diff options
| author | mark <mark@138bc75d-0d04-0410-961f-82ee72b054a4> | 2006-08-14 23:12:35 +0000 |
|---|---|---|
| committer | mark <mark@138bc75d-0d04-0410-961f-82ee72b054a4> | 2006-08-14 23:12:35 +0000 |
| commit | ffde862e033a0825e1e9972a89c0f1f80b261a8e (patch) | |
| tree | 97037d2c09c8384d80531f67ec36a01205df6bdb /libjava/classpath/gnu/javax/crypto/sasl/srp | |
| parent | b415ff10527e977c3758234fd930e2c027bfa17d (diff) | |
| download | ppe42-gcc-ffde862e033a0825e1e9972a89c0f1f80b261a8e.tar.gz ppe42-gcc-ffde862e033a0825e1e9972a89c0f1f80b261a8e.zip | |
2006-08-14 Mark Wielaard <mark@klomp.org>
Imported GNU Classpath 0.92
* HACKING: Add more importing hints. Update automake version
requirement.
* configure.ac (gconf-peer): New enable AC argument.
Add --disable-gconf-peer and --enable-default-preferences-peer
to classpath configure when gconf is disabled.
* scripts/makemake.tcl: Set gnu/java/util/prefs/gconf and
gnu/java/awt/dnd/peer/gtk to bc. Classify
gnu/java/security/Configuration.java as generated source file.
* gnu/java/lang/management/VMGarbageCollectorMXBeanImpl.java,
gnu/java/lang/management/VMMemoryPoolMXBeanImpl.java,
gnu/java/lang/management/VMClassLoadingMXBeanImpl.java,
gnu/java/lang/management/VMRuntimeMXBeanImpl.java,
gnu/java/lang/management/VMMemoryManagerMXBeanImpl.java,
gnu/java/lang/management/VMThreadMXBeanImpl.java,
gnu/java/lang/management/VMMemoryMXBeanImpl.java,
gnu/java/lang/management/VMCompilationMXBeanImpl.java: New VM stub
classes.
* java/lang/management/VMManagementFactory.java: Likewise.
* java/net/VMURLConnection.java: Likewise.
* gnu/java/nio/VMChannel.java: Likewise.
* java/lang/Thread.java (getState): Add stub implementation.
* java/lang/Class.java (isEnum): Likewise.
* java/lang/Class.h (isEnum): Likewise.
* gnu/awt/xlib/XToolkit.java (getClasspathTextLayoutPeer): Removed.
* javax/naming/spi/NamingManager.java: New override for StackWalker
functionality.
* configure, sources.am, Makefile.in, gcj/Makefile.in,
include/Makefile.in, testsuite/Makefile.in: Regenerated.
git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@116139 138bc75d-0d04-0410-961f-82ee72b054a4
Diffstat (limited to 'libjava/classpath/gnu/javax/crypto/sasl/srp')
13 files changed, 836 insertions, 1814 deletions
diff --git a/libjava/classpath/gnu/javax/crypto/sasl/srp/CALG.java b/libjava/classpath/gnu/javax/crypto/sasl/srp/CALG.java index 6215783d6a9..308543230b5 100644 --- a/libjava/classpath/gnu/javax/crypto/sasl/srp/CALG.java +++ b/libjava/classpath/gnu/javax/crypto/sasl/srp/CALG.java @@ -58,65 +58,55 @@ import java.util.HashMap; import javax.security.sasl.SaslException; /** - * <p>A Factory class that returns CALG (Confidentiality Algorithm) instances - * that operate as described in the draft-burdis-cat-sasl-srp-08.</p> - * - * <p>The designated CALG block cipher should be used in OFB (Output Feedback + * A Factory class that returns CALG (Confidentiality Algorithm) instances that + * operate as described in the draft-burdis-cat-sasl-srp-08. + * <p> + * The designated CALG block cipher should be used in OFB (Output Feedback * Block) mode in the ISO variant, as described in <i>The Handbook of Applied - * Cryptography</i>, algorithm 7.20.</p> - * - * <p>Let <code>k</code> be the block size of the chosen symmetric key block - * cipher algorithm; e.g. for AES this is <code>128</code> bits or <code>16</code> - * octets. The OFB mode used shall be of length/size <code>k</code>.</p> - * - * <p>It is recommended that block ciphers operating in OFB mode be used with an + * Cryptography</i>, algorithm 7.20. + * <p> + * Let <code>k</code> be the block size of the chosen symmetric key block + * cipher algorithm; e.g. for AES this is <code>128</code> bits or + * <code>16</code> octets. The OFB mode used shall be of length/size + * <code>k</code>. + * <p> + * It is recommended that block ciphers operating in OFB mode be used with an * Initial Vector (the mode's IV). In such a mode of operation - OFB with key * re-use - the IV need not be secret. For the mechanism in question the IVs - * shall be a random octet sequence of <code>k</code> bytes.</p> - * - * The input data to the confidentiality protection algorithm shall be - * a multiple of the symmetric cipher block size <code>k</code>. When the input + * shall be a random octet sequence of <code>k</code> bytes. + * <p> + * The input data to the confidentiality protection algorithm shall be a + * multiple of the symmetric cipher block size <code>k</code>. When the input * length is not a multiple of <code>k</code> octets, the data shall be padded - * according to the following scheme:</p> - * - * <p>Assuming the length of the input is <code>l</code> octets, + * according to the following scheme: + * <p> + * Assuming the length of the input is <code>l</code> octets, * <code>(k - (l mod k))</code> octets, all having the value * <code>(k - (l mod k))</code>, shall be appended to the original data. In * other words, the input is padded at the trailing end with one of the - * following sequences:</p> - * + * following sequences: * <pre> - * - * 01 -- if l mod k = k-1 - * 02 02 -- if l mod k = k-2 - * ... - * ... - * ... - * k k ... k k -- if l mod k = 0 - *</pre> - * - * <p>The padding can be removed unambiguously since all input is padded and no + * + * 01 -- if l mod k = k-1 + * 02 02 -- if l mod k = k-2 + * ... + * ... + * ... + * k k ... k k -- if l mod k = 0 + * </pre> + * <p> + * The padding can be removed unambiguously since all input is padded and no * padding sequence is a suffix of another. This padding method is well-defined * if and only if <code>k < 256</code> octets, which is the case with - * symmetric key block ciphers today, and in the forseeable future.</p> + * symmetric key block ciphers today, and in the forseeable future. */ public final class CALG { - - // Constants and variables - // -------------------------------------------------------------------------- - private Assembly assembly; - private Object modeNdx; // initialisation key of the cascade's attributes - private int blockSize; // the underlying cipher's blocksize == IV length - private int keySize; // the underlying cipher's key size (in bytes). - // Constructor(s) - // -------------------------------------------------------------------------- - /** Private constructor to enforce instantiation through Factory method. */ private CALG(final int blockSize, final int keySize, final Object modeNdx, final Assembly assembly) @@ -129,12 +119,9 @@ public final class CALG this.assembly = assembly; } - // Class methods - // ------------------------------------------------------------------------- - /** - * <p>Returns an instance of a SASL-SRP CALG implementation.</p> - * + * Returns an instance of a SASL-SRP CALG implementation. + * * @param algorithm the name of the symmetric cipher algorithm. * @return an instance of this object. */ @@ -144,118 +131,60 @@ public final class CALG final int blockSize = cipher.defaultBlockSize(); final int keySize = cipher.defaultKeySize(); final Cascade ofbCipher = new Cascade(); - final Object modeNdx = ofbCipher.append(Stage.getInstance( - ModeFactory.getInstance( - Registry.OFB_MODE, - cipher, - blockSize), - Direction.FORWARD)); + IMode ofbMode = ModeFactory.getInstance(Registry.OFB_MODE, + cipher, + blockSize); + Stage modeStage = Stage.getInstance(ofbMode, Direction.FORWARD); + final Object modeNdx = ofbCipher.append(modeStage); final IPad pkcs7 = PadFactory.getInstance(Registry.PKCS7_PAD); - // the passed IV may be longer that what we need. ensure correct length - // byte[] realIV = null; - // if (iv.length == blockSize) { - // realIV = iv; - // } else { - // realIV = new byte[blockSize]; - // if (iv.length > blockSize) { - // System.arraycopy(iv, 0, realIV, 0, blockSize); - // } else { // shouldnt happen - // System.arraycopy(iv, 0, realIV, 0, iv.length); - // } - // } - - // HashMap modeAttributes = new HashMap(); - // modeAttributes.put(IBlockCipher.KEY_MATERIAL, K.clone()); - // modeAttributes.put(IMode.IV, realIV); - final Assembly asm = new Assembly(); asm.addPreTransformer(Transformer.getCascadeTransformer(ofbCipher)); asm.addPreTransformer(Transformer.getPaddingTransformer(pkcs7)); - - // HashMap attributes = new HashMap(); - // attributes.put(Assembly.DIRECTION, dir); - // attributes.put(modeNdx, modeAttributes); - // try { - // asm.init(attributes); - // } catch (TransformerException x) { - // throw new SaslException("getInstance()", x); - // } - return new CALG(blockSize, keySize, modeNdx, asm); } - // Instance methods - // ------------------------------------------------------------------------- - /** - * <p>Initialises a SASL-SRP CALG implementation.</p> - * + * Initialises a SASL-SRP CALG implementation. + * * @param kdf the key derivation function. * @param iv the initial vector value to use. * @param dir whether this CALG is used for encryption or decryption. */ - // public void init(byte[] K, byte[] iv, Direction dir) throws SaslException { public void init(final KDF kdf, final byte[] iv, final Direction dir) throws SaslException { - // IBlockCipher cipher = CipherFactory.getInstance(algorithm); - // int blockSize = cipher.defaultBlockSize(); - // Cascade ofbCipher = new Cascade(); - // Object modeNdx = ofbCipher.append( - // Stage.getInstace( - // ModeFactory.getInstance(Registry.OFB_MODE, cipher, blockSize), - // Direction.FORWARD)); - // IPad pkcs7 = PadFactory.getInstance(Registry.PKCS7_PAD); - // the passed IV may be longer that what we need. ensure correct length final byte[] realIV; if (iv.length == blockSize) - { - realIV = iv; - } + realIV = iv; else { realIV = new byte[blockSize]; if (iv.length > blockSize) - { - System.arraycopy(iv, 0, realIV, 0, blockSize); - } - else - { // shouldnt happen - System.arraycopy(iv, 0, realIV, 0, iv.length); - } + System.arraycopy(iv, 0, realIV, 0, blockSize); + else // shouldnt happen + System.arraycopy(iv, 0, realIV, 0, iv.length); } - final HashMap modeAttributes = new HashMap(); - // modeAttributes.put(IBlockCipher.KEY_MATERIAL, K.clone()); final byte[] sk = kdf.derive(keySize); modeAttributes.put(IBlockCipher.KEY_MATERIAL, sk); - //System.out.println("**** Initialised CALG with: "+gnu.crypto.util.Util.dumpString(sk)); modeAttributes.put(IMode.IV, realIV); - - // Assembly asm = new Assembly(); - // asm.addPreTransformer(Transformer.getCascadeTransformer(ofbCipher)); - // asm.addPreTransformer(Transformer.getPaddingTransformer(pkcs7)); - final HashMap attributes = new HashMap(); attributes.put(Assembly.DIRECTION, dir); attributes.put(modeNdx, modeAttributes); try { - // asm.init(attributes); assembly.init(attributes); } catch (TransformerException x) { throw new SaslException("getInstance()", x); } - - // return new CALG(asm); } /** - * <p>Encrypts or decrypts, depending on the mode already set, a designated - * array of bytes and returns the result.</p> - * + * Encrypts or decrypts, depending on the mode already set, a designated array + * of bytes and returns the result. + * * @param data the data to encrypt/decrypt. * @return the decrypted/encrypted result. * @throws ConfidentialityException if an exception occurs duirng the process. @@ -266,9 +195,9 @@ public final class CALG } /** - * <p>Encrypts or decrypts, depending on the mode already set, a designated - * array of bytes and returns the result.</p> - * + * Encrypts or decrypts, depending on the mode already set, a designated array + * of bytes and returns the result. + * * @param data the data to encrypt/decrypt. * @param offset where to start in <code>data</code>. * @param length how many bytes to consider in <code>data</code>. @@ -289,4 +218,4 @@ public final class CALG } return result; } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/sasl/srp/ClientStore.java b/libjava/classpath/gnu/javax/crypto/sasl/srp/ClientStore.java index ce16f4aa75d..866e610d83d 100644 --- a/libjava/classpath/gnu/javax/crypto/sasl/srp/ClientStore.java +++ b/libjava/classpath/gnu/javax/crypto/sasl/srp/ClientStore.java @@ -41,29 +41,19 @@ package gnu.javax.crypto.sasl.srp; import java.util.HashMap; /** - * <p>The client-side implementation of the SRP security context store.</p> + * The client-side implementation of the SRP security context store. */ public class ClientStore { - - // Constants and variables - // ------------------------------------------------------------------------- - /** The underlying singleton. */ private static ClientStore singleton = null; - /** The map of uid --> SASL Security Context record. */ private static final HashMap uid2ssc = new HashMap(); - /** The map of sid --> Session timing record. */ private static final HashMap uid2ttl = new HashMap(); - /** A synchronisation lock. */ private static final Object lock = new Object(); - // Constructor(s) - // ------------------------------------------------------------------------- - /** Private constructor to enforce Singleton pattern. */ private ClientStore() { @@ -72,33 +62,25 @@ public class ClientStore // TODO: add a cleaning timer thread } - // Class methods - // ------------------------------------------------------------------------- - /** - * <p>Returns the classloader Singleton.</p> - * + * Returns the classloader Singleton. + * * @return the classloader Singleton instance. */ static synchronized final ClientStore instance() { if (singleton == null) - { - singleton = new ClientStore(); - } + singleton = new ClientStore(); return singleton; } - // Instance methods - // ------------------------------------------------------------------------- - /** - * <p>Returns a boolean flag indicating if the designated client's session is - * still alive or not.</p> - * + * Returns a boolean flag indicating if the designated client's session is + * still alive or not. + * * @param uid the identifier of the client whose session to check. * @return <code>true</code> if the designated client's session is still - * alive. <code>false</code> otherwise. + * alive. <code>false</code> otherwise. */ boolean isAlive(final String uid) { @@ -107,11 +89,11 @@ public class ClientStore { final Object obj = uid2ssc.get(uid); result = (obj != null); - if (result) - { // is it still alive? + if (result) // is it still alive? + { final StoreEntry sto = (StoreEntry) uid2ttl.get(uid); - if (!sto.isAlive()) - { // invalidate it + if (! sto.isAlive()) // invalidate it + { uid2ssc.remove(uid); uid2ttl.remove(uid); } @@ -121,11 +103,11 @@ public class ClientStore } /** - * <p>Records a mapping between a client's unique identifier and its security - * context.</p> - * - * @param uid the unique identifier of the SRP client for which the session - * is to be cached. + * Records a mapping between a client's unique identifier and its security + * context. + * + * @param uid the unique identifier of the SRP client for which the session is + * to be cached. * @param ttl the session's Time-To-Live indicator (in seconds). * @param ctx the client's security context. */ @@ -139,9 +121,9 @@ public class ClientStore } /** - * <p>Removes the mapping between the designated SRP client unique identifier - * and the its session security context (and other timing information).</p> - * + * Removes the mapping between the designated SRP client unique identifier and + * the its session security context (and other timing information). + * * @param uid the identifier of the client whose session is to invalidate. */ void invalidateSession(final String uid) @@ -154,9 +136,9 @@ public class ClientStore } /** - * <p>Returns an SRP client's security context record mapped by that client's - * unique identifier.</p> - * + * Returns an SRP client's security context record mapped by that client's + * unique identifier. + * * @param uid the identifier of the client whose session is to restore. * @return the SRP client's security context. */ @@ -170,4 +152,4 @@ public class ClientStore } return result; } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/sasl/srp/IALG.java b/libjava/classpath/gnu/javax/crypto/sasl/srp/IALG.java index 51492f9773c..85c93700fbf 100644 --- a/libjava/classpath/gnu/javax/crypto/sasl/srp/IALG.java +++ b/libjava/classpath/gnu/javax/crypto/sasl/srp/IALG.java @@ -48,20 +48,14 @@ import java.util.HashMap; import javax.security.sasl.SaslException; /** - * <p>A Factory class that returns IALG (Integrity Algorithm) instances that - * operate as described in the draft-burdis-cat-sasl-srp-04 and later.</p> + * A Factory class that returns IALG (Integrity Algorithm) instances that + * operate as described in the draft-burdis-cat-sasl-srp-04 and later. */ -public final class IALG implements Cloneable +public final class IALG + implements Cloneable { - - // Constants and variables - // -------------------------------------------------------------------------- - private IMac hmac; - // Constructor(s) - // -------------------------------------------------------------------------- - /** Private constructor to enforce instantiation through Factory method. */ private IALG(final IMac hmac) { @@ -70,12 +64,9 @@ public final class IALG implements Cloneable this.hmac = hmac; } - // Class methods - // ------------------------------------------------------------------------- - /** - * <p>Returns an instance of a SASL-SRP IALG implementation.