summaryrefslogtreecommitdiff
path: root/gnu/javax/crypto/sasl
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/javax/crypto/sasl')
-rw-r--r--gnu/javax/crypto/sasl/SaslInputStream.java178
-rw-r--r--gnu/javax/crypto/sasl/SaslOutputStream.java96
-rw-r--r--gnu/javax/crypto/sasl/srp/SRPClient.java701
-rw-r--r--gnu/javax/crypto/sasl/srp/SRPServer.java799
4 files changed, 561 insertions, 1213 deletions
diff --git a/gnu/javax/crypto/sasl/SaslInputStream.java b/gnu/javax/crypto/sasl/SaslInputStream.java
index 57eb2b5c5..14de9e12f 100644
--- a/gnu/javax/crypto/sasl/SaslInputStream.java
+++ b/gnu/javax/crypto/sasl/SaslInputStream.java
@@ -38,12 +38,13 @@ exception statement from your version. */
package gnu.javax.crypto.sasl;
+import gnu.classpath.Configuration;
import gnu.java.security.util.Util;
+import java.io.IOException;
import java.io.InputStream;
import java.io.InterruptedIOException;
-import java.io.IOException;
-import java.io.PrintWriter;
+import java.util.logging.Logger;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslClient;
@@ -55,41 +56,11 @@ import javax.security.sasl.SaslServer;
*/
public class SaslInputStream extends InputStream
{
-
- // Debugging methods and variables
- // -------------------------------------------------------------------------
-
- private static final String NAME = "SaslOutputStream";
-
- private static final String ERROR = "ERROR";
-
- private static final String WARN = " WARN";
-
- // private static final String INFO = " INFO";
- private static final String TRACE = "DEBUG";
-
- private static final boolean DEBUG = true;
-
- private static final int debuglevel = 3;
-
- private static final PrintWriter err = new PrintWriter(System.out, true);
-
- private static void debug(String level, Object obj)
- {
- err.println("[" + level + "] " + NAME + ": " + String.valueOf(obj));
- }
-
- // Constants and variables
- // -------------------------------------------------------------------------
-
+ private static final Logger log = Logger.getLogger(SaslInputStream.class.getName());
private SaslClient client;
-
private SaslServer server;
-
private int maxRawSendSize;
-
private InputStream source;
-
private byte[] internalBuf;
// Constructor(s)
@@ -168,7 +139,6 @@ public class SaslInputStream extends InputStream
else
{
byte[] tmp = new byte[internalBuf.length - 1];
- // System.arraycopy(internalBuf, 0, tmp, 0, tmp.length);
System.arraycopy(internalBuf, 1, tmp, 0, tmp.length);
internalBuf = tmp;
}
@@ -241,32 +211,22 @@ public class SaslInputStream extends InputStream
*/
public int read(byte[] b, int off, int len) throws IOException
{
- if (DEBUG && debuglevel > 8)
- debug(TRACE, "==> read(b, " + String.valueOf(off) + ", "
- + String.valueOf(len) + ")");
-
- if (b == null)
- {
- throw new NullPointerException("b");
- }
+ if (Configuration.DEBUG)
+ log.entering(this.getClass().getName(), "read",
+ new Object[] { b, Integer.valueOf(off), Integer.valueOf(len) });
if ((off < 0) || (off > b.length) || (len < 0) || ((off + len) > b.length)
|| ((off + len) < 0))
- {
- throw new IndexOutOfBoundsException("off=" + String.valueOf(off)
- + ", len=" + String.valueOf(len)
- + ", b.length="
- + String.valueOf(b.length));
- }
+ throw new IndexOutOfBoundsException("off=" + off
+ + ", len=" + len
+ + ", b.length=" + b.length);
if (len == 0)
{
- if (DEBUG && debuglevel > 8)
- debug(TRACE, "<== read() --> 0");
+ if (Configuration.DEBUG)
+ log.exiting(this.getClass().getName(), "read", Integer.valueOf(0));
return 0;
}
-
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "Available: " + String.valueOf(available()));
-
+ if (Configuration.DEBUG)
+ log.finer("Available: " + available());
int result = 0;
if (internalBuf == null || internalBuf.length < 1)
try
@@ -274,21 +234,24 @@ public class SaslInputStream extends InputStream
internalBuf = readSaslBuffer();
if (internalBuf == null)
{
- if (DEBUG && debuglevel > 4)
- debug(WARN, "Underlying stream empty. Returning -1");
- if (DEBUG && debuglevel > 8)
- debug(TRACE, "<== read() --> -1");
+ if (Configuration.DEBUG)
+ {
+ log.finer("Underlying stream empty. Returning -1");
+ log.exiting(this.getClass().getName(), "read",
+ Integer.valueOf(-1));
+ }
return -1;
}
}
catch (InterruptedIOException x)
{
- if (DEBUG && debuglevel > 6)
- debug(TRACE, x);
- if (DEBUG && debuglevel > 4)
- debug(WARN, "Reading thread was interrupted. Returning -1");
- if (DEBUG && debuglevel > 8)
- debug(TRACE, "<== read() --> -1");
+ if (Configuration.DEBUG)
+ {
+ log.finer("Reading thread was interrupted. Returning -1");
+ log.throwing(this.getClass().getName(), "read", x);
+ log.exiting(this.getClass().getName(), "read",
+ Integer.valueOf(-1));
+ }
return -1;
}
@@ -328,8 +291,8 @@ public class SaslInputStream extends InputStream
data = readSaslBuffer();
if (data == null)
{
- if (DEBUG && debuglevel > 4)
- debug(WARN, "Underlying stream exhausted. Breaking...");
+ if (Configuration.DEBUG)
+ log.finer("Underlying stream exhausted. Breaking...");
break;
}
@@ -352,18 +315,16 @@ public class SaslInputStream extends InputStream
}
else
{ // nothing much we can do except return what we have
- if (DEBUG && debuglevel > 4)
- debug(WARN,
- "Not enough bytes in source to read a buffer. Breaking...");
+ if (Configuration.DEBUG)
+ log.finer("Not enough bytes in source to read a buffer. Breaking...");
break;
}
}
-
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "Remaining: "
- + (internalBuf == null ? 0 : internalBuf.length));
- if (DEBUG && debuglevel > 8)
- debug(TRACE, "<== read() --> " + String.valueOf(result));
+ if (Configuration.DEBUG)
+ {
+ log.finer("Remaining: " + (internalBuf == null ? 0 : internalBuf.length));
+ log.exiting(this.getClass().getName(), "read()", String.valueOf(result));
+ }
return result;
}
@@ -379,9 +340,8 @@ public class SaslInputStream extends InputStream
*/
private byte[] readSaslBuffer() throws IOException
{
- if (DEBUG && debuglevel > 8)
- debug(TRACE, "==> readSaslBuffer()");
-
+ if (Configuration.DEBUG)
+ log.entering(this.getClass().getName(), "readSaslBuffer()");
int realLength; // check if we read as many bytes as we're supposed to
byte[] result = new byte[4];
try
@@ -389,32 +349,27 @@ public class SaslInputStream extends InputStream
realLength = source.read(result);
if (realLength == -1)
{
- if (DEBUG && debuglevel > 8)
- debug(TRACE, "<== readSaslBuffer() --> null");
+ if (Configuration.DEBUG)
+ log.exiting(this.getClass().getName(), "readSaslBuffer");
return null;
}
}
catch (IOException x)
{
- if (DEBUG && debuglevel > 0)
- debug(ERROR, x);
+ if (Configuration.DEBUG)
+ log.throwing(this.getClass().getName(), "readSaslBuffer", x);
throw x;
}
if (realLength != 4)
- {
- throw new IOException("Was expecting 4 but found "
- + String.valueOf(realLength));
- }
+ throw new IOException("Was expecting 4 but found " + realLength);
int bufferLength = result[0] << 24 | (result[1] & 0xFF) << 16
| (result[2] & 0xFF) << 8 | (result[3] & 0xFF);
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "SASL buffer size: " + bufferLength);
+ if (Configuration.DEBUG)
+ log.finer("SASL buffer size: " + bufferLength);
if (bufferLength > maxRawSendSize || bufferLength < 0)
- {
- throw new SaslEncodingException("SASL buffer (security layer) too long");
- }
+ throw new SaslEncodingException("SASL buffer (security layer) too long");
result = new byte[bufferLength];
try
@@ -423,37 +378,34 @@ public class SaslInputStream extends InputStream
}
catch (IOException x)
{
- if (DEBUG && debuglevel > 0)
- debug(ERROR, x);
+ if (Configuration.DEBUG)
+ log.throwing(this.getClass().getName(), "readSaslBuffer", x);
throw x;
}
if (realLength != bufferLength)
- throw new IOException("Was expecting " + String.valueOf(bufferLength)
- + " but found " + String.valueOf(realLength));
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "Incoming buffer (before security) (hex): "
- + Util.dumpString(result));
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "Incoming buffer (before security) (str): \""
- + new String(result) + "\"");
-
- if (client != null)
+ throw new IOException("Was expecting " + bufferLength
+ + " but found " + realLength);
+ if (Configuration.DEBUG)
{
- result = client.unwrap(result, 0, realLength);
+ log.finer("Incoming buffer (before security) (hex): "
+ + Util.dumpString(result));
+ log.finer("Incoming buffer (before security) (str): \""
+ + new String(result) + "\"");
}
+ if (client != null)
+ result = client.unwrap(result, 0, realLength);
else
+ result = server.unwrap(result, 0, realLength);
+
+ if (Configuration.DEBUG)
{
- result = server.unwrap(result, 0, realLength);
+ log.finer("Incoming buffer (after security) (hex): "
+ + Util.dumpString(result));
+ log.finer("Incoming buffer (after security) (str): \""
+ + new String(result) + "\"");
+ log.exiting(this.getClass().getName(), "readSaslBuffer");
}
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "Incoming buffer (after security) (hex): "
- + Util.dumpString(result));
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "Incoming buffer (after security) (str): \""
- + new String(result) + "\"");
- if (DEBUG && debuglevel > 8)
- debug(TRACE, "<== readSaslBuffer()");
return result;
}
} \ No newline at end of file
diff --git a/gnu/javax/crypto/sasl/SaslOutputStream.java b/gnu/javax/crypto/sasl/SaslOutputStream.java
index 699720137..9d2aa020d 100644
--- a/gnu/javax/crypto/sasl/SaslOutputStream.java
+++ b/gnu/javax/crypto/sasl/SaslOutputStream.java
@@ -38,11 +38,12 @@ exception statement from your version. */
package gnu.javax.crypto.sasl;
+import gnu.classpath.Configuration;
import gnu.java.security.util.Util;
-import java.io.OutputStream;
import java.io.IOException;
-import java.io.PrintWriter;
+import java.io.OutputStream;
+import java.util.logging.Logger;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslClient;
@@ -54,37 +55,10 @@ import javax.security.sasl.SaslServer;
*/
public class SaslOutputStream extends OutputStream
{
-
- // Debugging methods and variables
- // -------------------------------------------------------------------------
-
- private static final String NAME = "SaslOutputStream";
-
- // private static final String ERROR = "ERROR";
- // private static final String WARN = " WARN";
- // private static final String INFO = " INFO";
- private static final String TRACE = "DEBUG";
-
- private static final boolean DEBUG = true;
-
- private static final int debuglevel = 3;
-
- private static final PrintWriter err = new PrintWriter(System.out, true);
-
- private static void debug(String level, Object obj)
- {
- err.println("[" + level + "] " + NAME + ": " + String.valueOf(obj));
- }
-
- // Constants and variables
- // -------------------------------------------------------------------------
-
+ private static final Logger log = Logger.getLogger(SaslOutputStream.class.getName());
private SaslClient client;
-
private SaslServer server;
-
private int maxRawSendSize;
-
private OutputStream dest;
// Constructor(s)
@@ -148,52 +122,45 @@ public class SaslOutputStream extends OutputStream
*/
public void write(byte[] b, int off, int len) throws IOException
{
- if (b == null)
- {
- throw new NullPointerException("b");
- }
+ if (Configuration.DEBUG)
+ log.entering(this.getClass().getName(), "write");
if ((off < 0) || (off > b.length) || (len < 0) || ((off + len) > b.length)
|| ((off + len) < 0))
- {
- throw new IndexOutOfBoundsException("off=" + String.valueOf(off)
- + ", len=" + String.valueOf(len)
- + ", b.length="
- + String.valueOf(b.length));
- }
+ throw new IndexOutOfBoundsException("off=" + off
+ + ", len=" + len
+ + ", b.length=" + b.length);
if (len == 0)
{
+ if (Configuration.DEBUG)
+ log.exiting(this.getClass().getName(), "write");
return;
}
- if (DEBUG && debuglevel > 8)
