Package org.wildfly.security.mechanism.scram

Class ScramServer

java.lang.Object

org.wildfly.security.mechanism.scram.ScramServer

public final class ScramServer
extends Object

A server-side implementation for the SCRAM authentication.

Author:

David M. Lloyd

Method Summary

Modifier and Type	Method	Description
ScramFinalServerMessage	evaluateFinalClientMessage(ScramInitialServerResult initialResult, ScramFinalClientMessage clientMessage)	Evaluates a SCRAM final client message and authorizes the user.
ScramInitialServerResult	evaluateInitialResponse(ScramInitialClientMessage clientMessage)	Evaluates the initial client response message in SCRAM authentication.
byte[]	getBindingData()	Returns the copy of the binding data for the "PLUS" channel binding option.
String	getBindingType()	Returns the binding type for the "PLUS" channel binding option.
CallbackHandler	getCallbackHandler()	Returns the callback handler for the authentication.
ScramMechanism	getMechanism()	Returns the SCRAM mechanism used for the authentication.
ScramFinalClientMessage	parseFinalClientMessage(ScramInitialClientMessage initialResponse, ScramInitialServerResult initialResult, byte[] bytes)	Parses the final client message and constructs the ScramFinalClientMessage from this parsed information.
ScramInitialClientMessage	parseInitialClientMessage(ChannelBindingCallback bindingCallback, byte[] bytes)	Construct an initial response object from a byte array.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

parseInitialClientMessage

public ScramInitialClientMessage parseInitialClientMessage(ChannelBindingCallback bindingCallback,
 byte[] bytes)
                                                    throws AuthenticationMechanismException

Construct an initial response object from a byte array.

Parameters:

bindingCallback - the optional channel binding callback result (may be null)

bytes - the message bytes (must not be null)

Returns:

the constructed initial response (not null)

Throws:

AuthenticationMechanismException - if the content of the message is invalid

evaluateInitialResponse

public ScramInitialServerResult evaluateInitialResponse(ScramInitialClientMessage clientMessage)
                                                 throws AuthenticationMechanismException

Evaluates the initial client response message in SCRAM authentication. Generates a server nonce and salted password.

Parameters:

clientMessage - the initial client response message.

Returns:

the initial server result, containing the initial server message and the digest password.

Throws:

AuthenticationMechanismException - if an error occurs during the evaluation.

parseFinalClientMessage

public ScramFinalClientMessage parseFinalClientMessage(ScramInitialClientMessage initialResponse,
 ScramInitialServerResult initialResult,
 byte[] bytes)
                                                throws AuthenticationMechanismException

Parses the final client message and constructs the ScramFinalClientMessage from this parsed information. Also checks if the message has all necessary properties.

Parameters:

initialResponse - the initial client response message provided by parseInitialClientMessage(ChannelBindingCallback, byte[]).

initialResult - the initial server result provided by evaluateInitialResponse(ScramInitialClientMessage).

bytes - the byte array representation of the client response.

Returns:

the final client message.

Throws:

AuthenticationMechanismException - if an error occurs during the parsing.

evaluateFinalClientMessage

public ScramFinalServerMessage evaluateFinalClientMessage(ScramInitialServerResult initialResult,
 ScramFinalClientMessage clientMessage)
                                                   throws AuthenticationMechanismException

Evaluates a SCRAM final client message and authorizes the user.

Parameters:

initialResult - the result of the initial server message evaluation provided by evaluateInitialResponse(ScramInitialClientMessage).

clientMessage - the final client message provided by parseFinalClientMessage(ScramInitialClientMessage, ScramInitialServerResult, byte[]).

Returns:

the final server message providing the server signature and response.

Throws:

AuthenticationMechanismException - if an error occurs during the evaluation.

getMechanism

public ScramMechanism getMechanism()

Returns the SCRAM mechanism used for the authentication.

Returns:

the SCRAM mechanism used for the authentication.

getCallbackHandler

public CallbackHandler getCallbackHandler()

Returns the callback handler for the authentication.

Returns:

the callback handler for the authentication.

getBindingData

public byte[] getBindingData()

Returns the copy of the binding data for the "PLUS" channel binding option.

Returns:

the copy of the binding data for the "PLUS" channel binding option.

getBindingType

public String getBindingType()

Returns the binding type for the "PLUS" channel binding option.

Returns:

the binding type for the "PLUS" channel binding option.