001: /*
002: * Copyright 2003 Sun Microsystems, Inc. All Rights Reserved.
003: * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
004: *
005: * This code is free software; you can redistribute it and/or modify it
006: * under the terms of the GNU General Public License version 2 only, as
007: * published by the Free Software Foundation. Sun designates this
008: * particular file as subject to the "Classpath" exception as provided
009: * by Sun in the LICENSE file that accompanied this code.
010: *
011: * This code is distributed in the hope that it will be useful, but WITHOUT
012: * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
013: * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
014: * version 2 for more details (a copy is included in the LICENSE file that
015: * accompanied this code).
016: *
017: * You should have received a copy of the GNU General Public License version
018: * 2 along with this work; if not, write to the Free Software Foundation,
019: * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
020: *
021: * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
022: * CA 95054 USA or visit www.sun.com if you need additional information or
023: * have any questions.
024: */
025:
026: package com.sun.security.sasl;
027:
028: import javax.security.sasl.SaslException;
029: import javax.security.sasl.Sasl;
030:
031: // For HMAC_MD5
032: import java.security.NoSuchAlgorithmException;
033: import java.security.MessageDigest;
034:
035: import java.util.logging.Logger;
036:
037: /**
038: * Base class for implementing CRAM-MD5 client and server mechanisms.
039: *
040: * @author Vincent Ryan
041: * @author Rosanna Lee
042: */
043: abstract class CramMD5Base {
044: protected boolean completed = false;
045: protected boolean aborted = false;
046: protected byte[] pw;
047:
048: protected CramMD5Base() {
049: initLogger();
050: }
051:
052: /**
053: * Retrieves this mechanism's name.
054: *
055: * @return The string "CRAM-MD5".
056: */
057: public String getMechanismName() {
058: return "CRAM-MD5";
059: }
060:
061: /**
062: * Determines whether this mechanism has completed.
063: * CRAM-MD5 completes after processing one challenge from the server.
064: *
065: * @return true if has completed; false otherwise;
066: */
067: public boolean isComplete() {
068: return completed;
069: }
070:
071: /**
072: * Unwraps the incoming buffer. CRAM-MD5 supports no security layer.
073: *
074: * @throws SaslException If attempt to use this method.
075: */
076: public byte[] unwrap(byte[] incoming, int offset, int len)
077: throws SaslException {
078: if (completed) {
079: throw new IllegalStateException(
080: "CRAM-MD5 supports neither integrity nor privacy");
081: } else {
082: throw new IllegalStateException(
083: "CRAM-MD5 authentication not completed");
084: }
085: }
086:
087: /**
088: * Wraps the outgoing buffer. CRAM-MD5 supports no security layer.
089: *
090: * @throws SaslException If attempt to use this method.
091: */
092: public byte[] wrap(byte[] outgoing, int offset, int len)
093: throws SaslException {
094: if (completed) {
095: throw new IllegalStateException(
096: "CRAM-MD5 supports neither integrity nor privacy");
097: } else {
098: throw new IllegalStateException(
099: "CRAM-MD5 authentication not completed");
100: }
101: }
102:
103: /**
104: * Retrieves the negotiated property.
105: * This method can be called only after the authentication exchange has
106: * completed (i.e., when <tt>isComplete()</tt> returns true); otherwise, a
107: * <tt>SaslException</tt> is thrown.
108: *
109: * @return value of property; only QOP is applicable to CRAM-MD5.
110: * @exception IllegalStateException if this authentication exchange has not completed
111: */
112: public Object getNegotiatedProperty(String propName) {
113: if (completed) {
114: if (propName.equals(Sasl.QOP)) {
115: return "auth";
116: } else {
117: return null;
118: }
119: } else {
120: throw new IllegalStateException(
121: "CRAM-MD5 authentication not completed");
122: }
123: }
124:
125: public void dispose() throws SaslException {
126: clearPassword();
127: }
128:
129: protected void clearPassword() {
130: if (pw != null) {
131: // zero out password
132: for (int i = 0; i < pw.length; i++) {
133: pw[i] = (byte) 0;
134: }
135: pw = null;
136: }
137: }
138:
139: protected void finalize() {
140: clearPassword();
141: }
142:
143: static private final int MD5_BLOCKSIZE = 64;
144:
145: /**
146: * Hashes its input arguments according to HMAC-MD5 (RFC 2104)
147: * and returns the resulting digest in its ASCII representation.
148: *
149: * HMAC-MD5 function is described as follows:
150: *
151: * MD5(key XOR opad, MD5(key XOR ipad, text))
152: *
153: * where key is an n byte key
154: * ipad is the byte 0x36 repeated 64 times
155: * opad is the byte 0x5c repeated 64 times
156: * text is the data to be protected
157: */
158: final static String HMAC_MD5(byte[] key, byte[] text)
159: throws NoSuchAlgorithmException {
160:
161: MessageDigest md5 = MessageDigest.getInstance("MD5");
162:
163: /* digest the key if longer than 64 bytes */
164: if (key.length > 64) {
165: key = md5.digest(key);
166: }
167:
168: byte[] ipad = new byte[MD5_BLOCKSIZE]; /* inner padding */
169: byte[] opad = new byte[MD5_BLOCKSIZE]; /* outer padding */
170: byte[] digest;
171: int i;
172:
173: /* store key in pads */
174: for (i = 0; i < MD5_BLOCKSIZE; i++) {
175: for (; i < key.length; i++) {
176: ipad[i] = key[i];
177: opad[i] = key[i];
178: }
179: ipad[i] = 0x00;
180: opad[i] = 0x00;
181: }
182:
183: /* XOR key with pads */
184: for (i = 0; i < MD5_BLOCKSIZE; i++) {
185: ipad[i] ^= 0x36;
186: opad[i] ^= 0x5c;
187: }
188:
189: /* inner MD5 */
190: md5.update(ipad);
191: md5.update(text);
192: digest = md5.digest();
193:
194: /* outer MD5 */
195: md5.update(opad);
196: md5.update(digest);
197: digest = md5.digest();
198:
199: // Get character representation of digest
200: StringBuffer digestString = new StringBuffer();
201:
202: for (i = 0; i < digest.length; i++) {
203: if ((digest[i] & 0x000000ff) < 0x10) {
204: digestString.append("0"
205: + Integer.toHexString(digest[i] & 0x000000ff));
206: } else {
207: digestString.append(Integer
208: .toHexString(digest[i] & 0x000000ff));
209: }
210: }
211:
212: return (digestString.toString());
213: }
214:
215: /**
216: * Sets logger field.
217: */
218: private static synchronized void initLogger() {
219: if (logger == null) {
220: logger = Logger.getLogger(SASL_LOGGER_NAME);
221: }
222: }
223:
224: /**
225: * Logger for debug messages
226: */
227: private static final String SASL_LOGGER_NAME = "javax.security.sasl";
228: protected static Logger logger; // set in initLogger(); lazily loads logger
229: }
|