- debug(TRACE, "==> write()");
-
int chunckSize, length, chunck = 1;
byte[] output = null, result;
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "About to wrap " + String.valueOf(len) + " byte(s)...");
+ if (Configuration.DEBUG)
+ log.finer("About to wrap " + len + " byte(s)...");
while (len > 0)
{
chunckSize = (len > maxRawSendSize ? maxRawSendSize : len);
-
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "Outgoing buffer (before security) (hex): "
- + Util.dumpString(b, off, chunckSize));
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "Outgoing buffer (before security) (str): \""
- + new String(b, off, chunckSize) + "\"");
-
+ if (Configuration.DEBUG)
+ {
+ log.finer("Outgoing buffer (before security) (hex): "
+ + Util.dumpString(b, off, chunckSize));
+ log.finer("Outgoing buffer (before security) (str): \""
+ + new String(b, off, chunckSize) + "\"");
+ }
if (client != null)
output = client.wrap(b, off, chunckSize);
else
output = server.wrap(b, off, chunckSize);
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "Outgoing buffer (after security) (hex): "
- + Util.dumpString(output));
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "Outgoing buffer (after security) (str): \""
- + new String(output) + "\"");
-
+ if (Configuration.DEBUG)
+ {
+ log.finer("Outgoing buffer (after security) (hex): "
+ + Util.dumpString(output));
+ log.finer("Outgoing buffer (after security) (str): \""
+ + new String(output) + "\"");
+ }
length = output.length;
result = new byte[length + 4];
result[0] = (byte) (length >>> 24);
@@ -206,13 +173,12 @@ public class SaslOutputStream extends OutputStream
off += chunckSize;
len -= chunckSize;
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "Wrapped chunck #" + String.valueOf(chunck));
+ if (Configuration.DEBUG)
+ log.finer("Wrapped chunck #" + chunck);
chunck++;
}
-
dest.flush();
- if (DEBUG && debuglevel > 8)
- debug(TRACE, "<== write()");
+ if (Configuration.DEBUG)
+ log.exiting(this.getClass().getName(), "write");
}
} \ No newline at end of file
diff --git a/gnu/javax/crypto/sasl/srp/SRPClient.java b/gnu/javax/crypto/sasl/srp/SRPClient.java
index 1a1664ff7..0430342eb 100644
--- a/gnu/javax/crypto/sasl/srp/SRPClient.java
+++ b/gnu/javax/crypto/sasl/srp/SRPClient.java
@@ -38,147 +38,84 @@ exception statement from your version. */
package gnu.javax.crypto.sasl.srp;
+import gnu.classpath.Configuration;
import gnu.java.security.Registry;
import gnu.java.security.hash.MD5;
import gnu.java.security.util.PRNG;
import gnu.java.security.util.Util;
-
+import gnu.javax.crypto.assembly.Direction;
+import gnu.javax.crypto.cipher.CipherFactory;
+import gnu.javax.crypto.cipher.IBlockCipher;
import gnu.javax.crypto.key.IKeyAgreementParty;
import gnu.javax.crypto.key.IncomingMessage;
-import gnu.javax.crypto.key.KeyAgreementFactory;
import gnu.javax.crypto.key.KeyAgreementException;
+import gnu.javax.crypto.key.KeyAgreementFactory;
import gnu.javax.crypto.key.OutgoingMessage;
import gnu.javax.crypto.key.srp6.SRP6KeyAgreement;
-import gnu.javax.crypto.assembly.Direction;
-import gnu.javax.crypto.cipher.CipherFactory;
-import gnu.javax.crypto.cipher.IBlockCipher;
import gnu.javax.crypto.sasl.ClientMechanism;
import gnu.javax.crypto.sasl.IllegalMechanismStateException;
import gnu.javax.crypto.sasl.InputBuffer;
import gnu.javax.crypto.sasl.IntegrityException;
import gnu.javax.crypto.sasl.OutputBuffer;
-
import gnu.javax.security.auth.Password;
-import java.io.IOException;
-import java.io.PrintWriter;
import java.io.ByteArrayOutputStream;
+import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.HashMap;
import java.util.StringTokenizer;
+import java.util.logging.Logger;
+import javax.security.auth.DestroyFailedException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
-import javax.security.auth.DestroyFailedException;
import javax.security.sasl.AuthenticationException;
import javax.security.sasl.SaslClient;
import javax.security.sasl.SaslException;
/**
- * <p>The SASL-SRP client-side mechanism.</p>
+ * The SASL-SRP client-side mechanism.
*/
public class SRPClient extends ClientMechanism implements SaslClient
{
-
- // Debugging methods and variables
- // -------------------------------------------------------------------------
-
- private static final String NAME = "SRPClient";
-
- // private static final String ERROR = "ERROR";
- // private static final String WARN = " WARN";
- private static final String INFO = " INFO";
-
- private static final String TRACE = "DEBUG";
-
- private static final boolean DEBUG = true;
-
- private static final int debuglevel = 3;
-
- private static final PrintWriter err = new PrintWriter(System.out, true);
-
- private static void debug(final String level, final Object obj)
- {
- err.println("[" + level + "] " + NAME + ": " + String.valueOf(obj));
- }
-
- // Constants and variables
- // -------------------------------------------------------------------------
-
- // private static final HashMap uid2ctx = new HashMap();
-
+ private static final Logger log = Logger.getLogger(SRPClient.class.getName());
private String uid; // the unique key for this type of client
-
private String U; // the authentication identity
-
BigInteger N, g, A, B;
-
private Password password; // the authentication credentials
-
private byte[] s; // the user's salt
-
private byte[] cIV, sIV; // client+server IVs, when confidentiality is on
-
private byte[] M1, M2; // client+server evidences
-
private byte[] cn, sn; // client's and server's nonce
-
private SRP srp; // SRP algorithm instance used by this client
-
private byte[] sid; // session ID when re-used
-
private int ttl; // session time-to-live in seconds
-
private byte[] sCB; // the peer's channel binding data
-
private String L; // available options
-
private String o;
-
private String chosenIntegrityAlgorithm;
-
private String chosenConfidentialityAlgorithm;
-
private int rawSendSize = Registry.SASL_BUFFER_MAX_LIMIT;
-
private byte[] K; // shared session key
-
private boolean replayDetection = true; // whether Replay Detection is on
-
private int inCounter = 0; // messages sequence numbers
-
private int outCounter = 0;
-
private IALG inMac, outMac; // if !null, use for integrity
-
private CALG inCipher, outCipher; // if !null, use for confidentiality
-
private IKeyAgreementParty clientHandler = KeyAgreementFactory.getPartyAInstance(Registry.SRP_SASL_KA);
-
/** Our default source of randomness. */
private PRNG prng = null;
- // Constructor(s)
- // -------------------------------------------------------------------------
-
public SRPClient()
{
super(Registry.SASL_SRP_MECHANISM);
}
- // Class methods
- // -------------------------------------------------------------------------
-
- // Instance methods
- // -------------------------------------------------------------------------
-
- // abstract methods implementation -----------------------------------------
-
protected void initMechanism() throws SaslException
{
// we shall keep track of the sid (and the security context of this
@@ -195,9 +132,8 @@ public class SRPClient extends ClientMechanism implements SaslClient
b = protocol.getBytes();
md.update(b, 0, b.length);
if (channelBinding.length > 0)
- {
- md.update(channelBinding, 0, channelBinding.length);
- }
+ md.update(channelBinding, 0, channelBinding.length);
+
uid = Util.toBase64(md.digest());
if (ClientStore.instance().isAlive(uid))
{
@@ -253,8 +189,6 @@ public class SRPClient extends ClientMechanism implements SaslClient
sn = null;
}
- // javax.security.sasl.SaslClient interface implementation -----------------
-
public boolean hasInitialResponse()
{
return true;
@@ -282,7 +216,7 @@ public class SRPClient extends ClientMechanism implements SaslClient
}
return result;
case 2: // should only occur if session re-use was rejected
- if (!complete)
+ if (! complete)
{
state++;
return receiveEvidence(challenge);
@@ -296,22 +230,15 @@ public class SRPClient extends ClientMechanism implements SaslClient
protected byte[] engineUnwrap(final byte[] incoming, final int offset,
final int len) throws SaslException
{
- if (DEBUG && debuglevel > 8)
- debug(TRACE, "==> engineUnwrap()");
-
+ if (Configuration.DEBUG)
+ log.entering(this.getClass().getName(), "engineUnwrap");
if (inMac == null && inCipher == null)
- {
- throw new IllegalStateException("connection is not protected");
- }
-
+ throw new IllegalStateException("connection is not protected");
// at this point one, or both, of confidentiality and integrity protection
// services are active.
-
final byte[] result;
try
{
- // final InputBuffer frameIn = InputBuffer.getInstance(incoming, offset, len);
- // result = frameIn.getEOS();
if (inMac != null)
{ // integrity bytes are at the end of the stream
final int macBytesCount = inMac.length();
@@ -320,16 +247,14 @@ public class SRPClient extends ClientMechanism implements SaslClient
final byte[] received_mac = new byte[macBytesCount];
System.arraycopy(incoming, offset + payloadLength, received_mac, 0,
macBytesCount);
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "Got C (received MAC): "
- + Util.dumpString(received_mac));
- // inMac.update(result);
+ if (Configuration.DEBUG)
+ log.fine("Got C (received MAC): " + Util.dumpString(received_mac));
inMac.update(incoming, offset, payloadLength);
if (replayDetection)
{
inCounter++;
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "inCounter=" + String.valueOf(inCounter));
+ if (Configuration.DEBUG)
+ log.fine("inCounter=" + inCounter);
inMac.update(new byte[] { (byte) (inCounter >>> 24),
(byte) (inCounter >>> 16),
(byte) (inCounter >>> 8),
@@ -337,170 +262,106 @@ public class SRPClient extends ClientMechanism implements SaslClient
}
final byte[] computed_mac = inMac.doFinal();
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "Computed MAC: " + Util.dumpString(computed_mac));
+ if (Configuration.DEBUG)
+ log.fine("Computed MAC: " + Util.dumpString(computed_mac));
if (!Arrays.equals(received_mac, computed_mac))
- {
- throw new IntegrityException("engineUnwrap()");
- }
-
+ throw new IntegrityException("engineUnwrap()");
// deal with the payload, which can be either plain or encrypted
if (inCipher != null)
- {
- result = inCipher.doFinal(incoming, offset, payloadLength);
- }
+ result = inCipher.doFinal(incoming, offset, payloadLength);
else
{
result = new byte[len - macBytesCount];
System.arraycopy(incoming, offset, result, 0, result.length);
}
}
- else
- { // no integrity protection; just confidentiality
- // if (inCipher != null) {
- result = inCipher.doFinal(incoming, offset, len);
- // } else {
- // result = new byte[len];
- // System.arraycopy(incoming, offset, result, 0, len);
- // }
- }
- // if (inCipher != null) {
- // result = inCipher.doFinal(result);
- // }
+ else // no integrity protection; just confidentiality
+ result = inCipher.doFinal(incoming, offset, len);
}
catch (IOException x)
{
if (x instanceof SaslException)
- {
- throw (SaslException) x;
- }
+ throw (SaslException) x;
throw new SaslException("engineUnwrap()", x);
}
-
- if (DEBUG && debuglevel > 8)
- debug(TRACE, "<== engineUnwrap()");
+ if (Configuration.DEBUG)
+ log.exiting(this.getClass().getName(), "engineUnwrap");
return result;
}
protected byte[] engineWrap(final byte[] outgoing, final int offset,
final int len) throws SaslException
{
- if (DEBUG && debuglevel > 8)
- debug(TRACE, "==> engineWrap()");
-
+ if (Configuration.DEBUG)
+ log.entering(this.getClass().getName(), "engineWrap");
if (outMac == null && outCipher == null)
- {
- throw new IllegalStateException("connection is not protected");
- }
-
+ throw new IllegalStateException("connection is not protected");
// at this point one, or both, of confidentiality and integrity protection
// services are active.