</p> - * + * Returns an instance of a SASL-SRP IALG implementation. + * * @param algorithm the name of the HMAC algorithm. * @return an instance of this object. */ @@ -85,44 +76,24 @@ public final class IALG implements Cloneable final IMac hmac; hmac = MacFactory.getInstance(algorithm); if (hmac == null) - { - throw new SaslException("getInstance()", - new NoSuchAlgorithmException(algorithm)); - } - // try { - // byte[] sk = (byte[]) K.clone(); - // HashMap map = new HashMap(); - // map.put(IMac.MAC_KEY_MATERIAL, sk); - // hmac.init(map); - // } catch (InvalidKeyException x) { - // throw new SaslException("getInstance()", x); - // } + throw new SaslException("getInstance()", + new NoSuchAlgorithmException(algorithm)); return new IALG(hmac); } - // Instance methods - // ------------------------------------------------------------------------- - - // Cloneable interface implementation -------------------------------------- - public Object clone() throws CloneNotSupportedException { return new IALG((IMac) hmac.clone()); } - // other methdds ----------------------------------------------------------- - - // public void init(final byte[] K) throws SaslException { public void init(final KDF kdf) throws SaslException { try { - // final byte[] sk = (byte[]) K.clone(); final byte[] sk = kdf.derive(hmac.macSize()); final HashMap map = new HashMap(); map.put(IMac.MAC_KEY_MATERIAL, sk); hmac.init(map); - //System.out.println("**** Initialised IALG with: "+gnu.crypto.util.Util.dumpString(sk)); } catch (InvalidKeyException x) { @@ -146,8 +117,8 @@ public final class IALG implements Cloneable } /** - * <p>Returns the length (in bytes) of this SASL SRP Integrity Algorithm.</p> - * + * Returns the length (in bytes) of this SASL SRP Integrity Algorithm. + * * @return the length, in bytes, of this integrity protection algorithm. */ public int length() diff --git a/libjava/classpath/gnu/javax/crypto/sasl/srp/KDF.java b/libjava/classpath/gnu/javax/crypto/sasl/srp/KDF.java index 0d5eeacd182..aa3edac0c3b 100644 --- a/libjava/classpath/gnu/javax/crypto/sasl/srp/KDF.java +++ b/libjava/classpath/gnu/javax/crypto/sasl/srp/KDF.java @@ -47,67 +47,46 @@ import gnu.javax.crypto.prng.UMacGenerator; import java.util.HashMap; /** - * <p>The SASL-SRP KDF implementation, which is also used, depending on how it - * was instantiated, as a secure Pseudo Random Number Generator.</p> + * The SASL-SRP KDF implementation, which is also used, depending on how it was + * instantiated, as a secure Pseudo Random Number Generator. */ public class KDF { - - // Constants and variables - // ------------------------------------------------------------------------- - - private static final int AES_BLOCK_SIZE = 16; // default block size for the AES - + private static final int AES_BLOCK_SIZE = 16; // default block size for AES private static final int AES_KEY_SIZE = 16; // default key size for the AES - private static final byte[] buffer = new byte[1]; - /** Our default source of randomness. */ private static final PRNG prng = PRNG.getInstance(); - - /** The shared secret K to use. */ - // private byte[] keyMaterial; /** The underlying UMAC Generator instance. */ private UMacGenerator umac = null; - // Constructor(s) - // ------------------------------------------------------------------------- - /** - * <p>Constructs an instance of the <code>KDF</code> initialised with the - * designated shared secret bytes.</p> - * + * Constructs an instance of the <code>KDF</code> initialised with the + * designated shared secret bytes. + * * @param keyMaterial the SASL SRP shared secret (K) bytes. */ private KDF(final byte[] keyMaterial, final int ndx) { super(); - // if (ndx != 0) { - // this.keyMaterial = (byte[]) keyMaterial.clone(); - // } final HashMap map = new HashMap(); map.put(UMacGenerator.CIPHER, Registry.AES_CIPHER); - map.put(UMacGenerator.INDEX, new Integer(ndx)); - map.put(IBlockCipher.CIPHER_BLOCK_SIZE, new Integer(AES_BLOCK_SIZE)); + map.put(UMacGenerator.INDEX, Integer.valueOf(ndx)); + map.put(IBlockCipher.CIPHER_BLOCK_SIZE, Integer.valueOf(AES_BLOCK_SIZE)); final byte[] key = new byte[AES_KEY_SIZE]; System.arraycopy(keyMaterial, 0, key, 0, AES_KEY_SIZE); map.put(IBlockCipher.KEY_MATERIAL, key); - umac = new UMacGenerator(); umac.init(map); - //System.out.println("**** Initialised KDF with: "+gnu.crypto.util.Util.dumpString(key)); } - // Class methods - // ------------------------------------------------------------------------- - /** - * <p>A Factory mehod that returns an instance of a <code>KDF</code> based on - * supplied seed data.</p> - * + * A Factory mehod that returns an instance of a <code>KDF</code> based on + * supplied seed data. + * * @param K the SASL SRP shared secret for a <code>KDF</code> to be used for - * <i>CALG</i> and <i>IALG</i> setup. <code>null</code> otherwise. + * <i>CALG</i> and <i>IALG</i> setup. <code>null</code> otherwise. * @return an instance of a <code>KDF</code>. */ static final KDF getInstance(final byte[] K) @@ -134,36 +113,28 @@ public class KDF return (buffer[0] & 0xFF); } - // Instance methods - // ------------------------------------------------------------------------- - /** - * <p>Returns a designated number of bytes suitable for use in the SASL SRP - * mechanism.</p> - * + * Returns a designated number of bytes suitable for use in the SASL SRP + * mechanism. + * * @param length the number of bytes needed. * @return a byte array containing the generated/selected bytes. */ public synchronized byte[] derive(final int length) { final byte[] result = new byte[length]; - // if (keyMaterial == null || length > keyMaterial.length) { try { umac.nextBytes(result, 0, length); } - catch (IllegalStateException x) - { // should not happen + catch (IllegalStateException x) // should not happen + { x.printStackTrace(System.err); } - catch (LimitReachedException x) - { // idem + catch (LimitReachedException x) // idem + { x.printStackTrace(System.err); } - // } else { - // System.arraycopy(keyMaterial, 0, result, 0, length); - // } - return result; } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/sasl/srp/PasswordFile.java b/libjava/classpath/gnu/javax/crypto/sasl/srp/PasswordFile.java index 1628a4167ab..36888df8724 100644 --- a/libjava/classpath/gnu/javax/crypto/sasl/srp/PasswordFile.java +++ b/libjava/classpath/gnu/javax/crypto/sasl/srp/PasswordFile.java @@ -39,7 +39,6 @@ exception statement from your version. */ package gnu.javax.crypto.sasl.srp; import gnu.java.security.Registry; -import gnu.java.security.hash.IMessageDigest; import gnu.java.security.util.Util; import gnu.javax.crypto.key.srp6.SRPAlgorithm; import gnu.javax.crypto.sasl.NoSuchUserException; @@ -50,9 +49,9 @@ import java.io.File; import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.FileOutputStream; +import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; -import java.io.IOException; import java.io.PrintWriter; import java.io.UnsupportedEncodingException; import java.math.BigInteger; @@ -62,70 +61,58 @@ import java.util.NoSuchElementException; import java.util.StringTokenizer; /** - * <p>The implementation of SRP password files.</p> - * - * <p>For SRP, there are three (3) files: + * The implementation of SRP password files. + * <p> + * For SRP, there are three (3) files: * <ol> - * <li>The password configuration file: tpasswd.conf. It contains the pairs - * <N,g> indexed by a number for each pair used for a user. By default, - * this file's pathname is constructed from the base password file pathname - * by prepending it with the ".conf" suffix.</li> - * - * <li>The base password file: tpasswd. It contains the related password - * entries for all the users with values computed using SRP's default - * message digest algorithm: SHA-1 (with 160-bit output block size).</li> - * - * <li>The extended password file: tpasswd2. Its name, by default, is - * constructed by adding the suffix "2" to the fully qualified pathname of - * the base password file. It contains, in addition to the same fields as - * the base password file, albeit with a different verifier value, an extra - * field identifying the message digest algorithm used to compute this - * (verifier) value.</li> - * </ol></p> - * - * <p>This implementation assumes the following message digest algorithm codes: + * <li>The password configuration file: tpasswd.conf. It contains the pairs + * <N,g> indexed by a number for each pair used for a user. By default, this + * file's pathname is constructed from the base password file pathname by + * prepending it with the ".conf" suffix.</li> + * <li>The base password file: tpasswd. It contains the related password + * entries for all the users with values computed using SRP's default message + * digest algorithm: SHA-1 (with 160-bit output block size).</li> + * <li>The extended password file: tpasswd2. Its name, by default, is + * constructed by adding the suffix "2" to the fully qualified pathname of the + * base password file. It contains, in addition to the same fields as the base + * password file, albeit with a different verifier value, an extra field + * identifying the message digest algorithm used to compute this (verifier) + * value.</li> + * </ol> + * <p> + * This implementation assumes the following message digest algorithm codes: * <ul> - * <li>0: the default hash algorithm, which is SHA-1 (or its alias SHA-160).</li> - * <li>1: MD5.</li> - * <li>2: RIPEMD-128.</li> - * <li>3: RIPEMD-160.</li> - * <li>4: SHA-256.</li> - * <li>5: SHA-384.</li> - * <li>6: SHA-512.</li> - * </ul></p> - * - * <p><b>IMPORTANT:</b> This method computes the verifiers as described in - * RFC-2945, which differs from the description given on the web page for - * SRP-6.</p> - * - * <p>Reference:</p> + * <li>0: the default hash algorithm, which is SHA-1 (or its alias SHA-160).</li> + * <li>1: MD5.</li> + * <li>2: RIPEMD-128.</li> + * <li>3: RIPEMD-160.</li> + * <li>4: SHA-256.</li> + * <li>5: SHA-384.</li> + * <li>6: SHA-512.</li> + * </ul> + * <p> + * <b>IMPORTANT:</b> This method computes the verifiers as described in + * RFC-2945, which differs from the description given on the web page for SRP-6. + * <p> + * Reference: * <ol> - * <li><a href="http://srp.stanford.edu/design.html">SRP Protocol Design</a><br> - * Thomas J. Wu.</li> + * <li><a href="http://srp.stanford.edu/design.html">SRP Protocol Design</a><br> + * Thomas J. Wu.</li> * </ol> */ public class PasswordFile { - - // Constants and variables - // ------------------------------------------------------------------------- - // names of property keys used in this class private static final String USER_FIELD = "user"; - private static final String VERIFIERS_FIELD = "verifier"; - private static final String SALT_FIELD = "salt"; - private static final String CONFIG_FIELD = "config"; - private static String DEFAULT_FILE; static { DEFAULT_FILE = System.getProperty(SRPRegistry.PASSWORD_FILE, SRPRegistry.DEFAULT_PASSWORD_FILE); } - /** The SRP algorithm instances used by this object. */ private static final HashMap srps; static @@ -150,27 +137,19 @@ public class PasswordFile } private String confName, pwName, pw2Name; - private File configFile, passwdFile, passwd2File; - private long lastmodPasswdFile, lastmodPasswd2File; - private HashMap entries = new HashMap(); - private HashMap configurations = new HashMap(); - // default N values to use when creating a new password.conf file private static final BigInteger[] Nsrp = new BigInteger[] { - SRPAlgorithm.N_2048, - SRPAlgorithm.N_1536, - SRPAlgorithm.N_1280, - SRPAlgorithm.N_1024, - SRPAlgorithm.N_768, - SRPAlgorithm.N_640, - SRPAlgorithm.N_512 }; - - // Constructor(s) - // ------------------------------------------------------------------------- + SRPAlgorithm.N_2048, + SRPAlgorithm.N_1536, + SRPAlgorithm.N_1280, + SRPAlgorithm.N_1024, + SRPAlgorithm.N_768, + SRPAlgorithm.N_640, + SRPAlgorithm.N_512 }; public PasswordFile() throws IOException { @@ -206,63 +185,43 @@ public class PasswordFile update(); } - // Class methods - // ------------------------------------------------------------------------- - /** - * <p>Returns a string representing the decimal value of an integer - * identifying the message digest algorithm to use for the SRP computations. - * </p> - * + * Returns a string representing the decimal value of an integer identifying + * the message digest algorithm to use for the SRP computations. + * * @param mdName the canonical name of a message digest algorithm. * @return a string representing the decimal value of an ID for that - * algorithm. + * algorithm. */ private static final String nameToID(final String mdName) { if (Registry.SHA_HASH.equalsIgnoreCase(mdName) || Registry.SHA1_HASH.equalsIgnoreCase(mdName) || Registry.SHA160_HASH.equalsIgnoreCase(mdName)) - { - return "0"; - } + return "0"; else if (Registry.MD5_HASH.equalsIgnoreCase(mdName)) - { - return "1"; - } + return "1"; else if (Registry.RIPEMD128_HASH.equalsIgnoreCase(mdName)) - { - return "2"; - } + return "2"; else if (Registry.RIPEMD160_HASH.equalsIgnoreCase(mdName)) - { - return "3"; - } + return "3"; else if (Registry.SHA256_HASH.equalsIgnoreCase(mdName)) - { - return "4"; - } + return "4"; else if (Registry.SHA384_HASH.equalsIgnoreCase(mdName)) - { - return "5"; - } + return "5"; else if (Registry.SHA512_HASH.equalsIgnoreCase(mdName)) - { - return "6"; - } + return "6"; return "0"; } - // SRP password configuration file methods --------------------------------- - /** - * <p>Checks if the current configuration file contains the <N, g> pair - * for the designated <code>index</code>.</p> - * + * Checks if the current configuration file contains the <N, g> pair for + * the designated <code>index</code>. + * * @param index a string representing 1-digit identification of an <N, g> - * pair used. - * @return <code>true</code> if the designated <code>index</code> is that of - * a known <N, g> pair, and <code>false</code> otherwise. + * pair used. + * @return <code>true</code> if the designated <code>index</code> is that + * of a known <N, g> pair, and <code>false</code> otherwise. * @throws IOException if an exception occurs during the process. * @see SRPRegistry#N_2048_BITS * @see SRPRegistry#N_1536_BITS @@ -280,16 +239,16 @@ public class PasswordFile } /** - * <p>Returns a pair of strings representing the pair of <code>N</code> and - * <code>g</code> MPIs for the designated <code>index</code>.</p> - * + * Returns a pair of strings representing the pair of <code>N</code> and + * <code>g</code> MPIs for the designated <code>index</code>. + * * @param index a string representing 1-digit identification of an <N, g> - * pair to look up. + * pair to look up. * @return a pair of strings, arranged in an array, where the first (at index - * position #0) is the repesentation of the MPI <code>N</code>, and the - * second (at index position #1) is the representation of the MPI - * <code>g</code>. If the <code>index</code> refers to an unknown pair, then - * an empty string array is returned. + * position #0) is the repesentation of the MPI <code>N</code>, and + * the second (at index position #1) is the representation of the MPI + * <code>g</code>. If the <code>index</code> refers to an unknown + * pair, then an empty string array is returned. * @throws IOException if an exception occurs during the process. */ public synchronized String[] lookupConfig(final String index) @@ -298,14 +257,10 @@ public class PasswordFile checkCurrent(); String[] result = null; if (configurations.containsKey(index)) - { - result = (String[]) configurations.get(index); - } + result = (String[]) configurations.get(index); return result; } - // SRP base and extended password configuration files methods -------------- - public synchronized boolean contains(final String user) throws IOException { checkCurrent(); @@ -318,9 +273,7 @@ public class PasswordFile { checkCurrent(); if (entries.containsKey(user)) - { - throw new UserAlreadyExistsException(user); - } + throw new UserAlreadyExistsException(user); final HashMap fields = new HashMap(4); fields.put(USER_FIELD, user); // 0 fields.put(VERIFIERS_FIELD, newVerifiers(user, salt, passwd, index)); // 1 @@ -334,10 +287,8 @@ public class PasswordFile throws IOException { checkCurrent(); - if (!entries.containsKey(user)) - { - throw new NoSuchUserException(user); - } + if (! entries.containsKey(user)) + throw new NoSuchUserException(user); final HashMap fields = (HashMap) entries.get(user); final byte[] salt; try @@ -369,27 +320,23 @@ public class PasswordFile finally { if (pw1 != null) - { - try - { - pw1.flush(); - } - finally - { - pw1.close(); - } - } + try + { + pw1.flush(); + } + finally + { + pw1.close(); + } if (pw2 != null) - { - try - { - pw2.flush(); - } - finally - { - pw2.close(); - } - } + try + { + pw2.flush(); + } + finally + { + pw2.close(); + } try { f1.close(); @@ -410,24 +357,22 @@ public class PasswordFile } /** - * <p>Returns the triplet: verifier, salt and configuration file index, of a + * Returns the triplet: verifier, salt and configuration file index, of a * designated user, and a designated message digest algorithm name, as an - * array of strings.