From 8ace3af577b4314374a3cc74fdeae04a0733f7de Mon Sep 17 00:00:00 2001 From: "Raif S. Naffah" Date: Sun, 11 Jun 2006 12:14:43 +0000 Subject: 2006-06-11 Raif S. Naffah PR Classpath/26065 * gnu/javax/security/auth/login/GnuConfiguration.java: Condition all trace/ debug code based on Configuration.DEBUG. Use logger instead of STDOUT and ot STDERR. * gnu/javax/security/auth/login/ConfigFileParser.java: Likewise. * gnu/javax/crypto/sasl/SaslOutputStream.java: Likewise. * gnu/javax/crypto/sasl/SaslInputStream.java: Likewise. * gnu/javax/crypto/sasl/srp/SRPServer.java: Likewise. * gnu/javax/crypto/sasl/srp/SRPClient.java: Likewise. * gnu/javax/crypto/prng/CSPRNG.java: Likewise. * gnu/javax/crypto/pad/TBC.java: Likewise. * gnu/javax/crypto/pad/PKCS7.java: Likewise. * gnu/javax/crypto/pad/PKCS1_V1_5.java: Likewise. * gnu/javax/crypto/pad/BasePad.java: Likewise. * gnu/javax/crypto/mac/OMAC.java: Likewise. * gnu/javax/crypto/keyring/PasswordEncryptedEntry.java: Likewise. * gnu/javax/crypto/keyring/PasswordAuthenticatedEntry.java: Likewise. * gnu/javax/crypto/keyring/GnuPublicKeyring.java: Likewise. * gnu/javax/crypto/keyring/GnuPrivateKeyring.java: Likewise. * gnu/javax/crypto/keyring/EnvelopeEntry.java: Likewise. * gnu/javax/crypto/keyring/Entry.java: Likewise. * gnu/javax/crypto/key/srp6/SRPKeyPairGenerator.java: Likewise. * gnu/javax/crypto/key/dh/GnuDHKeyPairGenerator.java: Likewise. * gnu/javax/crypto/jce/prng/UMacRandomSpi.java: Likewise. * gnu/javax/crypto/jce/prng/ICMRandomSpi.java: Likewise. * gnu/javax/crypto/jce/keyring/GnuKeyring.java: Likewise. * gnu/javax/crypto/cipher/Twofish.java: Likewise. * gnu/javax/crypto/cipher/Khazad.java: Likewise. * gnu/javax/crypto/cipher/Rijndael.java: Likewise. * gnu/javax/crypto/cipher/BaseCipher.java: Likewise. * gnu/javax/crypto/cipher/Anubis.java: Likewise. * gnu/java/security/Properties.java: Likewise. * gnu/java/security/x509/X509CRLEntry.java: Likewise. * gnu/java/security/x509/X509CRL.java: Likewise. * gnu/java/security/x509/ext/Extension.java: Likewise. * gnu/java/security/util/Prime2.java: Likewise. * gnu/java/security/util/Base64.java: Likewise. * gnu/java/security/sig/rsa/RSAPSSSignature.java: Likewise. * gnu/java/security/sig/rsa/EMSA_PSS.java: Likewise. * gnu/java/security/provider/PKIXCertPathValidatorImpl.java: Likewise. * gnu/java/security/pkcs/SignerInfo.java: Likewise. * gnu/java/security/pkcs/PKCS7SignedData.java: Likewise. * gnu/java/security/key/rsa/RSAKeyPairX509Codec.java: Likewise. * gnu/java/security/key/rsa/RSAKeyPairPKCS8Codec.java: Likewise. * gnu/java/security/key/rsa/RSAKeyPairGenerator.java: Likewise. * gnu/java/security/key/rsa/GnuRSAPrivateKey.java: Likewise. * gnu/java/security/key/dss/DSSPrivateKey.java: Likewise. * gnu/java/security/key/dss/DSSKeyPairPKCS8Codec.java: Likewise. * gnu/java/security/key/dss/DSSKeyPairGenerator.java: Likewise. * gnu/java/security/jce/sig/SignatureAdapter.java: Likewise. * gnu/java/security/jce/sig/EncodedKeyFactory.java: Likewise. * gnu/java/security/hash/Whirlpool.java: Likewise. --- gnu/javax/crypto/sasl/SaslInputStream.java | 178 +++---- gnu/javax/crypto/sasl/SaslOutputStream.java | 96 ++-- gnu/javax/crypto/sasl/srp/SRPClient.java | 701 ++++++++---------------- gnu/javax/crypto/sasl/srp/SRPServer.java | 799 +++++++++------------------- 4 files changed, 561 insertions(+), 1213 deletions(-) (limited to 'gnu/javax/crypto/sasl') diff --git a/gnu/javax/crypto/sasl/SaslInputStream.java b/gnu/javax/crypto/sasl/SaslInputStream.java index 57eb2b5c5..14de9e12f 100644 --- a/gnu/javax/crypto/sasl/SaslInputStream.java +++ b/gnu/javax/crypto/sasl/SaslInputStream.java @@ -38,12 +38,13 @@ exception statement from your version. */ package gnu.javax.crypto.sasl; +import gnu.classpath.Configuration; import gnu.java.security.util.Util; +import java.io.IOException; import java.io.InputStream; import java.io.InterruptedIOException; -import java.io.IOException; -import java.io.PrintWriter; +import java.util.logging.Logger; import javax.security.sasl.Sasl; import javax.security.sasl.SaslClient; @@ -55,41 +56,11 @@ import javax.security.sasl.SaslServer; */ public class SaslInputStream extends InputStream { - - // Debugging methods and variables - // ------------------------------------------------------------------------- - - private static final String NAME = "SaslOutputStream"; - - private static final String ERROR = "ERROR"; - - private static final String WARN = " WARN"; - - // private static final String INFO = " INFO"; - private static final String TRACE = "DEBUG"; - - private static final boolean DEBUG = true; - - private static final int debuglevel = 3; - - private static final PrintWriter err = new PrintWriter(System.out, true); - - private static void debug(String level, Object obj) - { - err.println("[" + level + "] " + NAME + ": " + String.valueOf(obj)); - } - - // Constants and variables - // ------------------------------------------------------------------------- - + private static final Logger log = Logger.getLogger(SaslInputStream.class.getName()); private SaslClient client; - private SaslServer server; - private int maxRawSendSize; - private InputStream source; - private byte[] internalBuf; // Constructor(s) @@ -168,7 +139,6 @@ public class SaslInputStream extends InputStream else { byte[] tmp = new byte[internalBuf.length - 1]; - // System.arraycopy(internalBuf, 0, tmp, 0, tmp.length); System.arraycopy(internalBuf, 1, tmp, 0, tmp.length); internalBuf = tmp; } @@ -241,32 +211,22 @@ public class SaslInputStream extends InputStream */ public int read(byte[] b, int off, int len) throws IOException { - if (DEBUG && debuglevel > 8) - debug(TRACE, "==> read(b, " + String.valueOf(off) + ", " - + String.valueOf(len) + ")"); - - if (b == null) - { - throw new NullPointerException("b"); - } + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "read", + new Object[] { b, Integer.valueOf(off), Integer.valueOf(len) }); if ((off < 0) || (off > b.length) || (len < 0) || ((off + len) > b.length) || ((off + len) < 0)) - { - throw new IndexOutOfBoundsException("off=" + String.valueOf(off) - + ", len=" + String.valueOf(len) - + ", b.length=" - + String.valueOf(b.length)); - } + throw new IndexOutOfBoundsException("off=" + off + + ", len=" + len + + ", b.length=" + b.length); if (len == 0) { - if (DEBUG && debuglevel > 8) - debug(TRACE, "<== read() --> 0"); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "read", Integer.valueOf(0)); return 0; } - - if (DEBUG && debuglevel > 6) - debug(TRACE, "Available: " + String.valueOf(available())); - + if (Configuration.DEBUG) + log.finer("Available: " + available()); int result = 0; if (internalBuf == null || internalBuf.length < 1) try @@ -274,21 +234,24 @@ public class SaslInputStream extends InputStream internalBuf = readSaslBuffer(); if (internalBuf == null) { - if (DEBUG && debuglevel > 4) - debug(WARN, "Underlying stream empty. Returning -1"); - if (DEBUG && debuglevel > 8) - debug(TRACE, "<== read() --> -1"); + if (Configuration.DEBUG) + { + log.finer("Underlying stream empty. Returning -1"); + log.exiting(this.getClass().getName(), "read", + Integer.valueOf(-1)); + } return -1; } } catch (InterruptedIOException x) { - if (DEBUG && debuglevel > 6) - debug(TRACE, x); - if (DEBUG && debuglevel > 4) - debug(WARN, "Reading thread was interrupted. Returning -1"); - if (DEBUG && debuglevel > 8) - debug(TRACE, "<== read() --> -1"); + if (Configuration.DEBUG) + { + log.finer("Reading thread was interrupted. Returning -1"); + log.throwing(this.getClass().getName(), "read", x); + log.exiting(this.getClass().getName(), "read", + Integer.valueOf(-1)); + } return -1; } @@ -328,8 +291,8 @@ public class SaslInputStream extends InputStream data = readSaslBuffer(); if (data == null) { - if (DEBUG && debuglevel > 4) - debug(WARN, "Underlying stream exhausted. Breaking..."); + if (Configuration.DEBUG) + log.finer("Underlying stream exhausted. Breaking..."); break; } @@ -352,18 +315,16 @@ public class SaslInputStream extends InputStream } else { // nothing much we can do except return what we have - if (DEBUG && debuglevel > 4) - debug(WARN, - "Not enough bytes in source to read a buffer. Breaking..."); + if (Configuration.DEBUG) + log.finer("Not enough bytes in source to read a buffer. Breaking..."); break; } } - - if (DEBUG && debuglevel > 6) - debug(TRACE, "Remaining: " - + (internalBuf == null ? 0 : internalBuf.length)); - if (DEBUG && debuglevel > 8) - debug(TRACE, "<== read() --> " + String.valueOf(result)); + if (Configuration.DEBUG) + { + log.finer("Remaining: " + (internalBuf == null ? 0 : internalBuf.length)); + log.exiting(this.getClass().getName(), "read()", String.valueOf(result)); + } return result; } @@ -379,9 +340,8 @@ public class SaslInputStream extends InputStream */ private byte[] readSaslBuffer() throws IOException { - if (DEBUG && debuglevel > 8) - debug(TRACE, "==> readSaslBuffer()"); - + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "readSaslBuffer()"); int realLength; // check if we read as many bytes as we're supposed to byte[] result = new byte[4]; try @@ -389,32 +349,27 @@ public class SaslInputStream extends InputStream realLength = source.read(result); if (realLength == -1) { - if (DEBUG && debuglevel > 8) - debug(TRACE, "<== readSaslBuffer() --> null"); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "readSaslBuffer"); return null; } } catch (IOException x) { - if (DEBUG && debuglevel > 0) - debug(ERROR, x); + if (Configuration.DEBUG) + log.throwing(this.getClass().getName(), "readSaslBuffer", x); throw x; } if (realLength != 4) - { - throw new IOException("Was expecting 4 but found " - + String.valueOf(realLength)); - } + throw new IOException("Was expecting 4 but found " + realLength); int bufferLength = result[0] << 24 | (result[1] & 0xFF) << 16 | (result[2] & 0xFF) << 8 | (result[3] & 0xFF); - if (DEBUG && debuglevel > 6) - debug(TRACE, "SASL buffer size: " + bufferLength); + if (Configuration.DEBUG) + log.finer("SASL buffer size: " + bufferLength); if (bufferLength > maxRawSendSize || bufferLength < 0) - { - throw new SaslEncodingException("SASL buffer (security layer) too long"); - } + throw new SaslEncodingException("SASL buffer (security layer) too long"); result = new byte[bufferLength]; try @@ -423,37 +378,34 @@ public class SaslInputStream extends InputStream } catch (IOException x) { - if (DEBUG && debuglevel > 0) - debug(ERROR, x); + if (Configuration.DEBUG) + log.throwing(this.getClass().getName(), "readSaslBuffer", x); throw x; } if (realLength != bufferLength) - throw new IOException("Was expecting " + String.valueOf(bufferLength) - + " but found " + String.valueOf(realLength)); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Incoming buffer (before security) (hex): " - + Util.dumpString(result)); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Incoming buffer (before security) (str): \"" - + new String(result) + "\""); - - if (client != null) + throw new IOException("Was expecting " + bufferLength + + " but found " + realLength); + if (Configuration.DEBUG) { - result = client.unwrap(result, 0, realLength); + log.finer("Incoming buffer (before security) (hex): " + + Util.dumpString(result)); + log.finer("Incoming buffer (before