-
- // byte[] data = new byte[len];
- // System.arraycopy(outgoing, offset, data, 0, len);
byte[] result;
try
{
- // OutputBuffer frameOut = new OutputBuffer();
final ByteArrayOutputStream out = new ByteArrayOutputStream();
// Process the data
if (outCipher != null)
{
- // data = outCipher.doFinal(data);
result = outCipher.doFinal(outgoing, offset, len);
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "Encoding c (encrypted plaintext): "
- + Util.dumpString(result));
-
- // frameOut.setEOS(data);
+ if (Configuration.DEBUG)
+ log.fine("Encoding c (encrypted plaintext): "
+ + Util.dumpString(result));
out.write(result);
-
if (outMac != null)
{
outMac.update(result);
if (replayDetection)
{
outCounter++;
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "outCounter=" + String.valueOf(outCounter));
- outMac.update(new byte[] { (byte) (outCounter >>> 24),
- (byte) (outCounter >>> 16),
- (byte) (outCounter >>> 8),
- (byte) outCounter });
+ if (Configuration.DEBUG)
+ log.fine("outCounter=" + outCounter);
+ outMac.update(new byte[] { (byte)(outCounter >>> 24),
+ (byte)(outCounter >>> 16),
+ (byte)(outCounter >>> 8),
+ (byte) outCounter });
}
final byte[] C = outMac.doFinal();
- // frameOut.setOS(C);
out.write(C);
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "Encoding C (integrity checksum): "
- + Util.dumpString(C));
- } // else confidentiality only; do nothing
+ if (Configuration.DEBUG)
+ log.fine("Encoding C (integrity checksum): " + Util.dumpString(C));
+ }
+ // else confidentiality only; do nothing
}
- else
- { // no confidentiality; just integrity [+ replay detection]
- // if (DEBUG && debuglevel > 6) debug(TRACE, "Encoding p (plaintext): "+Util.dumpString(data));
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "Encoding p (plaintext): "
- + Util.dumpString(outgoing, offset, len));
-
- // frameOut.setEOS(data);
+ else // no confidentiality; just integrity [+ replay detection]
+ {
+ if (Configuration.DEBUG)
+ log.fine("Encoding p (plaintext): "
+ + Util.dumpString(outgoing, offset, len));
out.write(outgoing, offset, len);
-
- // if (outMac != null) {
- // outMac.update(data);
outMac.update(outgoing, offset, len);
if (replayDetection)
{
outCounter++;
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "outCounter=" + String.valueOf(outCounter));
- outMac.update(new byte[] { (byte) (outCounter >>> 24),
- (byte) (outCounter >>> 16),
- (byte) (outCounter >>> 8),
- (byte) outCounter });
+ if (Configuration.DEBUG)
+ log.fine("outCounter=" + outCounter);
+ outMac.update(new byte[] { (byte)(outCounter >>> 24),
+ (byte)(outCounter >>> 16),
+ (byte)(outCounter >>> 8),
+ (byte) outCounter });
}
final byte[] C = outMac.doFinal();
- // frameOut.setOS(C);
out.write(C);
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "Encoding C (integrity checksum): "
- + Util.dumpString(C));
- // }
+ if (Configuration.DEBUG)
+ log.fine("Encoding C (integrity checksum): " + Util.dumpString(C));
}
-
- // frameOut.setEOS(data);
- //
- // if (outMac != null) {
- // outMac.update(data);
- // if (replayDetection) {
- // outCounter++;
- // if (DEBUG && debuglevel > 6) debug(TRACE, "outCounter="+String.valueOf(outCounter));
- // outMac.update(new byte[] {
- // (byte)(outCounter >>> 24),
- // (byte)(outCounter >>> 16),
- // (byte)(outCounter >>> 8),
- // (byte) outCounter });
- // }
- // byte[] C = outMac.doFinal();
- // frameOut.setOS(C);
- // if (DEBUG && debuglevel > 6) debug(TRACE, "Encoding C (integrity checksum): "+Util.dumpString(C));
- // }
-
- // result = frameOut.wrap();
result = out.toByteArray();
-
}
catch (IOException x)
{
if (x instanceof SaslException)
- {
- throw (SaslException) x;
- }
+ throw (SaslException) x;
throw new SaslException("engineWrap()", x);
}
-
- if (DEBUG && debuglevel > 8)
- debug(TRACE, "<== engineWrap()");
+ if (Configuration.DEBUG)
+ log.exiting(this.getClass().getName(), "engineWrap");
return result;
}
@@ -509,13 +370,9 @@ public class SRPClient extends ClientMechanism implements SaslClient
if (inMac != null)
{
if (inCipher != null)
- {
- return Registry.QOP_AUTH_CONF;
- }
- else
- {
- return Registry.QOP_AUTH_INT;
- }
+ return Registry.QOP_AUTH_CONF;
+
+ return Registry.QOP_AUTH_INT;
}
return Registry.QOP_AUTH;
}
@@ -525,13 +382,9 @@ public class SRPClient extends ClientMechanism implements SaslClient
if (inMac != null)
{
if (inCipher != null)
- {
- return Registry.STRENGTH_HIGH;
- }
- else
- {
- return Registry.STRENGTH_MEDIUM;
- }
+ return Registry.STRENGTH_HIGH;
+
+ return Registry.STRENGTH_MEDIUM;
}
return Registry.STRENGTH_LOW;
}
@@ -550,19 +403,16 @@ public class SRPClient extends ClientMechanism implements SaslClient
private byte[] sendIdentities() throws SaslException
{
- if (DEBUG && debuglevel > 8)
- debug(TRACE, "==> sendIdentities()");
-
+ if (Configuration.DEBUG)
+ log.entering(this.getClass().getName(), "sendIdentities");
// If necessary, prompt the client for the username and password
getUsernameAndPassword();
-
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "Password: \"" + new String(password.getPassword()) + "\"");
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "Encoding U (username): \"" + U + "\"");
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "Encoding I (userid): \"" + authorizationID + "\"");
-
+ if (Configuration.DEBUG)
+ {
+ log.fine("Password: \"" + new String(password.getPassword()) + "\"");
+ log.fine("Encoding U (username): \"" + U + "\"");
+ log.fine("Encoding I (userid): \"" + authorizationID + "\"");
+ }
// if session re-use generate new 16-byte nonce
if (sid.length != 0)
{
@@ -570,9 +420,7 @@ public class SRPClient extends ClientMechanism implements SaslClient
getDefaultPRNG().nextBytes(cn);
}
else
- {
- cn = new byte[0];
- }
+ cn = new byte[0];
final OutputBuffer frameOut = new OutputBuffer();
try
@@ -586,36 +434,30 @@ public class SRPClient extends ClientMechanism implements SaslClient
catch (IOException x)
{
if (x instanceof SaslException)
- {
- throw (SaslException) x;
- }
+ throw (SaslException) x;
throw new AuthenticationException("sendIdentities()", x);
}
final byte[] result = frameOut.encode();
- if (DEBUG && debuglevel > 8)
- debug(TRACE, "<== sendIdentities()");
- if (DEBUG && debuglevel > 2)
- debug(INFO, "C: " + Util.dumpString(result));
- if (DEBUG && debuglevel > 2)
- debug(INFO, " U = " + U);
- if (DEBUG && debuglevel > 2)
- debug(INFO, " I = " + authorizationID);
- if (DEBUG && debuglevel > 2)
- debug(INFO, "sid = " + new String(sid));
- if (DEBUG && debuglevel > 2)
- debug(INFO, " cn = " + Util.dumpString(cn));
- if (DEBUG && debuglevel > 2)
- debug(INFO, "cCB = " + Util.dumpString(channelBinding));
+ if (Configuration.DEBUG)
+ {
+ log.fine("C: " + Util.dumpString(result));
+ log.fine(" U = " + U);
+ log.fine(" I = " + authorizationID);
+ log.fine("sid = " + new String(sid));
+ log.fine(" cn = " + Util.dumpString(cn));
+ log.fine("cCB = " + Util.dumpString(channelBinding));
+ log.exiting(this.getClass().getName(), "sendIdentities");
+ }
return result;
}
private byte[] sendPublicKey(final byte[] input) throws SaslException
{
- if (DEBUG && debuglevel > 8)
- debug(TRACE, "==> sendPublicKey()");
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "S: " + Util.dumpString(input));
-
+ if (Configuration.DEBUG)
+ {
+ log.entering(this.getClass().getName(), "sendPublicKey");
+ log.fine("S: " + Util.dumpString(input));
+ }
// Server sends [00], N, g, s, B, L
// or [FF], sn, sCB
final InputBuffer frameIn = new InputBuffer(input);
@@ -626,57 +468,47 @@ public class SRPClient extends ClientMechanism implements SaslClient
if (ack == 0x00)
{ // new session
N = frameIn.getMPI();
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "Got N (modulus): " + Util.dump(N));
+ if (Configuration.DEBUG)
+ log.fine("Got N (modulus): " + Util.dump(N));
g = frameIn.getMPI();
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "Got g (generator): " + Util.dump(g));
+ if (Configuration.DEBUG)
+ log.fine("Got g (generator): " + Util.dump(g));
s = frameIn.getOS();
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "Got s (salt): " + Util.dumpString(s));
+ if (Configuration.DEBUG)
+ log.fine("Got s (salt): " + Util.dumpString(s));
B = frameIn.getMPI();
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "Got B (server ephermeral public key): "
- + Util.dump(B));
+ if (Configuration.DEBUG)
+ log.fine("Got B (server ephermeral public key): " + Util.dump(B));
L = frameIn.getText();
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "Got L (available options): \"" + L + "\"");
+ if (Configuration.DEBUG)
+ log.fine("Got L (available options): \"" + L + "\"");
}
else if (ack == 0xFF)
{ // session re-use
sn = frameIn.getOS();
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "Got sn (server nonce): " + Util.dumpString(sn));
+ if (Configuration.DEBUG)
+ log.fine("Got sn (server nonce): " + Util.dumpString(sn));
sCB = frameIn.getEOS();
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "Got sCB (server channel binding): "
- + Util.dumpString(sCB));
- }
- else
- { // unexpected scalar
- throw new SaslException("sendPublicKey(): Invalid scalar (" + ack
- + ") in server's request");
+ if (Configuration.DEBUG)
+ log.fine("Got sCB (server channel binding): " + Util.dumpString(sCB));
}
+ else // unexpected scalar
+ throw new SaslException("sendPublicKey(): Invalid scalar (" + ack
+ + ") in server's request");
}
catch (IOException x)
{
if (x instanceof SaslException)
- {
- throw (SaslException) x;
- }
+ throw (SaslException) x;
throw new SaslException("sendPublicKey()", x);
}
-
if (ack == 0x00)
{ // new session ---------------------------------------
o = createO(L.toLowerCase()); // do this first to initialise the SRP hash
-
final byte[] pBytes; // use ASCII encoding to inter-operate w/ non-java
pBytes = password.getBytes();
-
// ----------------------------------------------------------------------
final HashMap mapA = new HashMap();
- // mapA.put(SRP6KeyAgreement.HASH_FUNCTION, srp.newDigest());
mapA.put(SRP6KeyAgreement.HASH_FUNCTION, srp.getAlgorithm());
mapA.put(SRP6KeyAgreement.USER_IDENTITY, U);
mapA.put(SRP6KeyAgreement.USER_PASSWORD, pBytes);
@@ -689,9 +521,6 @@ public class SRPClient extends ClientMechanism implements SaslClient
{
throw new SaslException("sendPublicKey()", x);
}
-
- // ----------------------------------------------------------------------
-
// -------------------------------------------------------------------
try
{
@@ -702,7 +531,6 @@ public class SRPClient extends ClientMechanism implements SaslClient
out.writeMPI(B);
IncomingMessage in = new IncomingMessage(out.toByteArray());
out = clientHandler.processMessage(in);
-
in = new IncomingMessage(out.toByteArray());
A = in.readMPI();
K = clientHandler.getSharedSecret();
@@ -712,13 +540,11 @@ public class SRPClient extends ClientMechanism implements SaslClient
throw new SaslException("sendPublicKey()", x);
}
// -------------------------------------------------------------------
-
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "K: " + Util.dumpString(K));
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "Encoding A (client ephemeral public key): "
- + Util.dump(A));
-
+ if (Configuration.DEBUG)
+ {
+ log.fine("K: " + Util.dumpString(K));
+ log.fine("Encoding A (client ephemeral public key): " + Util.dump(A));
+ }
try
{
M1 = srp.generateM1(N, g, U, s, A, B, K, authorizationID, L, cn,
@@ -728,13 +554,11 @@ public class SRPClient extends ClientMechanism implements SaslClient
{
throw new AuthenticationException("sendPublicKey()", x);
}
-
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "Encoding o (client chosen options): \"" + o + "\"");
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "Encoding cIV (client IV): \"" + Util.dumpString(cIV)
- + "\"");
-
+ if (Configuration.DEBUG)
+ {
+ log.fine("Encoding o (client chosen options): \"" + o + "\"");
+ log.fine("Encoding cIV (client IV): \"" + Util.dumpString(cIV) + "\"");
+ }
final OutputBuffer frameOut = new OutputBuffer();
try
{
@@ -746,74 +570,65 @@ public class SRPClient extends ClientMechanism implements SaslClient
catch (IOException x)
{
if (x instanceof SaslException)
- {
- throw (SaslException) x;
- }
+ throw (SaslException) x;
throw new AuthenticationException("sendPublicKey()", x);
}
final byte[] result = frameOut.encode();
- if (DEBUG && debuglevel > 8)
- debug(TRACE, "<== sendPublicKey()");
- if (DEBUG && debuglevel > 2)
- debug(INFO, "New session, or session re-use rejected...");