</p> - * + * array of strings. + * * @param user the username. * @param mdName the canonical name of the SRP's message digest algorithm. * @return a string array containing, in this order, the BASE-64 encodings of - * the verifier, the salt and the index in the password configuration file of - * the MPIs N and g of the designated user. + * the verifier, the salt and the index in the password configuration + * file of the MPIs N and g of the designated user. */ public synchronized String[] lookup(final String user, final String mdName) throws IOException { checkCurrent(); - if (!entries.containsKey(user)) - { - throw new NoSuchUserException(user); - } + if (! entries.containsKey(user)) + throw new NoSuchUserException(user); final HashMap fields = (HashMap) entries.get(user); final HashMap verifiers = (HashMap) fields.get(VERIFIERS_FIELD); final String salt = (String) fields.get(SALT_FIELD); @@ -436,8 +381,6 @@ public class PasswordFile return new String[] { verifier, salt, index }; } - // Other instance methods -------------------------------------------------- - private synchronized void readOrCreateConf() throws IOException { configurations.clear(); @@ -469,13 +412,9 @@ public class PasswordFile finally { if (pw0 != null) - { - pw0.close(); - } + pw0.close(); else if (f0 != null) - { - f0.close(); - } + f0.close(); } } } @@ -511,26 +450,27 @@ public class PasswordFile { ndx = (String) it.next(); mpi = (String[]) configurations.get(ndx); - sb = new StringBuffer(ndx).append(":").append(mpi[0]).append(":").append( - mpi[1]); + sb = new StringBuffer(ndx) + .append(":").append(mpi[0]) + .append(":").append(mpi[1]); pw.println(sb.toString()); } } /** - * <p>Compute the new verifiers for the designated username and password.</p> - * - * <p><b>IMPORTANT:</b> This method computes the verifiers as described in + * Compute the new verifiers for the designated username and password. + * <p> + * <b>IMPORTANT:</b> This method computes the verifiers as described in * RFC-2945, which differs from the description given on the web page for - * SRP-6.</p> - * + * SRP-6. + * * @param user the user's name. * @param s the user's salt. * @param password the user's password * @param index the index of the <N, g> pair to use for this user. * @return a {@link java.util.Map} of user verifiers. * @throws UnsupportedEncodingException if the US-ASCII decoder is not - * available on this platform. + * available on this platform. */ private HashMap newVerifiers(final String user, final byte[] s, final String password, final String index) @@ -540,7 +480,6 @@ public class PasswordFile final String[] mpi = (String[]) configurations.get(index); final BigInteger N = new BigInteger(1, Util.fromBase64(mpi[0])); final BigInteger g = new BigInteger(1, Util.fromBase64(mpi[1])); - final HashMap result = new HashMap(srps.size()); BigInteger x, v; SRP srp; @@ -551,7 +490,6 @@ public class PasswordFile x = new BigInteger(1, srp.computeX(s, user, password)); v = g.modPow(x, N); final String verifier = Util.toBase64(v.toByteArray()); - result.put(digestID, verifier); } return result; @@ -560,7 +498,6 @@ public class PasswordFile private synchronized void update() throws IOException { entries.clear(); - FileInputStream fis; passwdFile = new File(pwName); lastmodPasswdFile = passwdFile.lastModified(); @@ -588,9 +525,7 @@ public class PasswordFile { if (passwdFile.lastModified() > lastmodPasswdFile || passwd2File.lastModified() > lastmodPasswd2File) - { - update(); - } + update(); } private void readPasswd(final InputStream in) throws IOException @@ -612,16 +547,13 @@ public class PasswordFile { throw new IOException("SRP base password file corrupt"); } - final HashMap verifiers = new HashMap(6); verifiers.put("0", verifier); - final HashMap fields = new HashMap(4); fields.put(USER_FIELD, user); fields.put(VERIFIERS_FIELD, verifiers); fields.put(SALT_FIELD, salt); fields.put(CONFIG_FIELD, index); - entries.put(user, fields); } } @@ -645,7 +577,6 @@ public class PasswordFile { throw new IOException("SRP extended password file corrupt"); } - fields = (HashMap) entries.get(user); if (fields != null) { @@ -667,33 +598,28 @@ public class PasswordFile { user = (String) i.next(); fields = (HashMap) entries.get(user); - if (!user.equals(fields.get(USER_FIELD))) - { - throw new IOException("Inconsistent SRP password data"); - } + if (! user.equals(fields.get(USER_FIELD))) + throw new IOException("Inconsistent SRP password data"); verifiers = (HashMap) fields.get(VERIFIERS_FIELD); - sb1 = new StringBuffer().append(user).append(":").append( - (String) verifiers.get("0")).append( - ":").append( - (String) fields.get(SALT_FIELD)).append( - ":").append( - (String) fields.get(CONFIG_FIELD)); + sb1 = new StringBuffer(user) + .append(":").append((String) verifiers.get("0")) + .append(":").append((String) fields.get(SALT_FIELD)) + .append(":").append((String) fields.get(CONFIG_FIELD)); pw1.println(sb1.toString()); // write extended information j = verifiers.keySet().iterator(); while (j.hasNext()) { digestID = (String) j.next(); - if (!"0".equals(digestID)) + if (! "0".equals(digestID)) { // #0 is the default digest, already present in tpasswd! - sb2 = new StringBuffer().append(digestID).append(":").append( - user).append( - ":").append( - (String) verifiers.get(digestID)); + sb2 = new StringBuffer(digestID) + .append(":").append(user) + .append(":").append((String) verifiers.get(digestID)); pw2.println(sb2.toString()); } } } } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/sasl/srp/SRP.java b/libjava/classpath/gnu/javax/crypto/sasl/srp/SRP.java index d3eb596d4c3..437e42a5a83 100644 --- a/libjava/classpath/gnu/javax/crypto/sasl/srp/SRP.java +++ b/libjava/classpath/gnu/javax/crypto/sasl/srp/SRP.java @@ -47,27 +47,18 @@ import java.math.BigInteger; import java.util.HashMap; /** - * <p>A Factory class that returns SRP Singletons that know all SRP-related + * A Factory class that returns SRP Singletons that know all SRP-related * mathematical computations and protocol-related operations for both the - * client- and server-sides.</p> + * client- and server-sides. */ public final class SRP { - - // Constants and variables - // -------------------------------------------------------------------------- - /** The map of already instantiated SRP algorithm instances. */ private static final HashMap algorithms = new HashMap(); - private static final byte COLON = (byte) 0x3A; - /** The underlying message digest algorithm used for all SRP calculations. */ private IMessageDigest mda; - // Constructor(s) - // -------------------------------------------------------------------------- - /** Trivial private constructor to enforce Singleton pattern. */ private SRP(final IMessageDigest mda) { @@ -76,25 +67,18 @@ public final class SRP this.mda = mda; } - // Class methods - // ------------------------------------------------------------------------- - /** - * <p>Returns an instance of this object that uses the designated message - * digest algorithm as its digest function.</p> - * + * Returns an instance of this object that uses the designated message digest + * algorithm as its digest function. + * * @return an instance of this object for the designated digest name. */ public static synchronized SRP instance(String mdName) { if (mdName != null) - { - mdName = mdName.trim().toLowerCase(); - } + mdName = mdName.trim().toLowerCase(); if (mdName == null || mdName.equals("")) - { - mdName = SRPRegistry.SRP_DEFAULT_DIGEST_NAME; - } + mdName = SRPRegistry.SRP_DEFAULT_DIGEST_NAME; SRP result = (SRP) algorithms.get(mdName); if (result == null) { @@ -110,31 +94,24 @@ public final class SRP { final byte[] result = new byte[length]; for (int i = 0; i < length; ++i) - { - result[i] = (byte) (b1[i] ^ b2[i]); - } + result[i] = (byte)(b1[i] ^ b2[i]); return result; } - // Instance methods - // ------------------------------------------------------------------------- - /** @return the message digest algorithm name used by this instance. */ public String getAlgorithm() { return mda.name(); } - // Message Digest algorithm related methods -------------------------------- - /** - * <p>Returns a new instance of the SRP message digest algorithm --which is + * Returns a new instance of the SRP message digest algorithm --which is * SHA-160 by default, but could be anything else provided the proper - * conditions as specified in the SRP specifications.</p> - * + * conditions as specified in the SRP specifications. + * * @return a new instance of the underlying SRP message digest algorithm. * @throws RuntimeException if the implementation of the message digest - * algorithm does not support cloning. + * algorithm does not support cloning. */ public IMessageDigest newDigest() { @@ -142,12 +119,12 @@ public final class SRP } /** - * <p>Convenience method to return the result of digesting the designated - * input with a new instance of the SRP message digest algorithm.</p> - * + * Convenience method to return the result of digesting the designated input + * with a new instance of the SRP message digest algorithm. + * * @param src some bytes to digest. - * @return the bytes constituting the result of digesting the designated - * input with a new instance of the SRP message digest algorithm. + * @return the bytes constituting the result of digesting the designated input + * with a new instance of the SRP message digest algorithm. */ public byte[] digest(final byte[] src) { @@ -157,13 +134,13 @@ public final class SRP } /** - * <p>Convenience method to return the result of digesting the designated - * input with a new instance of the SRP message digest algorithm.</p> - * + * Convenience method to return the result of digesting the designated input + * with a new instance of the SRP message digest algorithm. + * * @param src a String whose bytes (using US-ASCII encoding) are to be - * digested. - * @return the bytes constituting the result of digesting the designated - * input with a new instance of the SRP message digest algorithm. + * digested. + * @return the bytes constituting the result of digesting the designated input + * with a new instance of the SRP message digest algorithm. * @throws UnsupportedEncodingException if US-ASCII charset is not found. */ public byte[] digest(final String src) throws UnsupportedEncodingException @@ -171,17 +148,15 @@ public final class SRP return digest(src.getBytes("US-ASCII")); } - // Other methods ----------------------------------------------------------- - /** - * <p>Convenience method to XOR N bytes from two arrays; N being the output - * size of the SRP message digest algorithm.</p> - * + * Convenience method to XOR N bytes from two arrays; N being the output size + * of the SRP message digest algorithm. + * * @param a the first byte array. * @param b the second one. * @return N bytes which are the result of the XOR operations on the first N - * bytes from the designated arrays. N is the size of the SRP message digest - * algorithm; eg. 20 for SHA-160. + * bytes from the designated arrays. N is the size of the SRP message + * digest algorithm; eg. 20 for SHA-160. */ public byte[] xor(final byte[] a, final byte[] b) { @@ -212,7 +187,6 @@ public final class SRP hash.update(b, 0, b.length); hash.update(cn, 0, cn.length); hash.update(cCB, 0, cCB.length); - return hash.digest(); } @@ -235,14 +209,13 @@ public final class SRP b = digest(o); hash.update(b, 0, b.length); hash.update(sid, 0, sid.length); - hash.update((byte) (ttl >>> 24)); - hash.update((byte) (ttl >>> 16)); - hash.update((byte) (ttl >>> 8)); + hash.update((byte)(ttl >>> 24)); + hash.update((byte)(ttl >>> 16)); + hash.update((byte)(ttl >>> 8)); hash.update((byte) ttl); hash.update(cIV, 0, cIV.length); hash.update(sIV, 0, sIV.length); hash.update(sCB, 0, sCB.length); - return hash.digest(); } @@ -252,7 +225,6 @@ public final class SRP hash.update(K, 0, K.length); hash.update(cn, 0, cn.length); hash.update(sn, 0, sn.length); - return hash.digest(); } @@ -276,10 +248,8 @@ public final class SRP hash.update(COLON); hash.update(p, 0, p.length); final byte[] up = hash.digest(); - hash.update(s, 0, s.length); hash.update(up, 0, up.length); - return hash.digest(); } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/sasl/srp/SRPAuthInfoProvider.java b/libjava/classpath/gnu/javax/crypto/sasl/srp/SRPAuthInfoProvider.java index 9ea21efb6c2..3a43a94a0b5 100644 --- a/libjava/classpath/gnu/javax/crypto/sasl/srp/SRPAuthInfoProvider.java +++ b/libjava/classpath/gnu/javax/crypto/sasl/srp/SRPAuthInfoProvider.java @@ -50,37 +50,21 @@ import java.util.Map; import javax.security.sasl.AuthenticationException; /** - * <p>The SRP mechanism authentication information provider implementation.</p> + * The SRP mechanism authentication information provider implementation. */ -public class SRPAuthInfoProvider implements IAuthInfoProvider +public class SRPAuthInfoProvider + implements IAuthInfoProvider { - - // Constants and variables - // ------------------------------------------------------------------------- - private PasswordFile passwordFile = null; - // Constructor(s) - // ------------------------------------------------------------------------- - // implicit 0-args constrcutor - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - - // IAuthInfoProvider interface implementation ------------------------------ - public void activate(Map context) throws AuthenticationException { try { if (context == null) - { - passwordFile = new PasswordFile(); - } + passwordFile = new PasswordFile(); else { passwordFile = (PasswordFile) context.get(SRPRegistry.PASSWORD_DB); @@ -88,13 +72,9 @@ public class SRPAuthInfoProvider implements IAuthInfoProvider { String pfn = (String) context.get(SRPRegistry.PASSWORD_FILE); if (pfn == null) - { - passwordFile = new PasswordFile(); - } + passwordFile = new PasswordFile(); else - { - passwordFile = new PasswordFile(pfn); - } + passwordFile = new PasswordFile(pfn); } } } @@ -112,10 +92,8 @@ public class SRPAuthInfoProvider implements IAuthInfoProvider public boolean contains(String userName) throws AuthenticationException { if (passwordFile == null) - { - throw new AuthenticationException("contains()", - new IllegalStateException()); - } + throw new AuthenticationException("contains()", + new IllegalStateException()); boolean result = false; try { @@ -131,20 +109,14 @@ public class SRPAuthInfoProvider implements IAuthInfoProvider public Map lookup(Map userID) throws AuthenticationException { if (passwordFile == null) - { - throw new AuthenticationException("lookup()", - new IllegalStateException()); - } + throw new AuthenticationException("lookup()", new IllegalStateException()); Map result = new HashMap(); try { String userName = (String) userID.get(Registry.SASL_USERNAME); if (userName == null) - { - throw new NoSuchUserException(""); - } + throw new NoSuchUserException(""); String mdName = (String) userID.get(SRPRegistry.MD_NAME_FIELD); - String[] data = passwordFile.lookup(userName, mdName); result.put(SRPRegistry.USER_VERIFIER_FIELD, data[0]); result.put(SRPRegistry.SALT_FIELD, data[1]); @@ -153,9 +125,7 @@ public class SRPAuthInfoProvider implements IAuthInfoProvider catch (Exception x) { if (x instanceof AuthenticationException) - { - throw (AuthenticationException) x; - } + throw (AuthenticationException) x; throw new AuthenticationException("lookup()", x); } return result; @@ -165,7 +135,6 @@ public class SRPAuthInfoProvider implements IAuthInfoProvider { if (passwordFile == null) throw new AuthenticationException("update()", new IllegalStateException()); - try { String userName = (String) userCredentials.get(Registry.SASL_USERNAME); @@ -173,20 +142,14 @@ public class SRPAuthInfoProvider implements IAuthInfoProvider String salt = (String) userCredentials.get(SRPRegistry.SALT_FIELD); String config = (String) userCredentials.get(SRPRegistry.CONFIG_NDX_FIELD); if (salt == null || config == null) - { - passwordFile.changePasswd(userName, password); - } + passwordFile.changePasswd(userName, password); else - { - passwordFile.add(userName, password, Util.fromBase64(salt), config); - } + passwordFile.add(userName, password, Util.fromBase64(salt), config); } catch (Exception x) { if (x instanceof AuthenticationException) - { - throw (AuthenticationException) x; - } + throw (AuthenticationException) x; throw new AuthenticationException("update()", x); } } @@ -194,10 +157,8 @@ public class SRPAuthInfoProvider implements IAuthInfoProvider public Map getConfiguration(String mode) throws AuthenticationException { if (passwordFile == null) - { - throw new AuthenticationException("getConfiguration()", - new IllegalStateException()); - } + throw new AuthenticationException("getConfiguration()", + new IllegalStateException()); Map result = new HashMap(); try { @@ -208,11 +169,9 @@ public class SRPAuthInfoProvider implements IAuthInfoProvider catch (Exception x) { if (x instanceof AuthenticationException) - { - throw (AuthenticationException) x; - } + throw (AuthenticationException) x; throw new AuthenticationException("getConfiguration()", x); } return result; } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/sasl/srp/SRPClient.java b/libjava/classpath/gnu/javax/crypto/sasl/srp/SRPClient.java index 1a1664ff79d..f4ef4cc34c1 100644 --- a/libjava/classpath/gnu/javax/crypto/sasl/srp/SRPClient.java +++ b/libjava/classpath/gnu/javax/crypto/sasl/srp/SRPClient.java @@ -38,151 +38,91 @@ exception statement from your version. */ package gnu.javax.crypto.sasl.srp; +import gnu.java.security.Configuration; import gnu.java.security.Registry; import gnu.java.security.hash.MD5; import gnu.java.security.util.PRNG; import gnu.java.security.util.Util; - +import gnu.javax.crypto.assembly.Direction; +import gnu.javax.crypto.cipher.CipherFactory; +import gnu.javax.crypto.cipher.IBlockCipher; import gnu.javax.crypto.key.IKeyAgreementParty; import gnu.javax.crypto.key.IncomingMessage; -import gnu.javax.crypto.key.KeyAgreementFactory; import gnu.javax.crypto.key.KeyAgreementException; +import gnu.javax.crypto.key.KeyAgreementFactory; import gnu.javax.crypto.key.OutgoingMessage; import gnu.javax.crypto.key.srp6.SRP6KeyAgreement; -import gnu.javax.crypto.assembly.Direction; -import gnu.javax.crypto.cipher.CipherFactory; -import gnu.javax.crypto.cipher.IBlockCipher; import gnu.javax.crypto.sasl.ClientMechanism; import gnu.javax.crypto.sasl.IllegalMechanismStateException; import gnu.javax.crypto.sasl.InputBuffer; import gnu.javax.crypto.sasl.IntegrityException; import gnu.javax.crypto.sasl.OutputBuffer; - import gnu.javax.security.auth.Password; -import java.io.IOException; -import java.io.PrintWriter; import java.io.ByteArrayOutputStream; +import java.io.IOException; import java.io.UnsupportedEncodingException; import java.math.BigInteger; import java.security.NoSuchAlgorithmException; import java.util.Arrays; import java.util.HashMap; import java.util.StringTokenizer; +import java.util.logging.Logger; +import javax.security.auth.DestroyFailedException; import javax.security.auth.callback.Callback; import javax.security.auth.callback.NameCallback; import javax.security.auth.callback.PasswordCallback; import javax.security.auth.callback.UnsupportedCallbackException; -import javax.security.auth.DestroyFailedException; import javax.security.sasl.AuthenticationException; import javax.security.sasl.SaslClient; import javax.security.sasl.SaslException; /** - * <p>The SASL-SRP client-side mechanism.