security) (str): \"" + + new String(result) + "\""); } + if (client != null) + result = client.unwrap(result, 0, realLength); else + result = server.unwrap(result, 0, realLength); + + if (Configuration.DEBUG) { - result = server.unwrap(result, 0, realLength); + log.finer("Incoming buffer (after security) (hex): " + + Util.dumpString(result)); + log.finer("Incoming buffer (after security) (str): \"" + + new String(result) + "\""); + log.exiting(this.getClass().getName(), "readSaslBuffer"); } - if (DEBUG && debuglevel > 6) - debug(TRACE, "Incoming buffer (after security) (hex): " - + Util.dumpString(result)); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Incoming buffer (after security) (str): \"" - + new String(result) + "\""); - if (DEBUG && debuglevel > 8) - debug(TRACE, "<== readSaslBuffer()"); return result; } } \ No newline at end of file diff --git a/gnu/javax/crypto/sasl/SaslOutputStream.java b/gnu/javax/crypto/sasl/SaslOutputStream.java index 699720137..9d2aa020d 100644 --- a/gnu/javax/crypto/sasl/SaslOutputStream.java +++ b/gnu/javax/crypto/sasl/SaslOutputStream.java @@ -38,11 +38,12 @@ exception statement from your version. */ package gnu.javax.crypto.sasl; +import gnu.classpath.Configuration; import gnu.java.security.util.Util; -import java.io.OutputStream; import java.io.IOException; -import java.io.PrintWriter; +import java.io.OutputStream; +import java.util.logging.Logger; import javax.security.sasl.Sasl; import javax.security.sasl.SaslClient; @@ -54,37 +55,10 @@ import javax.security.sasl.SaslServer; */ public class SaslOutputStream extends OutputStream { - - // Debugging methods and variables - // ------------------------------------------------------------------------- - - private static final String NAME = "SaslOutputStream"; - - // private static final String ERROR = "ERROR"; - // private static final String WARN = " WARN"; - // private static final String INFO = " INFO"; - private static final String TRACE = "DEBUG"; - - private static final boolean DEBUG = true; - - private static final int debuglevel = 3; - - private static final PrintWriter err = new PrintWriter(System.out, true); - - private static void debug(String level, Object obj) - { - err.println("[" + level + "] " + NAME + ": " + String.valueOf(obj)); - } - - // Constants and variables - // ------------------------------------------------------------------------- - + private static final Logger log = Logger.getLogger(SaslOutputStream.class.getName()); private SaslClient client; - private SaslServer server; - private int maxRawSendSize; - private OutputStream dest; // Constructor(s) @@ -148,52 +122,45 @@ public class SaslOutputStream extends OutputStream */ public void write(byte[] b, int off, int len) throws IOException { - if (b == null) - { - throw new NullPointerException("b"); - } + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "write"); if ((off < 0) || (off > b.length) || (len < 0) || ((off + len) > b.length) || ((off + len) < 0)) - { - throw new IndexOutOfBoundsException("off=" + String.valueOf(off) - + ", len=" + String.valueOf(len) - + ", b.length=" - + String.valueOf(b.length)); - } + throw new IndexOutOfBoundsException("off=" + off + + ", len=" + len + + ", b.length=" + b.length); if (len == 0) { + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "write"); return; } - if (DEBUG && debuglevel > 8) - debug(TRACE, "==> write()"); - int chunckSize, length, chunck = 1; byte[] output = null, result; - if (DEBUG && debuglevel > 6) - debug(TRACE, "About to wrap " + String.valueOf(len) + " byte(s)..."); + if (Configuration.DEBUG) + log.finer("About to wrap " + len + " byte(s)..."); while (len > 0) { chunckSize = (len > maxRawSendSize ? maxRawSendSize : len); - - if (DEBUG && debuglevel > 6) - debug(TRACE, "Outgoing buffer (before security) (hex): " - + Util.dumpString(b, off, chunckSize)); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Outgoing buffer (before security) (str): \"" - + new String(b, off, chunckSize) + "\""); - + if (Configuration.DEBUG) + { + log.finer("Outgoing buffer (before security) (hex): " + + Util.dumpString(b, off, chunckSize)); + log.finer("Outgoing buffer (before security) (str): \"" + + new String(b, off, chunckSize) + "\""); + } if (client != null) output = client.wrap(b, off, chunckSize); else output = server.wrap(b, off, chunckSize); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Outgoing buffer (after security) (hex): " - + Util.dumpString(output)); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Outgoing buffer (after security) (str): \"" - + new String(output) + "\""); - + if (Configuration.DEBUG) + { + log.finer("Outgoing buffer (after security) (hex): " + + Util.dumpString(output)); + log.finer("Outgoing buffer (after security) (str): \"" + + new String(output) + "\""); + } length = output.length; result = new byte[length + 4]; result[0] = (byte) (length >>> 24); @@ -206,13 +173,12 @@ public class SaslOutputStream extends OutputStream off += chunckSize; len -= chunckSize; - if (DEBUG && debuglevel > 6) - debug(TRACE, "Wrapped chunck #" + String.valueOf(chunck)); + if (Configuration.DEBUG) + log.finer("Wrapped chunck #" + chunck); chunck++; } - dest.flush(); - if (DEBUG && debuglevel > 8) - debug(TRACE, "<== write()"); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "write"); } } \ No newline at end of file diff --git a/gnu/javax/crypto/sasl/srp/SRPClient.java b/gnu/javax/crypto/sasl/srp/SRPClient.java index 1a1664ff7..0430342eb 100644 --- a/gnu/javax/crypto/sasl/srp/SRPClient.java +++ b/gnu/javax/crypto/sasl/srp/SRPClient.java @@ -38,147 +38,84 @@ exception statement from your version. */ package gnu.javax.crypto.sasl.srp; +import gnu.classpath.Configuration; import gnu.java.security.Registry; import gnu.java.security.hash.MD5; import gnu.java.security.util.PRNG; import gnu.java.security.util.Util; - +import gnu.javax.crypto.assembly.Direction; +import gnu.javax.crypto.cipher.CipherFactory; +import gnu.javax.crypto.cipher.IBlockCipher; import gnu.javax.crypto.key.IKeyAgreementParty; import gnu.javax.crypto.key.IncomingMessage; -import gnu.javax.crypto.key.KeyAgreementFactory; import gnu.javax.crypto.key.KeyAgreementException; +import gnu.javax.crypto.key.KeyAgreementFactory; import gnu.javax.crypto.key.OutgoingMessage; import gnu.javax.crypto.key.srp6.SRP6KeyAgreement; -import gnu.javax.crypto.assembly.Direction; -import gnu.javax.crypto.cipher.CipherFactory; -import gnu.javax.crypto.cipher.IBlockCipher; import gnu.javax.crypto.sasl.ClientMechanism; import gnu.javax.crypto.sasl.IllegalMechanismStateException; import gnu.javax.crypto.sasl.InputBuffer; import gnu.javax.crypto.sasl.IntegrityException; import gnu.javax.crypto.sasl.OutputBuffer; - import gnu.javax.security.auth.Password; -import java.io.IOException; -import java.io.PrintWriter; import java.io.ByteArrayOutputStream; +import java.io.IOException; import java.io.UnsupportedEncodingException; import java.math.BigInteger; import java.security.NoSuchAlgorithmException; import java.util.Arrays; import java.util.HashMap; import java.util.StringTokenizer; +import java.util.logging.Logger; +import javax.security.auth.DestroyFailedException; import javax.security.auth.callback.Callback; import javax.security.auth.callback.NameCallback; import javax.security.auth.callback.PasswordCallback; import javax.security.auth.callback.UnsupportedCallbackException; -import javax.security.auth.DestroyFailedException; import javax.security.sasl.AuthenticationException; import javax.security.sasl.SaslClient; import javax.security.sasl.SaslException; /** - *

The SASL-SRP client-side mechanism.

+ * The SASL-SRP client-side mechanism. */ public class SRPClient extends ClientMechanism implements SaslClient { - - // Debugging methods and variables - // ------------------------------------------------------------------------- - - private static final String NAME = "SRPClient"; - - // private static final String ERROR = "ERROR"; - // private static final String WARN = " WARN"; - private static final String INFO = " INFO"; - - private static final String TRACE = "DEBUG"; - - private static final boolean DEBUG = true; - - private static final int debuglevel = 3; - - private static final PrintWriter err = new PrintWriter(System.out, true); - - private static void debug(final String level, final Object obj) - { - err.println("[" + level + "] " + NAME + ": " + String.valueOf(obj)); - } - - // Constants and variables - // ------------------------------------------------------------------------- - - // private static final HashMap uid2ctx = new HashMap(); - + private static final Logger log = Logger.getLogger(SRPClient.class.getName()); private String uid; // the unique key for this type of client - private String U; // the authentication identity - BigInteger N, g, A, B; - private Password password; // the authentication credentials - private byte[] s; // the user's salt - private byte[] cIV, sIV; // client+server IVs, when confidentiality is on - private byte[] M1, M2; // client+server evidences - private byte[] cn, sn; // client's and server's nonce - private SRP srp; // SRP algorithm instance used by this client - private byte[] sid; // session ID when re-used - private int ttl; // session time-to-live in seconds - private byte[] sCB; // the peer's channel binding data - private String L; // available options - private String o; - private String chosenIntegrityAlgorithm; - private String chosenConfidentialityAlgorithm; - private int rawSendSize = Registry.SASL_BUFFER_MAX_LIMIT; - private byte[] K; // shared session key - private boolean replayDetection = true; // whether Replay Detection is on - private int inCounter = 0; // messages sequence numbers - private int outCounter = 0; - private IALG inMac, outMac; // if !null, use for integrity - private CALG inCipher, outCipher; // if !null, use for confidentiality - private IKeyAgreementParty clientHandler = KeyAgreementFactory.getPartyAInstance(Registry.SRP_SASL_KA); - /** Our default source of randomness. */ private PRNG prng = null; - // Constructor(s) - // ------------------------------------------------------------------------- - public SRPClient() { super(Registry.SASL_SRP_MECHANISM); } - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - - // abstract methods implementation ----------------------------------------- - protected void initMechanism() throws SaslException { // we shall keep track of the sid (and the security context of this @@ -195,9 +132,8 @@ public class SRPClient extends ClientMechanism implements SaslClient b = protocol.getBytes(); md.update(b, 0, b.length); if (channelBinding.length > 0) - { - md.update(channelBinding, 0, channelBinding.length); - } + md.update(channelBinding, 0, channelBinding.length); + uid = Util.toBase64(md.digest()); if (ClientStore.instance().isAlive(uid)) { @@ -253,8 +189,6 @@ public class SRPClient extends ClientMechanism implements SaslClient sn = null; } - // javax.security.sasl.SaslClient interface implementation ----------------- - public boolean hasInitialResponse() { return true; @@ -282,7 +216,7 @@ public class SRPClient extends ClientMechanism implements SaslClient } return result; case 2: // should only occur if session