- if (DEBUG && debuglevel > 2)
- debug(INFO, "C: " + Util.dumpString(result));
- if (DEBUG && debuglevel > 2)
- debug(INFO, " A = 0x" + A.toString(16));
- if (DEBUG && debuglevel > 2)
- debug(INFO, " M1 = " + Util.dumpString(M1));
- if (DEBUG && debuglevel > 2)
- debug(INFO, " o = " + o);
- if (DEBUG && debuglevel > 2)
- debug(INFO, "cIV = " + Util.dumpString(cIV));
-
+ if (Configuration.DEBUG)
+ {
+ log.fine("New session, or session re-use rejected...");
+ log.fine("C: " + Util.dumpString(result));
+ log.fine(" A = 0x" + A.toString(16));
+ log.fine(" M1 = " + Util.dumpString(M1));
+ log.fine(" o = " + o);
+ log.fine("cIV = " + Util.dumpString(cIV));
+ log.exiting(this.getClass().getName(), "sendPublicKey");
+ }
return result;
}
- else
- { // session re-use accepted -------------------------------------
+ else // session re-use accepted -------------------------------------------
+ {
setupSecurityServices(true);
- if (DEBUG && debuglevel > 8)
- debug(TRACE, "<== sendPublicKey()");
- if (DEBUG && debuglevel > 2)
- debug(INFO, "Session re-use accepted...");
+ if (Configuration.DEBUG)
+ {
+ log.fine("Session re-use accepted...");
+ log.exiting(this.getClass().getName(), "sendPublicKey");
+ }
return null;
}
}
private byte[] receiveEvidence(byte[] input) throws SaslException
{
- if (DEBUG && debuglevel > 8)
- debug(TRACE, "==> receiveEvidence()");
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "S: " + Util.dumpString(input));
-
+ if (Configuration.DEBUG)
+ {
+ log.entering(this.getClass().getName(), "receiveEvidence");
+ log.fine("S: " + Util.dumpString(input));
+ }
// Server send M2, sIV, sCB, sid, ttl
final InputBuffer frameIn = new InputBuffer(input);
try
{
M2 = frameIn.getOS();
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "Got M2 (server evidence): " + Util.dumpString(M2));
+ if (Configuration.DEBUG)
+ log.fine("Got M2 (server evidence): " + Util.dumpString(M2));
sIV = frameIn.getOS();
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "Got sIV (server IV): " + Util.dumpString(sIV));
+ if (Configuration.DEBUG)
+ log.fine("Got sIV (server IV): " + Util.dumpString(sIV));
sid = frameIn.getEOS();
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "Got sid (session ID): " + new String(sid));
+ if (Configuration.DEBUG)
+ log.fine("Got sid (session ID): " + new String(sid));
ttl = (int) frameIn.getScalar(4);
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "Got ttl (session time-to-live): " + ttl + "sec.");
+ if (Configuration.DEBUG)
+ log.fine("Got ttl (session time-to-live): " + ttl + "sec.");
sCB = frameIn.getEOS();
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "Got sCB (server channel binding): "
- + Util.dumpString(sCB));
+ if (Configuration.DEBUG)
+ log.fine("Got sCB (server channel binding): " + Util.dumpString(sCB));
}
catch (IOException x)
{
if (x instanceof SaslException)
- {
- throw (SaslException) x;
- }
+ throw (SaslException) x;
throw new AuthenticationException("receiveEvidence()", x);
}
@@ -827,18 +642,14 @@ public class SRPClient extends ClientMechanism implements SaslClient
{
throw new AuthenticationException("receiveEvidence()", x);
}
-
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "Expected: " + Util.dumpString(expected));
+ if (Configuration.DEBUG)
+ log.fine("Expected: " + Util.dumpString(expected));
if (!Arrays.equals(M2, expected))
- {
- throw new AuthenticationException("M2 mismatch");
- }
+ throw new AuthenticationException("M2 mismatch");
setupSecurityServices(false);
-
- if (DEBUG && debuglevel > 8)
- debug(TRACE, "<== receiveEvidence()");
+ if (Configuration.DEBUG)
+ log.exiting(this.getClass().getName(), "receiveEvidence");
return null;
}
@@ -846,19 +657,15 @@ public class SRPClient extends ClientMechanism implements SaslClient
{
try
{
- if ((!properties.containsKey(Registry.SASL_USERNAME))
- && (!properties.containsKey(Registry.SASL_PASSWORD)))
+ if ((! properties.containsKey(Registry.SASL_USERNAME))
+ && (! properties.containsKey(Registry.SASL_PASSWORD)))
{
final NameCallback nameCB;
final String defaultName = System.getProperty("user.name");
if (defaultName == null)
- {
- nameCB = new NameCallback("username: ");
- }
+ nameCB = new NameCallback("username: ");
else
- {
- nameCB = new NameCallback("username: ", defaultName);
- }
+ nameCB = new NameCallback("username: ", defaultName);
final PasswordCallback pwdCB = new PasswordCallback("password: ",
false);
handler.handle(new Callback[] { nameCB, pwdCB });
@@ -868,21 +675,15 @@ public class SRPClient extends ClientMechanism implements SaslClient
else
{
if (properties.containsKey(Registry.SASL_USERNAME))
- {
- this.U = (String) properties.get(Registry.SASL_USERNAME);
- }
+ this.U = (String) properties.get(Registry.SASL_USERNAME);
else
{
final NameCallback nameCB;
final String defaultName = System.getProperty("user.name");
if (defaultName == null)
- {
- nameCB = new NameCallback("username: ");
- }
+ nameCB = new NameCallback("username: ");
else
- {
- nameCB = new NameCallback("username: ", defaultName);
- }
+ nameCB = new NameCallback("username: ", defaultName);
this.handler.handle(new Callback[] { nameCB });
this.U = nameCB.getName();
}
@@ -897,14 +698,12 @@ public class SRPClient extends ClientMechanism implements SaslClient
else if (pw instanceof String)
password = new Password(((String) pw).toCharArray());
else
- throw new IllegalArgumentException(
- pw.getClass().getName()
- + "is not a valid password class");
+ throw new IllegalArgumentException(pw.getClass().getName()
+ + "is not a valid password class");
}
else
{
- final PasswordCallback pwdCB = new PasswordCallback(
- "password: ",
+ final PasswordCallback pwdCB = new PasswordCallback("password: ",
false);
this.handler.handle(new Callback[] { pwdCB });
password = new Password(pwdCB.getPassword());
@@ -912,13 +711,9 @@ public class SRPClient extends ClientMechanism implements SaslClient
}
if (U == null)
- {
- throw new AuthenticationException("null username supplied");
- }
+ throw new AuthenticationException("null username supplied");
if (password == null)
- {
- throw new AuthenticationException("null password supplied");
- }
+ throw new AuthenticationException("null password supplied");
}
catch (UnsupportedCallbackException x)
{
@@ -935,9 +730,8 @@ public class SRPClient extends ClientMechanism implements SaslClient
// to us by the client.
private String createO(final String aol) throws AuthenticationException
{
- if (DEBUG && debuglevel > 8)
- debug(TRACE, "==> createO(\"" + aol + "\")");
-
+ if (Configuration.DEBUG)
+ log.entering(this.getClass().getName(), "createO", aol);
boolean replaydetectionAvailable = false;
boolean integrityAvailable = false;
boolean confidentialityAvailable = false;
@@ -945,7 +739,6 @@ public class SRPClient extends ClientMechanism implements SaslClient
int i;
String mdName = SRPRegistry.SRP_DEFAULT_DIGEST_NAME;
-
final StringTokenizer st = new StringTokenizer(aol, ",");
while (st.hasMoreTokens())
{
@@ -953,8 +746,8 @@ public class SRPClient extends ClientMechanism implements SaslClient
if (option.startsWith(SRPRegistry.OPTION_SRP_DIGEST + "="))
{
option = option.substring(option.indexOf('=') + 1);
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "mda: <" + option + ">");
+ if (Configuration.DEBUG)
+ log.fine("mda: <" + option + ">");
for (i = 0; i < SRPRegistry.INTEGRITY_ALGORITHMS.length; i++)
{
if (SRPRegistry.SRP_ALGORITHMS[i].equals(option))
@@ -965,14 +758,12 @@ public class SRPClient extends ClientMechanism implements SaslClient
}
}
else if (option.equals(SRPRegistry.OPTION_REPLAY_DETECTION))
- {
- replaydetectionAvailable = true;
- }
+ replaydetectionAvailable = true;
else if (option.startsWith(SRPRegistry.OPTION_INTEGRITY + "="))
{
option = option.substring(option.indexOf('=') + 1);
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "ialg: <" + option + ">");
+ if (Configuration.DEBUG)
+ log.fine("ialg: <" + option + ">");
for (i = 0; i < SRPRegistry.INTEGRITY_ALGORITHMS.length; i++)
{
if (SRPRegistry.INTEGRITY_ALGORITHMS[i].equals(option))
@@ -986,8 +777,8 @@ public class SRPClient extends ClientMechanism implements SaslClient
else if (option.startsWith(SRPRegistry.OPTION_CONFIDENTIALITY + "="))
{
option = option.substring(option.indexOf('=') + 1);
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "calg: <" + option + ">");
+ if (Configuration.DEBUG)
+ log.fine("calg: <" + option + ">");
for (i = 0; i < SRPRegistry.CONFIDENTIALITY_ALGORITHMS.length; i++)
{
if (SRPRegistry.CONFIDENTIALITY_ALGORITHMS[i].equals(option))
@@ -999,9 +790,7 @@ public class SRPClient extends ClientMechanism implements SaslClient
}
}
else if (option.startsWith(SRPRegistry.OPTION_MANDATORY + "="))
- {
- mandatory = option.substring(option.indexOf('=') + 1);
- }
+ mandatory = option.substring(option.indexOf('=') + 1);
else if (option.startsWith(SRPRegistry.OPTION_MAX_BUFFER_SIZE + "="))
{
final String maxBufferSize = option.substring(option.indexOf('=') + 1);
@@ -1010,32 +799,22 @@ public class SRPClient extends ClientMechanism implements SaslClient
rawSendSize = Integer.parseInt(maxBufferSize);
if (rawSendSize > Registry.SASL_BUFFER_MAX_LIMIT
|| rawSendSize < 1)
- {
- throw new AuthenticationException(
- "Illegal value for 'maxbuffersize' option");
- }
+ throw new AuthenticationException("Illegal value for 'maxbuffersize' option");
}
catch (NumberFormatException x)
{
- throw new AuthenticationException(
- SRPRegistry.OPTION_MAX_BUFFER_SIZE
- + "="
- + String.valueOf(maxBufferSize),
+ throw new AuthenticationException(SRPRegistry.OPTION_MAX_BUFFER_SIZE
+ + "=" + maxBufferSize,
x);
}
}
}
-
replayDetection = replaydetectionAvailable
- && Boolean.valueOf(
- (String) properties.get(SRPRegistry.SRP_REPLAY_DETECTION)).booleanValue();
+ && Boolean.valueOf((String) properties.get(SRPRegistry.SRP_REPLAY_DETECTION)).booleanValue();
boolean integrity = integrityAvailable
- && Boolean.valueOf(
- (String) properties.get(SRPRegistry.SRP_INTEGRITY_PROTECTION)).booleanValue();
+ && Boolean.valueOf((String) properties.get(SRPRegistry.SRP_INTEGRITY_PROTECTION)).booleanValue();
boolean confidentiality = confidentialityAvailable
- && Boolean.valueOf(
- (String) properties.get(SRPRegistry.SRP_CONFIDENTIALITY)).booleanValue();
-
+ && Boolean.valueOf((String) properties.get(SRPRegistry.SRP_CONFIDENTIALITY)).booleanValue();
// make sure we do the right thing
if (SRPRegistry.OPTION_REPLAY_DETECTION.equals(mandatory))
{
@@ -1043,95 +822,67 @@ public class SRPClient extends ClientMechanism implements SaslClient
integrity = true;
}
else if (SRPRegistry.OPTION_INTEGRITY.equals(mandatory))
- {
- integrity = true;
- }
+ integrity = true;
else if (SRPRegistry.OPTION_CONFIDENTIALITY.equals(mandatory))
- {
- confidentiality = true;
- }
+ confidentiality = true;
+
if (replayDetection)
{
if (chosenIntegrityAlgorithm == null)
- {
- throw new AuthenticationException(
- "Replay detection is required but no "
- + "integrity protection algorithm was chosen");
- }
+ throw new AuthenticationException(
+ "Replay detection is required but no integrity protection algorithm was chosen");
}
if (integrity)
{
if (chosenIntegrityAlgorithm == null)
- {
- throw new AuthenticationException(
- "Integrity protection is required but no "
- + "algorithm was chosen");
- }
+ throw new AuthenticationException(
+ "Integrity protection is required but no algorithm was chosen");
}
if (confidentiality)
{
if (chosenConfidentialityAlgorithm == null)
- {
- throw new AuthenticationException(
- "Confidentiality protection is required "
- + "but no algorithm was chosen");
- }
+ throw new AuthenticationException(
+ "Confidentiality protection is required but no algorithm was chosen");
}
-
// 1. check if we'll be using confidentiality; if not set IV to 0-byte
if (chosenConfidentialityAlgorithm == null)
- {
- cIV = new byte[0];
- }
+ cIV = new byte[0];
else
{
// 2. get the block size of the cipher
final IBlockCipher cipher = CipherFactory.getInstance(chosenConfidentialityAlgorithm);
if (cipher == null)
- {
- throw new AuthenticationException("createO()",
- new NoSuchAlgorithmException());
- }
+ throw new AuthenticationException("createO()",
+ new NoSuchAlgorithmException());
final int blockSize = cipher.defaultBlockSize();
// 3. generate random iv
cIV = new byte[blockSize];
getDefaultPRNG().nextBytes(cIV);
}
-
srp = SRP.instance(mdName);
-
// Now create the options list specifying which of the available options
// we have chosen.
