculated as above, using the values sent in step two, except that if qop is "auth", then A2 is A2 = { ":", digest-uri-value } And if qop is "auth-int" or "auth-conf" then A2 is A2 = { ":", digest-uri-value, ":00000000000000000000000000000000" } |
ALGORITHM | back to summary |
---|---|
private static final int ALGORITHM |
authzidBytes | back to summary |
---|---|
private byte[] authzidBytes |
CHARSET | back to summary |
---|---|
private static final int CHARSET |
CIPHER | back to summary |
---|---|
private static final int CIPHER |
CIPHER_PROPERTY | back to summary |
---|---|
private static final String CIPHER_PROPERTY |
cnonce | back to summary |
---|---|
private byte[] cnonce |
DIRECTIVE_KEY | back to summary |
---|---|
private static final String[] DIRECTIVE_KEY |
MAXBUF | back to summary |
---|---|
private static final int MAXBUF |
MY_CLASS_NAME | back to summary |
---|---|
private static final String MY_CLASS_NAME |
NONCE | back to summary |
---|---|
private static final int NONCE |
nonceCount | back to summary |
---|---|
private int nonceCount |
passwd | back to summary |
---|---|
private char[] passwd |
QOP | back to summary |
---|---|
private static final int QOP |
REALM | back to summary |
---|---|
private static final int REALM |
RESPONSE_AUTH | back to summary |
---|---|
private static final int RESPONSE_AUTH |
specifiedCipher | back to summary |
---|---|
private String specifiedCipher |
STALE | back to summary |
---|---|
private static final int STALE |
username | back to summary |
---|---|
private String username |
DigestMD5Client | back to summary |
---|---|
pack-priv DigestMD5Client(String authzid, String protocol, String serverName, Map<String, ?> props, CallbackHandler cbh) throws SaslException Constructor for DIGEST-MD5 mechanism.
|
checkQopSupport | back to summary |
---|---|
private void checkQopSupport(byte[] qopInChallenge, byte[] ciphersInChallenge) throws IOException Parses the 'qop' directive. If 'auth-conf' is specified by the client and offered as a QOP option by the server, then a check is client-side supported ciphers is performed. |
checkStrengthSupport | back to summary |
---|---|
private void checkStrengthSupport(byte[] ciphersInChallenge) throws IOException Processes the 'cipher' digest-challenge directive. This allows the mechanism to check for client-side support against the list of supported ciphers send by the server. If no match is found, the mechanism aborts.
|
clearPassword | back to summary |
---|---|
private void clearPassword() |
evaluateChallenge | back to summary |
---|---|
public byte[] evaluateChallenge(byte[] challengeData) throws SaslException Implements javax. Process the challenge data. The server sends a digest-challenge which the client must reply to in a digest-response. When the authentication is complete, the completed field is set to true.
|
findCipherAndStrength | back to summary |
---|---|
private String findCipherAndStrength(byte[] supportedCiphers, String[] tokens) Steps through the ordered 'strength' array, and compares it with the 'supportedCiphers' array. The cipher returned represents the best possible cipher based on the strength preference and the available ciphers on both the server and client environments. |
generateClientResponse | back to summary |
---|---|
private byte[] generateClientResponse(byte[] charset) throws IOException Returns digest-response suitable for an initial authentication. The following are qdstr-val (quoted string values) as per RFC 2831, which means that any embedded quotes must be escaped. realm-value nonce-value username-value cnonce-value authzid-value
|
getNonceCount | back to summary |
---|---|
private static int getNonceCount(byte[] nonceValue) Returns the number of requests (including current request) that the client has sent in response to nonceValue. This is 1 the first time nonceValue is seen. We don't cache nonce values seen, and we don't support subsequent authentication, so the value is always 1. |
hasInitialResponse | back to summary |
---|---|
public boolean hasInitialResponse() Implements javax. DIGEST-MD5 has no initial response
|
processChallenge | back to summary |
---|---|
private void processChallenge(byte[][] challengeVal, List<byte[]> realmChoices) throws SaslException Record information from the challengeVal array into variables/fields. Check directive values that are multi-valued and ensure that mandatory directives not missing from the digest-challenge.
|
validateResponseValue | back to summary |
---|---|
private void validateResponseValue(byte[] fromServer) throws SaslException From RFC 2831, Section 2.1.3: Step Three [Server] sends a message formatted as follows: response-auth = "rspauth" "=" response-value where response-value is calculated as above, using the values sent in step two, except that if qop is "auth", then A2 is A2 = { ":", digest-uri-value } And if qop is "auth-int" or "auth-conf" then A2 is A2 = { ":", digest-uri-value, ":00000000000000000000000000000000" } |