re-use was rejected - if (!complete) + if (! complete) { state++; return receiveEvidence(challenge); @@ -296,22 +230,15 @@ public class SRPClient extends ClientMechanism implements SaslClient protected byte[] engineUnwrap(final byte[] incoming, final int offset, final int len) throws SaslException { - if (DEBUG && debuglevel > 8) - debug(TRACE, "==> engineUnwrap()"); - + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "engineUnwrap"); if (inMac == null && inCipher == null) - { - throw new IllegalStateException("connection is not protected"); - } - + throw new IllegalStateException("connection is not protected"); // at this point one, or both, of confidentiality and integrity protection // services are active. - final byte[] result; try { - // final InputBuffer frameIn = InputBuffer.getInstance(incoming, offset, len); - // result = frameIn.getEOS(); if (inMac != null) { // integrity bytes are at the end of the stream final int macBytesCount = inMac.length(); @@ -320,16 +247,14 @@ public class SRPClient extends ClientMechanism implements SaslClient final byte[] received_mac = new byte[macBytesCount]; System.arraycopy(incoming, offset + payloadLength, received_mac, 0, macBytesCount); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got C (received MAC): " - + Util.dumpString(received_mac)); - // inMac.update(result); + if (Configuration.DEBUG) + log.fine("Got C (received MAC): " + Util.dumpString(received_mac)); inMac.update(incoming, offset, payloadLength); if (replayDetection) { inCounter++; - if (DEBUG && debuglevel > 6) - debug(TRACE, "inCounter=" + String.valueOf(inCounter)); + if (Configuration.DEBUG) + log.fine("inCounter=" + inCounter); inMac.update(new byte[] { (byte) (inCounter >>> 24), (byte) (inCounter >>> 16), (byte) (inCounter >>> 8), @@ -337,170 +262,106 @@ public class SRPClient extends ClientMechanism implements SaslClient } final byte[] computed_mac = inMac.doFinal(); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Computed MAC: " + Util.dumpString(computed_mac)); + if (Configuration.DEBUG) + log.fine("Computed MAC: " + Util.dumpString(computed_mac)); if (!Arrays.equals(received_mac, computed_mac)) - { - throw new IntegrityException("engineUnwrap()"); - } - + throw new IntegrityException("engineUnwrap()"); // deal with the payload, which can be either plain or encrypted if (inCipher != null) - { - result = inCipher.doFinal(incoming, offset, payloadLength); - } + result = inCipher.doFinal(incoming, offset, payloadLength); else { result = new byte[len - macBytesCount]; System.arraycopy(incoming, offset, result, 0, result.length); } } - else - { // no integrity protection; just confidentiality - // if (inCipher != null) { - result = inCipher.doFinal(incoming, offset, len); - // } else { - // result = new byte[len]; - // System.arraycopy(incoming, offset, result, 0, len); - // } - } - // if (inCipher != null) { - // result = inCipher.doFinal(result); - // } + else // no integrity protection; just confidentiality + result = inCipher.doFinal(incoming, offset, len); } catch (IOException x) { if (x instanceof SaslException) - { - throw (SaslException) x; - } + throw (SaslException) x; throw new SaslException("engineUnwrap()", x); } - - if (DEBUG && debuglevel > 8) - debug(TRACE, "<== engineUnwrap()"); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "engineUnwrap"); return result; } protected byte[] engineWrap(final byte[] outgoing, final int offset, final int len) throws SaslException { - if (DEBUG && debuglevel > 8) - debug(TRACE, "==> engineWrap()"); - + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "engineWrap"); if (outMac == null && outCipher == null) - { - throw new IllegalStateException("connection is not protected"); - } - + throw new IllegalStateException("connection is not protected"); // at this point one, or both, of confidentiality and integrity protection // services are active. - - // byte[] data = new byte[len]; - // System.arraycopy(outgoing, offset, data, 0, len); byte[] result; try { - // OutputBuffer frameOut = new OutputBuffer(); final ByteArrayOutputStream out = new ByteArrayOutputStream(); // Process the data if (outCipher != null) { - // data = outCipher.doFinal(data); result = outCipher.doFinal(outgoing, offset, len); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Encoding c (encrypted plaintext): " - + Util.dumpString(result)); - - // frameOut.setEOS(data); + if (Configuration.DEBUG) + log.fine("Encoding c (encrypted plaintext): " + + Util.dumpString(result)); out.write(result); - if (outMac != null) { outMac.update(result); if (replayDetection) { outCounter++; - if (DEBUG && debuglevel > 6) - debug(TRACE, "outCounter=" + String.valueOf(outCounter)); - outMac.update(new byte[] { (byte) (outCounter >>> 24), - (byte) (outCounter >>> 16), - (byte) (outCounter >>> 8), - (byte) outCounter }); + if (Configuration.DEBUG) + log.fine("outCounter=" + outCounter); + outMac.update(new byte[] { (byte)(outCounter >>> 24), + (byte)(outCounter >>> 16), + (byte)(outCounter >>> 8), + (byte) outCounter }); } final byte[] C = outMac.doFinal(); - // frameOut.setOS(C); out.write(C); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Encoding C (integrity checksum): " - + Util.dumpString(C)); - } // else confidentiality only; do nothing + if (Configuration.DEBUG) + log.fine("Encoding C (integrity checksum): " + Util.dumpString(C)); + } + // else confidentiality only; do nothing } - else - { // no confidentiality; just integrity [+ replay detection] - // if (DEBUG && debuglevel > 6) debug(TRACE, "Encoding p (plaintext): "+Util.dumpString(data)); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Encoding p (plaintext): " - + Util.dumpString(outgoing, offset, len)); - - // frameOut.setEOS(data); + else // no confidentiality; just integrity [+ replay detection] + { + if (Configuration.DEBUG) + log.fine("Encoding p (plaintext): " + + Util.dumpString(outgoing, offset, len)); out.write(outgoing, offset, len); - - // if (outMac != null) { - // outMac.update(data); outMac.update(outgoing, offset, len); if (replayDetection) { outCounter++; - if (DEBUG && debuglevel > 6) - debug(TRACE, "outCounter=" + String.valueOf(outCounter)); - outMac.update(new byte[] { (byte) (outCounter >>> 24), - (byte) (outCounter >>> 16), - (byte) (outCounter >>> 8), - (byte) outCounter }); + if (Configuration.DEBUG) + log.fine("outCounter=" + outCounter); + outMac.update(new byte[] { (byte)(outCounter >>> 24), + (byte)(outCounter >>> 16), + (byte)(outCounter >>> 8), + (byte) outCounter }); } final byte[] C = outMac.doFinal(); - // frameOut.setOS(C); out.write(C); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Encoding C (integrity checksum): " - + Util.dumpString(C)); - // } + if (Configuration.DEBUG) + log.fine("Encoding C (integrity checksum): " + Util.dumpString(C)); } - - // frameOut.setEOS(data); - // - // if (outMac != null) { - // outMac.update(data); - // if (replayDetection) { - // outCounter++; - // if (DEBUG && debuglevel > 6) debug(TRACE, "outCounter="+String.valueOf(outCounter)); - // outMac.update(new byte[] { - // (byte)(outCounter >>> 24), - // (byte)(outCounter >>> 16), - // (byte)(outCounter >>> 8), - // (byte) outCounter }); - // } - // byte[] C = outMac.doFinal(); - // frameOut.setOS(C); - // if (DEBUG && debuglevel > 6) debug(TRACE, "Encoding C (integrity checksum): "+Util.dumpString(C)); - // } - - // result = frameOut.wrap(); result = out.toByteArray(); - } catch (IOException x) { if (x instanceof SaslException) - { - throw (SaslException) x; - } + throw (SaslException) x; throw new SaslException("engineWrap()", x); } - - if (DEBUG && debuglevel > 8) - debug(TRACE, "<== engineWrap()"); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "engineWrap"); return result; } @@ -509,13 +370,9 @@ public class SRPClient extends ClientMechanism implements SaslClient if (inMac != null) { if (inCipher != null) - { - return Registry.QOP_AUTH_CONF; - } - else - { - return Registry.QOP_AUTH_INT; - } + return Registry.QOP_AUTH_CONF; + + return Registry.QOP_AUTH_INT; } return Registry.QOP_AUTH; } @@ -525,13 +382,9 @@ public class SRPClient extends ClientMechanism implements SaslClient if (inMac != null) { if (inCipher != null) - { - return Registry.STRENGTH_HIGH; - } - else - { - return Registry.STRENGTH_MEDIUM; - } + return Registry.STRENGTH_HIGH; + + return Registry.STRENGTH_MEDIUM; } return Registry.STRENGTH_LOW; } @@ -550,19 +403,16 @@ public class SRPClient extends ClientMechanism implements SaslClient private byte[] sendIdentities() throws SaslException { - if (DEBUG && debuglevel > 8) - debug(TRACE, "==> sendIdentities()"); - + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "sendIdentities"); // If necessary, prompt the client for the username and password getUsernameAndPassword(); - - if (DEBUG && debuglevel > 6) - debug(TRACE, "Password: \"" + new String(password.getPassword()) + "\""); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Encoding U (username): \"" + U + "\""); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Encoding I (userid): \"" + authorizationID + "\""); - + if (Configuration.DEBUG) + { + log.fine("Password: \"" + new String(password.getPassword()) + "\""); + log.fine("Encoding U (username): \"" + U + "\""); + log.fine("Encoding I (userid): \"" + authorizationID + "\""); + } // if session re-use generate new 16-byte nonce if (sid.length != 0) { @@ -570,9 +420,7 @@ public class SRPClient extends ClientMechanism implements SaslClient getDefaultPRNG().nextBytes(cn); } else - { - cn = new byte[0]; - } + cn = new byte[0]; final OutputBuffer frameOut = new OutputBuffer(); try @@ -586,36 +434,30 @@ public class SRPClient extends ClientMechanism implements SaslClient catch (IOException x) { if (x instanceof SaslException) - { - throw (SaslException) x; - } + throw (SaslException) x; throw new AuthenticationException("sendIdentities()", x); } final byte[] result = frameOut.encode(); - if (DEBUG && debuglevel > 8) - debug(TRACE, "<== sendIdentities()"); - if (DEBUG && debuglevel > 2) - debug(INFO, "C: " + Util.dumpString(result)); - if (DEBUG && debuglevel > 2) - debug(INFO, " U = " + U); - if (DEBUG && debuglevel > 2) - debug(INFO, " I = " + authorizationID); - if (DEBUG && debuglevel > 2) - debug(INFO, "sid = " + new String(sid)); - if (DEBUG && debuglevel > 2) - debug(INFO, " cn = " + Util.dumpString(cn)); - if (DEBUG && debuglevel > 2) - debug(INFO, "cCB = " + Util.dumpString(channelBinding)); + if (Configuration.DEBUG) + { + log.fine("C: " + Util.dumpString(result)); + log.fine(" U = " + U); + log.fine(" I = " + authorizationID); + log.fine("sid = " + new String(sid)); + log.fine(" cn = " + Util.dumpString(cn)); + log.fine("cCB = " + Util.dumpString(channelBinding)); + log.exiting(this.getClass().getName(), "sendIdentities"); + } return result; } private byte[] sendPublicKey(final byte[] input) throws SaslException { - if (DEBUG && debuglevel > 8) - debug(TRACE, "==> sendPublicKey()"); - if (DEBUG && debuglevel > 6) - debug(TRACE, "S: " + Util.dumpString(input)); - + if (Configuration.DEBUG) + { + log.entering(this.getClass().getName(), "sendPublicKey"); + log.fine("S: " + Util.dumpString(input)); + } // Server sends [00], N, g, s, B, L // or [FF], sn, sCB