Package org.wildfly.security.mechanism.scram

Class ScramClient

java.lang.Object

org.wildfly.security.mechanism.scram.ScramClient

public final class ScramClient
extends Object

A client-side implementation for the SCRAM authentication.

Author:

David M. Lloyd

Method Summary

Modifier and Type	Method	Description
String	getAuthorizationId()	Returns the ID of the user to be authorized.
byte[]	getBindingData()	Returns a copy of the binding data for the "PLUS" channel binding option.
String	getBindingType()	Returns the binding type for the "PLUS" channel binding option.
ScramInitialClientMessage	getInitialResponse()	Create an initial response.
ScramMechanism	getMechanism()	Returns the SCRAM mechanism used for the authentication.
ScramFinalClientMessage	handleInitialChallenge(ScramInitialClientMessage initialResponse, ScramInitialServerMessage initialChallenge)	Handles the initial challenge from the server and create a response from the client.
ScramFinalServerMessage	parseFinalServerMessage(byte[] messageBytes)	Parses the final server message and creates ScramFinalServerMessage from parsed information.
ScramInitialServerMessage	parseInitialServerMessage(ScramInitialClientMessage initialResponse, byte[] bytes)	Parses the initial server message and creates ScramInitialServerMessage from parsed information.
void	verifyFinalChallenge(ScramFinalClientMessage finalResponse, ScramFinalServerMessage finalChallenge)	Verifies the final challenge received from the server.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

getMechanism

public ScramMechanism getMechanism()

Returns the SCRAM mechanism used for the authentication.

Returns:

the SCRAM mechanism used for the authentication.

getAuthorizationId

public String getAuthorizationId()

Returns the ID of the user to be authorized.

Returns:

the ID of the user to be authorized.

getBindingType

public String getBindingType()

Returns the binding type for the "PLUS" channel binding option.

Returns:

the binding type for the "PLUS" channel binding option.

getBindingData

public byte[] getBindingData()

Returns a copy of the binding data for the "PLUS" channel binding option.

Returns:

a copy of the binding data for the "PLUS" channel binding option.

getInitialResponse

public ScramInitialClientMessage getInitialResponse()
                                             throws AuthenticationMechanismException

Create an initial response. This will cause the callback handler to be initialized with an authentication name.

Returns:

the initial response to send to the server

Throws:

AuthenticationMechanismException - if the client authentication failed for some reason

parseInitialServerMessage

public ScramInitialServerMessage parseInitialServerMessage(ScramInitialClientMessage initialResponse,
                                                           byte[] bytes)
                                                    throws AuthenticationMechanismException

Parses the initial server message and creates ScramInitialServerMessage from parsed information. Also checks if the message have all necessary properties.

Parameters:

initialResponse - the initial client response for the server.

bytes - the byte array containing the initial server message to parse.

Returns:

the initial server message.

Throws:

AuthenticationMechanismException - if an error occurs during the parsing.

handleInitialChallenge

public ScramFinalClientMessage handleInitialChallenge(ScramInitialClientMessage initialResponse,
                                                      ScramInitialServerMessage initialChallenge)
                                               throws AuthenticationMechanismException

Handles the initial challenge from the server and create a response from the client. The method uses a password credential obtained from the callback handler to derive a salted password, which is then used to generate a client key, stored key, and client proof.

Parameters:

initialResponse - the initial client message.

initialChallenge - the initial server message.

Returns:

the final client message.

Throws:

AuthenticationMechanismException - if an error occurs while obtaining the password, creating the ScramFinalClientMessage or the mechanism in the initial response or challenge message does not match the mechanism expected by the server

parseFinalServerMessage

public ScramFinalServerMessage parseFinalServerMessage(byte[] messageBytes)
                                                throws AuthenticationMechanismException

Parses the final server message and creates ScramFinalServerMessage from parsed information. Also checks if the message have all necessary properties.

Parameters:

messageBytes - the byte array of the final server message.

Returns:

the final server message.

Throws:

AuthenticationMechanismException - if an error occurs during the parsing or the server rejected the authentication request.

verifyFinalChallenge

public void verifyFinalChallenge(ScramFinalClientMessage finalResponse,
                                 ScramFinalServerMessage finalChallenge)
                          throws AuthenticationMechanismException

Verifies the final challenge received from the server.

Parameters:

finalResponse - the final client message.

finalChallenge - the final server message.

Throws:

AuthenticationMechanismException - if an error occurs during the verification or the server signature is invalid.