</p> + * The SASL-SRP client-side mechanism. */ -public class SRPClient extends ClientMechanism implements SaslClient +public class SRPClient + extends ClientMechanism + implements SaslClient { - - // Debugging methods and variables - // ------------------------------------------------------------------------- - - private static final String NAME = "SRPClient"; - - // private static final String ERROR = "ERROR"; - // private static final String WARN = " WARN"; - private static final String INFO = " INFO"; - - private static final String TRACE = "DEBUG"; - - private static final boolean DEBUG = true; - - private static final int debuglevel = 3; - - private static final PrintWriter err = new PrintWriter(System.out, true); - - private static void debug(final String level, final Object obj) - { - err.println("[" + level + "] " + NAME + ": " + String.valueOf(obj)); - } - - // Constants and variables - // ------------------------------------------------------------------------- - - // private static final HashMap uid2ctx = new HashMap(); - + private static final Logger log = Logger.getLogger(SRPClient.class.getName()); private String uid; // the unique key for this type of client - private String U; // the authentication identity - BigInteger N, g, A, B; - private Password password; // the authentication credentials - private byte[] s; // the user's salt - private byte[] cIV, sIV; // client+server IVs, when confidentiality is on - private byte[] M1, M2; // client+server evidences - private byte[] cn, sn; // client's and server's nonce - private SRP srp; // SRP algorithm instance used by this client - private byte[] sid; // session ID when re-used - private int ttl; // session time-to-live in seconds - private byte[] sCB; // the peer's channel binding data - private String L; // available options - private String o; - private String chosenIntegrityAlgorithm; - private String chosenConfidentialityAlgorithm; - private int rawSendSize = Registry.SASL_BUFFER_MAX_LIMIT; - private byte[] K; // shared session key - private boolean replayDetection = true; // whether Replay Detection is on - private int inCounter = 0; // messages sequence numbers - private int outCounter = 0; - private IALG inMac, outMac; // if !null, use for integrity - private CALG inCipher, outCipher; // if !null, use for confidentiality - - private IKeyAgreementParty clientHandler = KeyAgreementFactory.getPartyAInstance(Registry.SRP_SASL_KA); - + private IKeyAgreementParty clientHandler = + KeyAgreementFactory.getPartyAInstance(Registry.SRP_SASL_KA); /** Our default source of randomness. */ private PRNG prng = null; - // Constructor(s) - // ------------------------------------------------------------------------- - public SRPClient() { super(Registry.SASL_SRP_MECHANISM); } - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - - // abstract methods implementation ----------------------------------------- - protected void initMechanism() throws SaslException { - // we shall keep track of the sid (and the security context of this - // SRP client) based on the initialisation parameters of an SRP session. + // we shall keep track of the sid (and the security context of this SRP + // client) based on the initialisation parameters of an SRP session. // we shall compute a unique key for those parameters and key the sid // (and the security context) accordingly. // 1. compute the mapping key. use MD5 (the fastest) for this purpose @@ -195,9 +135,8 @@ public class SRPClient extends ClientMechanism implements SaslClient b = protocol.getBytes(); md.update(b, 0, b.length); if (channelBinding.length > 0) - { - md.update(channelBinding, 0, channelBinding.length); - } + md.update(channelBinding, 0, channelBinding.length); + uid = Util.toBase64(md.digest()); if (ClientStore.instance().isAlive(uid)) { @@ -246,15 +185,12 @@ public class SRPClient extends ClientMechanism implements SaslClient sIV = null; inMac = outMac = null; inCipher = outCipher = null; - sid = null; ttl = 0; cn = null; sn = null; } - // javax.security.sasl.SaslClient interface implementation ----------------- - public boolean hasInitialResponse() { return true; @@ -282,7 +218,7 @@ public class SRPClient extends ClientMechanism implements SaslClient } return result; case 2: // should only occur if session re-use was rejected - if (!complete) + if (! complete) { state++; return receiveEvidence(challenge); @@ -296,211 +232,139 @@ public class SRPClient extends ClientMechanism implements SaslClient protected byte[] engineUnwrap(final byte[] incoming, final int offset, final int len) throws SaslException { - if (DEBUG && debuglevel > 8) - debug(TRACE, "==> engineUnwrap()"); - + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "engineUnwrap"); if (inMac == null && inCipher == null) - { - throw new IllegalStateException("connection is not protected"); - } - + throw new IllegalStateException("connection is not protected"); // at this point one, or both, of confidentiality and integrity protection // services are active. - final byte[] result; try { - // final InputBuffer frameIn = InputBuffer.getInstance(incoming, offset, len); - // result = frameIn.getEOS(); if (inMac != null) { // integrity bytes are at the end of the stream final int macBytesCount = inMac.length(); final int payloadLength = len - macBytesCount; - // final byte[] received_mac = frameIn.getOS(); final byte[] received_mac = new byte[macBytesCount]; System.arraycopy(incoming, offset + payloadLength, received_mac, 0, macBytesCount); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got C (received MAC): " - + Util.dumpString(received_mac)); - // inMac.update(result); + if (Configuration.DEBUG) + log.fine("Got C (received MAC): " + Util.dumpString(received_mac)); inMac.update(incoming, offset, payloadLength); if (replayDetection) { inCounter++; - if (DEBUG && debuglevel > 6) - debug(TRACE, "inCounter=" + String.valueOf(inCounter)); - inMac.update(new byte[] { (byte) (inCounter >>> 24), - (byte) (inCounter >>> 16), - (byte) (inCounter >>> 8), - (byte) inCounter }); + if (Configuration.DEBUG) + log.fine("inCounter=" + inCounter); + inMac.update(new byte[] { + (byte)(inCounter >>> 24), + (byte)(inCounter >>> 16), + (byte)(inCounter >>> 8), + (byte) inCounter }); } - final byte[] computed_mac = inMac.doFinal(); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Computed MAC: " + Util.dumpString(computed_mac)); - if (!Arrays.equals(received_mac, computed_mac)) - { - throw new IntegrityException("engineUnwrap()"); - } - + if (Configuration.DEBUG) + log.fine("Computed MAC: " + Util.dumpString(computed_mac)); + if (! Arrays.equals(received_mac, computed_mac)) + throw new IntegrityException("engineUnwrap()"); // deal with the payload, which can be either plain or encrypted if (inCipher != null) - { - result = inCipher.doFinal(incoming, offset, payloadLength); - } + result = inCipher.doFinal(incoming, offset, payloadLength); else { result = new byte[len - macBytesCount]; System.arraycopy(incoming, offset, result, 0, result.length); } } - else - { // no integrity protection; just confidentiality - // if (inCipher != null) { - result = inCipher.doFinal(incoming, offset, len); - // } else { - // result = new byte[len]; - // System.arraycopy(incoming, offset, result, 0, len); - // } - } - // if (inCipher != null) { - // result = inCipher.doFinal(result); - // } + else // no integrity protection; just confidentiality + result = inCipher.doFinal(incoming, offset, len); } catch (IOException x) { if (x instanceof SaslException) - { - throw (SaslException) x; - } + throw (SaslException) x; throw new SaslException("engineUnwrap()", x); } - - if (DEBUG && debuglevel > 8) - debug(TRACE, "<== engineUnwrap()"); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "engineUnwrap"); return result; } protected byte[] engineWrap(final byte[] outgoing, final int offset, final int len) throws SaslException { - if (DEBUG && debuglevel > 8) - debug(TRACE, "==> engineWrap()"); - + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "engineWrap"); if (outMac == null && outCipher == null) - { - throw new IllegalStateException("connection is not protected"); - } - + throw new IllegalStateException("connection is not protected"); // at this point one, or both, of confidentiality and integrity protection // services are active. - - // byte[] data = new byte[len]; - // System.arraycopy(outgoing, offset, data, 0, len); byte[] result; try { - // OutputBuffer frameOut = new OutputBuffer(); final ByteArrayOutputStream out = new ByteArrayOutputStream(); // Process the data if (outCipher != null) { - // data = outCipher.doFinal(data); result = outCipher.doFinal(outgoing, offset, len); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Encoding c (encrypted plaintext): " - + Util.dumpString(result)); - - // frameOut.setEOS(data); + if (Configuration.DEBUG) + log.fine("Encoding c (encrypted plaintext): " + + Util.dumpString(result)); out.write(result); - if (outMac != null) { outMac.update(result); if (replayDetection) { outCounter++; - if (DEBUG && debuglevel > 6) - debug(TRACE, "outCounter=" + String.valueOf(outCounter)); - outMac.update(new byte[] { (byte) (outCounter >>> 24), - (byte) (outCounter >>> 16), - (byte) (outCounter >>> 8), - (byte) outCounter }); + if (Configuration.DEBUG) + log.fine("outCounter=" + outCounter); + outMac.update(new byte[] { + (byte)(outCounter >>> 24), + (byte)(outCounter >>> 16), + (byte)(outCounter >>> 8), + (byte) outCounter }); } final byte[] C = outMac.doFinal(); - // frameOut.setOS(C); out.write(C); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Encoding C (integrity checksum): " - + Util.dumpString(C)); - } // else confidentiality only; do nothing + if (Configuration.DEBUG) + log.fine("Encoding C (integrity checksum): " + Util.dumpString(C)); + } + // else confidentiality only; do nothing } - else - { // no confidentiality; just integrity [+ replay detection] - // if (DEBUG && debuglevel > 6) debug(TRACE, "Encoding p (plaintext): "+Util.dumpString(data)); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Encoding p (plaintext): " - + Util.dumpString(outgoing, offset, len)); - - // frameOut.setEOS(data); + else // no confidentiality; just integrity [+ replay detection] + { + if (Configuration.DEBUG) + log.fine("Encoding p (plaintext): " + + Util.dumpString(outgoing, offset, len)); out.write(outgoing, offset, len); - - // if (outMac != null) { - // outMac.update(data); outMac.update(outgoing, offset, len); if (replayDetection) { outCounter++; - if (DEBUG && debuglevel > 6) - debug(TRACE, "outCounter=" + String.valueOf(outCounter)); - outMac.update(new byte[] { (byte) (outCounter >>> 24), - (byte) (outCounter >>> 16), - (byte) (outCounter >>> 8), - (byte) outCounter }); + if (Configuration.DEBUG) + log.fine("outCounter=" + outCounter); + outMac.update(new byte[] { + (byte)(outCounter >>> 24), + (byte)(outCounter >>> 16), + (byte)(outCounter >>> 8), + (byte) outCounter }); } final byte[] C = outMac.doFinal(); - // frameOut.setOS(C); out.write(C); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Encoding C (integrity checksum): " - + Util.dumpString(C)); - // } + if (Configuration.DEBUG) + log.fine("Encoding C (integrity checksum): " + Util.dumpString(C)); } - - // frameOut.setEOS(data); - // - // if (outMac != null) { - // outMac.update(data); - // if (replayDetection) { - // outCounter++; - // if (DEBUG && debuglevel > 6) debug(TRACE, "outCounter="+String.valueOf(outCounter)); - // outMac.update(new byte[] { - // (byte)(outCounter >>> 24), - // (byte)(outCounter >>> 16), - // (byte)(outCounter >>> 8), - // (byte) outCounter }); - // } - // byte[] C = outMac.doFinal(); - // frameOut.setOS(C); - // if (DEBUG && debuglevel > 6) debug(TRACE, "Encoding C (integrity checksum): "+Util.dumpString(C)); - // } - - // result = frameOut.wrap(); result = out.toByteArray(); - } catch (IOException x) { if (x instanceof SaslException) - { - throw (SaslException) x; - } + throw (SaslException) x; throw new SaslException("engineWrap()", x); } - - if (DEBUG && debuglevel > 8) - debug(TRACE, "<== engineWrap()"); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "engineWrap"); return result; } @@ -509,13 +373,8 @@ public class SRPClient extends ClientMechanism implements SaslClient if (inMac != null) { if (inCipher != null) - { - return Registry.QOP_AUTH_CONF; - } - else - { - return Registry.QOP_AUTH_INT; - } + return Registry.QOP_AUTH_CONF; + return Registry.QOP_AUTH_INT; } return Registry.QOP_AUTH; } @@ -525,13 +384,8 @@ public class SRPClient extends ClientMechanism implements SaslClient if (inMac != null) { if (inCipher != null) - { - return Registry.STRENGTH_HIGH; - } - else - { - return Registry.STRENGTH_MEDIUM; - } + return Registry.STRENGTH_HIGH; + return Registry.STRENGTH_MEDIUM; } return Registry.STRENGTH_LOW; } @@ -546,23 +400,18 @@ public class SRPClient extends ClientMechanism implements SaslClient return Registry.REUSE_TRUE; } - // other methods ----------------------------------------------------------- - private byte[] sendIdentities() throws SaslException { - if (DEBUG && debuglevel > 8) - debug(TRACE, "==> sendIdentities()"); - + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "sendIdentities"); // If necessary, prompt the client for the username and password getUsernameAndPassword(); - - if (DEBUG && debuglevel > 6) - debug(TRACE, "Password: \"" + new String(password.getPassword()) + "\""); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Encoding U (username): \"" + U + "\""); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Encoding I (userid): \"" + authorizationID + "\""); - + if (Configuration.DEBUG) + { + log.fine("Password: \"" + new String(password.getPassword()) + "\""); + log.fine("Encoding U (username): \"" + U + "\""); + log.fine("Encoding I (userid): \"" + authorizationID + "\""); + } // if session re-use generate new 16-byte nonce if (sid.length != 0) { @@ -570,10 +419,7 @@ public class SRPClient extends ClientMechanism implements SaslClient getDefaultPRNG().nextBytes(cn); } else - { - cn = new byte[0]; - } - + cn = new byte[0]; final OutputBuffer frameOut = new OutputBuffer(); try { @@ -586,36 +432,30 @@ public class SRPClient extends ClientMechanism implements SaslClient catch (IOException x) { if (x instanceof SaslException) - { - throw (SaslException) x; - } + throw (SaslException) x; throw new AuthenticationException("sendIdentities()", x); } final byte[] result = frameOut.encode(); - if (DEBUG && debuglevel > 8) - debug(TRACE, "<== sendIdentities()"); - if (DEBUG && debuglevel > 2) - debug(INFO, "C: " + Util.dumpString(result)); - if (DEBUG && debuglevel > 2) - debug(INFO, " U = " + U); - if (DEBUG && debuglevel > 2) - debug(INFO, " I = " + authorizationID); - if (DEBUG && debuglevel > 2) - debug(INFO, "sid = " + new String(sid)); - if (DEBUG && debuglevel > 2) - debug(INFO, " cn = " + Util.dumpString(cn)); - if (DEBUG && debuglevel > 2) - debug(INFO, "cCB = " + Util.dumpString(channelBinding)); + if (Configuration.DEBUG) + { + log.fine("C: " + Util.dumpString(result)); + log.fine(" U = " + U); + log.fine(" I = " + authorizationID); + log.fine("sid = " + new String(sid)); + log.fine(" cn = " + Util.dumpString(cn)); + log.fine("cCB = " + Util.dumpString(channelBinding)); + log.exiting(this.getClass().getName(), "sendIdentities"); + } return result; } private byte[] sendPublicKey(final byte[] input) throws SaslException { - if (DEBUG && debuglevel > 8) - debug(TRACE, "==> sendPublicKey()"); - if (DEBUG && debuglevel > 6) - debug(TRACE, "S: " + Util.dumpString(input)); - + if (Configuration.DEBUG) + { + log.entering(this.getClass().getName(), "sendPublicKey"); + log.fine("S: " + Util.dumpString(input)); + } // Server sends [00], N, g, s, B, L // or [FF], sn, sCB final InputBuffer frameIn = new InputBuffer(input); @@ -623,60 +463,50 @@ public class SRPClient extends ClientMechanism implements SaslClient try { ack = (int) frameIn.getScalar(1); - if (ack == 0x00) - { // new session + if (ack == 0x00) // new session + { N = frameIn.getMPI(); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got N (modulus): " + Util.dump(N)); + if (Configuration.DEBUG) + log.fine("Got N (modulus): " + Util.dump(N)); g = frameIn.getMPI(); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got g (generator): " + Util.dump(g)); + if (Configuration.DEBUG) + log.fine("Got g (generator): " + Util.dump(g)); s = frameIn.getOS(); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got s (salt): " + Util.dumpString(s)); + if (Configuration.DEBUG) + log.fine("Got s (salt): " + Util.dumpString(s)); B = frameIn.getMPI(); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got B (server ephermeral public key): " - + Util.dump(B)); + if (Configuration.DEBUG) + log.fine("Got B (server ephermeral public key): " + Util.dump(B)); L = frameIn.getText(); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got L (available options): \"" + L + "\""); + if (Configuration.DEBUG) + log.fine("Got L (available options): \"" + L + "\""); } - else if (ack == 0xFF) - { // session re-use + else if (ack == 0xFF) // session re-use + { sn = frameIn.getOS(); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got sn (server nonce): " + Util.dumpString(sn)); + if (Configuration.DEBUG) + log.fine("Got sn (server nonce): " + Util.dumpString(sn)); sCB = frameIn.getEOS(); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got sCB (server channel binding): " - + Util.dumpString(sCB)); - } - else - { // unexpected scalar - throw new SaslException("sendPublicKey(): Invalid scalar (" + ack - + ") in server's request"); + if (Configuration.DEBUG) + log.fine("Got sCB (server channel binding): " + Util.dumpString(sCB)); } + else // unexpected scalar + throw new SaslException("sendPublicKey(): Invalid scalar (" + ack + + ") in server's request"); } catch (IOException x) { if (x instanceof SaslException) - { - throw (SaslException) x; - } + throw (SaslException) x; throw new SaslException("sendPublicKey()", x); } - if (ack == 0x00) { // new session --------------------------------------- o = createO(L.toLowerCase()); // do this first to initialise the SRP hash - final byte[] pBytes; // use ASCII encoding to inter-operate w/ non-java pBytes = password.getBytes(); - // ---------------------------------------------------------------------- final HashMap mapA = new HashMap(); - // mapA.put(SRP6KeyAgreement.HASH_FUNCTION, srp.newDigest()); mapA.put(SRP6KeyAgreement.HASH_FUNCTION, srp.getAlgorithm()); mapA.put(SRP6KeyAgreement.USER_IDENTITY, U); mapA.put(SRP6KeyAgreement.USER_PASSWORD, pBytes); @@ -689,9 +519,6 @@ public class SRPClient extends ClientMechanism implements SaslClient { throw new SaslException("sendPublicKey()", x); } - - // ---------------------------------------------------------------------- - // ------------------------------------------------------------------- try { @@ -702,7 +529,6 @@ public class SRPClient extends ClientMechanism implements SaslClient out.writeMPI(B); IncomingMessage in = new IncomingMessage(out.toByteArray()); out = clientHandler.processMessage(in); - in = new IncomingMessage(out.toByteArray()); A = in.readMPI(); K = clientHandler.getSharedSecret(); @@ -712,13 +538,11 @@ public class SRPClient extends ClientMechanism implements SaslClient throw new SaslException("sendPublicKey()", x); } // ------------------------------------------------------------------- - - if (DEBUG && debuglevel > 6) - debug(TRACE, "K: " + Util.dumpString(K)); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Encoding A (client ephemeral public key): " - + Util.dump(A)); - + if (Configuration.DEBUG) + { + log.fine("K: " + Util.dumpString(K)); + log.fine("Encoding A (client ephemeral public key): " + Util.dump(A)); + } try { M1 = srp.generateM1(N, g, U, s, A, B, K, authorizationID, L, cn, @@ -728,13 +552,11 @@ public class SRPClient extends ClientMechanism implements SaslClient { throw new AuthenticationException("sendPublicKey()", x); } - - if (DEBUG && debuglevel > 6) - debug(TRACE, "Encoding o (client chosen options): \"" + o + "\""); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Encoding cIV (client IV): \"" + Util.dumpString(cIV) - + "\""); - + if (Configuration.DEBUG) + { + log.fine("Encoding o (client chosen options): \"" + o + "\""); + log.fine("Encoding cIV (client IV): \"" + Util.dumpString(cIV) + "\""); + } final OutputBuffer frameOut = new OutputBuffer(); try { @@ -746,74 +568,65 @@ public class SRPClient extends ClientMechanism implements SaslClient catch (IOException x) { if (x instanceof SaslException) - { - throw (SaslException) x; - } + throw (SaslException) x; throw new AuthenticationException("sendPublicKey()", x); } final byte[] result = frameOut.encode(); - if (DEBUG && debuglevel > 8) - debug(TRACE, "<== sendPublicKey()"); - if (DEBUG && debuglevel > 2) - debug(INFO, "New session, or session re-use rejected..."); - if (DEBUG && debuglevel > 2) - debug(INFO, "C: " + Util.dumpString(result)); - if (DEBUG && debuglevel > 2) - debug(INFO, " A = 0x" + A.toString(16)); - if (DEBUG && debuglevel > 2) - debug(INFO, " M1 = " + Util.dumpString(M1)); - if (DEBUG && debuglevel > 2) - debug(INFO, " o = " + o); - if (DEBUG && debuglevel > 2) - debug(INFO, "cIV = " + Util.dumpString(cIV)); - + if (Configuration.DEBUG) + { + log.fine("New session, or session re-use rejected..."); + log.fine("C: " + Util.dumpString(result)); + log.fine(" A = 0x" + A.toString(16)); + log.fine(" M1 = " + Util.dumpString(M1)); + log.fine(" o = " + o); + log.fine("cIV = " + Util.dumpString(cIV)); + log.exiting(this.getClass().getName(), "sendPublicKey"); + } return result; } - else - { // session re-use accepted ------------------------------------- + else // session re-use accepted ------------------------------------------- + { setupSecurityServices(true); - if (DEBUG && debuglevel > 8) - debug(TRACE, "<== sendPublicKey()"); - if (DEBUG && debuglevel > 2) - debug(INFO, "Session re-use accepted..."); + if (Configuration.DEBUG) + { + log.fine("Session re-use accepted..."); + log.exiting(this.getClass().getName(), "sendPublicKey"); + } return null; } } private byte[] receiveEvidence(byte[] input) throws SaslException { - if (DEBUG && debuglevel > 8) - debug(TRACE, "==> receiveEvidence()"); - if (DEBUG && debuglevel > 6) - debug(TRACE, "S: " + Util.dumpString(input)); - + if (Configuration.DEBUG) + { + log.entering(this.getClass().getName(), "receiveEvidence"); + log.fine("S: " + Util.dumpString(input)); + } // Server send M2, sIV, sCB, sid, ttl final InputBuffer frameIn = new InputBuffer(input); try { M2 = frameIn.getOS(); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got M2 (server evidence): " + Util.dumpString(M2)); + if (Configuration.DEBUG) + log.fine("Got M2 (server evidence): " + Util.dumpString(M2)); sIV = frameIn.getOS(); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got sIV (server IV): " + Util.dumpString(sIV)); + if (Configuration.DEBUG) + log.fine("Got sIV (server IV): " + Util.dumpString(sIV)); sid = frameIn.getEOS(); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got sid (session ID): " + new String(sid)); + if (Configuration.DEBUG) + log.fine("Got sid (session ID): " + new String(sid)); ttl = (int) frameIn.getScalar(4); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got ttl (session time-to-live): " + ttl + "sec."); + if (Configuration.DEBUG) + log.fine("Got ttl (session time-to-live): " + ttl + "sec."); sCB = frameIn.getEOS(); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got sCB (server channel binding): " - + Util.dumpString(sCB)); + if (Configuration.DEBUG) + log.fine("Got sCB (server channel binding): " + Util.dumpString(sCB)); } catch (IOException x) { if (x instanceof SaslException) - { - throw (SaslException) x; - } + throw (SaslException) x; throw new AuthenticationException("receiveEvidence()", x); } @@ -827,18 +640,13 @@ public class SRPClient extends ClientMechanism implements SaslClient { throw new AuthenticationException("receiveEvidence()", x); } - - if (DEBUG && debuglevel > 6) - debug(TRACE, "Expected: " + Util.dumpString(expected)); - if (!Arrays.equals(M2, expected)) - { - throw new AuthenticationException("M2 mismatch"); - } - + if (Configuration.DEBUG) + log.fine("Expected: " + Util.dumpString(expected)); + if (! Arrays.equals(M2, expected)) + throw new AuthenticationException("M2 mismatch"); setupSecurityServices(false); - - if (DEBUG && debuglevel > 8) - debug(TRACE, "<== receiveEvidence()"); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "receiveEvidence"); return null; } @@ -846,19 +654,15 @@ public class SRPClient extends ClientMechanism implements SaslClient { try { - if ((!properties.containsKey(Registry.SASL_USERNAME)) - && (!properties.containsKey(Registry.SASL_PASSWORD))) + if ((! properties.containsKey(Registry.SASL_USERNAME)) + && (! properties.containsKey(Registry.SASL_PASSWORD))) { final NameCallback nameCB; final String defaultName = System.getProperty("user.name"); if (defaultName == null) - { - nameCB = new NameCallback("username: "); - } + nameCB = new NameCallback("username: "); else - { - nameCB = new NameCallback("username: ", defaultName); - } + nameCB = new NameCallback("username: ", defaultName); final PasswordCallback pwdCB = new PasswordCallback("password: ", false); handler.handle(new Callback[] { nameCB, pwdCB }); @@ -868,21 +672,15 @@ public class SRPClient extends ClientMechanism implements SaslClient else { if (properties.containsKey(Registry.SASL_USERNAME)) - { - this.U = (String) properties.get(Registry.SASL_USERNAME); - } + this.U = (String) properties.get(Registry.SASL_USERNAME); else { final NameCallback nameCB; final String defaultName = System.getProperty("user.name"); if (defaultName == null) - { - nameCB = new NameCallback("username: "); - } + nameCB = new NameCallback("username: "); else - { - nameCB = new NameCallback("username: ", defaultName); - } + nameCB = new NameCallback("username: ", defaultName); this.handler.handle(new Callback[] { nameCB }); this.U = nameCB.getName(); } @@ -897,14 +695,12 @@ public class SRPClient extends ClientMechanism implements SaslClient else if (pw instanceof String) password = new Password(((String) pw).toCharArray()); else - throw new IllegalArgumentException( - pw.getClass().getName() - + "is not a valid password class"); + throw new IllegalArgumentException(pw.getClass().getName() + + "is not a valid password class"); } else { - final PasswordCallback pwdCB = new PasswordCallback( - "password: ", + final PasswordCallback pwdCB = new PasswordCallback("password: ", false); this.handler.handle(new Callback[] { pwdCB }); password = new Password(pwdCB.getPassword()); @@ -912,13 +708,9 @@ public class SRPClient extends ClientMechanism implements SaslClient } if (U == null) - { - throw new AuthenticationException("null username supplied"); - } + throw new AuthenticationException("null username supplied"); if (password == null) - { - throw new AuthenticationException("null password supplied"); - } + throw new AuthenticationException("null password supplied"); } catch (UnsupportedCallbackException x) { @@ -935,9 +727,8 @@ public class SRPClient extends ClientMechanism implements SaslClient // to us by the client. private String createO(final String aol) throws AuthenticationException { - if (DEBUG && debuglevel > 8) - debug(TRACE, "==> createO(\"" + aol + "\")"); - + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "createO", aol); boolean replaydetectionAvailable = false; boolean integrityAvailable = false; boolean confidentialityAvailable = false; @@ -945,7 +736,6 @@ public class SRPClient extends ClientMechanism implements SaslClient int i; String mdName = SRPRegistry.SRP_DEFAULT_DIGEST_NAME; - final StringTokenizer st = new StringTokenizer(aol, ","); while (st.hasMoreTokens()) { @@ -953,55 +743,45 @@ public class SRPClient extends ClientMechanism implements SaslClient if (option.startsWith(SRPRegistry.OPTION_SRP_DIGEST + "=")) { option = option.substring(option.indexOf('=') + 1); - if (DEBUG && debuglevel > 6) - debug(TRACE, "mda: <" + option + ">"); + if (Configuration.DEBUG) + log.fine("mda: <" + option + ">"); for (i = 0; i < SRPRegistry.INTEGRITY_ALGORITHMS.length; i++) - { - if (SRPRegistry.SRP_ALGORITHMS[i].equals(option)) - { - mdName = option; - break; - } - } + if (SRPRegistry.SRP_ALGORITHMS[i].equals(option)) + { + mdName = option; + break; + } } else if (option.equals(SRPRegistry.OPTION_REPLAY_DETECTION)) - { - replaydetectionAvailable = true; - } + replaydetectionAvailable = true; else if (option.startsWith(SRPRegistry.OPTION_INTEGRITY + "=")) { option = option.substring(option.indexOf('=') + 1); - if (DEBUG && debuglevel > 6) - debug(TRACE, "ialg: <" + option + ">"); + if (Configuration.DEBUG) + log.fine("ialg: <" + option + ">"); for (i = 0; i < SRPRegistry.INTEGRITY_ALGORITHMS.length; i++) - { - if (SRPRegistry.INTEGRITY_ALGORITHMS[i].equals(option)) - { - chosenIntegrityAlgorithm = option; - integrityAvailable = true; - break; - } - } + if (SRPRegistry.INTEGRITY_ALGORITHMS[i].equals(option)) + { + chosenIntegrityAlgorithm = option; + integrityAvailable = true; + break; + } } else if (option.startsWith(SRPRegistry.OPTION_CONFIDENTIALITY + "=")) { option = option.substring(option.indexOf('=') + 1); - if (DEBUG && debuglevel > 6) - debug(TRACE, "calg: <" + option + ">"); + if (Configuration.DEBUG) + log.fine("calg: <" + option + ">"); for (i = 0; i < SRPRegistry.CONFIDENTIALITY_ALGORITHMS.length; i++) - { - if (SRPRegistry.CONFIDENTIALITY_ALGORITHMS[i].equals(option)) - { - chosenConfidentialityAlgorithm = option; - confidentialityAvailable = true; - break; - } - } + if (SRPRegistry.CONFIDENTIALITY_ALGORITHMS[i].equals(option)) + { + chosenConfidentialityAlgorithm = option; + confidentialityAvailable = true; + break; + } } else if (option.startsWith(SRPRegistry.OPTION_MANDATORY + "=")) - { - mandatory = option.substring(option.indexOf('=') + 1); - } + mandatory = option.substring(option.indexOf('=') + 1); else if (option.startsWith(SRPRegistry.OPTION_MAX_BUFFER_SIZE + "=")) { final String maxBufferSize = option.substring(option.indexOf('=') + 1); @@ -1010,32 +790,27 @@ public class SRPClient extends ClientMechanism implements SaslClient rawSendSize = Integer.parseInt(maxBufferSize); if (rawSendSize > Registry.SASL_BUFFER_MAX_LIMIT || rawSendSize < 1) - { - throw new AuthenticationException( - "Illegal value for 'maxbuffersize' option"); - } + throw new AuthenticationException( + "Illegal value for 'maxbuffersize' option"); } catch (NumberFormatException x) { throw new AuthenticationException( - SRPRegistry.OPTION_MAX_BUFFER_SIZE - + "=" - + String.valueOf(maxBufferSize), - x); + SRPRegistry.OPTION_MAX_BUFFER_SIZE + "=" + maxBufferSize, x); } } } - - replayDetection = replaydetectionAvailable - && Boolean.valueOf( - (String) properties.get(SRPRegistry.SRP_REPLAY_DETECTION)).booleanValue(); - boolean integrity = integrityAvailable - && Boolean.valueOf( - (String) properties.get(SRPRegistry.SRP_INTEGRITY_PROTECTION)).booleanValue(); - boolean confidentiality = confidentialityAvailable - && Boolean.valueOf( - (String) properties.get(SRPRegistry.SRP_CONFIDENTIALITY)).booleanValue(); - + String s; + Boolean flag; + s = (String) properties.get(SRPRegistry.SRP_REPLAY_DETECTION); + flag = Boolean.valueOf(s); + replayDetection = replaydetectionAvailable && flag.booleanValue(); + s = (String) properties.get(SRPRegistry.SRP_INTEGRITY_PROTECTION); + flag = Boolean.valueOf(s); + boolean integrity = integrityAvailable && flag.booleanValue(); + s = (String) properties.get(SRPRegistry.SRP_CONFIDENTIALITY); + flag = Boolean.valueOf(s); + boolean confidentiality = confidentialityAvailable && flag.booleanValue(); // make sure we do the right thing if (SRPRegistry.OPTION_REPLAY_DETECTION.equals(mandatory)) { @@ -1043,95 +818,68 @@ public class SRPClient extends ClientMechanism implements SaslClient integrity = true; } else if (SRPRegistry.OPTION_INTEGRITY.equals(mandatory)) - { - integrity = true; - } + integrity = true; else if (SRPRegistry.OPTION_CONFIDENTIALITY.equals(mandatory)) - { - confidentiality = true; - } + confidentiality = true; + if (replayDetection) { if (chosenIntegrityAlgorithm == null) - { - throw new AuthenticationException( - "Replay detection is required but no " - + "integrity protection algorithm was chosen"); - } + throw new AuthenticationException( + "Replay detection is required but no integrity protection " + + "algorithm was chosen"); } if (integrity) { if (chosenIntegrityAlgorithm == null) - { - throw new AuthenticationException( - "Integrity protection is required but no " - + "algorithm was chosen"); - } + throw new AuthenticationException( + "Integrity protection is required but no algorithm was chosen"); } if (confidentiality) { if (chosenConfidentialityAlgorithm == null) - { - throw new AuthenticationException( - "Confidentiality protection is required " - + "but no algorithm was chosen"); - } + throw new AuthenticationException( + "Confidentiality protection is required but no algorithm was chosen"); } - // 1. check if we'll be using confidentiality; if not set IV to 0-byte if (chosenConfidentialityAlgorithm == null) - { - cIV = new byte[0]; - } + cIV = new byte[0]; else { // 2. get the block size of the cipher final IBlockCipher cipher = CipherFactory.getInstance(chosenConfidentialityAlgorithm); if (cipher == null) - { - throw new AuthenticationException("createO()", - new NoSuchAlgorithmException()); - } + throw new AuthenticationException("createO()", + new NoSuchAlgorithmException()); final int blockSize = cipher.defaultBlockSize(); // 3. generate random iv cIV = new byte[blockSize]; getDefaultPRNG().nextBytes(cIV); } - srp = SRP.instance(mdName); - // Now create the options list specifying which of the available options // we have chosen. // For now we just select the defaults. Later we need to add support for // properties (perhaps in a file) where a user