com.mysql.cj.sasl

Class ScramShaSaslClient

java.lang.Object

com.mysql.cj.sasl.ScramShaSaslClient

All Implemented Interfaces:

javax.security.sasl.SaslClient

Direct Known Subclasses:

ScramSha1SaslClient, ScramSha256SaslClient

public abstract class ScramShaSaslClient
extends java.lang.Object
implements javax.security.sasl.SaslClient

A SaslClient implementation for SCRAM-SHA mechanisms as specified in RFC 5802. Subclasses of this class must implement the hashing algorithms for the corresponding authentication mechanism.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
protected static class	ScramShaSaslClient.ScramExchangeStage

Field Summary

Fields

Modifier and Type	Field and Description
protected java.lang.String	authenticationId
protected java.lang.String	authorizationId
protected static byte[]	CLIENT_KEY
protected java.lang.String	clientFirstMessageBare
protected java.lang.String	cNonce
protected static java.lang.String	GS2_CBIND_FLAG
protected java.lang.String	gs2Header
protected static int	MINIMUM_ITERATIONS
protected java.lang.String	password
protected ScramShaSaslClient.ScramExchangeStage	scramStage
protected static byte[]	SERVER_KEY
protected byte[]	serverSignature

Constructor Summary

Constructors

Constructor and Description
ScramShaSaslClient(java.lang.String authorizationId, java.lang.String authenticationId, java.lang.String password)

Method Summary

Modifier and Type	Method and Description
void	dispose()
byte[]	evaluateChallenge(byte[] challenge)
private java.lang.String	generateRandomPrintableAsciiString(int length) Generates a RFC 5802 safe nonce: "a sequence of random printable ASCII characters excluding ','"
(package private) abstract java.lang.String	getIanaMechanismName() Returns the real IANA-registered mechanism name of this SASL client.
java.lang.Object	getNegotiatedProperty(java.lang.String propName)
(package private) abstract byte[]	h(byte[] str) The "H(str)" cryptographic hash function as described in RFC 5802, Section 2.2.
boolean	hasInitialResponse()
(package private) abstract byte[]	hi(java.lang.String str, byte[] salt, int iterations) The "Hi(str, salt, i)" PBKDF2 function as described in RFC 5802, Section 2.2.
(package private) abstract byte[]	hmac(byte[] key, byte[] str) The "HMAC(key, str)" HMAC keyed hash algorithm as described in RFC 5802, Section 2.2.
boolean	isComplete()
private java.util.Map<java.lang.String,java.lang.String>	parseChallenge(java.lang.String challenge) Parses a SASL challenge.
private java.lang.String	prepUserName(java.lang.String userName)
byte[]	unwrap(byte[] incoming, int offset, int len)
byte[]	wrap(byte[] outgoing, int offset, int len)
(package private) byte[]	xorInPlace(byte[] inOut, byte[] other) Combines the two byte arrays in a XOR operation, changing the contents of the first.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface javax.security.sasl.SaslClient

getMechanismName

Field Detail

MINIMUM_ITERATIONS

protected static final int MINIMUM_ITERATIONS

See Also:

Constant Field Values

GS2_CBIND_FLAG

protected static final java.lang.String GS2_CBIND_FLAG

See Also:

Constant Field Values

CLIENT_KEY

protected static final byte[] CLIENT_KEY

SERVER_KEY

protected static final byte[] SERVER_KEY

authorizationId

protected java.lang.String authorizationId

authenticationId

protected java.lang.String authenticationId

password

protected java.lang.String password

scramStage

protected ScramShaSaslClient.ScramExchangeStage scramStage

cNonce

protected java.lang.String cNonce

gs2Header

protected java.lang.String gs2Header

clientFirstMessageBare

protected java.lang.String clientFirstMessageBare

serverSignature

protected byte[] serverSignature

Constructor Detail

ScramShaSaslClient

public ScramShaSaslClient(java.lang.String authorizationId,
                          java.lang.String authenticationId,
                          java.lang.String password)
                   throws javax.security.sasl.SaslException

Throws:

javax.security.sasl.SaslException

Method Detail

getIanaMechanismName

abstract java.lang.String getIanaMechanismName()

Returns the real IANA-registered mechanism name of this SASL client. This is the same as SaslClient.getMechanismName() except that subclasses may use custom mechanism names to avoid future name clashes.

Returns:

a non-null string representing the IANA-registered mechanism name.

hasInitialResponse

public boolean hasInitialResponse()

Specified by:

hasInitialResponse in interface javax.security.sasl.SaslClient

evaluateChallenge

public byte[] evaluateChallenge(byte[] challenge)
                         throws javax.security.sasl.SaslException

Specified by:

evaluateChallenge in interface javax.security.sasl.SaslClient

Throws:

javax.security.sasl.SaslException

isComplete

public boolean isComplete()

Specified by:

isComplete in interface javax.security.sasl.SaslClient

unwrap

public byte[] unwrap(byte[] incoming,
                     int offset,
                     int len)
              throws javax.security.sasl.SaslException

Specified by:

unwrap in interface javax.security.sasl.SaslClient

Throws:

javax.security.sasl.SaslException

wrap

public byte[] wrap(byte[] outgoing,
                   int offset,
                   int len)
            throws javax.security.sasl.SaslException

Specified by:

wrap in interface javax.security.sasl.SaslClient

Throws:

javax.security.sasl.SaslException

getNegotiatedProperty

public java.lang.Object getNegotiatedProperty(java.lang.String propName)

Specified by:

getNegotiatedProperty in interface javax.security.sasl.SaslClient

dispose

public void dispose()
             throws javax.security.sasl.SaslException

Specified by:

dispose in interface javax.security.sasl.SaslClient

Throws:

javax.security.sasl.SaslException

prepUserName

private java.lang.String prepUserName(java.lang.String userName)

parseChallenge

private java.util.Map<java.lang.String,java.lang.String> parseChallenge(java.lang.String challenge)

Parses a SASL challenge.

Parameters:

challenge - the server message (challenge) to parse.

Returns:

a Map with the key/value pairs obtained from the server challenge.

generateRandomPrintableAsciiString

private java.lang.String generateRandomPrintableAsciiString(int length)

Generates a RFC 5802 safe nonce: "a sequence of random printable ASCII characters excluding ','"

Parameters:

length - the length of the nonce.

Returns:

a randomly generated string formed by printable ASCII characters except comma.

h

abstract byte[] h(byte[] str)

The "H(str)" cryptographic hash function as described in RFC 5802, Section 2.2.

Parameters:

str - the string to hash.

Returns:

the hash value of the given string.

hmac

abstract byte[] hmac(byte[] key,
                     byte[] str)

The "HMAC(key, str)" HMAC keyed hash algorithm as described in RFC 5802, Section 2.2.

Parameters:

key - the hash key.

str - the input string.

Returns:

the hashed value of the given params.

hi

abstract byte[] hi(java.lang.String str,
                   byte[] salt,
                   int iterations)

The "Hi(str, salt, i)" PBKDF2 function as described in RFC 5802, Section 2.2.

Parameters:

str - the string value to use as the internal HMAC key.

salt - the input string to hash in the initial iteration.

iterations - the number of iterations to run the algorithm.

Returns:

an hash value with an output length equal to the length of H(str).

xorInPlace

byte[] xorInPlace(byte[] inOut,
                  byte[] other)

Combines the two byte arrays in a XOR operation, changing the contents of the first.

Parameters:

inOut - the left operand of the XOR operation and the destination of the result.

other - the right operand of the XOR operation.

Returns:

the same as the param inOut, after being updated.