Source for gnu.javax.crypto.sasl.crammd5.CramMD5Server

   1: /* CramMD5Server.java --
   2:    Copyright (C) 2003, 2006 Free Software Foundation, Inc.
   3: 
   4: This file is a part of GNU Classpath.
   5: 
   6: GNU Classpath is free software; you can redistribute it and/or modify
   7: it under the terms of the GNU General Public License as published by
   8: the Free Software Foundation; either version 2 of the License, or (at
   9: your option) any later version.
  10: 
  11: GNU Classpath is distributed in the hope that it will be useful, but
  12: WITHOUT ANY WARRANTY; without even the implied warranty of
  13: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14: General Public License for more details.
  15: 
  16: You should have received a copy of the GNU General Public License
  17: along with GNU Classpath; if not, write to the Free Software
  18: Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
  19: USA
  20: 
  21: Linking this library statically or dynamically with other modules is
  22: making a combined work based on this library.  Thus, the terms and
  23: conditions of the GNU General Public License cover the whole
  24: combination.
  25: 
  26: As a special exception, the copyright holders of this library give you
  27: permission to link this library with independent modules to produce an
  28: executable, regardless of the license terms of these independent
  29: modules, and to copy and distribute the resulting executable under
  30: terms of your choice, provided that you also meet, for each linked
  31: independent module, the terms and conditions of the license of that
  32: module.  An independent module is a module which is not derived from
  33: or based on this library.  If you modify this library, you may extend
  34: this exception to your version of the library, but you are not
  35: obligated to do so.  If you do not wish to do so, delete this
  36: exception statement from your version.  */
  37: 
  38: 
  39: package gnu.javax.crypto.sasl.crammd5;
  40: 
  41: import gnu.java.security.Registry;
  42: import gnu.java.security.util.Util;
  43: import gnu.javax.crypto.sasl.NoSuchUserException;
  44: import gnu.javax.crypto.sasl.ServerMechanism;
  45: 
  46: import java.io.IOException;
  47: import java.io.UnsupportedEncodingException;
  48: import java.security.InvalidKeyException;
  49: import java.util.Arrays;
  50: import java.util.HashMap;
  51: import java.util.Map;
  52: 
  53: import javax.security.sasl.AuthenticationException;
  54: import javax.security.sasl.SaslException;
  55: import javax.security.sasl.SaslServer;
  56: 
  57: /**
  58:  * The CRAM-MD5 SASL server-side mechanism.
  59:  */
  60: public class CramMD5Server
  61:     extends ServerMechanism
  62:     implements SaslServer
  63: {
  64:   private byte[] msgID;
  65: 
  66:   public CramMD5Server()
  67:   {
  68:     super(Registry.SASL_CRAM_MD5_MECHANISM);
  69:   }
  70: 
  71:   protected void initMechanism() throws SaslException
  72:   {
  73:   }
  74: 
  75:   protected void resetMechanism() throws SaslException
  76:   {
  77:   }
  78: 
  79:   public byte[] evaluateResponse(final byte[] response) throws SaslException
  80:   {
  81:     if (state == 0)
  82:       {
  83:         msgID = CramMD5Util.createMsgID();
  84:         state++;
  85:         return msgID;
  86:       }
  87:     final String responseStr = new String(response);
  88:     final int index = responseStr.lastIndexOf(" ");
  89:     final String username = responseStr.substring(0, index);
  90:     final byte[] responseDigest;
  91:     try
  92:       {
  93:         responseDigest = responseStr.substring(index + 1).getBytes("UTF-8");
  94:       }
  95:     catch (UnsupportedEncodingException x)
  96:       {
  97:         throw new AuthenticationException("evaluateResponse()", x);
  98:       }
  99:     // Look up the password
 100:     final char[] password = lookupPassword(username);
 101:     // Compute the digest
 102:     byte[] digest;
 103:     try
 104:       {
 105:         digest = CramMD5Util.createHMac(password, msgID);
 106:       }
 107:     catch (InvalidKeyException x)
 108:       {
 109:         throw new AuthenticationException("evaluateResponse()", x);
 110:       }
 111:     try
 112:       {
 113:         digest = Util.toString(digest).toLowerCase().getBytes("UTF-8");
 114:       }
 115:     catch (UnsupportedEncodingException x)
 116:       {
 117:         throw new AuthenticationException("evaluateResponse()", x);
 118:       }
 119:     // Compare the received and computed digests
 120:     if (! Arrays.equals(digest, responseDigest))
 121:       throw new AuthenticationException("Digest mismatch");
 122:     state++;
 123:     return null;
 124:   }
 125: 
 126:   public boolean isComplete()
 127:   {
 128:     return (state == 2);
 129:   }
 130: 
 131:   protected String getNegotiatedQOP()
 132:   {
 133:     return Registry.QOP_AUTH;
 134:   }
 135: 
 136:   private char[] lookupPassword(final String userName) throws SaslException
 137:   {
 138:     try
 139:       {
 140:         if (! authenticator.contains(userName))
 141:           throw new NoSuchUserException(userName);
 142:         final Map userID = new HashMap();
 143:         userID.put(Registry.SASL_USERNAME, userName);
 144:         final Map credentials = authenticator.lookup(userID);
 145:         final String password = (String) credentials.get(Registry.SASL_PASSWORD);
 146:         if (password == null)
 147:           throw new AuthenticationException("lookupPassword()",
 148:                                             new InternalError());
 149:         return password.toCharArray();
 150:       }
 151:     catch (IOException x)
 152:       {
 153:         if (x instanceof SaslException)
 154:           throw (SaslException) x;
 155:         throw new AuthenticationException("lookupPassword()", x);
 156:       }
 157:   }
 158: }