can specify the list of // algorithms they would prefer to use. - final StringBuffer sb = new StringBuffer(); - sb.append(SRPRegistry.OPTION_SRP_DIGEST).append("=").append(mdName).append( - ","); + sb.append(SRPRegistry.OPTION_SRP_DIGEST) + .append("=").append(mdName).append(","); if (replayDetection) - { - sb.append(SRPRegistry.OPTION_REPLAY_DETECTION).append(","); - } + sb.append(SRPRegistry.OPTION_REPLAY_DETECTION).append(","); if (integrity) - { - sb.append(SRPRegistry.OPTION_INTEGRITY).append("=").append( - chosenIntegrityAlgorithm).append( - ","); - } + sb.append(SRPRegistry.OPTION_INTEGRITY) + .append("=").append(chosenIntegrityAlgorithm).append(","); if (confidentiality) - { - sb.append(SRPRegistry.OPTION_CONFIDENTIALITY).append("=").append( - chosenConfidentialityAlgorithm).append( - ","); - } - final String result = sb.append(SRPRegistry.OPTION_MAX_BUFFER_SIZE).append( - "=").append( - Registry.SASL_BUFFER_MAX_LIMIT).toString(); - - if (DEBUG && debuglevel > 8) - debug(TRACE, "<== createO() --> " + result); + sb.append(SRPRegistry.OPTION_CONFIDENTIALITY) + .append("=").append(chosenConfidentialityAlgorithm).append(","); + + final String result = sb.append(SRPRegistry.OPTION_MAX_BUFFER_SIZE) + .append("=").append(Registry.SASL_BUFFER_MAX_LIMIT) + .toString(); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "createO", result); return result; } @@ -1139,33 +887,30 @@ public class SRPClient extends ClientMechanism implements SaslClient throws SaslException { complete = true; // signal end of authentication phase - if (!sessionReUse) + if (! sessionReUse) { outCounter = inCounter = 0; // instantiate cipher if confidentiality protection filter is active if (chosenConfidentialityAlgorithm != null) { - if (DEBUG && debuglevel > 2) - debug(INFO, "Activating confidentiality protection filter"); + if (Configuration.DEBUG) + log.fine("Activating confidentiality protection filter"); inCipher = CALG.getInstance(chosenConfidentialityAlgorithm); outCipher = CALG.getInstance(chosenConfidentialityAlgorithm); } // instantiate hmacs if integrity protection filter is active if (chosenIntegrityAlgorithm != null) { - if (DEBUG && debuglevel > 2) - debug(INFO, "Activating integrity protection filter"); + if (Configuration.DEBUG) + log.fine("Activating integrity protection filter"); inMac = IALG.getInstance(chosenIntegrityAlgorithm); outMac = IALG.getInstance(chosenIntegrityAlgorithm); } } - else - { // same session new Keys - K = srp.generateKn(K, cn, sn); - } + else // same session new Keys + K = srp.generateKn(K, cn, sn); final KDF kdf = KDF.getInstance(K); - // initialise in/out ciphers if confidentiality protection is used if (inCipher != null) { @@ -1178,16 +923,13 @@ public class SRPClient extends ClientMechanism implements SaslClient inMac.init(kdf); outMac.init(kdf); } - if (sid != null && sid.length != 0) { // update the security context and save in map - if (DEBUG && debuglevel > 2) - debug(INFO, "Updating security context for UID = " + uid); - ClientStore.instance().cacheSession( - uid, + if (Configuration.DEBUG) + log.fine("Updating security context for UID = " + uid); + ClientStore.instance().cacheSession(uid, ttl, - new SecurityContext( - srp.getAlgorithm(), + new SecurityContext(srp.getAlgorithm(), sid, K, cIV, @@ -1205,7 +947,6 @@ public class SRPClient extends ClientMechanism implements SaslClient { if (prng == null) prng = PRNG.getInstance(); - return prng; } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/sasl/srp/SRPRegistry.java b/libjava/classpath/gnu/javax/crypto/sasl/srp/SRPRegistry.java index 262cbcba305..d474cb6f8c2 100644 --- a/libjava/classpath/gnu/javax/crypto/sasl/srp/SRPRegistry.java +++ b/libjava/classpath/gnu/javax/crypto/sasl/srp/SRPRegistry.java @@ -41,35 +41,29 @@ package gnu.javax.crypto.sasl.srp; import gnu.java.security.Registry; /** - * <p>A list of key names designating the values exchanged between the server - * and client in an SRP communication authentication phase.</p> + * A list of key names designating the values exchanged between the server + * and client in an SRP communication authentication phase. */ public interface SRPRegistry { - /** Indices of (N, g) parameter values for SRP (.conf) password database. */ String N_2048_BITS = "1"; - String N_1536_BITS = "2"; - String N_1280_BITS = "3"; - String N_1024_BITS = "4"; - String N_768_BITS = "5"; - String N_640_BITS = "6"; - String N_512_BITS = "7"; - /** Available hash algorithms for all SRP calculations. */ - String[] SRP_ALGORITHMS = { Registry.SHA160_HASH, // the default one - Registry.MD5_HASH, Registry.RIPEMD128_HASH, - Registry.RIPEMD160_HASH, - - Registry.SHA256_HASH, Registry.SHA384_HASH, - Registry.SHA512_HASH }; - + String[] SRP_ALGORITHMS = { + Registry.SHA160_HASH, // the default one + Registry.MD5_HASH, + Registry.RIPEMD128_HASH, + Registry.RIPEMD160_HASH, + + Registry.SHA256_HASH, + Registry.SHA384_HASH, + Registry.SHA512_HASH }; /** * The name of the default message digest algorithm to use when no name is * explicitely given. In this implementation it is the <b>first</b> among @@ -77,143 +71,95 @@ public interface SRPRegistry * 160-bit output. */ String SRP_DEFAULT_DIGEST_NAME = SRP_ALGORITHMS[0]; - /** * The property name of the message digest algorithm name to use in a given * SRP incarnation. */ String SRP_DIGEST_NAME = "srp.digest.name"; - /** The public shared modulus: n. */ String SHARED_MODULUS = "srp.N"; - /** The GF generator used: g. */ String FIELD_GENERATOR = "srp.g"; - /** The list of server's available security options. */ String AVAILABLE_OPTIONS = "srp.L"; - /** The client's chosen security options. */ String CHOSEN_OPTIONS = "srp.o"; - /** The client's username. */ String USER_NAME = "srp.U"; - /** The client's authorization ID. */ String USER_ROLE = "srp.I"; - /** The user's salt. */ String USER_SALT = "srp.s"; - /** The user's password verifier. */ String PASSWORD_VERIFIER = "srp.v"; - /** The client's public ephemeral exponent: A. */ String CLIENT_PUBLIC_KEY = "srp.A"; - /** The server's public ephemeral exponent: B. */ String SERVER_PUBLIC_KEY = "srp.B"; - /** The client's evidence: M1. */ String CLIENT_EVIDENCE = "srp.M1"; - /** The server's evidence: M2. */ String SERVER_EVIDENCE = "srp.M2"; - /** Name of underlying hash algorithm for use with all SRP calculations. */ String SRP_HASH = "gnu.crypto.sasl.srp.hash"; - /** Name of SRP mandatory service property. */ String SRP_MANDATORY = "gnu.crypto.sasl.srp.mandatory"; - /** Name of SRP replay detection property. */ String SRP_REPLAY_DETECTION = "gnu.crypto.sasl.srp.replay.detection"; - /** Name of SRP integrity protection property. */ String SRP_INTEGRITY_PROTECTION = "gnu.crypto.sasl.srp.integrity"; - /** Name of SRP confidentiality protection property. */ String SRP_CONFIDENTIALITY = "gnu.crypto.sasl.srp.confidentiality"; - /** Name of the main SRP password file pathname property. */ String PASSWORD_FILE = "gnu.crypto.sasl.srp.password.file"; - /** * Name of the SRP password database property --a reference to - * {@link gnu.crypto.sasl.srp.PasswordFile} object. + * {@link PasswordFile} object. */ String PASSWORD_DB = "gnu.crypto.sasl.srp.password.db"; - /** Default fully qualified pathname of the SRP password file. */ String DEFAULT_PASSWORD_FILE = "/etc/tpasswd"; - /** Default value for replay detection security service. */ boolean DEFAULT_REPLAY_DETECTION = true; - /** Default value for integrity protection security service. */ boolean DEFAULT_INTEGRITY = true; // implied by the previous option - /** Default value for confidentiality protection security service. */ boolean DEFAULT_CONFIDENTIALITY = false; - // constants defining HMAC names String HMAC_SHA1 = "hmac-sha1"; - String HMAC_MD5 = "hmac-md5"; - String HMAC_RIPEMD_160 = "hmac-ripemd-160"; - /** Available HMAC algorithms for integrity protection. */ String[] INTEGRITY_ALGORITHMS = { HMAC_SHA1, HMAC_MD5, HMAC_RIPEMD_160 }; - // constants defining Cipher names String AES = "aes"; - String BLOWFISH = "blowfish"; - /** Available Cipher algorithms for confidentiality protection. */ String[] CONFIDENTIALITY_ALGORITHMS = { AES, BLOWFISH }; - /** String for mandatory replay detection. */ String OPTION_MANDATORY = "mandatory"; - /** String for mda: the SRP digest algorithm name. */ String OPTION_SRP_DIGEST = "mda"; - /** String for mandatory replay detection. */ String OPTION_REPLAY_DETECTION = "replay_detection"; - /** String for mandatory integrity protection. */ String OPTION_INTEGRITY = "integrity"; - /** String for mandatory confidentiality protection. */ String OPTION_CONFIDENTIALITY = "confidentiality"; - /** String for mandatory replay detection. */ String OPTION_MAX_BUFFER_SIZE = "maxbuffersize"; - /** String for no mandatory security service. */ String MANDATORY_NONE = "none"; - /** Default mandatory security service required. */ - // String DEFAULT_MANDATORY = MANDATORY_NONE; String DEFAULT_MANDATORY = OPTION_REPLAY_DETECTION; - - // String DEFAULT_MANDATORY = OPTION_INTEGRITY; - // String DEFAULT_MANDATORY = OPTION_CONFIDENTIALITY; - /** Name of the UID field in the plain password file. */ String MD_NAME_FIELD = "srp.md.name"; - /** Name of the GID field in the plain password file. */ String USER_VERIFIER_FIELD = "srp.user.verifier"; - /** Name of the GECOS field in the plain password file. */ String SALT_FIELD = "srp.salt"; - /** Name of the SHELL field in the plain password file. */ String CONFIG_NDX_FIELD = "srp.config.ndx"; - /** Minimum bitlength of the SRP public modulus. */ int MINIMUM_MODULUS_BITLENGTH = 512; -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/sasl/srp/SRPServer.java b/libjava/classpath/gnu/javax/crypto/sasl/srp/SRPServer.java index 672660b261c..ff7e4e9d689 100644 --- a/libjava/classpath/gnu/javax/crypto/sasl/srp/SRPServer.java +++ b/libjava/classpath/gnu/javax/crypto/sasl/srp/SRPServer.java @@ -38,18 +38,18 @@ exception statement from your version. */ package gnu.javax.crypto.sasl.srp; +import gnu.java.security.Configuration; import gnu.java.security.Registry; import gnu.java.security.util.PRNG; import gnu.java.security.util.Util; - import gnu.javax.crypto.assembly.Direction; import gnu.javax.crypto.cipher.CipherFactory; import gnu.javax.crypto.cipher.IBlockCipher; import gnu.javax.crypto.key.IKeyAgreementParty; -import gnu.javax.crypto.key.KeyAgreementFactory; +import gnu.javax.crypto.key.IncomingMessage; import gnu.javax.crypto.key.KeyAgreementException; +import gnu.javax.crypto.key.KeyAgreementFactory; import gnu.javax.crypto.key.OutgoingMessage; -import gnu.javax.crypto.key.IncomingMessage; import gnu.javax.crypto.key.srp6.SRP6KeyAgreement; import gnu.javax.crypto.sasl.IllegalMechanismStateException; import gnu.javax.crypto.sasl.InputBuffer; @@ -57,114 +57,58 @@ import gnu.javax.crypto.sasl.IntegrityException; import gnu.javax.crypto.sasl.OutputBuffer; import gnu.javax.crypto.sasl.ServerMechanism; -import java.io.IOException; -import java.io.PrintWriter; import java.io.ByteArrayOutputStream; +import java.io.IOException; import java.io.UnsupportedEncodingException; import java.math.BigInteger; import java.util.Arrays; import java.util.HashMap; import java.util.StringTokenizer; +import java.util.logging.Logger; import javax.security.sasl.AuthenticationException; import javax.security.sasl.SaslException; import javax.security.sasl.SaslServer; /** - * <p>The SASL-SRP server-side mechanism.</p> + * The SASL-SRP server-side mechanism. */ -public class SRPServer extends ServerMechanism implements SaslServer +public class SRPServer + extends ServerMechanism + implements SaslServer { - - // Debugging methods and variables - // ------------------------------------------------------------------------- - - private static final String NAME = "SRPServer"; - - // private static final String ERROR = "ERROR"; - private static final String WARN = " WARN"; - - private static final String INFO = " INFO"; - - private static final String TRACE = "DEBUG"; - - private static final boolean DEBUG = true; - - private static final int debuglevel = 3; - - private static final PrintWriter err = new PrintWriter(System.out, true); - - private static void debug(final String level, final Object obj) - { - err.println("[" + level + "] " + NAME + ": " + String.valueOf(obj)); - } - - // Constants and variables - // ------------------------------------------------------------------------- - + private static final Logger log = Logger.getLogger(SRPServer.class.getName()); private String U = null; // client's username - private BigInteger N, g, A, B; - private byte[] s; // salt - private byte[] cIV, sIV; // client+server IVs, when confidentiality is on - private byte[] cn, sn; // client's and server's nonce - private SRP srp; // SRP algorithm instance used by this server - private byte[] sid; // session ID when re-used - private int ttl = 360; // session time-to-live in seconds - private byte[] cCB; // peer's channel binding' - private String mandatory; // List of available options - private String L = null; - private String o; - private String chosenIntegrityAlgorithm; - private String chosenConfidentialityAlgorithm; - private int rawSendSize = Registry.SASL_BUFFER_MAX_LIMIT; - private byte[] K; // shared session key - private boolean replayDetection = true; // whether Replay Detection is on - private int inCounter = 0; // messages sequence numbers - private int outCounter = 0; - private IALG inMac, outMac; // if !null, use for integrity - private CALG inCipher, outCipher; // if !null, use for confidentiality - - private IKeyAgreementParty serverHandler = KeyAgreementFactory.getPartyBInstance(Registry.SRP_SASL_KA); - + private IKeyAgreementParty serverHandler = + KeyAgreementFactory.getPartyBInstance(Registry.SRP_SASL_KA); /** Our default source of randomness. */ private PRNG prng = null; - // Constructor(s) - // ------------------------------------------------------------------------- - public SRPServer() { super(Registry.SASL_SRP_MECHANISM); } - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - - // abstract methods implementation ----------------------------------------- - protected void initMechanism() throws SaslException { // TODO: @@ -183,25 +127,20 @@ public class SRPServer extends ServerMechanism implements SaslServer K = null; inMac = outMac = null; inCipher = outCipher = null; - sid = null; } - // javax.security.sasl.SaslServer interface implementation ----------------- - public byte[] evaluateResponse(final byte[] response) throws SaslException { switch (state) { case 0: if (response == null) - { - return null; - } + return null; state++; return sendProtocolElements(response); case 1: - if (!complete) + if (! complete) { state++; return sendEvidence(response); @@ -215,65 +154,15 @@ public class SRPServer extends ServerMechanism implements SaslServer protected byte[] engineUnwrap(final byte[] incoming, final int offset, final int len) throws SaslException { - // if (DEBUG && debuglevel > 8) debug(TRACE, "==> engineUnwrap()"); - // - // if (inMac == null && inCipher == null) { - // throw new IllegalStateException("connection is not protected"); - // } - // - // if (DEBUG && debuglevel > 6) debug(TRACE, "Incoming buffer (before security): "+Util.dumpString(incoming, offset, len)); - // - // byte[] data = null; - // try { - // InputBuffer frameIn = InputBuffer.getInstance(incoming, offset, len); - // data = frameIn.getEOS(); - // if (inMac != null) { - // byte[] received_mac = frameIn.getOS(); - // if (DEBUG && debuglevel > 6) debug(TRACE, "Got C (received MAC): "+Util.dumpString(received_mac)); - // inMac.update(data); - // if (replayDetection) { - // inCounter++; - // if (DEBUG && debuglevel > 6) debug(TRACE, "inCounter="+String.valueOf(inCounter)); - // inMac.update(new byte[] { - // (byte)(inCounter >>> 24), - // (byte)(inCounter >>> 16), - // (byte)(inCounter >>> 8), - // (byte) inCounter }); - // } - // final byte[] computed_mac = inMac.doFinal(); - // if (DEBUG && debuglevel > 6) debug(TRACE, "Computed MAC: "+Util.dumpString(computed_mac)); - // if (!Arrays.equals(received_mac, computed_mac)) - // throw new IntegrityException("engineUnwrap()"); - // } - // if (inCipher != null) { - // data = inCipher.doFinal(data); - // } - // } catch (IOException x) { - // if (x instanceof SaslException) { - // throw (SaslException) x; - // } - // throw new SaslException("engineUnwrap()", x); - // } - // - // if (DEBUG && debuglevel > 6) debug(TRACE, "Incoming buffer (after security): "+Util.dumpString(data)); - // if (DEBUG && debuglevel > 8) debug(TRACE, "<== engineUnwrap()"); - // return data; - - if (DEBUG && debuglevel > 8) - debug(TRACE, "==> engineUnwrap()"); - + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "engineUnwrap"); if (inMac == null && inCipher == null) - { - throw new IllegalStateException("connection is not protected"); - } - - if (DEBUG && debuglevel > 6) - debug(TRACE, "Incoming buffer (before security): " - + Util.dumpString(incoming, offset, len)); - + throw new IllegalStateException("connection is not protected"); + if (Configuration.DEBUG) + log.fine("Incoming buffer (before security): " + + Util.dumpString(incoming, offset, len)); // at this point one, or both, of confidentiality and integrity protection // services are active. - final byte[] result; try { @@ -284,137 +173,67 @@ public class SRPServer extends ServerMechanism implements SaslServer final byte[] received_mac = new byte[macBytesCount]; System.arraycopy(incoming, offset + payloadLength, received_mac, 0, macBytesCount); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got