final InputBuffer frameIn = new InputBuffer(input); @@ -626,57 +468,47 @@ public class SRPClient extends ClientMechanism implements SaslClient if (ack == 0x00) { // new session N = frameIn.getMPI(); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got N (modulus): " + Util.dump(N)); + if (Configuration.DEBUG) + log.fine("Got N (modulus): " + Util.dump(N)); g = frameIn.getMPI(); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got g (generator): " + Util.dump(g)); + if (Configuration.DEBUG) + log.fine("Got g (generator): " + Util.dump(g)); s = frameIn.getOS(); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got s (salt): " + Util.dumpString(s)); + if (Configuration.DEBUG) + log.fine("Got s (salt): " + Util.dumpString(s)); B = frameIn.getMPI(); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got B (server ephermeral public key): " - + Util.dump(B)); + if (Configuration.DEBUG) + log.fine("Got B (server ephermeral public key): " + Util.dump(B)); L = frameIn.getText(); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got L (available options): \"" + L + "\""); + if (Configuration.DEBUG) + log.fine("Got L (available options): \"" + L + "\""); } else if (ack == 0xFF) { // session re-use sn = frameIn.getOS(); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got sn (server nonce): " + Util.dumpString(sn)); + if (Configuration.DEBUG) + log.fine("Got sn (server nonce): " + Util.dumpString(sn)); sCB = frameIn.getEOS(); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got sCB (server channel binding): " - + Util.dumpString(sCB)); - } - else - { // unexpected scalar - throw new SaslException("sendPublicKey(): Invalid scalar (" + ack - + ") in server's request"); + if (Configuration.DEBUG) + log.fine("Got sCB (server channel binding): " + Util.dumpString(sCB)); } + else // unexpected scalar + throw new SaslException("sendPublicKey(): Invalid scalar (" + ack + + ") in server's request"); } catch (IOException x) { if (x instanceof SaslException) - { - throw (SaslException) x; - } + throw (SaslException) x; throw new SaslException("sendPublicKey()", x); } - if (ack == 0x00) { // new session --------------------------------------- o = createO(L.toLowerCase()); // do this first to initialise the SRP hash - final byte[] pBytes; // use ASCII encoding to inter-operate w/ non-java pBytes = password.getBytes(); - // ---------------------------------------------------------------------- final HashMap mapA = new HashMap(); - // mapA.put(SRP6KeyAgreement.HASH_FUNCTION, srp.newDigest()); mapA.put(SRP6KeyAgreement.HASH_FUNCTION, srp.getAlgorithm()); mapA.put(SRP6KeyAgreement.USER_IDENTITY, U); mapA.put(SRP6KeyAgreement.USER_PASSWORD, pBytes); @@ -689,9 +521,6 @@ public class SRPClient extends ClientMechanism implements SaslClient { throw new SaslException("sendPublicKey()", x); } - - // ---------------------------------------------------------------------- - // ------------------------------------------------------------------- try { @@ -702,7 +531,6 @@ public class SRPClient extends ClientMechanism implements SaslClient out.writeMPI(B); IncomingMessage in = new IncomingMessage(out.toByteArray()); out = clientHandler.processMessage(in); - in = new IncomingMessage(out.toByteArray()); A = in.readMPI(); K = clientHandler.getSharedSecret(); @@ -712,13 +540,11 @@ public class SRPClient extends ClientMechanism implements SaslClient throw new SaslException("sendPublicKey()", x); } // ------------------------------------------------------------------- - - if (DEBUG && debuglevel > 6) - debug(TRACE, "K: " + Util.dumpString(K)); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Encoding A (client ephemeral public key): " - + Util.dump(A)); - + if (Configuration.DEBUG) + { + log.fine("K: " + Util.dumpString(K)); + log.fine("Encoding A (client ephemeral public key): " + Util.dump(A)); + } try { M1 = srp.generateM1(N, g, U, s, A, B, K, authorizationID, L, cn, @@ -728,13 +554,11 @@ public class SRPClient extends ClientMechanism implements SaslClient { throw new AuthenticationException("sendPublicKey()", x); } - - if (DEBUG && debuglevel > 6) - debug(TRACE, "Encoding o (client chosen options): \"" + o + "\""); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Encoding cIV (client IV): \"" + Util.dumpString(cIV) - + "\""); - + if (Configuration.DEBUG) + { + log.fine("Encoding o (client chosen options): \"" + o + "\""); + log.fine("Encoding cIV (client IV): \"" + Util.dumpString(cIV) + "\""); + } final OutputBuffer frameOut = new OutputBuffer(); try { @@ -746,74 +570,65 @@ public class SRPClient extends ClientMechanism implements SaslClient catch (IOException x) { if (x instanceof SaslException) - { - throw (SaslException) x; - } + throw (SaslException) x; throw new AuthenticationException("sendPublicKey()", x); } final byte[] result = frameOut.encode(); - if (DEBUG && debuglevel > 8) - debug(TRACE, "<== sendPublicKey()"); - if (DEBUG && debuglevel > 2) - debug(INFO, "New session, or session re-use rejected..."); - if (DEBUG && debuglevel > 2) - debug(INFO, "C: " + Util.dumpString(result)); - if (DEBUG && debuglevel > 2) - debug(INFO, " A = 0x" + A.toString(16)); - if (DEBUG && debuglevel > 2) - debug(INFO, " M1 = " + Util.dumpString(M1)); - if (DEBUG && debuglevel > 2) - debug(INFO, " o = " + o); - if (DEBUG && debuglevel > 2) - debug(INFO, "cIV = " + Util.dumpString(cIV)); - + if (Configuration.DEBUG) + { + log.fine("New session, or session re-use rejected..."); + log.fine("C: " + Util.dumpString(result)); + log.fine(" A = 0x" + A.toString(16)); + log.fine(" M1 = " + Util.dumpString(M1)); + log.fine(" o = " + o); + log.fine("cIV = " + Util.dumpString(cIV)); + log.exiting(this.getClass().getName(), "sendPublicKey"); + } return result; } - else - { // session re-use accepted ------------------------------------- + else // session re-use accepted ------------------------------------------- + { setupSecurityServices(true); - if (DEBUG && debuglevel > 8) - debug(TRACE, "<== sendPublicKey()"); - if (DEBUG && debuglevel > 2) - debug(INFO, "Session re-use accepted..."); + if (Configuration.DEBUG) + { + log.fine("Session re-use accepted..."); + log.exiting(this.getClass().getName(), "sendPublicKey"); + } return null; } } private byte[] receiveEvidence(byte[] input) throws SaslException { - if (DEBUG && debuglevel > 8) - debug(TRACE, "==> receiveEvidence()"); - if (DEBUG && debuglevel > 6) - debug(TRACE, "S: " + Util.dumpString(input)); - + if (Configuration.DEBUG) + { + log.entering(this.getClass().getName(), "receiveEvidence"); + log.fine("S: " + Util.dumpString(input)); + } // Server send M2, sIV, sCB, sid, ttl final InputBuffer frameIn = new InputBuffer(input); try { M2 = frameIn.getOS(); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got M2 (server evidence): " + Util.dumpString(M2)); + if (Configuration.DEBUG) + log.fine("Got M2 (server evidence): " + Util.dumpString(M2)); sIV = frameIn.getOS(); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got sIV (server IV): " + Util.dumpString(sIV)); + if (Configuration.DEBUG) + log.fine("Got sIV (server IV): " + Util.dumpString(sIV)); sid = frameIn.getEOS(); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got sid (session ID): " + new String(sid)); + if (Configuration.DEBUG) + log.fine("Got sid (session ID): " + new String(sid)); ttl = (int) frameIn.getScalar(4); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got ttl (session time-to-live): " + ttl + "sec."); + if (Configuration.DEBUG) + log.fine("Got ttl (session time-to-live): " + ttl + "sec."); sCB = frameIn.getEOS(); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got sCB (server channel binding): " - + Util.dumpString(sCB)); + if (Configuration.DEBUG) + log.fine("Got sCB (server channel binding): " + Util.dumpString(sCB)); } catch (IOException x) { if (x instanceof SaslException) - { - throw (SaslException) x; - } + throw (SaslException) x; throw new AuthenticationException("receiveEvidence()", x); } @@ -827,18 +642,14 @@ public class SRPClient extends ClientMechanism implements SaslClient { throw new AuthenticationException("receiveEvidence()", x); } - - if (DEBUG && debuglevel > 6) - debug(TRACE, "Expected: " + Util.dumpString(expected)); + if (Configuration.DEBUG) + log.fine("Expected: " + Util.dumpString(expected)); if (!Arrays.equals(M2, expected)) - { - throw new AuthenticationException("M2 mismatch"); - } + throw new AuthenticationException("M2 mismatch"); setupSecurityServices(false); - - if (DEBUG && debuglevel > 8) - debug(TRACE, "<== receiveEvidence()"); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "receiveEvidence"); return null; } @@ -846,19 +657,15 @@ public class SRPClient extends ClientMechanism implements SaslClient { try { - if ((!properties.containsKey(Registry.SASL_USERNAME)) - && (!properties.containsKey(Registry.SASL_PASSWORD))) + if ((! properties.containsKey(Registry.SASL_USERNAME)) + && (! properties.containsKey(Registry.SASL_PASSWORD))) { final NameCallback nameCB; final String defaultName = System.getProperty("user.name"); if (defaultName == null) - { - nameCB = new NameCallback("username: "); - } + nameCB = new NameCallback("username: "); else - { - nameCB = new NameCallback("username: ", defaultName); - } + nameCB = new NameCallback("username: ", defaultName); final PasswordCallback pwdCB = new PasswordCallback("password: ", false); handler.handle(new Callback[] { nameCB, pwdCB }); @@ -868,21 +675,15 @@ public class SRPClient extends ClientMechanism implements SaslClient else { if (properties.containsKey(Registry.SASL_USERNAME)) - { - this.U = (String) properties.get(Registry.SASL_USERNAME); - } + this.U = (String) properties.get(Registry.SASL_USERNAME); else { final NameCallback nameCB; final String defaultName = System.getProperty("user.name"); if (defaultName == null) - { - nameCB = new NameCallback("username: "); - } + nameCB = new NameCallback("username: "); else - { - nameCB = new NameCallback("username: ", defaultName); - } + nameCB = new NameCallback("username: ", defaultName); this.handler.handle(new Callback[] { nameCB }); this.U = nameCB.getName(); } @@ -897,14 +698,12 @@ public class SRPClient extends ClientMechanism implements SaslClient else if (pw instanceof String) password = new Password(((String) pw).toCharArray()); else - throw new IllegalArgumentException( - pw.getClass().getName() - + "is not a valid password class"); + throw new IllegalArgumentException(pw.getClass().getName() + + "is not a valid password class"); } else { - final PasswordCallback pwdCB = new PasswordCallback( - "password: ", + final PasswordCallback pwdCB = new PasswordCallback("password: ", false); this.handler.handle(new Callback[] { pwdCB }); password = new Password(pwdCB.getPassword()); @@ -912,13 +711,9 @@ public class SRPClient extends ClientMechanism implements SaslClient } if (U == null) - { - throw new AuthenticationException("null username supplied"); - } + throw new AuthenticationException("null username supplied"); if (password == null) - { - throw new AuthenticationException("null password supplied"); - } + throw new AuthenticationException("null password supplied"); } catch (UnsupportedCallbackException x) { @@ -935,9 +730,8 @@ public class SRPClient extends ClientMechanism