// For now we just select the defaults. Later we need to add support for
// properties (perhaps in a file) where a user can specify the list of
// algorithms they would prefer to use.
-
final StringBuffer sb = new StringBuffer();
- sb.append(SRPRegistry.OPTION_SRP_DIGEST).append("=").append(mdName).append(
- ",");
+ sb.append(SRPRegistry.OPTION_SRP_DIGEST)
+ .append("=").append(mdName).append(",");
if (replayDetection)
- {
- sb.append(SRPRegistry.OPTION_REPLAY_DETECTION).append(",");
- }
+ sb.append(SRPRegistry.OPTION_REPLAY_DETECTION).append(",");
if (integrity)
- {
- sb.append(SRPRegistry.OPTION_INTEGRITY).append("=").append(
- chosenIntegrityAlgorithm).append(
- ",");
- }
+ sb.append(SRPRegistry.OPTION_INTEGRITY)
+ .append("=").append(chosenIntegrityAlgorithm).append(",");
if (confidentiality)
- {
- sb.append(SRPRegistry.OPTION_CONFIDENTIALITY).append("=").append(
- chosenConfidentialityAlgorithm).append(
- ",");
- }
- final String result = sb.append(SRPRegistry.OPTION_MAX_BUFFER_SIZE).append(
- "=").append(
- Registry.SASL_BUFFER_MAX_LIMIT).toString();
-
- if (DEBUG && debuglevel > 8)
- debug(TRACE, "<== createO() --> " + result);
+ sb.append(SRPRegistry.OPTION_CONFIDENTIALITY)
+ .append("=").append(chosenConfidentialityAlgorithm).append(",");
+
+ final String result = sb.append(SRPRegistry.OPTION_MAX_BUFFER_SIZE)
+ .append("=").append(Registry.SASL_BUFFER_MAX_LIMIT)
+ .toString();
+ if (Configuration.DEBUG)
+ log.exiting(this.getClass().getName(), "createO", result);
return result;
}
@@ -1139,33 +890,30 @@ public class SRPClient extends ClientMechanism implements SaslClient
throws SaslException
{
complete = true; // signal end of authentication phase
- if (!sessionReUse)
+ if (! sessionReUse)
{
outCounter = inCounter = 0;
// instantiate cipher if confidentiality protection filter is active
if (chosenConfidentialityAlgorithm != null)
{
- if (DEBUG && debuglevel > 2)
- debug(INFO, "Activating confidentiality protection filter");
+ if (Configuration.DEBUG)
+ log.fine("Activating confidentiality protection filter");
inCipher = CALG.getInstance(chosenConfidentialityAlgorithm);
outCipher = CALG.getInstance(chosenConfidentialityAlgorithm);
}
// instantiate hmacs if integrity protection filter is active
if (chosenIntegrityAlgorithm != null)
{
- if (DEBUG && debuglevel > 2)
- debug(INFO, "Activating integrity protection filter");
+ if (Configuration.DEBUG)
+ log.fine("Activating integrity protection filter");
inMac = IALG.getInstance(chosenIntegrityAlgorithm);
outMac = IALG.getInstance(chosenIntegrityAlgorithm);
}
}
- else
- { // same session new Keys
- K = srp.generateKn(K, cn, sn);
- }
+ else // same session new Keys
+ K = srp.generateKn(K, cn, sn);
final KDF kdf = KDF.getInstance(K);
-
// initialise in/out ciphers if confidentiality protection is used
if (inCipher != null)
{
@@ -1178,16 +926,13 @@ public class SRPClient extends ClientMechanism implements SaslClient
inMac.init(kdf);
outMac.init(kdf);
}
-
if (sid != null && sid.length != 0)
{ // update the security context and save in map
- if (DEBUG && debuglevel > 2)
- debug(INFO, "Updating security context for UID = " + uid);
- ClientStore.instance().cacheSession(
- uid,
+ if (Configuration.DEBUG)
+ log.fine("Updating security context for UID = " + uid);
+ ClientStore.instance().cacheSession(uid,
ttl,
- new SecurityContext(
- srp.getAlgorithm(),
+ new SecurityContext(srp.getAlgorithm(),
sid,
K,
cIV,
diff --git a/gnu/javax/crypto/sasl/srp/SRPServer.java b/gnu/javax/crypto/sasl/srp/SRPServer.java
index 672660b26..18452555c 100644
--- a/gnu/javax/crypto/sasl/srp/SRPServer.java
+++ b/gnu/javax/crypto/sasl/srp/SRPServer.java
@@ -38,18 +38,18 @@ exception statement from your version. */
package gnu.javax.crypto.sasl.srp;
+import gnu.classpath.Configuration;
import gnu.java.security.Registry;
import gnu.java.security.util.PRNG;
import gnu.java.security.util.Util;
-
import gnu.javax.crypto.assembly.Direction;
import gnu.javax.crypto.cipher.CipherFactory;
import gnu.javax.crypto.cipher.IBlockCipher;
import gnu.javax.crypto.key.IKeyAgreementParty;
-import gnu.javax.crypto.key.KeyAgreementFactory;
+import gnu.javax.crypto.key.IncomingMessage;
import gnu.javax.crypto.key.KeyAgreementException;
+import gnu.javax.crypto.key.KeyAgreementFactory;
import gnu.javax.crypto.key.OutgoingMessage;
-import gnu.javax.crypto.key.IncomingMessage;
import gnu.javax.crypto.key.srp6.SRP6KeyAgreement;
import gnu.javax.crypto.sasl.IllegalMechanismStateException;
import gnu.javax.crypto.sasl.InputBuffer;
@@ -57,114 +57,55 @@ import gnu.javax.crypto.sasl.IntegrityException;
import gnu.javax.crypto.sasl.OutputBuffer;
import gnu.javax.crypto.sasl.ServerMechanism;
-import java.io.IOException;
-import java.io.PrintWriter;
import java.io.ByteArrayOutputStream;
+import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.util.Arrays;
import java.util.HashMap;
import java.util.StringTokenizer;
+import java.util.logging.Logger;
import javax.security.sasl.AuthenticationException;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
/**
- * <p>The SASL-SRP server-side mechanism.</p>
+ * The SASL-SRP server-side mechanism.
*/
public class SRPServer extends ServerMechanism implements SaslServer
{
-
- // Debugging methods and variables
- // -------------------------------------------------------------------------
-
- private static final String NAME = "SRPServer";
-
- // private static final String ERROR = "ERROR";
- private static final String WARN = " WARN";
-
- private static final String INFO = " INFO";
-
- private static final String TRACE = "DEBUG";
-
- private static final boolean DEBUG = true;
-
- private static final int debuglevel = 3;
-
- private static final PrintWriter err = new PrintWriter(System.out, true);
-
- private static void debug(final String level, final Object obj)
- {
- err.println("[" + level + "] " + NAME + ": " + String.valueOf(obj));
- }
-
- // Constants and variables
- // -------------------------------------------------------------------------
-
+ private static final Logger log = Logger.getLogger(SRPServer.class.getName());
private String U = null; // client's username
-
private BigInteger N, g, A, B;
-
private byte[] s; // salt
-
private byte[] cIV, sIV; // client+server IVs, when confidentiality is on
-
private byte[] cn, sn; // client's and server's nonce
-
private SRP srp; // SRP algorithm instance used by this server
-
private byte[] sid; // session ID when re-used
-
private int ttl = 360; // session time-to-live in seconds
-
private byte[] cCB; // peer's channel binding'
-
private String mandatory; // List of available options
-
private String L = null;
-
private String o;
-
private String chosenIntegrityAlgorithm;
-
private String chosenConfidentialityAlgorithm;
-
private int rawSendSize = Registry.SASL_BUFFER_MAX_LIMIT;
-
private byte[] K; // shared session key
-
private boolean replayDetection = true; // whether Replay Detection is on
-
private int inCounter = 0; // messages sequence numbers
-
private int outCounter = 0;
-
private IALG inMac, outMac; // if !null, use for integrity
-
private CALG inCipher, outCipher; // if !null, use for confidentiality
-
private IKeyAgreementParty serverHandler = KeyAgreementFactory.getPartyBInstance(Registry.SRP_SASL_KA);
-
/** Our default source of randomness. */
private PRNG prng = null;
- // Constructor(s)
- // -------------------------------------------------------------------------
-
public SRPServer()
{
super(Registry.SASL_SRP_MECHANISM);
}
- // Class methods
- // -------------------------------------------------------------------------
-
- // Instance methods
- // -------------------------------------------------------------------------
-
- // abstract methods implementation -----------------------------------------
-
protected void initMechanism() throws SaslException
{
// TODO:
@@ -187,21 +128,18 @@ public class SRPServer extends ServerMechanism implements SaslServer
sid = null;
}
- // javax.security.sasl.SaslServer interface implementation -----------------
-
public byte[] evaluateResponse(final byte[] response) throws SaslException
{
switch (state)
{
case 0:
if (response == null)
- {
- return null;
- }
+ return null;
+
state++;
return sendProtocolElements(response);
case 1:
- if (!complete)
+ if (! complete)
{
state++;
return sendEvidence(response);
@@ -215,65 +153,15 @@ public class SRPServer extends ServerMechanism implements SaslServer
protected byte[] engineUnwrap(final byte[] incoming, final int offset,
final int len) throws SaslException
{
- // if (DEBUG && debuglevel > 8) debug(TRACE, "==> engineUnwrap()");
- //
- // if (inMac == null && inCipher == null) {
- // throw new IllegalStateException("connection is not protected");
- // }
- //
- // if (DEBUG && debuglevel > 6) debug(TRACE, "Incoming buffer (before security): "+Util.dumpString(incoming, offset, len));
- //
- // byte[] data = null;
- // try {
- // InputBuffer frameIn = InputBuffer.getInstance(incoming, offset, len);
- // data = frameIn.getEOS();
- // if (inMac != null) {
- // byte[] received_mac = frameIn.getOS();
- // if (DEBUG && debuglevel > 6) debug(TRACE, "Got C (received MAC): "+Util.dumpString(received_mac));
- // inMac.update(data);
- // if (replayDetection) {
- // inCounter++;
- // if (DEBUG && debuglevel > 6) debug(TRACE, "inCounter="+String.valueOf(inCounter));
- // inMac.update(new byte[] {
- // (byte)(inCounter >>> 24),
- // (byte)(inCounter >>> 16),
- // (byte)(inCounter >>> 8),
- // (byte) inCounter });
- // }
- // final byte[] computed_mac = inMac.doFinal();
- // if (DEBUG && debuglevel > 6) debug(TRACE, "Computed MAC: "+Util.dumpString(computed_mac));
- // if (!Arrays.equals(received_mac, computed_mac))
- // throw new IntegrityException("engineUnwrap()");
- // }
- // if (inCipher != null) {
- // data = inCipher.doFinal(data);
- // }
- // } catch (IOException x) {
- // if (x instanceof SaslException) {
- // throw (SaslException) x;
- // }
- // throw new SaslException("engineUnwrap()", x);
- // }
- //
- // if (DEBUG && debuglevel > 6) debug(TRACE, "Incoming buffer (after security): "+Util.dumpString(data));
- // if (DEBUG && debuglevel > 8) debug(TRACE, "<== engineUnwrap()");
- // return data;
-
- if (DEBUG && debuglevel > 8)
- debug(TRACE, "==> engineUnwrap()");
-
+ if (Configuration.DEBUG)
+ log.entering(this.getClass().getName(), "engineUnwrap");
if (inMac == null && inCipher == null)
- {
- throw new IllegalStateException("connection is not protected");
- }
-
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "Incoming buffer (before security): "
- + Util.dumpString(incoming, offset, len));
-
+ throw new IllegalStateException("connection is not protected");
+ if (Configuration.DEBUG)
+ log.fine("Incoming buffer (before security): "
+ + Util.dumpString(incoming, offset, len));
// at this point one, or both, of confidentiality and integrity protection
// services are active.
