gnu.crypto.sasl
Class ClientMechanism

java.lang.Object
  |
  +--gnu.crypto.sasl.ClientMechanism

All Implemented Interfaces:

SaslClient

Direct Known Subclasses:

AnonymousClient, CramMD5Client, PlainClient, SRPClient

public abstract class ClientMechanism

extends java.lang.Object

implements SaslClient

A base class to facilitate implementing SASL client-side mechanisms.

Field Summary

protected java.lang.String	authorizationID The authorisation identity.
protected byte[]	channelBinding Channel binding data to use with this mechanism instance.
protected boolean	complete Whether authentication phase is completed (true) or not (false).
protected CallbackHandler	handler Callback handler to use with this mechanism instance.
protected java.lang.String	mechanism Name of this mechanism.
protected java.util.Map	properties Properties of qualities desired for this mechanism.
protected java.lang.String	protocol Name of protocol using this mechanism.
protected java.lang.String	serverName Name of server to authenticate to.
protected int	state The state of the authentication automaton.

Constructor Summary

protected

ClientMechanism(java.lang.String mechanism)

Method Summary

void	dispose() Disposes of any system resources or security-sensitive information the SaslClient might be using.
protected byte[]	engineUnwrap(byte[] incoming, int offset, int len)
protected byte[]	engineWrap(byte[] outgoing, int offset, int len)
abstract byte[]	evaluateChallenge(byte[] challenge) Evaluates the challenge data and generates a response.
java.lang.String	getAuthorizationID()
java.lang.String	getMechanismName() Returns the IANA-registered mechanism name of this SASL client.
protected java.lang.String	getNegotiatedMaxBuffer()
protected java.lang.String	getNegotiatedPolicyForwardSecrecy()
protected java.lang.String	getNegotiatedPolicyNoActive()
protected java.lang.String	getNegotiatedPolicyNoAnonymous()
protected java.lang.String	getNegotiatedPolicyNoDictionary()
protected java.lang.String	getNegotiatedPolicyNoPlainText()
protected java.lang.String	getNegotiatedPolicyPassCredentials()
java.lang.Object	getNegotiatedProperty(java.lang.String propName) Retrieves the negotiated property.
protected java.lang.String	getNegotiatedQOP()
protected java.lang.String	getNegotiatedRawSendSize()
protected java.lang.String	getNegotiatedServerAuth()
protected java.lang.String	getNegotiatedStrength()
protected java.lang.String	getReuse()
abstract boolean	hasInitialResponse() Determines if this mechanism has an optional initial response.
void	init(java.util.Map attributes) Initialises the mechanism with designated attributes.
protected abstract void	initMechanism()
boolean	isComplete() Determines if the authentication exchange has completed.
void	reset() Resets the mechanism instance for re-initialisation and use with other characteristics.
protected abstract void	resetMechanism()
byte[]	unwrap(byte[] incoming, int offset, int len) Unwraps a byte array received from the server.
byte[]	wrap(byte[] outgoing, int offset, int len) Wraps a byte array to be sent to the server.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

mechanism

protected java.lang.String mechanism

Name of this mechanism.

authorizationID

protected java.lang.String authorizationID

The authorisation identity.

protocol

protected java.lang.String protocol

Name of protocol using this mechanism.

serverName

protected java.lang.String serverName

Name of server to authenticate to.

properties

protected java.util.Map properties

Properties of qualities desired for this mechanism.

handler

protected CallbackHandler handler

Callback handler to use with this mechanism instance.

channelBinding

protected byte[] channelBinding

Channel binding data to use with this mechanism instance.

complete

protected boolean complete

Whether authentication phase is completed (true) or not (false).

state

protected int state

The state of the authentication automaton.

Constructor Detail

ClientMechanism

protected ClientMechanism(java.lang.String mechanism)

Method Detail

initMechanism

protected abstract void initMechanism()
                               throws SaslException

SaslException

resetMechanism

protected abstract void resetMechanism()
                                throws SaslException

SaslException

evaluateChallenge

public abstract byte[] evaluateChallenge(byte[] challenge)
                                  throws SaslException

Description copied from interface: SaslClient

Evaluates the challenge data and generates a response. If a challenge is received from the server during the authentication process, this method is called to prepare an appropriate next response to submit to the server.

Specified by:

evaluateChallenge in interface SaslClient

Parameters:

challenge - the non-null challenge sent from the server. The challenge array may have zero length.

Returns:

the possibly null reponse to send to the server. It is null if the challenge accompanied a "SUCCESS" status and the challenge only contains data for the client to update its state and no response needs to be sent to the server. The response is a zero-length byte array if the client is to send a response with no data.

Throws:

SaslException - if an error occurred while processing the challenge or generating a response.

hasInitialResponse

public abstract boolean hasInitialResponse()

Description copied from interface: SaslClient

Determines if this mechanism has an optional initial response. If true, caller should call SaslClient.evaluateChallenge(byte[]) with an empty array to get the initial response.

Specified by:

hasInitialResponse in interface SaslClient

Returns:

true if this mechanism has an initial response.

isComplete

public boolean isComplete()

Description copied from interface: SaslClient

Determines if the authentication exchange has completed. This method may be called at any time, but typically, it will not be called until the caller has received indication from the server (in a protocol-specific manner) that the exchange has completed.