implements SaslClient // to us by the client. private String createO(final String aol) throws AuthenticationException { - if (DEBUG && debuglevel > 8) - debug(TRACE, "==> createO(\"" + aol + "\")"); - + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "createO", aol); boolean replaydetectionAvailable = false; boolean integrityAvailable = false; boolean confidentialityAvailable = false; @@ -945,7 +739,6 @@ public class SRPClient extends ClientMechanism implements SaslClient int i; String mdName = SRPRegistry.SRP_DEFAULT_DIGEST_NAME; - final StringTokenizer st = new StringTokenizer(aol, ","); while (st.hasMoreTokens()) { @@ -953,8 +746,8 @@ public class SRPClient extends ClientMechanism implements SaslClient if (option.startsWith(SRPRegistry.OPTION_SRP_DIGEST + "=")) { option = option.substring(option.indexOf('=') + 1); - if (DEBUG && debuglevel > 6) - debug(TRACE, "mda: <" + option + ">"); + if (Configuration.DEBUG) + log.fine("mda: <" + option + ">"); for (i = 0; i < SRPRegistry.INTEGRITY_ALGORITHMS.length; i++) { if (SRPRegistry.SRP_ALGORITHMS[i].equals(option)) @@ -965,14 +758,12 @@ public class SRPClient extends ClientMechanism implements SaslClient } } else if (option.equals(SRPRegistry.OPTION_REPLAY_DETECTION)) - { - replaydetectionAvailable = true; - } + replaydetectionAvailable = true; else if (option.startsWith(SRPRegistry.OPTION_INTEGRITY + "=")) { option = option.substring(option.indexOf('=') + 1); - if (DEBUG && debuglevel > 6) - debug(TRACE, "ialg: <" + option + ">"); + if (Configuration.DEBUG) + log.fine("ialg: <" + option + ">"); for (i = 0; i < SRPRegistry.INTEGRITY_ALGORITHMS.length; i++) { if (SRPRegistry.INTEGRITY_ALGORITHMS[i].equals(option)) @@ -986,8 +777,8 @@ public class SRPClient extends ClientMechanism implements SaslClient else if (option.startsWith(SRPRegistry.OPTION_CONFIDENTIALITY + "=")) { option = option.substring(option.indexOf('=') + 1); - if (DEBUG && debuglevel > 6) - debug(TRACE, "calg: <" + option + ">"); + if (Configuration.DEBUG) + log.fine("calg: <" + option + ">"); for (i = 0; i < SRPRegistry.CONFIDENTIALITY_ALGORITHMS.length; i++) { if (SRPRegistry.CONFIDENTIALITY_ALGORITHMS[i].equals(option)) @@ -999,9 +790,7 @@ public class SRPClient extends ClientMechanism implements SaslClient } } else if (option.startsWith(SRPRegistry.OPTION_MANDATORY + "=")) - { - mandatory = option.substring(option.indexOf('=') + 1); - } + mandatory = option.substring(option.indexOf('=') + 1); else if (option.startsWith(SRPRegistry.OPTION_MAX_BUFFER_SIZE + "=")) { final String maxBufferSize = option.substring(option.indexOf('=') + 1); @@ -1010,32 +799,22 @@ public class SRPClient extends ClientMechanism implements SaslClient rawSendSize = Integer.parseInt(maxBufferSize); if (rawSendSize > Registry.SASL_BUFFER_MAX_LIMIT || rawSendSize < 1) - { - throw new AuthenticationException( - "Illegal value for 'maxbuffersize' option"); - } + throw new AuthenticationException("Illegal value for 'maxbuffersize' option"); } catch (NumberFormatException x) { - throw new AuthenticationException( - SRPRegistry.OPTION_MAX_BUFFER_SIZE - + "=" - + String.valueOf(maxBufferSize), + throw new AuthenticationException(SRPRegistry.OPTION_MAX_BUFFER_SIZE + + "=" + maxBufferSize, x); } } } - replayDetection = replaydetectionAvailable - && Boolean.valueOf( - (String) properties.get(SRPRegistry.SRP_REPLAY_DETECTION)).booleanValue(); + && Boolean.valueOf((String) properties.get(SRPRegistry.SRP_REPLAY_DETECTION)).booleanValue(); boolean integrity = integrityAvailable - && Boolean.valueOf( - (String) properties.get(SRPRegistry.SRP_INTEGRITY_PROTECTION)).booleanValue(); + && Boolean.valueOf((String) properties.get(SRPRegistry.SRP_INTEGRITY_PROTECTION)).booleanValue(); boolean confidentiality = confidentialityAvailable - && Boolean.valueOf( - (String) properties.get(SRPRegistry.SRP_CONFIDENTIALITY)).booleanValue(); - + && Boolean.valueOf((String) properties.get(SRPRegistry.SRP_CONFIDENTIALITY)).booleanValue(); // make sure we do the right thing if (SRPRegistry.OPTION_REPLAY_DETECTION.equals(mandatory)) { @@ -1043,95 +822,67 @@ public class SRPClient extends ClientMechanism implements SaslClient integrity = true; } else if (SRPRegistry.OPTION_INTEGRITY.equals(mandatory)) - { - integrity = true; - } + integrity = true; else if (SRPRegistry.OPTION_CONFIDENTIALITY.equals(mandatory)) - { - confidentiality = true; - } + confidentiality = true; + if (replayDetection) { if (chosenIntegrityAlgorithm == null) - { - throw new AuthenticationException( - "Replay detection is required but no " - + "integrity protection algorithm was chosen"); - } + throw new AuthenticationException( + "Replay detection is required but no integrity protection algorithm was chosen"); } if (integrity) { if (chosenIntegrityAlgorithm == null) - { - throw new AuthenticationException( - "Integrity protection is required but no " - + "algorithm was chosen"); - } + throw new AuthenticationException( + "Integrity protection is required but no algorithm was chosen"); } if (confidentiality) { if (chosenConfidentialityAlgorithm == null) - { - throw new AuthenticationException( - "Confidentiality protection is required " - + "but no algorithm was chosen"); - } + throw new AuthenticationException( + "Confidentiality protection is required but no algorithm was chosen"); } - // 1. check if we'll be using confidentiality; if not set IV to 0-byte if (chosenConfidentialityAlgorithm == null) - { - cIV = new byte[0]; - } + cIV = new byte[0]; else { // 2. get the block size of the cipher final IBlockCipher cipher = CipherFactory.getInstance(chosenConfidentialityAlgorithm); if (cipher == null) - { - throw new AuthenticationException("createO()", - new NoSuchAlgorithmException()); - } + throw new AuthenticationException("createO()", + new NoSuchAlgorithmException()); final int blockSize = cipher.defaultBlockSize(); // 3. generate random iv cIV = new byte[blockSize]; getDefaultPRNG().nextBytes(cIV); } - srp = SRP.instance(mdName); - // Now create the options list specifying which of the available options // we have chosen. // For now we just select the defaults. Later we need to add support for // properties (perhaps in a file) where a user can specify the list of // algorithms they would prefer to use. - final StringBuffer sb = new StringBuffer(); - sb.append(SRPRegistry.OPTION_SRP_DIGEST).append("=").append(mdName).append( - ","); + sb.append(SRPRegistry.OPTION_SRP_DIGEST) + .append("=").append(mdName).append(","); if (replayDetection) - { - sb.append(SRPRegistry.OPTION_REPLAY_DETECTION).append(","); - } + sb.append(SRPRegistry.OPTION_REPLAY_DETECTION).append(","); if (integrity) - { - sb.append(SRPRegistry.OPTION_INTEGRITY).append("=").append( - chosenIntegrityAlgorithm).append( - ","); - } + sb.append(SRPRegistry.OPTION_INTEGRITY) + .append("=").append(chosenIntegrityAlgorithm).append(","); if (confidentiality) - { - sb.append(SRPRegistry.OPTION_CONFIDENTIALITY).append("=").append( - chosenConfidentialityAlgorithm).append( - ","); - } - final String result = sb.append(SRPRegistry.OPTION_MAX_BUFFER_SIZE).append( - "=").append( - Registry.SASL_BUFFER_MAX_LIMIT).toString(); - - if (DEBUG && debuglevel > 8) - debug(TRACE, "<== createO() --> " + result); + sb.append(SRPRegistry.OPTION_CONFIDENTIALITY) + .append("=").append(chosenConfidentialityAlgorithm).append(","); + + final String result = sb.append(SRPRegistry.OPTION_MAX_BUFFER_SIZE) + .append("=").append(Registry.SASL_BUFFER_MAX_LIMIT) + .toString(); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "createO", result); return result; } @@ -1139,33 +890,30 @@ public class SRPClient extends ClientMechanism implements SaslClient throws SaslException { complete = true; // signal end of authentication phase - if (!sessionReUse) + if (! sessionReUse) { outCounter = inCounter = 0; // instantiate cipher if confidentiality protection filter is active if (chosenConfidentialityAlgorithm != null) { - if (DEBUG && debuglevel > 2) - debug(INFO, "Activating confidentiality protection filter"); + if (Configuration.DEBUG) + log.fine("Activating confidentiality protection filter"); inCipher = CALG.getInstance(chosenConfidentialityAlgorithm); outCipher = CALG.getInstance(chosenConfidentialityAlgorithm); } // instantiate hmacs if integrity protection filter is active if (chosenIntegrityAlgorithm != null) { - if (DEBUG && debuglevel > 2) - debug(INFO, "Activating integrity protection filter"); + if (Configuration.DEBUG) + log.fine("Activating integrity protection filter"); inMac = IALG.getInstance(chosenIntegrityAlgorithm); outMac = IALG.getInstance(chosenIntegrityAlgorithm); } } - else - { // same session new Keys - K = srp.generateKn(K, cn, sn); - } + else // same session new Keys + K = srp.generateKn(K, cn, sn); final KDF kdf = KDF.getInstance(K); - // initialise in/out ciphers if confidentiality protection is used if (inCipher != null) { @@ -1178,16 +926,13 @@ public class SRPClient extends ClientMechanism implements SaslClient inMac.init(kdf); outMac.init(kdf); } - if (sid != null && sid.length != 0) { // update the security context and save in map - if (DEBUG && debuglevel > 2) - debug(INFO, "Updating security context for UID = " + uid); - ClientStore.instance().cacheSession( - uid, + if (Configuration.DEBUG) + log.fine("Updating security context for UID = " + uid); + ClientStore.instance().cacheSession(uid, ttl, - new SecurityContext( - srp.getAlgorithm(), + new SecurityContext(srp.getAlgorithm(), sid, K, cIV, diff --git a/gnu/javax/crypto/sasl/srp/SRPServer.java b/gnu/javax/crypto/sasl/srp/SRPServer.java index 672660b26..18452555c 100644 --- a/gnu/javax/crypto/sasl/srp/SRPServer.java +++ b/gnu/javax/crypto/sasl/srp/SRPServer.java @@ -38,18 +38,18 @@ exception statement from your version. */ package gnu.javax.crypto.sasl.srp; +import gnu.classpath.Configuration; import gnu.java.security.Registry; import gnu.java.security.util.PRNG; import gnu.java.security.util.Util; - import gnu.javax.crypto.assembly.Direction; import gnu.javax.crypto.cipher.CipherFactory; import gnu.javax.crypto.cipher.IBlockCipher; import gnu.javax.crypto.key.IKeyAgreementParty; -import gnu.javax.crypto.key.KeyAgreementFactory; +import gnu.javax.crypto.key.IncomingMessage; import gnu.javax.crypto.key.KeyAgreementException; +import gnu.javax.crypto.key.KeyAgreementFactory; import gnu.javax.crypto.key.OutgoingMessage; -import gnu.javax.crypto.key.IncomingMessage; import gnu.javax.crypto.key.srp6.SRP6KeyAgreement; import gnu.javax.crypto.sasl.IllegalMechanismStateException; import gnu.javax.crypto.sasl.InputBuffer; @@ -57,114 +57,55 @@ import gnu.javax.crypto.sasl.IntegrityException; import gnu.javax.crypto.sasl.OutputBuffer; import gnu.javax.crypto.sasl.ServerMechanism; -import java.io.IOException; -import java.io.PrintWriter; import java.io.ByteArrayOutputStream; +import java.io.IOException; import java.io.UnsupportedEncodingException; import java.math.BigInteger; import java.util.Arrays; import java.util.HashMap; import java.util.StringTokenizer; +import java.util.logging.Logger; import javax.security.sasl.AuthenticationException; import javax.security.sasl.SaslException; import javax.security.sasl.SaslServer; /** - *

The SASL-SRP server-side mechanism.