-
final byte[] result;
try
{
@@ -284,137 +172,67 @@ public class SRPServer extends ServerMechanism implements SaslServer
final byte[] received_mac = new byte[macBytesCount];
System.arraycopy(incoming, offset + payloadLength, received_mac, 0,
macBytesCount);
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "Got C (received MAC): "
- + Util.dumpString(received_mac));
+ if (Configuration.DEBUG)
+ log.fine("Got C (received MAC): " + Util.dumpString(received_mac));
inMac.update(incoming, offset, payloadLength);
if (replayDetection)
{
inCounter++;
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "inCounter=" + String.valueOf(inCounter));
- inMac.update(new byte[] { (byte) (inCounter >>> 24),
- (byte) (inCounter >>> 16),
- (byte) (inCounter >>> 8),
- (byte) inCounter });
+ if (Configuration.DEBUG)
+ log.fine("inCounter=" + String.valueOf(inCounter));
+ inMac.update(new byte[] { (byte)(inCounter >>> 24),
+ (byte)(inCounter >>> 16),
+ (byte)(inCounter >>> 8),
+ (byte) inCounter });
}
-
final byte[] computed_mac = inMac.doFinal();
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "Computed MAC: " + Util.dumpString(computed_mac));
+ if (Configuration.DEBUG)
+ log.fine("Computed MAC: " + Util.dumpString(computed_mac));
if (!Arrays.equals(received_mac, computed_mac))
- {
- throw new IntegrityException("engineUnwrap()");
- }
+ throw new IntegrityException("engineUnwrap()");
// deal with the payload, which can be either plain or encrypted
if (inCipher != null)
- {
- result = inCipher.doFinal(incoming, offset, payloadLength);
- }
+ result = inCipher.doFinal(incoming, offset, payloadLength);
else
{
result = new byte[payloadLength];
System.arraycopy(incoming, offset, result, 0, result.length);
}
}
- else
- { // no integrity protection; just confidentiality
- // if (inCipher != null) {
- result = inCipher.doFinal(incoming, offset, len);
- // } else {
- // result = new byte[len];
- // System.arraycopy(incoming, offset, result, 0, len);
- // }
- }
+ else // no integrity protection; just confidentiality
+ result = inCipher.doFinal(incoming, offset, len);
}
catch (IOException x)
{
if (x instanceof SaslException)
- {
- throw (SaslException) x;
- }
+ throw (SaslException) x;
throw new SaslException("engineUnwrap()", x);
}
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "Incoming buffer (after security): "
- + Util.dumpString(result));
- if (DEBUG && debuglevel > 8)
- debug(TRACE, "<== engineUnwrap()");
+ if (Configuration.DEBUG)
+ {
+ log.fine("Incoming buffer (after security): " + Util.dumpString(result));
+ log.exiting(this.getClass().getName(), "engineUnwrap");
+ }
return result;
}
protected byte[] engineWrap(final byte[] outgoing, final int offset,
final int len) throws SaslException
{
- // if (DEBUG && debuglevel > 8) debug(TRACE, "==> engineWrap()");
- //
- // if (outMac == null && outCipher == null) {
- // throw new IllegalStateException("connection is not protected");
- // }
- //
- // byte[] data = new byte[len];
- // System.arraycopy(outgoing, offset, data, 0, len);
- //
- // if (DEBUG && debuglevel > 6) debug(TRACE, "Outgoing buffer (before security) (hex): "+Util.dumpString(data));
- // if (DEBUG && debuglevel > 6) debug(TRACE, "Outgoing buffer (before security) (str): \""+new String(data)+"\"");
- //
- // final byte[] result;
- // try {
- // OutputBuffer frameOut = new OutputBuffer();
- // // Process the data
- // if (outCipher != null) {
- // data = outCipher.doFinal(data);
- // if (DEBUG && debuglevel > 6) debug(TRACE, "Encoding c (encrypted plaintext): "+Util.dumpString(data));
- // } else {
- // if (DEBUG && debuglevel > 6) debug(TRACE, "Encoding p (plaintext): "+Util.dumpString(data));
- // }
- // frameOut.setEOS(data);
- // if (outMac != null) {
- // outMac.update(data);
- // if (replayDetection) {
- // outCounter++;
- // if (DEBUG && debuglevel > 6) debug(TRACE, "outCounter="+String.valueOf(outCounter));
- // outMac.update(new byte[] {
- // (byte)(outCounter >>> 24),
- // (byte)(outCounter >>> 16),
- // (byte)(outCounter >>> 8),
- // (byte) outCounter});
- // }
- // byte[] C = outMac.doFinal();
- // frameOut.setOS(C);
- // if (DEBUG && debuglevel > 6) debug(TRACE, "Encoding C (integrity checksum): "+Util.dumpString(C));
- // }
- // result = frameOut.wrap();
- //
- // } catch (IOException x) {
- // if (x instanceof SaslException) {
- // throw (SaslException) x;
- // }
- // throw new SaslException("engineWrap()", x);
- // }
- //
- // if (DEBUG && debuglevel > 8) debug(TRACE, "<== engineWrap()");
- // return result;
-
- if (DEBUG && debuglevel > 8)
- debug(TRACE, "==> engineWrap()");
-
+ if (Configuration.DEBUG)
+ log.entering(this.getClass().getName(), "engineWrap");
if (outMac == null && outCipher == null)
+ throw new IllegalStateException("connection is not protected");
+ if (Configuration.DEBUG)
{
- throw new IllegalStateException("connection is not protected");
+ log.fine("Outgoing buffer (before security) (hex): "
+ + Util.dumpString(outgoing, offset, len));
+ log.fine("Outgoing buffer (before security) (str): \""
+ + new String(outgoing, offset, len) + "\"");
}
-
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "Outgoing buffer (before security) (hex): "
- + Util.dumpString(outgoing, offset, len));
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "Outgoing buffer (before security) (str): \""
- + new String(outgoing, offset, len) + "\"");
-
// at this point one, or both, of confidentiality and integrity protection
// services are active.
-
byte[] result;
try
{
@@ -422,74 +240,62 @@ public class SRPServer extends ServerMechanism implements SaslServer
if (outCipher != null)
{
result = outCipher.doFinal(outgoing, offset, len);
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "Encoding c (encrypted plaintext): "
- + Util.dumpString(result));
-
+ if (Configuration.DEBUG)
+ log.fine("Encoding c (encrypted plaintext): "
+ + Util.dumpString(result));
out.write(result);
-
if (outMac != null)
{
outMac.update(result);
if (replayDetection)
{
outCounter++;
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "outCounter=" + String.valueOf(outCounter));
- outMac.update(new byte[] { (byte) (outCounter >>> 24),
- (byte) (outCounter >>> 16),
- (byte) (outCounter >>> 8),
- (byte) outCounter });
+ if (Configuration.DEBUG)
+ log.fine("outCounter=" + outCounter);
+ outMac.update(new byte[] { (byte)(outCounter >>> 24),
+ (byte)(outCounter >>> 16),
+ (byte)(outCounter >>> 8),
+ (byte) outCounter });
}
final byte[] C = outMac.doFinal();
out.write(C);
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "Encoding C (integrity checksum): "
- + Util.dumpString(C));
- } // else ciphertext only; do nothing
+ if (Configuration.DEBUG)
+ log.fine("Encoding C (integrity checksum): " + Util.dumpString(C));
+ }
+ // else ciphertext only; do nothing
}
- else
- { // no confidentiality; just integrity [+ replay detection]
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "Encoding p (plaintext): "
- + Util.dumpString(outgoing, offset, len));
-
+ else // no confidentiality; just integrity [+ replay detection]
+ {
+ if (Configuration.DEBUG)
+ log.fine("Encoding p (plaintext): "
+ + Util.dumpString(outgoing, offset, len));
out.write(outgoing, offset, len);
-
- // if (outMac != null) {
outMac.update(outgoing, offset, len);
if (replayDetection)
{
outCounter++;
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "outCounter=" + String.valueOf(outCounter));
- outMac.update(new byte[] { (byte) (outCounter >>> 24),
- (byte) (outCounter >>> 16),
- (byte) (outCounter >>> 8),
- (byte) outCounter });
+ if (Configuration.DEBUG)
+ log.fine("outCounter=" + outCounter);
+ outMac.update(new byte[] { (byte)(outCounter >>> 24),
+ (byte)(outCounter >>> 16),
+ (byte)(outCounter >>> 8),
+ (byte) outCounter });
}
final byte[] C = outMac.doFinal();
out.write(C);
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "Encoding C (integrity checksum): "
- + Util.dumpString(C));
- // } // else plaintext only; do nothing
+ if (Configuration.DEBUG)
+ log.fine("Encoding C (integrity checksum): " + Util.dumpString(C));
}
-
result = out.toByteArray();
-
}
catch (IOException x)
{
if (x instanceof SaslException)
- {
- throw (SaslException) x;
- }
+ throw (SaslException) x;
throw new SaslException("engineWrap()", x);
}
-
- if (DEBUG && debuglevel > 8)
- debug(TRACE, "<== engineWrap()");
+ if (Configuration.DEBUG)
+ log.exiting(this.getClass().getName(), "engineWrap");
return result;
}
@@ -498,13 +304,9 @@ public class SRPServer extends ServerMechanism implements SaslServer
if (inMac != null)
{
if (inCipher != null)
- {
- return Registry.QOP_AUTH_CONF;
- }
- else
- {
- return Registry.QOP_AUTH_INT;
- }
+ return Registry.QOP_AUTH_CONF;
+
+ return Registry.QOP_AUTH_INT;
}
return Registry.QOP_AUTH;
}
@@ -514,13 +316,9 @@ public class SRPServer extends ServerMechanism implements SaslServer
if (inMac != null)
{
if (inCipher != null)
- {
- return Registry.STRENGTH_HIGH;
- }
- else
- {
- return Registry.STRENGTH_MEDIUM;
- }
+ return Registry.STRENGTH_HIGH;
+
+ return Registry.STRENGTH_MEDIUM;
}
return Registry.STRENGTH_LOW;
}
@@ -535,45 +333,39 @@ public class SRPServer extends ServerMechanism implements SaslServer
return Registry.REUSE_TRUE;
}
- // other methods -----------------------------------------------------------
-
private byte[] sendProtocolElements(final byte[] input) throws SaslException
{
- if (DEBUG && debuglevel > 8)
- debug(TRACE, "==> sendProtocolElements()");
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "C: " + Util.dumpString(input));
-
+ if (Configuration.DEBUG)
+ {
+ log.entering(this.getClass().getName(), "sendProtocolElements");
+ log.fine("C: " + Util.dumpString(input));
+ }
// Client send U, I, sid, cn
final InputBuffer frameIn = new InputBuffer(input);
try
{
U = frameIn.getText(); // Extract username
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "Got U (username): \"" + U + "\"");
+ if (Configuration.DEBUG)
+ log.fine("Got U (username): \"" + U + "\"");
authorizationID = frameIn.getText(); // Extract authorisation ID
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "Got I (userid): \"" + authorizationID + "\"");
+ if (Configuration.DEBUG)
+ log.fine("Got I (userid): \"" + authorizationID + "\"");
sid = frameIn.getEOS();
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "Got sid (session ID): " + new String(sid));
+ if (Configuration.DEBUG)
+ log.fine("Got sid (session ID): " + new String(sid));
cn = frameIn.getOS();
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "Got cn (client nonce): " + Util.dumpString(cn));
+ if (Configuration.DEBUG)
+ log.fine("Got cn (client nonce): " + Util.dumpString(cn));
cCB = frameIn.getEOS();
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "Got cCB (client channel binding): "
- + Util.dumpString(cCB));
+ if (Configuration.DEBUG)
+ log.fine("Got cCB (client channel binding): " + Util.dumpString(cCB));
}
catch (IOException x)
{
if (x instanceof SaslException)
- {
- throw (SaslException) x;
- }
+ throw (SaslException) x;
throw new AuthenticationException("sendProtocolElements()", x);
}
-
// do/can we re-use?
