Top Description Fields Constructors Methods
com.sun.security.sasl

pack-priv final Class CramMD5Server

extends CramMD5Base
implements SaslServer
Class Inheritance
All Implemented Interfaces
javax.security.sasl.SaslServer
Imports
java.io.IOException, java.security.NoSuchAlgorithmException, java.util.logging.Level, java.util.Map, .Random, javax.security.sasl.*, javax.security.auth.callback.*
Implements the CRAM-MD5 SASL server-side mechanism. (RFC 2195). CRAM-MD5 has no initial response. client <---- M={random, timestamp, server-fqdn} ------- server client ----- {username HMAC_MD5(pw, M)} --------------> server CallbackHandler must be able to handle the following callbacks: - NameCallback: default name is name of user for whom to get password - PasswordCallback: must fill in password; if empty, no pw - AuthorizeCallback: must setAuthorized() and canonicalized authorization id - auth id == authzid, but needed to get canonicalized authzid
Author
Rosanna Lee

Field Summary

Modifier and TypeField and Description
private String
authzid

private CallbackHandler
cbh

private byte[]
challengeData

private String
fqdn

Inherited from com.sun.security.sasl.CramMD5Base:
abortedcompletedloggerpw

Constructor Summary

AccessConstructor and Description
pack-priv
CramMD5Server(String
ignored in CRAM-MD5
protocol, String
non-null, used in generating a challenge
serverFqdn, Map<String, ?>
ignored in CRAM-MD5
props, CallbackHandler
find password, authorize user
cbh)

Creates a CRAM-MD5 SASL server.

Method Summary

Modifier and TypeMethod and Description
public byte[]

Returns:

A non-null byte array containing the challenge to be sent to the client for the first call; null when 2nd call is successful.
evaluateResponse(byte[]
A non-null byte array containing the response data from the client.
responseData)

Implements javax.security.sasl.SaslServer.evaluateResponse.

Generates challenge based on response sent by client.

public String
getAuthorizationID()

Implements javax.security.sasl.SaslServer.getAuthorizationID.

Reports the authorization ID in effect for the client of this session.

Inherited from com.sun.security.sasl.CramMD5Base:
clearPassworddisposefinalizegetMechanismNamegetNegotiatedPropertyHMAC_MD5isCompleteunwrapwrap

Field Detail

authzidback to summary
private String authzid
cbhback to summary
private CallbackHandler cbh
challengeDataback to summary
private byte[] challengeData
fqdnback to summary
private String fqdn

Constructor Detail

CramMD5Serverback to summary
pack-priv CramMD5Server(String protocol, String serverFqdn, Map<String, ?> props, CallbackHandler cbh) throws SaslException

Creates a CRAM-MD5 SASL server.

Parameters
protocol:String

ignored in CRAM-MD5

serverFqdn:String

non-null, used in generating a challenge

props:Map<String, ?>

ignored in CRAM-MD5

cbh:CallbackHandler

find password, authorize user

Method Detail

evaluateResponseback to summary
public byte[] evaluateResponse(byte[] responseData) throws SaslException

Implements javax.security.sasl.SaslServer.evaluateResponse.

Generates challenge based on response sent by client. CRAM-MD5 has no initial response. First call generates challenge. Second call verifies client response. If authentication fails, throws SaslException.

Parameters
responseData:byte[]

A non-null byte array containing the response data from the client.

Returns:byte[]

A non-null byte array containing the challenge to be sent to the client for the first call; null when 2nd call is successful.

Exceptions
SaslException:
If authentication fails.
getAuthorizationIDback to summary
public String getAuthorizationID()

Implements javax.security.sasl.SaslServer.getAuthorizationID.

Doc from javax.security.sasl.SaslServer.getAuthorizationID.

Reports the authorization ID in effect for the client of this session. This method can only be called if isComplete() returns true.

Returns:String

The authorization ID of the client.