+ * The SASL-SRP server-side mechanism. */ public class SRPServer extends ServerMechanism implements SaslServer { - - // Debugging methods and variables - // ------------------------------------------------------------------------- - - private static final String NAME = "SRPServer"; - - // private static final String ERROR = "ERROR"; - private static final String WARN = " WARN"; - - private static final String INFO = " INFO"; - - private static final String TRACE = "DEBUG"; - - private static final boolean DEBUG = true; - - private static final int debuglevel = 3; - - private static final PrintWriter err = new PrintWriter(System.out, true); - - private static void debug(final String level, final Object obj) - { - err.println("[" + level + "] " + NAME + ": " + String.valueOf(obj)); - } - - // Constants and variables - // ------------------------------------------------------------------------- - + private static final Logger log = Logger.getLogger(SRPServer.class.getName()); private String U = null; // client's username - private BigInteger N, g, A, B; - private byte[] s; // salt - private byte[] cIV, sIV; // client+server IVs, when confidentiality is on - private byte[] cn, sn; // client's and server's nonce - private SRP srp; // SRP algorithm instance used by this server - private byte[] sid; // session ID when re-used - private int ttl = 360; // session time-to-live in seconds - private byte[] cCB; // peer's channel binding' - private String mandatory; // List of available options - private String L = null; - private String o; - private String chosenIntegrityAlgorithm; - private String chosenConfidentialityAlgorithm; - private int rawSendSize = Registry.SASL_BUFFER_MAX_LIMIT; - private byte[] K; // shared session key - private boolean replayDetection = true; // whether Replay Detection is on - private int inCounter = 0; // messages sequence numbers - private int outCounter = 0; - private IALG inMac, outMac; // if !null, use for integrity - private CALG inCipher, outCipher; // if !null, use for confidentiality - private IKeyAgreementParty serverHandler = KeyAgreementFactory.getPartyBInstance(Registry.SRP_SASL_KA); - /** Our default source of randomness. */ private PRNG prng = null; - // Constructor(s) - // ------------------------------------------------------------------------- - public SRPServer() { super(Registry.SASL_SRP_MECHANISM); } - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - - // abstract methods implementation ----------------------------------------- - protected void initMechanism() throws SaslException { // TODO: @@ -187,21 +128,18 @@ public class SRPServer extends ServerMechanism implements SaslServer sid = null; } - // javax.security.sasl.SaslServer interface implementation ----------------- - public byte[] evaluateResponse(final byte[] response) throws SaslException { switch (state) { case 0: if (response == null) - { - return null; - } + return null; + state++; return sendProtocolElements(response); case 1: - if (!complete) + if (! complete) { state++; return sendEvidence(response); @@ -215,65 +153,15 @@ public class SRPServer extends ServerMechanism implements SaslServer protected byte[] engineUnwrap(final byte[] incoming, final int offset, final int len) throws SaslException { - // if (DEBUG && debuglevel > 8) debug(TRACE, "==> engineUnwrap()"); - // - // if (inMac == null && inCipher == null) { - // throw new IllegalStateException("connection is not protected"); - // } - // - // if (DEBUG && debuglevel > 6) debug(TRACE, "Incoming buffer (before security): "+Util.dumpString(incoming, offset, len)); - // - // byte[] data = null; - // try { - // InputBuffer frameIn = InputBuffer.getInstance(incoming, offset, len); - // data = frameIn.getEOS(); - // if (inMac != null) { - // byte[] received_mac = frameIn.getOS(); - // if (DEBUG && debuglevel > 6) debug(TRACE, "Got C (received MAC): "+Util.dumpString(received_mac)); - // inMac.update(data); - // if (replayDetection) { - // inCounter++; - // if (DEBUG && debuglevel > 6) debug(TRACE, "inCounter="+String.valueOf(inCounter)); - // inMac.update(new byte[] { - // (byte)(inCounter >>> 24), - // (byte)(inCounter >>> 16), - // (byte)(inCounter >>> 8), - // (byte) inCounter }); - // } - // final byte[] computed_mac = inMac.doFinal(); - // if (DEBUG && debuglevel > 6) debug(TRACE, "Computed MAC: "+Util.dumpString(computed_mac)); - // if (!Arrays.equals(received_mac, computed_mac)) - // throw new IntegrityException("engineUnwrap()"); - // } - // if (inCipher != null) { - // data = inCipher.doFinal(data); - // } - // } catch (IOException x) { - // if (x instanceof SaslException) { - // throw (SaslException) x; - // } - // throw new SaslException("engineUnwrap()", x); - // } - // - // if (DEBUG && debuglevel > 6) debug(TRACE, "Incoming buffer (after security): "+Util.dumpString(data)); - // if (DEBUG && debuglevel > 8) debug(TRACE, "<== engineUnwrap()"); - // return data; - - if (DEBUG && debuglevel > 8) - debug(TRACE, "==> engineUnwrap()"); - + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "engineUnwrap"); if (inMac == null && inCipher == null) - { - throw new IllegalStateException("connection is not protected"); - } - - if (DEBUG && debuglevel > 6) - debug(TRACE, "Incoming buffer (before security): " - + Util.dumpString(incoming, offset, len)); - + throw new IllegalStateException("connection is not protected"); + if (Configuration.DEBUG) + log.fine("Incoming buffer (before security): " + + Util.dumpString(incoming, offset, len)); // at this point one, or both, of confidentiality and integrity protection // services are active. - final byte[] result; try { @@ -284,137 +172,67 @@ public class SRPServer extends ServerMechanism implements SaslServer final byte[] received_mac = new byte[macBytesCount]; System.arraycopy(incoming, offset + payloadLength, received_mac, 0, macBytesCount); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got C (received MAC): " - + Util.dumpString(received_mac)); + if (Configuration.DEBUG) + log.fine("Got C (received MAC): " + Util.dumpString(received_mac)); inMac.update(incoming, offset, payloadLength); if (replayDetection) { inCounter++; - if (DEBUG && debuglevel > 6) - debug(TRACE, "inCounter=" + String.valueOf(inCounter)); - inMac.update(new byte[] { (byte) (inCounter >>> 24), - (byte) (inCounter >>> 16), - (byte) (inCounter >>> 8), - (byte) inCounter }); + if (Configuration.DEBUG) + log.fine("inCounter=" + String.valueOf(inCounter)); + inMac.update(new byte[] { (byte)(inCounter >>> 24), + (byte)(inCounter >>> 16), + (byte)(inCounter >>> 8), + (byte) inCounter }); } - final byte[] computed_mac = inMac.doFinal(); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Computed MAC: " + Util.dumpString(computed_mac)); + if (Configuration.DEBUG) + log.fine("Computed MAC: " + Util.dumpString(computed_mac)); if (!Arrays.equals(received_mac, computed_mac)) - { - throw new IntegrityException("engineUnwrap()"); - } + throw new IntegrityException("engineUnwrap()"); // deal with the payload, which can be either plain or encrypted if (inCipher != null) - { - result = inCipher.doFinal(incoming, offset, payloadLength); - } + result = inCipher.doFinal(incoming, offset, payloadLength); else { result = new byte[payloadLength]; System.arraycopy(incoming, offset, result, 0, result.length); } } - else - { // no integrity protection; just confidentiality - // if (inCipher != null) { - result = inCipher.doFinal(incoming, offset, len); - // } else { - // result = new byte[len]; - // System.arraycopy(incoming, offset, result, 0, len); - // } - } + else // no integrity protection; just confidentiality + result = inCipher.doFinal(incoming, offset, len); } catch (IOException x) { if (x instanceof SaslException) - { - throw (SaslException) x; - } + throw (SaslException) x; throw new SaslException("engineUnwrap()", x); } - if (DEBUG && debuglevel > 6) - debug(TRACE, "Incoming buffer (after security): " - + Util.dumpString(result)); - if (DEBUG && debuglevel > 8) - debug(TRACE, "<== engineUnwrap()"); + if (Configuration.DEBUG) + { + log.fine("Incoming buffer (after security): " + Util.dumpString(result)); + log.exiting(this.getClass().getName(), "engineUnwrap"); + } return result; } protected byte[] engineWrap(final byte[] outgoing, final int offset, final int len) throws SaslException { - // if (DEBUG && debuglevel > 8) debug(TRACE, "==> engineWrap()"); - // - // if (outMac == null && outCipher == null) { - // throw new IllegalStateException("connection is not protected"); - // } - // - // byte[] data = new byte[len]; - // System.arraycopy(outgoing, offset, data, 0, len); - // - // if (DEBUG && debuglevel > 6) debug(TRACE, "Outgoing buffer (before security) (hex): "+Util.dumpString(data)); - // if (DEBUG && debuglevel > 6) debug(TRACE, "Outgoing buffer (before security) (str): \""+new String(data)+"\""); - // - // final byte[] result; - // try { - // OutputBuffer frameOut = new OutputBuffer(); - // // Process the data - // if (outCipher != null) { - // data = outCipher.doFinal(data); - // if (DEBUG && debuglevel > 6) debug(TRACE, "Encoding c (encrypted plaintext): "+Util.dumpString(data)); - // } else { - // if (DEBUG && debuglevel > 6) debug(TRACE, "Encoding p (plaintext): "+Util.dumpString(data)); - // } - // frameOut.setEOS(data); - // if (outMac != null) { - // outMac.update(data); - // if (replayDetection) { - // outCounter++; - // if (DEBUG && debuglevel > 6) debug(TRACE, "outCounter="+String.valueOf(outCounter)); - // outMac.update(new byte[] { - // (byte)(outCounter >>> 24), - // (byte)(outCounter >>> 16), - // (byte)(outCounter >>> 8), - // (byte) outCounter}); - // } - // byte[] C = outMac.doFinal(); - // frameOut.setOS(C); - // if (DEBUG && debuglevel > 6) debug(TRACE, "Encoding C (integrity checksum): "+Util.dumpString(C)); - // } - // result = frameOut.wrap(); - // - // } catch (IOException x) { - // if (x instanceof SaslException) { - // throw (SaslException) x; - // } - // throw new SaslException("engineWrap()", x); - // } - // - // if (DEBUG && debuglevel > 8) debug(TRACE, "<== engineWrap()"); - // return result; - - if (DEBUG && debuglevel > 8) - debug(TRACE, "==> engineWrap()"); - + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "engineWrap"); if (outMac == null && outCipher == null) + throw new IllegalStateException("connection is not protected"); + if (Configuration.DEBUG) { - throw new IllegalStateException("connection is not protected"); + log.fine("Outgoing buffer (before security) (hex): " + + Util.dumpString(outgoing, offset, len)); + log.fine("Outgoing buffer (before security) (str): \"" + + new String(outgoing, offset, len) + "\""); } - - if (DEBUG && debuglevel > 6) - debug(TRACE, "Outgoing buffer (before security) (hex): " - + Util.dumpString(outgoing, offset, len)); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Outgoing buffer (before security) (str): \"" - + new String(outgoing, offset, len) + "\""); - // at this point one, or both, of confidentiality and integrity protection // services are active. - byte[] result; try { @@ -422,74 +240,62 @@ public class SRPServer extends ServerMechanism implements SaslServer if (outCipher != null) { result = outCipher.doFinal(outgoing, offset, len); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Encoding c (encrypted plaintext): " - + Util.dumpString(result)); - + if (Configuration.DEBUG) + log.fine("Encoding c (encrypted plaintext): " + + Util.dumpString(result)); out.write(result); - if (outMac != null) { outMac.update(result); if (replayDetection) { outCounter++; - if (DEBUG && debuglevel > 6) - debug(TRACE, "outCounter=" + String.valueOf(outCounter)); - outMac.update(new byte[] { (byte) (outCounter >>> 24), - (byte) (outCounter >>> 16), - (byte) (outCounter >>> 8), - (byte) outCounter }); + if (Configuration.DEBUG) + log.fine("outCounter=" + outCounter); + outMac.update(new byte[] { (byte)(outCounter >>> 24), + (byte)(outCounter >>> 16), + (byte)(outCounter >>> 8), + (byte) outCounter }); } final byte[] C = outMac.doFinal(); out.write(C); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Encoding C (integrity