/*
 * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.  Oracle designates this
 * particular file as subject to the "Classpath" exception as provided
 * by Oracle in the LICENSE file that accompanied this code.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */

package com.sun.security.sasl;

import javax.security.sasl.SaslException;
import javax.security.sasl.Sasl;

// For HMAC_MD5
import java.security.NoSuchAlgorithmException;
import java.security.MessageDigest;

import java.util.Arrays;
import java.util.logging.Logger;

Base class for implementing CRAM-MD5 client and server mechanisms.
Author:Vincent Ryan, Rosanna Lee
/** * Base class for implementing CRAM-MD5 client and server mechanisms. * * @author Vincent Ryan * @author Rosanna Lee */
abstract class CramMD5Base { protected boolean completed = false; protected boolean aborted = false; protected byte[] pw; protected CramMD5Base() { initLogger(); }
Retrieves this mechanism's name.
Returns: The string "CRAM-MD5".
/** * Retrieves this mechanism's name. * * @return The string "CRAM-MD5". */
public String getMechanismName() { return "CRAM-MD5"; }
Determines whether this mechanism has completed. CRAM-MD5 completes after processing one challenge from the server.
Returns:true if has completed; false otherwise;
/** * Determines whether this mechanism has completed. * CRAM-MD5 completes after processing one challenge from the server. * * @return true if has completed; false otherwise; */
public boolean isComplete() { return completed; }
Unwraps the incoming buffer. CRAM-MD5 supports no security layer.
Throws:
  • SaslException – If attempt to use this method.
/** * Unwraps the incoming buffer. CRAM-MD5 supports no security layer. * * @throws SaslException If attempt to use this method. */
public byte[] unwrap(byte[] incoming, int offset, int len) throws SaslException { if (completed) { throw new IllegalStateException( "CRAM-MD5 supports neither integrity nor privacy"); } else { throw new IllegalStateException( "CRAM-MD5 authentication not completed"); } }
Wraps the outgoing buffer. CRAM-MD5 supports no security layer.
Throws:
  • SaslException – If attempt to use this method.
/** * Wraps the outgoing buffer. CRAM-MD5 supports no security layer. * * @throws SaslException If attempt to use this method. */
public byte[] wrap(byte[] outgoing, int offset, int len) throws SaslException { if (completed) { throw new IllegalStateException( "CRAM-MD5 supports neither integrity nor privacy"); } else { throw new IllegalStateException( "CRAM-MD5 authentication not completed"); } }
Retrieves the negotiated property. This method can be called only after the authentication exchange has completed (i.e., when isComplete() returns true); otherwise, a SaslException is thrown.
Throws:
Returns:value of property; only QOP is applicable to CRAM-MD5.
/** * Retrieves the negotiated property. * This method can be called only after the authentication exchange has * completed (i.e., when {@code isComplete()} returns true); otherwise, a * {@code SaslException} is thrown. * * @return value of property; only QOP is applicable to CRAM-MD5. * @exception IllegalStateException if this authentication exchange has not completed */
public Object getNegotiatedProperty(String propName) { if (completed) { if (propName.equals(Sasl.QOP)) { return "auth"; } else { return null; } } else { throw new IllegalStateException( "CRAM-MD5 authentication not completed"); } } public void dispose() throws SaslException { clearPassword(); } protected void clearPassword() { if (pw != null) { // zero out password for (int i = 0; i < pw.length; i++) { pw[i] = (byte)0; } pw = null; } } @SuppressWarnings("deprecation") protected void finalize() { clearPassword(); } static private final int MD5_BLOCKSIZE = 64;
Hashes its input arguments according to HMAC-MD5 (RFC 2104) and returns the resulting digest in its ASCII representation. HMAC-MD5 function is described as follows: MD5(key XOR opad, MD5(key XOR ipad, text)) where key is an n byte key ipad is the byte 0x36 repeated 64 times opad is the byte 0x5c repeated 64 times text is the data to be protected
/** * Hashes its input arguments according to HMAC-MD5 (RFC 2104) * and returns the resulting digest in its ASCII representation. * * HMAC-MD5 function is described as follows: * * MD5(key XOR opad, MD5(key XOR ipad, text)) * * where key is an n byte key * ipad is the byte 0x36 repeated 64 times * opad is the byte 0x5c repeated 64 times * text is the data to be protected */
final static String HMAC_MD5(byte[] key, byte[] text) throws NoSuchAlgorithmException { MessageDigest md5 = MessageDigest.getInstance("MD5"); /* digest the key if longer than 64 bytes */ if (key.length > MD5_BLOCKSIZE) { key = md5.digest(key); } byte[] ipad = new byte[MD5_BLOCKSIZE]; /* inner padding */ byte[] opad = new byte[MD5_BLOCKSIZE]; /* outer padding */ byte[] digest; int i; /* store key in pads */ for (i = 0; i < key.length; i++) { ipad[i] = key[i]; opad[i] = key[i]; } /* XOR key with pads */ for (i = 0; i < MD5_BLOCKSIZE; i++) { ipad[i] ^= 0x36; opad[i] ^= 0x5c; } /* inner MD5 */ md5.update(ipad); md5.update(text); digest = md5.digest(); /* outer MD5 */ md5.update(opad); md5.update(digest); digest = md5.digest(); // Get character representation of digest StringBuilder digestString = new StringBuilder(); for (i = 0; i < digest.length; i++) { if ((digest[i] & 0x000000ff) < 0x10) { digestString.append('0').append(Integer.toHexString(digest[i] & 0x000000ff)); } else { digestString.append( Integer.toHexString(digest[i] & 0x000000ff)); } } Arrays.fill(ipad, (byte)0); Arrays.fill(opad, (byte)0); ipad = null; opad = null; return (digestString.toString()); }
Sets logger field.
/** * Sets logger field. */
private static synchronized void initLogger() { if (logger == null) { logger = Logger.getLogger(SASL_LOGGER_NAME); } }
Logger for debug messages
/** * Logger for debug messages */
private static final String SASL_LOGGER_NAME = "javax.security.sasl"; protected static Logger logger; // set in initLogger(); lazily loads logger }