Specified by:

isComplete in interface SaslClient

Returns:

true if the authentication exchange has completed; false otherwise.

unwrap

public byte[] unwrap(byte[] incoming,
                     int offset,
                     int len)
              throws SaslException

Description copied from interface: SaslClient

Unwraps a byte array received from the server. This method can be called only after the authentication exchange has completed (i.e., when SaslClient.isComplete() returns true) and only if the authentication exchange has negotiated integrity and/or privacy as the quality of protection; otherwise, an IllegalStateException is thrown.

incoming is the contents of the SASL buffer as defined in RFC 2222 without the leading four octet field that represents the length. offset and len specify the portion of incoming to use.

Specified by:

unwrap in interface SaslClient

Parameters:

incoming - a non-null byte array containing the encoded bytes from the server.

offset - the starting position at incoming of the bytes to use.

len - the number of bytes from incoming to use.

Returns:

a non-null byte array containing the decoded bytes.

Throws:

SaslException - if incoming cannot be successfully unwrapped.

wrap

public byte[] wrap(byte[] outgoing,
                   int offset,
                   int len)
            throws SaslException

Description copied from interface: SaslClient

Wraps a byte array to be sent to the server. This method can be called only after the authentication exchange has completed (i.e., when SaslClient.isComplete() returns true) and only if the authentication exchange has negotiated integrity and/or privacy as the quality of protection; otherwise, an IllegalStateException is thrown.

The result of this method will make up the contents of the SASL buffer as defined in RFC 2222 without the leading four octet field that represents the length. offset and len specify the portion of outgoing to use.

Specified by:

wrap in interface SaslClient

Parameters:

outgoing - a non-null byte array containing the bytes to encode.

offset - the starting position at outgoing of the bytes to use.

len - the number of bytes from outgoing to use.

Returns:

a non-null byte array containing the encoded bytes.

Throws:

SaslException - if outgoing cannot be successfully wrapped.

getMechanismName

public java.lang.String getMechanismName()

Description copied from interface: SaslClient

Returns the IANA-registered mechanism name of this SASL client. (e.g. "CRAM-MD5", "GSSAPI").

Specified by:

getMechanismName in interface SaslClient

Returns:

a non-null string representing the IANA-registered mechanism name.

getNegotiatedProperty

public java.lang.Object getNegotiatedProperty(java.lang.String propName)
                                       throws SaslException

Description copied from interface: SaslClient

Retrieves the negotiated property. This method can be called only after the authentication exchange has completed (i.e., when SaslClient.isComplete() returns true); otherwise, an IllegalStateException is thrown.

Specified by:

getNegotiatedProperty in interface SaslClient

Parameters:

propName - the non-null property name.

Returns:

the value of the negotiated property. If null, the property was not negotiated or is not applicable to this mechanism.

SaslException

dispose

public void dispose()
             throws SaslException

Description copied from interface: SaslClient

Disposes of any system resources or security-sensitive information the SaslClient might be using. Invoking this method invalidates the SaslClient instance. This method is idempotent.

Specified by:

dispose in interface SaslClient

Throws:

SaslException - if a problem was encountered while disposing of the resources.

getAuthorizationID

public java.lang.String getAuthorizationID()

getNegotiatedQOP

protected java.lang.String getNegotiatedQOP()

getNegotiatedStrength

protected java.lang.String getNegotiatedStrength()

getNegotiatedServerAuth

protected java.lang.String getNegotiatedServerAuth()

getNegotiatedMaxBuffer

protected java.lang.String getNegotiatedMaxBuffer()

getNegotiatedRawSendSize

protected java.lang.String getNegotiatedRawSendSize()

getNegotiatedPolicyNoPlainText

protected java.lang.String getNegotiatedPolicyNoPlainText()

getNegotiatedPolicyNoActive

protected java.lang.String getNegotiatedPolicyNoActive()

getNegotiatedPolicyNoDictionary

protected java.lang.String getNegotiatedPolicyNoDictionary()

getNegotiatedPolicyNoAnonymous

protected java.lang.String getNegotiatedPolicyNoAnonymous()

getNegotiatedPolicyForwardSecrecy

protected java.lang.String getNegotiatedPolicyForwardSecrecy()

getNegotiatedPolicyPassCredentials

protected java.lang.String getNegotiatedPolicyPassCredentials()

getReuse

protected java.lang.String getReuse()

engineUnwrap

protected byte[] engineUnwrap(byte[] incoming,
                              int offset,
                              int len)
                       throws SaslException

SaslException

engineWrap

protected byte[] engineWrap(byte[] outgoing,
                            int offset,
                            int len)
                     throws SaslException

SaslException

init

public void init(java.util.Map attributes)
          throws SaslException

Initialises the mechanism with designated attributes. Permissible names and values are mechanism specific.

Parameters:

attributes - a set of name-value pairs that describes the desired future behaviour of this instance.

Throws:

IllegalMechanismStateException - if the instance is already initialised.

SaslException - if an exception occurs during the process.

reset

public void reset()
           throws SaslException

Resets the mechanism instance for re-initialisation and use with other characteristics.

Throws:

SaslException - if an exception occurs during the process.