if (ServerStore.instance().isAlive(sid))
{
@@ -589,15 +381,11 @@ public class SRPServer extends ServerMechanism implements SaslServer
outMac = ctx.getOutMac();
inCipher = ctx.getInCipher();
outCipher = ctx.getOutCipher();
-
if (sn == null || sn.length != 16)
- {
- sn = new byte[16];
- }
- getDefaultPRNG().nextBytes(sn);
+ sn = new byte[16];
+ getDefaultPRNG().nextBytes(sn);
setupSecurityServices(false);
-
final OutputBuffer frameOut = new OutputBuffer();
try
{
@@ -608,34 +396,27 @@ public class SRPServer extends ServerMechanism implements SaslServer
catch (IOException x)
{
if (x instanceof SaslException)
- {
- throw (SaslException) x;
- }
+ throw (SaslException) x;
throw new AuthenticationException("sendProtocolElements()", x);
}
final byte[] result = frameOut.encode();
- if (DEBUG && debuglevel > 8)
- debug(TRACE, "<== sendProtocolElements()");
- if (DEBUG && debuglevel > 2)
- debug(INFO, "Old session...");
- if (DEBUG && debuglevel > 2)
- debug(INFO, "S: " + Util.dumpString(result));
- if (DEBUG && debuglevel > 2)
- debug(INFO, " sn = " + Util.dumpString(sn));
- if (DEBUG && debuglevel > 2)
- debug(INFO, " sCB = " + Util.dumpString(channelBinding));
+ if (Configuration.DEBUG)
+ {
+ log.fine("Old session...");
+ log.fine("S: " + Util.dumpString(result));
+ log.fine(" sn = " + Util.dumpString(sn));
+ log.fine(" sCB = " + Util.dumpString(channelBinding));
+ log.exiting(this.getClass().getName(), "sendProtocolElements");
+ }
return result;
}
else
{ // new session
authenticator.activate(properties);
-
// -------------------------------------------------------------------
final HashMap mapB = new HashMap();
- // mapB.put(SRP6KeyAgreement.HASH_FUNCTION, srp.newDigest());
mapB.put(SRP6KeyAgreement.HASH_FUNCTION, srp.getAlgorithm());
mapB.put(SRP6KeyAgreement.HOST_PASSWORD_DB, authenticator);
-
try
{
serverHandler.init(mapB);
@@ -643,7 +424,6 @@ public class SRPServer extends ServerMechanism implements SaslServer
out.writeString(U);
IncomingMessage in = new IncomingMessage(out.toByteArray());
out = serverHandler.processMessage(in);
-
in = new IncomingMessage(out.toByteArray());
N = in.readMPI();
g = in.readMPI();
@@ -655,26 +435,22 @@ public class SRPServer extends ServerMechanism implements SaslServer
throw new SaslException("sendProtocolElements()", x);
}
// -------------------------------------------------------------------
-
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "Encoding N (modulus): " + Util.dump(N));
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "Encoding g (generator): " + Util.dump(g));
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "Encoding s (client's salt): " + Util.dumpString(s));
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "Encoding B (server ephemeral public key): "
- + Util.dump(B));
-
+ if (Configuration.DEBUG)
+ {
+ log.fine("Encoding N (modulus): " + Util.dump(N));
+ log.fine("Encoding g (generator): " + Util.dump(g));
+ log.fine("Encoding s (client's salt): " + Util.dumpString(s));
+ log.fine("Encoding B (server ephemeral public key): " + Util.dump(B));
+ }
// The server creates an options list (L), which consists of a
// comma-separated list of option strings that specify the security
// service options the server supports.
L = createL();
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "Encoding L (available options): \"" + L + "\"");
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "Encoding sIV (server IV): " + Util.dumpString(sIV));
-
+ if (Configuration.DEBUG)
+ {
+ log.fine("Encoding L (available options): \"" + L + "\"");
+ log.fine("Encoding sIV (server IV): " + Util.dumpString(sIV));
+ }
final OutputBuffer frameOut = new OutputBuffer();
try
{
@@ -688,69 +464,58 @@ public class SRPServer extends ServerMechanism implements SaslServer
catch (IOException x)
{
if (x instanceof SaslException)
- {
- throw (SaslException) x;
- }
+ throw (SaslException) x;
throw new AuthenticationException("sendProtocolElements()", x);
}
final byte[] result = frameOut.encode();
- if (DEBUG && debuglevel > 8)
- debug(TRACE, "<== sendProtocolElements()");
- if (DEBUG && debuglevel > 2)
- debug(INFO, "New session...");
- if (DEBUG && debuglevel > 2)
- debug(INFO, "S: " + Util.dumpString(result));
- if (DEBUG && debuglevel > 2)
- debug(INFO, " N = 0x" + N.toString(16));
- if (DEBUG && debuglevel > 2)
- debug(INFO, " g = 0x" + g.toString(16));
- if (DEBUG && debuglevel > 2)
- debug(INFO, " s = " + Util.dumpString(s));
- if (DEBUG && debuglevel > 2)
- debug(INFO, " B = 0x" + B.toString(16));
- if (DEBUG && debuglevel > 2)
- debug(INFO, " L = " + L);
+ if (Configuration.DEBUG)
+ {
+ log.fine("New session...");
+ log.fine("S: " + Util.dumpString(result));
+ log.fine(" N = 0x" + N.toString(16));
+ log.fine(" g = 0x" + g.toString(16));
+ log.fine(" s = " + Util.dumpString(s));
+ log.fine(" B = 0x" + B.toString(16));
+ log.fine(" L = " + L);
+ log.exiting(this.getClass().getName(), "sendProtocolElements");
+ }
return result;
}
}
private byte[] sendEvidence(final byte[] input) throws SaslException
{
- if (DEBUG && debuglevel > 8)
- debug(TRACE, "==> sendEvidence()");
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "C: " + Util.dumpString(input));
-
+ if (Configuration.DEBUG)
+ {
+ log.entering(this.getClass().getName(), "sendEvidence");
+ log.fine("C: " + Util.dumpString(input));
+ }
// Client send A, M1, o, cIV
final InputBuffer frameIn = new InputBuffer(input);
final byte[] M1;
try
{
A = frameIn.getMPI(); // Extract client's ephemeral public key
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "Got A (client ephemeral public key): " + Util.dump(A));
+ if (Configuration.DEBUG)
+ log.fine("Got A (client ephemeral public key): " + Util.dump(A));
M1 = frameIn.getOS(); // Extract evidence
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "Got M1 (client evidence): " + Util.dumpString(M1));
+ if (Configuration.DEBUG)
+ log.fine("Got M1 (client evidence): " + Util.dumpString(M1));
o = frameIn.getText(); // Extract client's options list
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "Got o (client chosen options): \"" + o + "\"");
+ if (Configuration.DEBUG)
+ log.fine("Got o (client chosen options): \"" + o + "\"");
cIV = frameIn.getOS(); // Extract client's IV
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "Got cIV (client IV): " + Util.dumpString(cIV));
+ if (Configuration.DEBUG)
+ log.fine("Got cIV (client IV): " + Util.dumpString(cIV));
}
catch (IOException x)
{
if (x instanceof SaslException)
- {
- throw (SaslException) x;
- }
+ throw (SaslException) x;
throw new AuthenticationException("sendEvidence()", x);
}
-
// Parse client's options and set security layer variables
parseO(o);
-
// ----------------------------------------------------------------------
try
{
@@ -765,10 +530,8 @@ public class SRPServer extends ServerMechanism implements SaslServer
throw new SaslException("sendEvidence()", x);
}
// ----------------------------------------------------------------------
-
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "K: " + Util.dumpString(K));
-
+ if (Configuration.DEBUG)
+ log.fine("K: " + Util.dumpString(K));
final byte[] expected;
try
{
@@ -779,15 +542,11 @@ public class SRPServer extends ServerMechanism implements SaslServer
{
throw new AuthenticationException("sendEvidence()", x);
}
-
// Verify client evidence
if (!Arrays.equals(M1, expected))
- {
- throw new AuthenticationException("M1 mismatch");
- }
+ throw new AuthenticationException("M1 mismatch");
setupSecurityServices(true);
-
final byte[] M2;
try
{
@@ -798,7 +557,6 @@ public class SRPServer extends ServerMechanism implements SaslServer
{
throw new AuthenticationException("sendEvidence()", x);
}
-
final OutputBuffer frameOut = new OutputBuffer();
try
{
@@ -811,93 +569,71 @@ public class SRPServer extends ServerMechanism implements SaslServer
catch (IOException x)
{
if (x instanceof SaslException)
- {
- throw (SaslException) x;
- }
+ throw (SaslException) x;
throw new AuthenticationException("sendEvidence()", x);
}
final byte[] result = frameOut.encode();
- if (DEBUG && debuglevel > 2)
- debug(INFO, "S: " + Util.dumpString(result));
- if (DEBUG && debuglevel > 2)
- debug(INFO, " M2 = " + Util.dumpString(M2));
- if (DEBUG && debuglevel > 2)
- debug(INFO, " sIV = " + Util.dumpString(sIV));
- if (DEBUG && debuglevel > 2)
- debug(INFO, " sid = " + new String(sid));
- if (DEBUG && debuglevel > 2)
- debug(INFO, " ttl = " + ttl);
- if (DEBUG && debuglevel > 2)
- debug(INFO, " sCB = " + Util.dumpString(channelBinding));
-
- if (DEBUG && debuglevel > 8)
- debug(TRACE, "<== sendEvidence()");
+ if (Configuration.DEBUG)
+ {
+ log.fine("S: " + Util.dumpString(result));
+ log.fine(" M2 = " + Util.dumpString(M2));
+ log.fine(" sIV = " + Util.dumpString(sIV));
+ log.fine(" sid = " + new String(sid));
+ log.fine(" ttl = " + ttl);
+ log.fine(" sCB = " + Util.dumpString(channelBinding));
+ log.exiting(this.getClass().getName(), "sendEvidence");
+ }
return result;
}
private String createL()
{
- if (DEBUG && debuglevel > 8)
- debug(TRACE, "==> createL()");
-
+ if (Configuration.DEBUG)
+ log.entering(this.getClass().getName(), "createL()");
String s = (String) properties.get(SRPRegistry.SRP_MANDATORY);
if (s == null)
+ s = SRPRegistry.DEFAULT_MANDATORY;
+
+ if (! SRPRegistry.MANDATORY_NONE.equals(s)
+ && ! SRPRegistry.OPTION_REPLAY_DETECTION.equals(s)
+ && ! SRPRegistry.OPTION_INTEGRITY.equals(s)
+ && ! SRPRegistry.OPTION_CONFIDENTIALITY.equals(s))
{
+ if (Configuration.DEBUG)
+ log.fine("Unrecognised mandatory option (" + s + "). Using default...");
s = SRPRegistry.DEFAULT_MANDATORY;
}
- if (!SRPRegistry.MANDATORY_NONE.equals(s)
- && !SRPRegistry.OPTION_REPLAY_DETECTION.equals(s)
- && !SRPRegistry.OPTION_INTEGRITY.equals(s)
- && !SRPRegistry.OPTION_CONFIDENTIALITY.equals(s))
- {
- if (DEBUG && debuglevel > 4)
- debug(WARN, "Unrecognised mandatory option (" + s
- + "). Using default...");
- s = SRPRegistry.DEFAULT_MANDATORY;
- }
-
mandatory = s;