checksum): " - + Util.dumpString(C)); - } // else ciphertext only; do nothing + if (Configuration.DEBUG) + log.fine("Encoding C (integrity checksum): " + Util.dumpString(C)); + } + // else ciphertext only; do nothing } - else - { // no confidentiality; just integrity [+ replay detection] - if (DEBUG && debuglevel > 6) - debug(TRACE, "Encoding p (plaintext): " - + Util.dumpString(outgoing, offset, len)); - + else // no confidentiality; just integrity [+ replay detection] + { + if (Configuration.DEBUG) + log.fine("Encoding p (plaintext): " + + Util.dumpString(outgoing, offset, len)); out.write(outgoing, offset, len); - - // if (outMac != null) { outMac.update(outgoing, offset, len); if (replayDetection) { outCounter++; - if (DEBUG && debuglevel > 6) - debug(TRACE, "outCounter=" + String.valueOf(outCounter)); - outMac.update(new byte[] { (byte) (outCounter >>> 24), - (byte) (outCounter >>> 16), - (byte) (outCounter >>> 8), - (byte) outCounter }); + if (Configuration.DEBUG) + log.fine("outCounter=" + outCounter); + outMac.update(new byte[] { (byte)(outCounter >>> 24), + (byte)(outCounter >>> 16), + (byte)(outCounter >>> 8), + (byte) outCounter }); } final byte[] C = outMac.doFinal(); out.write(C); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Encoding C (integrity checksum): " - + Util.dumpString(C)); - // } // else plaintext only; do nothing + if (Configuration.DEBUG) + log.fine("Encoding C (integrity checksum): " + Util.dumpString(C)); } - result = out.toByteArray(); - } catch (IOException x) { if (x instanceof SaslException) - { - throw (SaslException) x; - } + throw (SaslException) x; throw new SaslException("engineWrap()", x); } - - if (DEBUG && debuglevel > 8) - debug(TRACE, "<== engineWrap()"); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "engineWrap"); return result; } @@ -498,13 +304,9 @@ public class SRPServer extends ServerMechanism implements SaslServer if (inMac != null) { if (inCipher != null) - { - return Registry.QOP_AUTH_CONF; - } - else - { - return Registry.QOP_AUTH_INT; - } + return Registry.QOP_AUTH_CONF; + + return Registry.QOP_AUTH_INT; } return Registry.QOP_AUTH; } @@ -514,13 +316,9 @@ public class SRPServer extends ServerMechanism implements SaslServer if (inMac != null) { if (inCipher != null) - { - return Registry.STRENGTH_HIGH; - } - else - { - return Registry.STRENGTH_MEDIUM; - } + return Registry.STRENGTH_HIGH; + + return Registry.STRENGTH_MEDIUM; } return Registry.STRENGTH_LOW; } @@ -535,45 +333,39 @@ public class SRPServer extends ServerMechanism implements SaslServer return Registry.REUSE_TRUE; } - // other methods ----------------------------------------------------------- - private byte[] sendProtocolElements(final byte[] input) throws SaslException { - if (DEBUG && debuglevel > 8) - debug(TRACE, "==> sendProtocolElements()"); - if (DEBUG && debuglevel > 6) - debug(TRACE, "C: " + Util.dumpString(input)); - + if (Configuration.DEBUG) + { + log.entering(this.getClass().getName(), "sendProtocolElements"); + log.fine("C: " + Util.dumpString(input)); + } // Client send U, I, sid, cn final InputBuffer frameIn = new InputBuffer(input); try { U = frameIn.getText(); // Extract username - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got U (username): \"" + U + "\""); + if (Configuration.DEBUG) + log.fine("Got U (username): \"" + U + "\""); authorizationID = frameIn.getText(); // Extract authorisation ID - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got I (userid): \"" + authorizationID + "\""); + if (Configuration.DEBUG) + log.fine("Got I (userid): \"" + authorizationID + "\""); sid = frameIn.getEOS(); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got sid (session ID): " + new String(sid)); + if (Configuration.DEBUG) + log.fine("Got sid (session ID): " + new String(sid)); cn = frameIn.getOS(); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got cn (client nonce): " + Util.dumpString(cn)); + if (Configuration.DEBUG) + log.fine("Got cn (client nonce): " + Util.dumpString(cn)); cCB = frameIn.getEOS(); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got cCB (client channel binding): " - + Util.dumpString(cCB)); + if (Configuration.DEBUG) + log.fine("Got cCB (client channel binding): " + Util.dumpString(cCB)); } catch (IOException x) { if (x instanceof SaslException) - { - throw (SaslException) x; - } + throw (SaslException) x; throw new AuthenticationException("sendProtocolElements()", x); } - // do/can we re-use? if (ServerStore.instance().isAlive(sid)) { @@ -589,15 +381,11 @@ public class SRPServer extends ServerMechanism implements SaslServer outMac = ctx.getOutMac(); inCipher = ctx.getInCipher(); outCipher = ctx.getOutCipher(); - if (sn == null || sn.length != 16) - { - sn = new byte[16]; - } - getDefaultPRNG().nextBytes(sn); + sn = new byte[16]; + getDefaultPRNG().nextBytes(sn); setupSecurityServices(false); - final OutputBuffer frameOut = new OutputBuffer(); try { @@ -608,34 +396,27 @@ public class SRPServer extends ServerMechanism implements SaslServer catch (IOException x) { if (x instanceof SaslException) - { - throw (SaslException) x; - } + throw (SaslException) x; throw new AuthenticationException("sendProtocolElements()", x); } final byte[] result = frameOut.encode(); - if (DEBUG && debuglevel > 8) - debug(TRACE, "<== sendProtocolElements()"); - if (DEBUG && debuglevel > 2) - debug(INFO, "Old session..."); - if (DEBUG && debuglevel > 2) - debug(INFO, "S: " + Util.dumpString(result)); - if (DEBUG && debuglevel > 2) - debug(INFO, " sn = " + Util.dumpString(sn)); - if (DEBUG && debuglevel > 2) - debug(INFO, " sCB = " + Util.dumpString(channelBinding)); + if (Configuration.DEBUG) + { + log.fine("Old session..."); + log.fine("S: " + Util.dumpString(result)); + log.fine(" sn = " + Util.dumpString(sn)); + log.fine(" sCB = " + Util.dumpString(channelBinding)); + log.exiting(this.getClass().getName(), "sendProtocolElements"); + } return result; } else { // new session authenticator.activate(properties); - // ------------------------------------------------------------------- final HashMap mapB = new HashMap(); - // mapB.put(SRP6KeyAgreement.HASH_FUNCTION, srp.newDigest()); mapB.put(SRP6KeyAgreement.HASH_FUNCTION, srp.getAlgorithm()); mapB.put(SRP6KeyAgreement.HOST_PASSWORD_DB, authenticator); - try { serverHandler.init(mapB); @@ -643,7 +424,6 @@ public class SRPServer extends ServerMechanism implements SaslServer out.writeString(U); IncomingMessage in = new IncomingMessage(out.toByteArray()); out = serverHandler.processMessage(in); - in = new IncomingMessage(out.toByteArray()); N = in.readMPI(); g = in.readMPI(); @@ -655,26 +435,22 @@ public class SRPServer extends ServerMechanism implements SaslServer throw new SaslException("sendProtocolElements()", x); } // ------------------------------------------------------------------- - - if (DEBUG && debuglevel > 6) - debug(TRACE, "Encoding N (modulus): " + Util.dump(N)); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Encoding g (generator): " + Util.dump(g)); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Encoding s (client's salt): " + Util.dumpString(s)); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Encoding B (server ephemeral public key): " - + Util.dump(B)); - + if (Configuration.DEBUG) + { + log.fine("Encoding N (modulus): " + Util.dump(N)); + log.fine("Encoding g (generator): " + Util.dump(g)); + log.fine("Encoding s (client's salt): " + Util.dumpString(s)); + log.fine("Encoding B (server ephemeral public key): " + Util.dump(B)); + } // The server creates an options list (L), which consists of a // comma-separated list of option strings that specify the security // service options the server supports. L = createL(); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Encoding L (available options): \"" + L + "\""); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Encoding sIV (server IV): " + Util.dumpString(sIV)); - + if (Configuration.DEBUG) + { + log.fine("Encoding L (available options): \"" + L + "\""); + log.fine("Encoding sIV (server IV): " + Util.dumpString(sIV)); + } final OutputBuffer frameOut = new OutputBuffer(); try { @@ -688,69 +464,58 @@ public class SRPServer extends ServerMechanism implements SaslServer catch (IOException x) { if (x instanceof SaslException) - { - throw (SaslException) x; - } + throw (SaslException) x; throw new AuthenticationException("sendProtocolElements()", x); } final byte[] result = frameOut.encode(); - if (DEBUG && debuglevel > 8) - debug(TRACE, "<== sendProtocolElements()"); - if (DEBUG && debuglevel > 2) - debug(INFO, "New session..."); - if (DEBUG && debuglevel > 2) - debug(INFO, "S: " + Util.dumpString(result)); - if (DEBUG && debuglevel > 2) - debug(INFO, " N = 0x" + N.toString(16)); - if (DEBUG && debuglevel > 2) - debug(INFO, " g = 0x" + g.toString(16)); - if (DEBUG && debuglevel > 2) - debug(INFO, " s = " + Util.dumpString(s)); - if (DEBUG && debuglevel > 2) - debug(INFO, " B = 0x" + B.toString(16)); - if (DEBUG && debuglevel > 2) - debug(INFO, " L = " + L); + if (Configuration.DEBUG) + { + log.fine("New session..."); + log.fine("S: " + Util.dumpString(result)); + log.fine(" N = 0x" + N.toString(16)); + log.fine(" g = 0x" + g.toString(16)); + log.fine(" s = " + Util.dumpString(s)); + log.fine(" B = 0x" + B.toString(16)); + log.fine(" L = " + L); + log.exiting(this.getClass().getName(), "sendProtocolElements"); + } return result; } } private byte[] sendEvidence(final byte[] input) throws SaslException { - if (DEBUG && debuglevel > 8) - debug(TRACE, "==> sendEvidence()"); - if (DEBUG && debuglevel > 6) - debug(TRACE, "C: " + Util.dumpString(input)); - + if (Configuration.DEBUG) + { + log.entering(this.getClass().getName(), "sendEvidence"); + log.fine("C: " + Util.dumpString(input)); + } // Client send A, M1, o, cIV final InputBuffer frameIn = new InputBuffer(input); final byte[] M1; try { A = frameIn.getMPI(); // Extract client's ephemeral public key - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got A (client ephemeral public key): " + Util.dump(A)); + if (Configuration.DEBUG) + log.fine("Got A (client ephemeral public key): " + Util.dump(A)); M1 = frameIn.getOS(); // Extract evidence - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got M1 (client evidence): " + Util.dumpString(M1)); + if (Configuration.DEBUG) + log.fine("Got M1 (client evidence): " + Util.dumpString(M1)); o = frameIn.getText(); // Extract client's options list - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got o (client chosen options): \"" + o + "\""); + if (Configuration.DEBUG) + log.fine("Got o (client chosen options): \"" + o + "\""); cIV = frameIn.getOS(); // Extract client's IV - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got cIV (client IV): " + Util.dumpString(cIV)); + if (Configuration.DEBUG) + log.fine("Got cIV (client IV): " + Util.dumpString(cIV)); } catch (IOException x) { if (x instanceof SaslException) - { - throw (SaslException) x; - } + throw (SaslException) x; throw new AuthenticationException("sendEvidence()", x); } - // Parse client's options and set security layer variables parseO(o); - // ---------------------------------------------------------------------- try { @@ -765,10 +530,8 @@ public class SRPServer extends ServerMechanism implements SaslServer throw new SaslException("sendEvidence()", x); } // ---------------------------------------------------------------------- - - if (DEBUG && debuglevel > 6) - debug(TRACE, "K: " + Util.dumpString(K)); - + if (Configuration.DEBUG) + log.fine("K: " + Util.dumpString(K)); final byte[] expected; try { @@ -779,15 +542,11 @@ public class SRPServer extends ServerMechanism implements SaslServer { throw new AuthenticationException("sendEvidence()", x); } - // Verify client evidence if (!Arrays.equals(M1, expected)) - { - throw new AuthenticationException("M1 mismatch"); - } + throw new AuthenticationException("M1 mismatch"); setupSecurityServices(true); - final byte[] M2; try { @@ -798,7 +557,6 @@ public class SRPServer extends ServerMechanism implements SaslServer { throw new AuthenticationException("sendEvidence()", x); } - final OutputBuffer frameOut = new OutputBuffer(); try { @@ -811,93 +569,71 @@ public class SRPServer extends ServerMechanism implements SaslServer catch (IOException x) { if (x instanceof SaslException) - { - throw (SaslException) x; - } + throw (SaslException) x; throw new AuthenticationException("sendEvidence()", x); } final byte[] result = frameOut.encode(); - if (DEBUG && debuglevel > 2) - debug(INFO, "S: " + Util.dumpString(result)); - if (DEBUG && debuglevel > 2) - debug(INFO, " M2 = " + Util.dumpString(M2)); - if (DEBUG && debuglevel > 2) - debug(INFO, " sIV = " + Util.dumpString(sIV)); - if (DEBUG && debuglevel > 2) - debug(INFO, " sid = " + new String(sid)); - if (DEBUG && debuglevel > 2) - debug(INFO, " ttl = " + ttl); - if (DEBUG && debuglevel > 2) - debug(INFO, " sCB = " + Util.dumpString(channelBinding)); - - if (DEBUG && debuglevel > 8) - debug(TRACE, "<== sendEvidence()"); + if (Configuration.DEBUG) + { + log.fine("S: " + Util.dumpString(result)); + log.fine(" M2 = " + Util.dumpString(M2)); + log.fine(" sIV = " + Util.dumpString(sIV)); + log.fine(" sid = " + new String(sid)); + log.fine(" ttl = " + ttl); + log.fine(" sCB = " + Util.dumpString(channelBinding)); + log.exiting(this.getClass().getName(), "sendEvidence"); + } return result; } private String createL() { - if (DEBUG && debuglevel > 8) - debug(TRACE, "==> createL()"); - + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "createL()"); String s = (String) properties.get(SRPRegistry.SRP_MANDATORY); if (s == null) + s = SRPRegistry.DEFAULT_MANDATORY; + + if (! SRPRegistry.MANDATORY_NONE.equals(s) + && ! SRPRegistry.OPTION_REPLAY_DETECTION.equals(s) + && ! SRPRegistry.OPTION_INTEGRITY.equals(s) + && ! SRPRegistry.OPTION_CONFIDENTIALITY.equals(s)) { + if (Configuration.DEBUG) + log.fine("Unrecognised mandatory option (" + s + "). Using default..."); s = SRPRegistry.DEFAULT_MANDATORY; } - if (!SRPRegistry.MANDATORY_NONE.equals(s) - && !SRPRegistry.OPTION_REPLAY_DETECTION.equals(s) - && !SRPRegistry.OPTION_INTEGRITY.equals(s) - && !SRPRegistry.OPTION_CONFIDENTIALITY.equals(s)) - { - if (DEBUG && debuglevel > 4) - debug(WARN, "Unrecognised mandatory option (" + s - + "). Using default..."); - s = SRPRegistry.DEFAULT_MANDATORY; - } - mandatory = s; - s = (String) properties.get(SRPRegistry.SRP_CONFIDENTIALITY); final boolean confidentiality = (s == null ? SRPRegistry.DEFAULT_CONFIDENTIALITY - : Boolean.valueOf(s).booleanValue()); - + : Boolean.valueOf(s).booleanValue()); s = (String) properties.get(SRPRegistry.SRP_INTEGRITY_PROTECTION); boolean integrity = (s == null ? SRPRegistry.DEFAULT_INTEGRITY - : Boolean.valueOf(s).booleanValue()); - + : Boolean.valueOf(s).booleanValue()); s = (String) properties.get(SRPRegistry.SRP_REPLAY_DETECTION); final boolean replayDetection = (s == null ? SRPRegistry.DEFAULT_REPLAY_DETECTION - : Boolean.valueOf(s).booleanValue()); - + : Boolean.valueOf(s).booleanValue()); final StringBuffer sb = new StringBuffer(); - sb.append(SRPRegistry.OPTION_SRP_DIGEST).append("=").append( - srp.getAlgorithm()).append( - ","); + sb.append(SRPRegistry.OPTION_SRP_DIGEST).append("=") + .append(srp.getAlgorithm()).append(","); + + if (! SRPRegistry.MANDATORY_NONE.equals(mandatory)) + sb.append(SRPRegistry.OPTION_MANDATORY) + .append("=").append(mandatory).append(","); - if (!SRPRegistry.MANDATORY_NONE.equals(mandatory)) - { - sb.append(SRPRegistry.OPTION_MANDATORY).append("=").append(mandatory).append( - ","); - } if (replayDetection) { sb.append(SRPRegistry.OPTION_REPLAY_DETECTION).append(","); // if replay detection is on then force integrity protection integrity = true; } - int i; if (integrity) { for (i = 0; i < SRPRegistry.INTEGRITY_ALGORITHMS.length; i++) - { - sb.append(SRPRegistry.OPTION_INTEGRITY).append("=").append( - SRPRegistry.INTEGRITY_ALGORITHMS[i]).append( - ","); - } + sb.append(SRPRegistry.OPTION_INTEGRITY).append("=") + .append(SRPRegistry.INTEGRITY_ALGORITHMS[i]).append(","); } - if (confidentiality) { IBlockCipher cipher; @@ -905,19 +641,15 @@ public class SRPServer extends ServerMechanism implements SaslServer { cipher = CipherFactory.getInstance(SRPRegistry.CONFIDENTIALITY_ALGORITHMS[i]); if (cipher != null) - { - sb.append(SRPRegistry.OPTION_CONFIDENTIALITY).append("=").append( - SRPRegistry.CONFIDENTIALITY_ALGORITHMS[i]).append( - ","); - } + sb.append(SRPRegistry.OPTION_CONFIDENTIALITY).append("=") + .append(SRPRegistry.CONFIDENTIALITY_ALGORITHMS[i]).append(","); } } - - final String result = sb.append(SRPRegistry.OPTION_MAX_BUFFER_SIZE).append( - "=").append( - Registry.SASL_BUFFER_MAX_LIMIT).toString(); - if (DEBUG && debuglevel > 8) - debug(TRACE, "<== createL()"); + final String result = sb.append(SRPRegistry.OPTION_MAX_BUFFER_SIZE) + .append("=").append(Registry.SASL_BUFFER_MAX_LIMIT) + .toString(); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "createL"); return result; } @@ -934,69 +666,51 @@ public class SRPServer extends ServerMechanism implements SaslServer while (st.hasMoreTokens()) { option = st.nextToken(); - if (DEBUG && debuglevel > 6) - debug(TRACE, "option: <" + option + ">"); + if (Configuration.DEBUG) + log.fine("option: <" + option + ">"); if (option.equals(SRPRegistry.OPTION_REPLAY_DETECTION)) - { - replayDetection = true; - } + replayDetection = true; else if (option.startsWith(SRPRegistry.OPTION_INTEGRITY + "=")) { if (integrity) + throw new AuthenticationException("Only one integrity algorithm may be chosen"); + + option = option.substring(option.indexOf('=') + 1); + if (Configuration.DEBUG) + log.fine("algorithm: <" + option + ">"); + for (i = 0; i < SRPRegistry.INTEGRITY_ALGORITHMS.length; i++) { - throw new AuthenticationException( - "Only one integrity algorithm may be chosen"); - } - else - { - option = option.substring(option.indexOf('=') + 1); - if (DEBUG && debuglevel > 6) - debug(TRACE, "algorithm: <" + option + ">"); - for (i = 0; i < SRPRegistry.INTEGRITY_ALGORITHMS.length; i++) + if (SRPRegistry.INTEGRITY_ALGORITHMS[i].equals(option)) { - if (SRPRegistry.INTEGRITY_ALGORITHMS[i].equals(option)) - { - chosenIntegrityAlgorithm = option; - integrity = true; - break; - } - } - if (!integrity) - { - throw new AuthenticationException( - "Unknown integrity algorithm: " - + option); + chosenIntegrityAlgorithm = option; + integrity = true; + break; } } + if (! integrity) + throw new AuthenticationException("Unknown integrity algorithm: " + + option); } else if (option.startsWith(SRPRegistry.OPTION_CONFIDENTIALITY + "=")) { if (confidentiality) + throw new AuthenticationException("Only one confidentiality algorithm may be chosen"); + + option = option.substring(option.indexOf('=') + 1); + if (Configuration.DEBUG) + log.fine("algorithm: <" + option + ">"); + for (i = 0; i < SRPRegistry.CONFIDENTIALITY_ALGORITHMS.length; i++) { - throw new AuthenticationException( - "Only one confidentiality algorithm may be chosen"); - } - else - { - option = option.substring(option.indexOf('=') + 1); - if (DEBUG && debuglevel > 6) - debug(TRACE, "algorithm: <" + option + ">"); - for (i = 0; i < SRPRegistry.CONFIDENTIALITY_ALGORITHMS.length; i++) + if (SRPRegistry.CONFIDENTIALITY_ALGORITHMS[i].equals(option)) { - if (SRPRegistry.CONFIDENTIALITY_ALGORITHMS[i].equals(option)) - { - chosenConfidentialityAlgorithm = option; - confidentiality = true; - break; - } - } - if (!confidentiality) - { - throw new AuthenticationException( - "Unknown confidentiality algorithm: " - + option); + chosenConfidentialityAlgorithm = option; + confidentiality = true; + break; } } + if (! confidentiality) + throw new AuthenticationException("Unknown confidentiality algorithm: " + + option); } else if (option.startsWith(SRPRegistry.OPTION_MAX_BUFFER_SIZE + "=")) { @@ -1006,71 +720,49 @@ public class SRPServer extends ServerMechanism implements SaslServer rawSendSize = Integer.parseInt(maxBufferSize); if (rawSendSize > Registry.SASL_BUFFER_MAX_LIMIT || rawSendSize < 1) - throw new AuthenticationException( - "Illegal value for 'maxbuffersize' option"); + throw new AuthenticationException("Illegal value for 'maxbuffersize' option"); } catch (NumberFormatException x) { - throw new AuthenticationException( - SRPRegistry.OPTION_MAX_BUFFER_SIZE - + "=" - + String.valueOf(maxBufferSize), + throw new AuthenticationException(SRPRegistry.OPTION_MAX_BUFFER_SIZE + + "=" + maxBufferSize, x); } } } - // check if client did the right thing if (replayDetection) { - if (!integrity) - { - throw new AuthenticationException( - "Missing integrity protection algorithm " - + "but replay detection is chosen"); - } + if (! integrity) + throw new AuthenticationException("Missing integrity protection algorithm " + + "but replay detection is chosen"); } if (mandatory.equals(SRPRegistry.OPTION_REPLAY_DETECTION)) { - if (!replayDetection) - { - throw new AuthenticationException( - "Replay detection is mandatory but was not chosen"); - } + if (! replayDetection) + throw new AuthenticationException("Replay detection is mandatory but was not chosen"); } if (mandatory.equals(SRPRegistry.OPTION_INTEGRITY)) { - if (!integrity) - { - throw new AuthenticationException( - "Integrity protection is mandatory but was not chosen"); - } + if (! integrity) + throw new AuthenticationException("Integrity protection is mandatory but was not chosen"); } if (mandatory.equals(SRPRegistry.OPTION_CONFIDENTIALITY)) { - if (!confidentiality) - { - throw new AuthenticationException( - "Confidentiality is mandatory but was not chosen"); - } + if (! confidentiality) + throw new AuthenticationException("Confidentiality is mandatory but was not chosen"); } - int blockSize = 0; if (chosenConfidentialityAlgorithm != null) { final IBlockCipher cipher = CipherFactory.getInstance(chosenConfidentialityAlgorithm); if (cipher != null) - { - blockSize = cipher.defaultBlockSize(); - } - else - { // should not happen - throw new AuthenticationException("Confidentiality algorithm (" - + chosenConfidentialityAlgorithm - + ") not available"); - } + blockSize = cipher.defaultBlockSize(); + else // should not happen + throw new AuthenticationException("Confidentiality algorithm (" + + chosenConfidentialityAlgorithm + + ") not available"); } - sIV = new byte[blockSize]; if (blockSize > 0) getDefaultPRNG().nextBytes(sIV); @@ -1086,30 +778,26 @@ public class SRPServer extends ServerMechanism implements SaslServer // instantiate cipher if confidentiality protection filter is active if (chosenConfidentialityAlgorithm != null) { - if (DEBUG && debuglevel > 2) - debug(INFO, "Activating confidentiality protection filter"); + if (Configuration.DEBUG) + log.fine("Activating confidentiality protection filter"); inCipher = CALG.getInstance(chosenConfidentialityAlgorithm); outCipher = CALG.getInstance(chosenConfidentialityAlgorithm); } // instantiate hmacs if integrity protection filter is active if (chosenIntegrityAlgorithm != null) { - if (DEBUG && debuglevel > 2) - debug(INFO, "Activating integrity protection filter"); + if (Configuration.DEBUG) + log.fine("Activating integrity protection filter"); inMac = IALG.getInstance(chosenIntegrityAlgorithm); outMac = IALG.getInstance(chosenIntegrityAlgorithm); } - // generate a new sid if at least integrity is used sid = (inMac != null ? ServerStore.getNewSessionID() : new byte[0]); } - else - { // same session new keys - K = srp.generateKn(K, cn, sn); - } + else // same session new keys + K = srp.generateKn(K, cn, sn); final KDF kdf = KDF.getInstance(K); - // initialise in/out ciphers if confidentaility protection is used if (inCipher != null) { @@ -1122,15 +810,12 @@ public class SRPServer extends ServerMechanism implements SaslServer outMac.init(kdf); inMac.init(kdf); } - if (sid != null && sid.length != 0) { // update the security context and save in map - if (DEBUG && debuglevel > 2) - debug(INFO, "Updating security context for sid = " + new String(sid)); - ServerStore.instance().cacheSession( - ttl, - new SecurityContext( - srp.getAlgorithm(), + if (Configuration.DEBUG) + log.fine("Updating security context for sid = " + new String(sid)); + ServerStore.instance().cacheSession(ttl, + new SecurityContext(srp.getAlgorithm(), sid, K, cIV, -- cgit v1.2.1