Package org.wildfly.security.sasl.otp

Class OTPSaslClient

java.lang.Object

org.wildfly.security.sasl.util.AbstractSaslParticipant

org.wildfly.security.sasl.util.AbstractSaslClient

org.wildfly.security.sasl.otp.OTPSaslClient

All Implemented Interfaces:

SaslClient, SaslWrapper

final class OTPSaslClient
extends AbstractSaslClient

SaslClient for the OTP SASL mechanism as defined by RFC 2444.

Author:

Farah Juma

Field Summary

Fields

Modifier and Type	Field	Description
private String[]	alternateDictionary
private NameCallback	nameCallback
private Supplier<Provider[]>	providers
private SecureRandom	secureRandom
private static int	ST_CHALLENGE_RESPONSE
private static int	ST_NEW
private String	userName

Fields inherited from class org.wildfly.security.sasl.util.AbstractSaslParticipant

COMPLETE_STATE, FAILED_STATE, NO_BYTES

Fields inherited from interface org.wildfly.security.sasl.util.SaslWrapper

IDENTITY

Constructor Summary

Constructors

Constructor	Description
OTPSaslClient(String mechanismName, SecureRandom secureRandom, String[] alternateDictionary, String protocol, String serverName, CallbackHandler callbackHandler, String authorizationId, Supplier<Provider[]> providers)

Method Summary

Modifier and Type	Method	Description
private org.wildfly.common.bytes.ByteStringBuilder	createInitResponse(String newAlgorithm, String newSeed, int newSequenceNumber, String newOTP)	Create an init response, excluding the response type specifier and current OTP, where: init-hex response = init-hex:<current-OTP>:<new-params>:<new-OTP> init-word response = init-word:<current-OTP>:<new-params>:<new-OTP> new-params = <algorithm identifier> <sequence integer>
private byte[]	createOTPResponse(String algorithm, String seed, String otp, String responseType)	Create an OTP response using the extended response syntax, where: hex response = hex: word response = word: init-hex response = init-hex:<current-OTP><new-params>:<new-OTP> init-word response = init-word:<current-OTP><new-params>:<new-OTP> new-params = <algorithm identifier> <sequence integer> <seed>
void	dispose()	Dispose of this participant.
protected byte[]	evaluateMessage(int state, byte[] challenge)
private byte[]	generateOtpHash(String algorithm, String passPhrase, String seed, int newSequenceNumber)
private String	getOTP(PasswordCallback passwordCallback)
private String	getPasswordFromPasswordChars(char[] passwordChars)
void	init()

Methods inherited from class org.wildfly.security.sasl.util.AbstractSaslClient

evaluateChallenge, getAuthorizationId, hasInitialResponse

Methods inherited from class org.wildfly.security.sasl.util.AbstractSaslParticipant

assertComplete, evaluateMessage, getCallbackHandler, getIntProperty, getMechanismName, getNegotiatedProperty, getProtocol, getServerName, getStringProperty, getWrapper, handleCallbacks, isComplete, negotiationComplete, setNegotiationState, setWrapper, tryHandleCallbacks, unwrap, wrap

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface javax.security.sasl.SaslClient

getMechanismName, getNegotiatedProperty, isComplete, unwrap, wrap

Field Detail

ST_NEW

private static final int ST_NEW

See Also:

Constant Field Values

ST_CHALLENGE_RESPONSE

private static final int ST_CHALLENGE_RESPONSE

See Also:

Constant Field Values

secureRandom

private final SecureRandom secureRandom

alternateDictionary

private final String[] alternateDictionary

nameCallback

private NameCallback nameCallback

userName

private String userName

providers

private Supplier<Provider[]> providers

Constructor Detail

OTPSaslClient

OTPSaslClient(String mechanismName,
              SecureRandom secureRandom,
              String[] alternateDictionary,
              String protocol,
              String serverName,
              CallbackHandler callbackHandler,
              String authorizationId,
              Supplier<Provider[]> providers)

Method Detail

init

public void init()

Overrides:

init in class AbstractSaslParticipant

evaluateMessage

protected byte[] evaluateMessage(int state,
                                 byte[] challenge)
                          throws SaslException

Specified by:

evaluateMessage in class AbstractSaslParticipant

Throws:

SaslException

dispose

public void dispose()
             throws SaslException

Description copied from class: AbstractSaslParticipant

Dispose of this participant.

Specified by:

dispose in interface SaslClient

Overrides:

dispose in class AbstractSaslParticipant

Throws:

SaslException - if disposal failed

createOTPResponse

private byte[] createOTPResponse(String algorithm,
                                 String seed,
                                 String otp,
                                 String responseType)
                          throws SaslException

Create an OTP response using the extended response syntax, where: hex response = hex: word response = word: init-hex response = init-hex:<current-OTP><new-params>:<new-OTP> init-word response = init-word:<current-OTP><new-params>:<new-OTP> new-params = <algorithm identifier> <sequence integer> <seed>

Parameters:

algorithm - the OTP algorithm, must be either "otp-md5" or "otp-sha1"

seed - the seed

otp - the OTP as a string in either hex or multi-word format

responseType - the response type, must be "hex", "word", "init-hex", or "init-word"

Returns:

the OTP response

Throws:

SaslException - if the given response type is invalid or if an error occurs while creating the response

createInitResponse

private org.wildfly.common.bytes.ByteStringBuilder createInitResponse(String newAlgorithm,
                                                                      String newSeed,
                                                                      int newSequenceNumber,
                                                                      String newOTP)
                                                               throws SaslException

Create an init response, excluding the response type specifier and current OTP, where: init-hex response = init-hex:<current-OTP>:<new-params>:<new-OTP> init-word response = init-word:<current-OTP>:<new-params>:<new-OTP> new-params = <algorithm identifier> <sequence integer>

Parameters:

newAlgorithm - the new OTP algorithm, must be either "otp-md5" or "otp-sha1"

newSeed - the new seed

newSequenceNumber - the new sequence number

newOTP - the new OTP as a string in either hex or multi-word format

Returns:

the init response, excluding the response type specifier and current OTP

Throws:

SaslException - if the given OTP algorithm is invalid

getOTP

private String getOTP(PasswordCallback passwordCallback)
               throws SaslException

Throws:

SaslException

getPasswordFromPasswordChars

private String getPasswordFromPasswordChars(char[] passwordChars)

generateOtpHash

private byte[] generateOtpHash(String algorithm,
                               String passPhrase,
                               String seed,
                               int newSequenceNumber)
                        throws NoSuchAlgorithmException,
                               InvalidKeySpecException

Throws:

NoSuchAlgorithmException

InvalidKeySpecException