-
s = (String) properties.get(SRPRegistry.SRP_CONFIDENTIALITY);
final boolean confidentiality = (s == null ? SRPRegistry.DEFAULT_CONFIDENTIALITY
- : Boolean.valueOf(s).booleanValue());
-
+ : Boolean.valueOf(s).booleanValue());
s = (String) properties.get(SRPRegistry.SRP_INTEGRITY_PROTECTION);
boolean integrity = (s == null ? SRPRegistry.DEFAULT_INTEGRITY
- : Boolean.valueOf(s).booleanValue());
-
+ : Boolean.valueOf(s).booleanValue());
s = (String) properties.get(SRPRegistry.SRP_REPLAY_DETECTION);
final boolean replayDetection = (s == null ? SRPRegistry.DEFAULT_REPLAY_DETECTION
- : Boolean.valueOf(s).booleanValue());
-
+ : Boolean.valueOf(s).booleanValue());
final StringBuffer sb = new StringBuffer();
- sb.append(SRPRegistry.OPTION_SRP_DIGEST).append("=").append(
- srp.getAlgorithm()).append(
- ",");
+ sb.append(SRPRegistry.OPTION_SRP_DIGEST).append("=")
+ .append(srp.getAlgorithm()).append(",");
+
+ if (! SRPRegistry.MANDATORY_NONE.equals(mandatory))
+ sb.append(SRPRegistry.OPTION_MANDATORY)
+ .append("=").append(mandatory).append(",");
- if (!SRPRegistry.MANDATORY_NONE.equals(mandatory))
- {
- sb.append(SRPRegistry.OPTION_MANDATORY).append("=").append(mandatory).append(
- ",");
- }
if (replayDetection)
{
sb.append(SRPRegistry.OPTION_REPLAY_DETECTION).append(",");
// if replay detection is on then force integrity protection
integrity = true;
}
-
int i;
if (integrity)
{
for (i = 0; i < SRPRegistry.INTEGRITY_ALGORITHMS.length; i++)
- {
- sb.append(SRPRegistry.OPTION_INTEGRITY).append("=").append(
- SRPRegistry.INTEGRITY_ALGORITHMS[i]).append(
- ",");
- }
+ sb.append(SRPRegistry.OPTION_INTEGRITY).append("=")
+ .append(SRPRegistry.INTEGRITY_ALGORITHMS[i]).append(",");
}
-
if (confidentiality)
{
IBlockCipher cipher;
@@ -905,19 +641,15 @@ public class SRPServer extends ServerMechanism implements SaslServer
{
cipher = CipherFactory.getInstance(SRPRegistry.CONFIDENTIALITY_ALGORITHMS[i]);
if (cipher != null)
- {
- sb.append(SRPRegistry.OPTION_CONFIDENTIALITY).append("=").append(
- SRPRegistry.CONFIDENTIALITY_ALGORITHMS[i]).append(
- ",");
- }
+ sb.append(SRPRegistry.OPTION_CONFIDENTIALITY).append("=")
+ .append(SRPRegistry.CONFIDENTIALITY_ALGORITHMS[i]).append(",");
}
}
-
- final String result = sb.append(SRPRegistry.OPTION_MAX_BUFFER_SIZE).append(
- "=").append(
- Registry.SASL_BUFFER_MAX_LIMIT).toString();
- if (DEBUG && debuglevel > 8)
- debug(TRACE, "<== createL()");
+ final String result = sb.append(SRPRegistry.OPTION_MAX_BUFFER_SIZE)
+ .append("=").append(Registry.SASL_BUFFER_MAX_LIMIT)
+ .toString();
+ if (Configuration.DEBUG)
+ log.exiting(this.getClass().getName(), "createL");
return result;
}
@@ -934,69 +666,51 @@ public class SRPServer extends ServerMechanism implements SaslServer
while (st.hasMoreTokens())
{
option = st.nextToken();
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "option: <" + option + ">");
+ if (Configuration.DEBUG)
+ log.fine("option: <" + option + ">");
if (option.equals(SRPRegistry.OPTION_REPLAY_DETECTION))
- {
- replayDetection = true;
- }
+ replayDetection = true;
else if (option.startsWith(SRPRegistry.OPTION_INTEGRITY + "="))
{
if (integrity)
+ throw new AuthenticationException("Only one integrity algorithm may be chosen");
+
+ option = option.substring(option.indexOf('=') + 1);
+ if (Configuration.DEBUG)
+ log.fine("algorithm: <" + option + ">");
+ for (i = 0; i < SRPRegistry.INTEGRITY_ALGORITHMS.length; i++)
{
- throw new AuthenticationException(
- "Only one integrity algorithm may be chosen");
- }
- else
- {
- option = option.substring(option.indexOf('=') + 1);
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "algorithm: <" + option + ">");
- for (i = 0; i < SRPRegistry.INTEGRITY_ALGORITHMS.length; i++)
+ if (SRPRegistry.INTEGRITY_ALGORITHMS[i].equals(option))
{
- if (SRPRegistry.INTEGRITY_ALGORITHMS[i].equals(option))
- {
- chosenIntegrityAlgorithm = option;
- integrity = true;
- break;
- }
- }
- if (!integrity)
- {
- throw new AuthenticationException(
- "Unknown integrity algorithm: "
- + option);
+ chosenIntegrityAlgorithm = option;
+ integrity = true;
+ break;
}
}
+ if (! integrity)
+ throw new AuthenticationException("Unknown integrity algorithm: "
+ + option);
}
else if (option.startsWith(SRPRegistry.OPTION_CONFIDENTIALITY + "="))
{
if (confidentiality)
+ throw new AuthenticationException("Only one confidentiality algorithm may be chosen");
+
+ option = option.substring(option.indexOf('=') + 1);
+ if (Configuration.DEBUG)
+ log.fine("algorithm: <" + option + ">");
+ for (i = 0; i < SRPRegistry.CONFIDENTIALITY_ALGORITHMS.length; i++)
{
- throw new AuthenticationException(
- "Only one confidentiality algorithm may be chosen");
- }
- else
- {
- option = option.substring(option.indexOf('=') + 1);
- if (DEBUG && debuglevel > 6)
- debug(TRACE, "algorithm: <" + option + ">");
- for (i = 0; i < SRPRegistry.CONFIDENTIALITY_ALGORITHMS.length; i++)
+ if (SRPRegistry.CONFIDENTIALITY_ALGORITHMS[i].equals(option))
{
- if (SRPRegistry.CONFIDENTIALITY_ALGORITHMS[i].equals(option))
- {
- chosenConfidentialityAlgorithm = option;
- confidentiality = true;
- break;
- }
- }
- if (!confidentiality)
- {
- throw new AuthenticationException(
- "Unknown confidentiality algorithm: "
- + option);
+ chosenConfidentialityAlgorithm = option;
+ confidentiality = true;
+ break;
}
}
+ if (! confidentiality)
+ throw new AuthenticationException("Unknown confidentiality algorithm: "
+ + option);
}
else if (option.startsWith(SRPRegistry.OPTION_MAX_BUFFER_SIZE + "="))
{
@@ -1006,71 +720,49 @@ public class SRPServer extends ServerMechanism implements SaslServer
rawSendSize = Integer.parseInt(maxBufferSize);
if (rawSendSize > Registry.SASL_BUFFER_MAX_LIMIT
|| rawSendSize < 1)
- throw new AuthenticationException(
- "Illegal value for 'maxbuffersize' option");
+ throw new AuthenticationException("Illegal value for 'maxbuffersize' option");
}
catch (NumberFormatException x)
{
- throw new AuthenticationException(
- SRPRegistry.OPTION_MAX_BUFFER_SIZE
- + "="
- + String.valueOf(maxBufferSize),
+ throw new AuthenticationException(SRPRegistry.OPTION_MAX_BUFFER_SIZE
+ + "=" + maxBufferSize,
x);
}
}
}
-
// check if client did the right thing
if (replayDetection)
{
- if (!integrity)
- {
- throw new AuthenticationException(
- "Missing integrity protection algorithm "
- + "but replay detection is chosen");
- }
+ if (! integrity)
+ throw new AuthenticationException("Missing integrity protection algorithm "
+ + "but replay detection is chosen");
}
if (mandatory.equals(SRPRegistry.OPTION_REPLAY_DETECTION))
{
- if (!replayDetection)
- {
- throw new AuthenticationException(
- "Replay detection is mandatory but was not chosen");
- }
+ if (! replayDetection)
+ throw new AuthenticationException("Replay detection is mandatory but was not chosen");
}
if (mandatory.equals(SRPRegistry.OPTION_INTEGRITY))
{
- if (!integrity)
- {
- throw new AuthenticationException(
- "Integrity protection is mandatory but was not chosen");
- }
+ if (! integrity)
+ throw new AuthenticationException("Integrity protection is mandatory but was not chosen");
}
if (mandatory.equals(SRPRegistry.OPTION_CONFIDENTIALITY))
{
- if (!confidentiality)
- {
- throw new AuthenticationException(
- "Confidentiality is mandatory but was not chosen");
- }
+ if (! confidentiality)
+ throw new AuthenticationException("Confidentiality is mandatory but was not chosen");
}
-
int blockSize = 0;
if (chosenConfidentialityAlgorithm != null)
{
final IBlockCipher cipher = CipherFactory.getInstance(chosenConfidentialityAlgorithm);
if (cipher != null)
- {
- blockSize = cipher.defaultBlockSize();
- }
- else
- { // should not happen
- throw new AuthenticationException("Confidentiality algorithm ("
- + chosenConfidentialityAlgorithm
- + ") not available");
- }
+ blockSize = cipher.defaultBlockSize();
+ else // should not happen
+ throw new AuthenticationException("Confidentiality algorithm ("
+ + chosenConfidentialityAlgorithm
+ + ") not available");
}
-
sIV = new byte[blockSize];
if (blockSize > 0)
getDefaultPRNG().nextBytes(sIV);
@@ -1086,30 +778,26 @@ public class SRPServer extends ServerMechanism implements SaslServer
// instantiate cipher if confidentiality protection filter is active
if (chosenConfidentialityAlgorithm != null)
{
- if (DEBUG && debuglevel > 2)
- debug(INFO, "Activating confidentiality protection filter");
+ if (Configuration.DEBUG)
+ log.fine("Activating confidentiality protection filter");
inCipher = CALG.getInstance(chosenConfidentialityAlgorithm);
outCipher = CALG.getInstance(chosenConfidentialityAlgorithm);
}
// instantiate hmacs if integrity protection filter is active
if (chosenIntegrityAlgorithm != null)
{
- if (DEBUG && debuglevel > 2)
- debug(INFO, "Activating integrity protection filter");
+ if (Configuration.DEBUG)
+ log.fine("Activating integrity protection filter");
inMac = IALG.getInstance(chosenIntegrityAlgorithm);
outMac = IALG.getInstance(chosenIntegrityAlgorithm);
}
-
// generate a new sid if at least integrity is used
sid = (inMac != null ? ServerStore.getNewSessionID() : new byte[0]);
}
- else
- { // same session new keys
- K = srp.generateKn(K, cn, sn);
- }
+ else // same session new keys
+ K = srp.generateKn(K, cn, sn);
final KDF kdf = KDF.getInstance(K);
-
// initialise in/out ciphers if confidentaility protection is used
if (inCipher != null)
{
@@ -1122,15 +810,12 @@ public class SRPServer extends ServerMechanism implements SaslServer
outMac.init(kdf);
inMac.init(kdf);
}
-
if (sid != null && sid.length != 0)
{ // update the security context and save in map
- if (DEBUG && debuglevel > 2)
- debug(INFO, "Updating security context for sid = " + new String(sid));
- ServerStore.instance().cacheSession(
- ttl,
- new SecurityContext(
- srp.getAlgorithm(),
+ if (Configuration.DEBUG)
+ log.fine("Updating security context for sid = " + new String(sid));
+ ServerStore.instance().cacheSession(ttl,
+ new SecurityContext(srp.getAlgorithm(),
sid,
K,
cIV,
View Lorry Controller Status