C (received MAC): " - + Util.dumpString(received_mac)); + if (Configuration.DEBUG) + log.fine("Got C (received MAC): " + Util.dumpString(received_mac)); inMac.update(incoming, offset, payloadLength); if (replayDetection) { inCounter++; - if (DEBUG && debuglevel > 6) - debug(TRACE, "inCounter=" + String.valueOf(inCounter)); - inMac.update(new byte[] { (byte) (inCounter >>> 24), - (byte) (inCounter >>> 16), - (byte) (inCounter >>> 8), - (byte) inCounter }); + if (Configuration.DEBUG) + log.fine("inCounter=" + String.valueOf(inCounter)); + inMac.update(new byte[] { + (byte)(inCounter >>> 24), + (byte)(inCounter >>> 16), + (byte)(inCounter >>> 8), + (byte) inCounter }); } - final byte[] computed_mac = inMac.doFinal(); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Computed MAC: " + Util.dumpString(computed_mac)); - if (!Arrays.equals(received_mac, computed_mac)) - { - throw new IntegrityException("engineUnwrap()"); - } - + if (Configuration.DEBUG) + log.fine("Computed MAC: " + Util.dumpString(computed_mac)); + if (! Arrays.equals(received_mac, computed_mac)) + throw new IntegrityException("engineUnwrap()"); // deal with the payload, which can be either plain or encrypted if (inCipher != null) - { - result = inCipher.doFinal(incoming, offset, payloadLength); - } + result = inCipher.doFinal(incoming, offset, payloadLength); else { result = new byte[payloadLength]; System.arraycopy(incoming, offset, result, 0, result.length); } } - else - { // no integrity protection; just confidentiality - // if (inCipher != null) { - result = inCipher.doFinal(incoming, offset, len); - // } else { - // result = new byte[len]; - // System.arraycopy(incoming, offset, result, 0, len); - // } - } + else // no integrity protection; just confidentiality + result = inCipher.doFinal(incoming, offset, len); } catch (IOException x) { if (x instanceof SaslException) - { - throw (SaslException) x; - } + throw (SaslException) x; throw new SaslException("engineUnwrap()", x); } - if (DEBUG && debuglevel > 6) - debug(TRACE, "Incoming buffer (after security): " - + Util.dumpString(result)); - if (DEBUG && debuglevel > 8) - debug(TRACE, "<== engineUnwrap()"); + if (Configuration.DEBUG) + { + log.fine("Incoming buffer (after security): " + Util.dumpString(result)); + log.exiting(this.getClass().getName(), "engineUnwrap"); + } return result; } protected byte[] engineWrap(final byte[] outgoing, final int offset, final int len) throws SaslException { - // if (DEBUG && debuglevel > 8) debug(TRACE, "==> engineWrap()"); - // - // if (outMac == null && outCipher == null) { - // throw new IllegalStateException("connection is not protected"); - // } - // - // byte[] data = new byte[len]; - // System.arraycopy(outgoing, offset, data, 0, len); - // - // if (DEBUG && debuglevel > 6) debug(TRACE, "Outgoing buffer (before security) (hex): "+Util.dumpString(data)); - // if (DEBUG && debuglevel > 6) debug(TRACE, "Outgoing buffer (before security) (str): \""+new String(data)+"\""); - // - // final byte[] result; - // try { - // OutputBuffer frameOut = new OutputBuffer(); - // // Process the data - // if (outCipher != null) { - // data = outCipher.doFinal(data); - // if (DEBUG && debuglevel > 6) debug(TRACE, "Encoding c (encrypted plaintext): "+Util.dumpString(data)); - // } else { - // if (DEBUG && debuglevel > 6) debug(TRACE, "Encoding p (plaintext): "+Util.dumpString(data)); - // } - // frameOut.setEOS(data); - // if (outMac != null) { - // outMac.update(data); - // if (replayDetection) { - // outCounter++; - // if (DEBUG && debuglevel > 6) debug(TRACE, "outCounter="+String.valueOf(outCounter)); - // outMac.update(new byte[] { - // (byte)(outCounter >>> 24), - // (byte)(outCounter >>> 16), - // (byte)(outCounter >>> 8), - // (byte) outCounter}); - // } - // byte[] C = outMac.doFinal(); - // frameOut.setOS(C); - // if (DEBUG && debuglevel > 6) debug(TRACE, "Encoding C (integrity checksum): "+Util.dumpString(C)); - // } - // result = frameOut.wrap(); - // - // } catch (IOException x) { - // if (x instanceof SaslException) { - // throw (SaslException) x; - // } - // throw new SaslException("engineWrap()", x); - // } - // - // if (DEBUG && debuglevel > 8) debug(TRACE, "<== engineWrap()"); - // return result; - - if (DEBUG && debuglevel > 8) - debug(TRACE, "==> engineWrap()"); - + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "engineWrap"); if (outMac == null && outCipher == null) + throw new IllegalStateException("connection is not protected"); + if (Configuration.DEBUG) { - throw new IllegalStateException("connection is not protected"); + log.fine("Outgoing buffer (before security) (hex): " + + Util.dumpString(outgoing, offset, len)); + log.fine("Outgoing buffer (before security) (str): \"" + + new String(outgoing, offset, len) + "\""); } - - if (DEBUG && debuglevel > 6) - debug(TRACE, "Outgoing buffer (before security) (hex): " - + Util.dumpString(outgoing, offset, len)); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Outgoing buffer (before security) (str): \"" - + new String(outgoing, offset, len) + "\""); - // at this point one, or both, of confidentiality and integrity protection // services are active. - byte[] result; try { @@ -422,74 +241,64 @@ public class SRPServer extends ServerMechanism implements SaslServer if (outCipher != null) { result = outCipher.doFinal(outgoing, offset, len); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Encoding c (encrypted plaintext): " - + Util.dumpString(result)); - + if (Configuration.DEBUG) + log.fine("Encoding c (encrypted plaintext): " + + Util.dumpString(result)); out.write(result); - if (outMac != null) { outMac.update(result); if (replayDetection) { outCounter++; - if (DEBUG && debuglevel > 6) - debug(TRACE, "outCounter=" + String.valueOf(outCounter)); - outMac.update(new byte[] { (byte) (outCounter >>> 24), - (byte) (outCounter >>> 16), - (byte) (outCounter >>> 8), - (byte) outCounter }); + if (Configuration.DEBUG) + log.fine("outCounter=" + outCounter); + outMac.update(new byte[] { + (byte)(outCounter >>> 24), + (byte)(outCounter >>> 16), + (byte)(outCounter >>> 8), + (byte) outCounter }); } final byte[] C = outMac.doFinal(); out.write(C); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Encoding C (integrity checksum): " - + Util.dumpString(C)); - } // else ciphertext only; do nothing + if (Configuration.DEBUG) + log.fine("Encoding C (integrity checksum): " + Util.dumpString(C)); + } + // else ciphertext only; do nothing } - else - { // no confidentiality; just integrity [+ replay detection] - if (DEBUG && debuglevel > 6) - debug(TRACE, "Encoding p (plaintext): " - + Util.dumpString(outgoing, offset, len)); - + else // no confidentiality; just integrity [+ replay detection] + { + if (Configuration.DEBUG) + log.fine("Encoding p (plaintext): " + + Util.dumpString(outgoing, offset, len)); out.write(outgoing, offset, len); - - // if (outMac != null) { outMac.update(outgoing, offset, len); if (replayDetection) { outCounter++; - if (DEBUG && debuglevel > 6) - debug(TRACE, "outCounter=" + String.valueOf(outCounter)); - outMac.update(new byte[] { (byte) (outCounter >>> 24), - (byte) (outCounter >>> 16), - (byte) (outCounter >>> 8), - (byte) outCounter }); + if (Configuration.DEBUG) + log.fine("outCounter=" + outCounter); + outMac.update(new byte[] { + (byte)(outCounter >>> 24), + (byte)(outCounter >>> 16), + (byte)(outCounter >>> 8), + (byte) outCounter }); } final byte[] C = outMac.doFinal(); out.write(C); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Encoding C (integrity checksum): " - + Util.dumpString(C)); - // } // else plaintext only; do nothing + if (Configuration.DEBUG) + log.fine("Encoding C (integrity checksum): " + Util.dumpString(C)); } - result = out.toByteArray(); - } catch (IOException x) { if (x instanceof SaslException) - { - throw (SaslException) x; - } + throw (SaslException) x; throw new SaslException("engineWrap()", x); } - - if (DEBUG && debuglevel > 8) - debug(TRACE, "<== engineWrap()"); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "engineWrap"); return result; } @@ -498,13 +307,8 @@ public class SRPServer extends ServerMechanism implements SaslServer if (inMac != null) { if (inCipher != null) - { - return Registry.QOP_AUTH_CONF; - } - else - { - return Registry.QOP_AUTH_INT; - } + return Registry.QOP_AUTH_CONF; + return Registry.QOP_AUTH_INT; } return Registry.QOP_AUTH; } @@ -514,13 +318,8 @@ public class SRPServer extends ServerMechanism implements SaslServer if (inMac != null) { if (inCipher != null) - { - return Registry.STRENGTH_HIGH; - } - else - { - return Registry.STRENGTH_MEDIUM; - } + return Registry.STRENGTH_HIGH; + return Registry.STRENGTH_MEDIUM; } return Registry.STRENGTH_LOW; } @@ -535,45 +334,39 @@ public class SRPServer extends ServerMechanism implements SaslServer return Registry.REUSE_TRUE; } - // other methods ----------------------------------------------------------- - private byte[] sendProtocolElements(final byte[] input) throws SaslException { - if (DEBUG && debuglevel > 8) - debug(TRACE, "==> sendProtocolElements()"); - if (DEBUG && debuglevel > 6) - debug(TRACE, "C: " + Util.dumpString(input)); - + if (Configuration.DEBUG) + { + log.entering(this.getClass().getName(), "sendProtocolElements"); + log.fine("C: " + Util.dumpString(input)); + } // Client send U, I, sid, cn final InputBuffer frameIn = new InputBuffer(input); try { U = frameIn.getText(); // Extract username - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got U (username): \"" + U + "\""); + if (Configuration.DEBUG) + log.fine("Got U (username): \"" + U + "\""); authorizationID = frameIn.getText(); // Extract authorisation ID - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got I (userid): \"" + authorizationID + "\""); + if (Configuration.DEBUG) + log.fine("Got I (userid): \"" + authorizationID + "\""); sid = frameIn.getEOS(); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got sid (session ID): " + new String(sid)); + if (Configuration.DEBUG) + log.fine("Got sid (session ID): " + new String(sid)); cn = frameIn.getOS(); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got cn (client nonce): " + Util.dumpString(cn)); + if (Configuration.DEBUG) + log.fine("Got cn (client nonce): " + Util.dumpString(cn)); cCB = frameIn.getEOS(); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got cCB (client channel binding): " - + Util.dumpString(cCB)); + if (Configuration.DEBUG) + log.fine("Got cCB (client channel binding): " + Util.dumpString(cCB)); } catch (IOException x) { if (x instanceof SaslException) - { - throw (SaslException) x; - } + throw (SaslException) x; throw new AuthenticationException("sendProtocolElements()", x); } - // do/can we re-use? if (ServerStore.instance().isAlive(sid)) { @@ -589,15 +382,10 @@ public class SRPServer extends ServerMechanism implements SaslServer outMac = ctx.getOutMac(); inCipher = ctx.getInCipher(); outCipher = ctx.getOutCipher(); - if (sn == null || sn.length != 16) - { - sn = new byte[16]; - } + sn = new byte[16]; getDefaultPRNG().nextBytes(sn); - setupSecurityServices(false); - final OutputBuffer frameOut = new OutputBuffer(); try { @@ -608,34 +396,27 @@ public class SRPServer extends ServerMechanism implements SaslServer catch (IOException x) { if (x instanceof SaslException) - { - throw (SaslException) x; - } + throw (SaslException) x; throw new AuthenticationException("sendProtocolElements()", x); } final byte[] result = frameOut.encode(); - if (DEBUG && debuglevel > 8) - debug(TRACE, "<== sendProtocolElements()"); - if (DEBUG && debuglevel > 2) - debug(INFO, "Old session..."); - if (DEBUG && debuglevel > 2) - debug(INFO, "S: " + Util.dumpString(result)); - if (DEBUG && debuglevel > 2) - debug(INFO, " sn = " + Util.dumpString(sn)); - if (DEBUG && debuglevel > 2) - debug(INFO, " sCB = " + Util.dumpString(channelBinding)); + if (Configuration.DEBUG) + { + log.fine("Old session..."); + log.fine("S: " + Util.dumpString(result)); + log.fine(" sn = " + Util.dumpString(sn)); + log.fine(" sCB = " + Util.dumpString(channelBinding)); + log.exiting(this.getClass().getName(), "sendProtocolElements"); + } return result; } else { // new session authenticator.activate(properties); - // ------------------------------------------------------------------- final HashMap mapB = new HashMap(); - // mapB.put(SRP6KeyAgreement.HASH_FUNCTION, srp.newDigest()); mapB.put(SRP6KeyAgreement.HASH_FUNCTION, srp.getAlgorithm()); mapB.put(SRP6KeyAgreement.HOST_PASSWORD_DB, authenticator); - try { serverHandler.init(mapB); @@ -643,7 +424,6 @@ public class SRPServer extends ServerMechanism implements SaslServer out.writeString(U); IncomingMessage in = new IncomingMessage(out.toByteArray()); out = serverHandler.processMessage(in); - in = new IncomingMessage(out.toByteArray()); N = in.readMPI(); g = in.readMPI(); @@ -655,26 +435,22 @@ public class SRPServer extends ServerMechanism implements SaslServer throw new SaslException("sendProtocolElements()", x); } // ------------------------------------------------------------------- - - if (DEBUG && debuglevel > 6) - debug(TRACE, "Encoding N (modulus): " + Util.dump(N)); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Encoding g (generator): " + Util.dump(g)); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Encoding s (client's salt): " + Util.dumpString(s)); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Encoding B (server ephemeral public key): " - + Util.dump(B)); - + if (Configuration.DEBUG) + { + log.fine("Encoding N (modulus): " + Util.dump(N)); + log.fine("Encoding g (generator): " + Util.dump(g)); + log.fine("Encoding s (client's salt): " + Util.dumpString(s)); + log.fine("Encoding B (server ephemeral public key): " + Util.dump(B)); + } // The server creates an options list (L), which consists of a // comma-separated list of option strings that specify the security // service options the server supports. L = createL(); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Encoding L (available options): \"" + L + "\""); - if (DEBUG && debuglevel > 6) - debug(TRACE, "Encoding sIV (server IV): " + Util.dumpString(sIV)); - + if (Configuration.DEBUG) + { + log.fine("Encoding L (available options): \"" + L + "\""); + log.fine("Encoding sIV (server IV): " + Util.dumpString(sIV)); + } final OutputBuffer frameOut = new OutputBuffer(); try { @@ -688,69 +464,58 @@ public class SRPServer extends ServerMechanism implements SaslServer catch (IOException x) { if (x instanceof SaslException) - { - throw (SaslException) x; - } + throw (SaslException) x; throw new AuthenticationException("sendProtocolElements()", x); } final byte[] result = frameOut.encode(); - if (DEBUG && debuglevel > 8) - debug(TRACE, "<== sendProtocolElements()"); - if (DEBUG && debuglevel > 2) - debug(INFO, "New session..."); - if (DEBUG && debuglevel > 2) - debug(INFO, "S: " + Util.dumpString(result)); - if (DEBUG && debuglevel > 2) - debug(INFO, " N = 0x" + N.toString(16)); - if (DEBUG && debuglevel > 2) - debug(INFO, " g = 0x" + g.toString(16)); - if (DEBUG && debuglevel > 2) - debug(INFO, " s = " + Util.dumpString(s)); - if (DEBUG && debuglevel > 2) - debug(INFO, " B = 0x" + B.toString(16)); - if (DEBUG && debuglevel > 2) - debug(INFO, " L = " + L); + if (Configuration.DEBUG) + { + log.fine("New session..."); + log.fine("S: " + Util.dumpString(result)); + log.fine(" N = 0x" + N.toString(16)); + log.fine(" g = 0x" + g.toString(16)); + log.fine(" s = " + Util.dumpString(s)); + log.fine(" B = 0x" + B.toString(16)); + log.fine(" L = " + L); + log.exiting(this.getClass().getName(), "sendProtocolElements"); + } return result; } } private byte[] sendEvidence(final byte[] input) throws SaslException { - if (DEBUG && debuglevel > 8) - debug(TRACE, "==> sendEvidence()"); - if (DEBUG && debuglevel > 6) - debug(TRACE, "C: " + Util.dumpString(input)); - + if (Configuration.DEBUG) + { + log.entering(this.getClass().getName(), "sendEvidence"); + log.fine("C: " + Util.dumpString(input)); + } // Client send A, M1, o, cIV final InputBuffer frameIn = new InputBuffer(input); final byte[] M1; try { A = frameIn.getMPI(); // Extract client's ephemeral public key - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got A (client ephemeral public key): " + Util.dump(A)); + if (Configuration.DEBUG) + log.fine("Got A (client ephemeral public key): " + Util.dump(A)); M1 = frameIn.getOS(); // Extract evidence - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got M1 (client evidence): " + Util.dumpString(M1)); + if (Configuration.DEBUG) + log.fine("Got M1 (client evidence): " + Util.dumpString(M1)); o = frameIn.getText(); // Extract client's options list - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got o (client chosen options): \"" + o + "\""); + if (Configuration.DEBUG) + log.fine("Got o (client chosen options): \"" + o + "\""); cIV = frameIn.getOS(); // Extract client's IV - if (DEBUG && debuglevel > 6) - debug(TRACE, "Got cIV (client IV): " + Util.dumpString(cIV)); + if (Configuration.DEBUG) + log.fine("Got cIV (client IV): " + Util.dumpString(cIV)); } catch (IOException x) { if (x instanceof SaslException) - { - throw (SaslException) x; - } + throw (SaslException) x; throw new AuthenticationException("sendEvidence()", x); } - // Parse client's options and set security layer variables parseO(o); - // ---------------------------------------------------------------------- try { @@ -765,10 +530,8 @@ public class SRPServer extends ServerMechanism implements SaslServer throw new SaslException("sendEvidence()", x); } // ---------------------------------------------------------------------- - - if (DEBUG && debuglevel > 6) - debug(TRACE, "K: " + Util.dumpString(K)); - + if (Configuration.DEBUG) + log.fine("K: " + Util.dumpString(K)); final byte[] expected; try { @@ -779,15 +542,10 @@ public class SRPServer extends ServerMechanism implements SaslServer { throw new AuthenticationException("sendEvidence()", x); } - // Verify client evidence - if (!Arrays.equals(M1, expected)) - { - throw new AuthenticationException("M1 mismatch"); - } - + if (! Arrays.equals(M1, expected)) + throw new AuthenticationException("M1 mismatch"); setupSecurityServices(true); - final byte[] M2; try { @@ -798,7 +556,6 @@ public class SRPServer extends ServerMechanism implements SaslServer { throw new AuthenticationException("sendEvidence()", x); } - final OutputBuffer frameOut = new OutputBuffer(); try { @@ -811,93 +568,71 @@ public class SRPServer extends ServerMechanism implements SaslServer catch (IOException x) { if (x instanceof SaslException) - { - throw (SaslException) x; - } + throw (SaslException) x; throw new AuthenticationException("sendEvidence()", x); } final byte[] result = frameOut.encode(); - if (DEBUG && debuglevel > 2) - debug(INFO, "S: " + Util.dumpString(result)); - if (DEBUG && debuglevel > 2) - debug(INFO, " M2 = " + Util.dumpString(M2)); - if (DEBUG && debuglevel > 2) - debug(INFO, " sIV = " + Util.dumpString(sIV)); - if (DEBUG && debuglevel > 2) - debug(INFO, " sid = " + new String(sid)); - if (DEBUG && debuglevel > 2) - debug(INFO, " ttl = " + ttl); - if (DEBUG && debuglevel > 2) - debug(INFO, " sCB = " + Util.dumpString(channelBinding)); - - if (DEBUG && debuglevel > 8) - debug(TRACE, "<== sendEvidence()"); + if (Configuration.DEBUG) + { + log.fine("S: " + Util.dumpString(result)); + log.fine(" M2 = " + Util.dumpString(M2)); + log.fine(" sIV = " + Util.dumpString(sIV)); + log.fine(" sid = " + new String(sid)); + log.fine(" ttl = " + ttl); + log.fine(" sCB = " + Util.dumpString(channelBinding)); + log.exiting(this.getClass().getName(), "sendEvidence"); + } return result; } private String createL() { - if (DEBUG && debuglevel > 8) - debug(TRACE, "==> createL()"); - + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "createL()"); String s = (String) properties.get(SRPRegistry.SRP_MANDATORY); if (s == null) + s = SRPRegistry.DEFAULT_MANDATORY; + + if (! SRPRegistry.MANDATORY_NONE.equals(s) + && ! SRPRegistry.OPTION_REPLAY_DETECTION.equals(s) + && ! SRPRegistry.OPTION_INTEGRITY.equals(s) + && ! SRPRegistry.OPTION_CONFIDENTIALITY.equals(s)) { + if (Configuration.DEBUG) + log.fine("Unrecognised mandatory option (" + s + "). Using default..."); s = SRPRegistry.DEFAULT_MANDATORY; } - if (!SRPRegistry.MANDATORY_NONE.equals(s) - && !SRPRegistry.OPTION_REPLAY_DETECTION.equals(s) - && !SRPRegistry.OPTION_INTEGRITY.equals(s) - && !SRPRegistry.OPTION_CONFIDENTIALITY.equals(s)) - { - if (DEBUG && debuglevel > 4) - debug(WARN, "Unrecognised mandatory option (" + s - + "). Using default..."); - s = SRPRegistry.DEFAULT_MANDATORY; - } - mandatory = s; - s = (String) properties.get(SRPRegistry.SRP_CONFIDENTIALITY); final boolean confidentiality = (s == null ? SRPRegistry.DEFAULT_CONFIDENTIALITY - : Boolean.valueOf(s).booleanValue()); - + : Boolean.valueOf(s).booleanValue()); s = (String) properties.get(SRPRegistry.SRP_INTEGRITY_PROTECTION); boolean integrity = (s == null ? SRPRegistry.DEFAULT_INTEGRITY - : Boolean.valueOf(s).booleanValue()); - + : Boolean.valueOf(s).booleanValue()); s = (String) properties.get(SRPRegistry.SRP_REPLAY_DETECTION); final boolean replayDetection = (s == null ? SRPRegistry.DEFAULT_REPLAY_DETECTION - : Boolean.valueOf(s).booleanValue()); - + : Boolean.valueOf(s).booleanValue()); final StringBuffer sb = new StringBuffer(); - sb.append(SRPRegistry.OPTION_SRP_DIGEST).append("=").append( - srp.getAlgorithm()).append( - ","); + sb.append(SRPRegistry.OPTION_SRP_DIGEST).append("=") + .append(srp.getAlgorithm()).append(","); + + if (! SRPRegistry.MANDATORY_NONE.equals(mandatory)) + sb.append(SRPRegistry.OPTION_MANDATORY) + .append("=").append(mandatory).append(","); - if (!SRPRegistry.MANDATORY_NONE.equals(mandatory)) - { - sb.append(SRPRegistry.OPTION_MANDATORY).append("=").append(mandatory).append( - ","); - } if (replayDetection) { sb.append(SRPRegistry.OPTION_REPLAY_DETECTION).append(","); // if replay detection is on then force integrity protection integrity = true; } - int i; if (integrity) { for (i = 0; i < SRPRegistry.INTEGRITY_ALGORITHMS.length; i++) - { - sb.append(SRPRegistry.OPTION_INTEGRITY).append("=").append( - SRPRegistry.INTEGRITY_ALGORITHMS[i]).append( - ","); - } + sb.append(SRPRegistry.OPTION_INTEGRITY).append("=") + .append(SRPRegistry.INTEGRITY_ALGORITHMS[i]).append(","); } - if (confidentiality) { IBlockCipher cipher; @@ -905,19 +640,15 @@ public class SRPServer extends ServerMechanism implements SaslServer { cipher = CipherFactory.getInstance(SRPRegistry.CONFIDENTIALITY_ALGORITHMS[i]); if (cipher != null) - { - sb.append(SRPRegistry.OPTION_CONFIDENTIALITY).append("=").append( - SRPRegistry.CONFIDENTIALITY_ALGORITHMS[i]).append( - ","); - } + sb.append(SRPRegistry.OPTION_CONFIDENTIALITY).append("=") + .append(SRPRegistry.CONFIDENTIALITY_ALGORITHMS[i]).append(","); } } - - final String result = sb.append(SRPRegistry.OPTION_MAX_BUFFER_SIZE).append( - "=").append( - Registry.SASL_BUFFER_MAX_LIMIT).toString(); - if (DEBUG && debuglevel > 8) - debug(TRACE, "<== createL()"); + final String result = sb.append(SRPRegistry.OPTION_MAX_BUFFER_SIZE) + .append("=").append(Registry.SASL_BUFFER_MAX_LIMIT) + .toString(); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "createL"); return result; } @@ -934,69 +665,51 @@ public class SRPServer extends ServerMechanism implements SaslServer while (st.hasMoreTokens()) { option = st.nextToken(); - if (DEBUG && debuglevel > 6) - debug(TRACE, "option: <" + option + ">"); + if (Configuration.DEBUG) + log.fine("option: <" + option + ">"); if (option.equals(SRPRegistry.OPTION_REPLAY_DETECTION)) - { - replayDetection = true; - } + replayDetection = true; else if (option.startsWith(SRPRegistry.OPTION_INTEGRITY + "=")) { if (integrity) + throw new AuthenticationException( + "Only one integrity algorithm may be chosen"); + option = option.substring(option.indexOf('=') + 1); + if (Configuration.DEBUG) + log.fine("algorithm: <" + option + ">"); + for (i = 0; i < SRPRegistry.INTEGRITY_ALGORITHMS.length; i++) { - throw new AuthenticationException( - "Only one integrity algorithm may be chosen"); - } - else - { - option = option.substring(option.indexOf('=') + 1); - if (DEBUG && debuglevel > 6) - debug(TRACE, "algorithm: <" + option + ">"); - for (i = 0; i < SRPRegistry.INTEGRITY_ALGORITHMS.length; i++) - { - if (SRPRegistry.INTEGRITY_ALGORITHMS[i].equals(option)) - { - chosenIntegrityAlgorithm = option; - integrity = true; - break; - } - } - if (!integrity) + if (SRPRegistry.INTEGRITY_ALGORITHMS[i].equals(option)) { - throw new AuthenticationException( - "Unknown integrity algorithm: " - + option); + chosenIntegrityAlgorithm = option; + integrity = true; + break; } } + if (! integrity) + throw new AuthenticationException("Unknown integrity algorithm: " + + option); } else if (option.startsWith(SRPRegistry.OPTION_CONFIDENTIALITY + "=")) { if (confidentiality) + throw new AuthenticationException( + "Only one confidentiality algorithm may be chosen"); + option = option.substring(option.indexOf('=') + 1); + if (Configuration.DEBUG) + log.fine("algorithm: <" + option + ">"); + for (i = 0; i < SRPRegistry.CONFIDENTIALITY_ALGORITHMS.length; i++) { - throw new AuthenticationException( - "Only one confidentiality algorithm may be chosen"); - } - else - { - option = option.substring(option.indexOf('=') + 1); - if (DEBUG && debuglevel > 6) - debug(TRACE, "algorithm: <" + option + ">"); - for (i = 0; i < SRPRegistry.CONFIDENTIALITY_ALGORITHMS.length; i++) - { - if (SRPRegistry.CONFIDENTIALITY_ALGORITHMS[i].equals(option)) - { - chosenConfidentialityAlgorithm = option; - confidentiality = true; - break; - } - } - if (!confidentiality) + if (SRPRegistry.CONFIDENTIALITY_ALGORITHMS[i].equals(option)) { - throw new AuthenticationException( - "Unknown confidentiality algorithm: " - + option); + chosenConfidentialityAlgorithm = option; + confidentiality = true; + break; } } + if (! confidentiality) + throw new AuthenticationException("Unknown confidentiality algorithm: " + + option); } else if (option.startsWith(SRPRegistry.OPTION_MAX_BUFFER_SIZE + "=")) { @@ -1007,70 +720,51 @@ public class SRPServer extends ServerMechanism implements SaslServer if (rawSendSize > Registry.SASL_BUFFER_MAX_LIMIT || rawSendSize < 1) throw new AuthenticationException( - "Illegal value for 'maxbuffersize' option"); + "Illegal value for 'maxbuffersize' option"); } catch (NumberFormatException x) { throw new AuthenticationException( - SRPRegistry.OPTION_MAX_BUFFER_SIZE - + "=" - + String.valueOf(maxBufferSize), - x); + SRPRegistry.OPTION_MAX_BUFFER_SIZE + "=" + maxBufferSize, x); } } } - // check if client did the right thing if (replayDetection) { - if (!integrity) - { - throw new AuthenticationException( - "Missing integrity protection algorithm " - + "but replay detection is chosen"); - } + if (! integrity) + throw new AuthenticationException( + "Missing integrity protection algorithm but replay detection is chosen"); } if (mandatory.equals(SRPRegistry.OPTION_REPLAY_DETECTION)) { - if (!replayDetection) - { - throw new AuthenticationException( - "Replay detection is mandatory but was not chosen"); - } + if (! replayDetection) + throw new AuthenticationException( + "Replay detection is mandatory but was not chosen"); } if (mandatory.equals(SRPRegistry.OPTION_INTEGRITY)) { - if (!integrity) - { - throw new AuthenticationException( - "Integrity protection is mandatory but was not chosen"); - } + if (! integrity) + throw new AuthenticationException( + "Integrity protection is mandatory but was not chosen"); } if (mandatory.equals(SRPRegistry.OPTION_CONFIDENTIALITY)) { - if (!confidentiality) - { - throw new AuthenticationException( - "Confidentiality is mandatory but was not chosen"); - } + if (! confidentiality) + throw new AuthenticationException( + "Confidentiality is mandatory but was not chosen"); } - int blockSize = 0; if (chosenConfidentialityAlgorithm != null) { final IBlockCipher cipher = CipherFactory.getInstance(chosenConfidentialityAlgorithm); if (cipher != null) - { - blockSize = cipher.defaultBlockSize(); - } - else - { // should not happen - throw new AuthenticationException("Confidentiality algorithm (" - + chosenConfidentialityAlgorithm - + ") not available"); - } + blockSize = cipher.defaultBlockSize(); + else // should not happen + throw new AuthenticationException("Confidentiality algorithm (" + + chosenConfidentialityAlgorithm + + ") not available"); } - sIV = new byte[blockSize]; if (blockSize > 0) getDefaultPRNG().nextBytes(sIV); @@ -1086,30 +780,26 @@ public class SRPServer extends ServerMechanism implements SaslServer // instantiate cipher if confidentiality protection filter is active if (chosenConfidentialityAlgorithm != null) { - if (DEBUG && debuglevel > 2) - debug(INFO, "Activating confidentiality protection filter"); + if (Configuration.DEBUG) + log.fine("Activating confidentiality protection filter"); inCipher = CALG.getInstance(chosenConfidentialityAlgorithm); outCipher = CALG.getInstance(chosenConfidentialityAlgorithm); } // instantiate hmacs if integrity protection filter is active if (chosenIntegrityAlgorithm != null) { - if (DEBUG && debuglevel > 2) - debug(INFO, "Activating integrity protection filter"); + if (Configuration.DEBUG) + log.fine("Activating integrity protection filter"); inMac = IALG.getInstance(chosenIntegrityAlgorithm); outMac = IALG.getInstance(chosenIntegrityAlgorithm); } - // generate a new sid if at least integrity is used sid = (inMac != null ? ServerStore.getNewSessionID() : new byte[0]); } - else - { // same session new keys - K = srp.generateKn(K, cn, sn); - } + else // same session new keys + K = srp.generateKn(K, cn, sn); final KDF kdf = KDF.getInstance(K); - // initialise in/out ciphers if confidentaility protection is used if (inCipher != null) { @@ -1122,15 +812,12 @@ public class SRPServer extends ServerMechanism implements SaslServer outMac.init(kdf); inMac.init(kdf); } - if (sid != null && sid.length != 0) { // update the security context and save in map - if (DEBUG && debuglevel > 2) - debug(INFO, "Updating security context for sid = " + new String(sid)); - ServerStore.instance().cacheSession( - ttl, - new SecurityContext( - srp.getAlgorithm(), + if (Configuration.DEBUG) + log.fine("Updating security context for sid = " + new String(sid)); + ServerStore.instance().cacheSession(ttl, + new SecurityContext(srp.getAlgorithm(), sid, K, cIV, @@ -1148,7 +835,6 @@ public class SRPServer extends ServerMechanism implements SaslServer { if (prng == null) prng = PRNG.getInstance(); - return prng; } } diff --git a/libjava/classpath/gnu/javax/crypto/sasl/srp/SecurityContext.java b/libjava/classpath/gnu/javax/crypto/sasl/srp/SecurityContext.java index feca25cadb8..1111d95b4f0 100644 --- a/libjava/classpath/gnu/javax/crypto/sasl/srp/SecurityContext.java +++ b/libjava/classpath/gnu/javax/crypto/sasl/srp/SecurityContext.java @@ -39,41 +39,23 @@ exception statement from your version. */ package gnu.javax.crypto.sasl.srp; /** - * <p>A package-private placeholder for an SRP security context.</p> + * A package-private placeholder for an SRP security context. */ class SecurityContext { - - // Constants and variables - // ------------------------------------------------------------------------- - private String mdName; - private byte[] sid; - private byte[] K; - private byte[] cIV; - private byte[] sIV; - private boolean replayDetection; - private int inCounter; - private int outCounter; - private IALG inMac; - private IALG outMac; - private CALG inCipher; - private CALG outCipher; - // Constructor(s) - // ------------------------------------------------------------------------- - SecurityContext(final String mdName, final byte[] sid, final byte[] K, final byte[] cIV, final byte[] sIV, final boolean replayDetection, final int inCounter, @@ -96,12 +78,6 @@ class SecurityContext this.outCipher = outCipher; } - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - String getMdName() { return mdName; @@ -161,4 +137,4 @@ class SecurityContext { return outCipher; } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/sasl/srp/ServerStore.java b/libjava/classpath/gnu/javax/crypto/sasl/srp/ServerStore.java index 99bf96a9444..e9b1a728273 100644 --- a/libjava/classpath/gnu/javax/crypto/sasl/srp/ServerStore.java +++ b/libjava/classpath/gnu/javax/crypto/sasl/srp/ServerStore.java @@ -41,32 +41,21 @@ package gnu.javax.crypto.sasl.srp; import java.util.HashMap; /** - * <p>The server-side implementation of the SRP security context store.</p> + * The server-side implementation of the SRP security context store. */ public class ServerStore { - - // Constants and variables - // ------------------------------------------------------------------------- - /** The underlying singleton. */ private static ServerStore singleton = null; - /** The map of sid --> Security Context record. */ private static final HashMap sid2ssc = new HashMap(); - /** The map of sid --> Session timing record. */ private static final HashMap sid2ttl = new HashMap(); - /** A synchronisation lock. */ private static final Object lock = new Object(); - /** A counter to generate legible SIDs. */ private static int counter = 0; - // Constructor(s) - // ------------------------------------------------------------------------- - /** Private constructor to enforce Singleton pattern. */ private ServerStore() { @@ -75,48 +64,38 @@ public class ServerStore // TODO: add a cleaning timer thread } - // Class methods - // ------------------------------------------------------------------------- - /** - * <p>Returns the classloader Singleton.</p> - * + * Returns the classloader Singleton. + * * @return the classloader Singleton instance. */ static synchronized final ServerStore instance() { if (singleton == null) - { - singleton = new ServerStore(); - } + singleton = new ServerStore(); return singleton; } /** - * <p>Returns a legible new session identifier.</p> - * + * Returns a legible new session identifier. + * * @return a new session identifier. */ static synchronized final byte[] getNewSessionID() { final String sid = String.valueOf(++counter); - return new StringBuffer("SID-").append( - "0000000000".substring( - 0, - 10 - sid.length())).append( - sid).toString().getBytes(); + return new StringBuffer("SID-") + .append("0000000000".substring(0, 10 - sid.length())).append(sid) + .toString().getBytes(); } - // Instance methods - // ------------------------------------------------------------------------- - /** - * <p>Returns a boolean flag indicating if the designated session is still - * alive or not.</p> - * + * Returns a boolean flag indicating if the designated session is still alive + * or not. + * * @param sid the identifier of the session to check. * @return <code>true</code> if the designated session is still alive. - * <code>false</code> otherwise. + * <code>false</code> otherwise. */ boolean isAlive(final byte[] sid) { @@ -130,8 +109,8 @@ public class ServerStore if (ctx != null) { result = ctx.isAlive(); - if (!result) - { // invalidate it en-passant + if (! result) // invalidate it en-passant + { sid2ssc.remove(key); sid2ttl.remove(key); } @@ -142,9 +121,9 @@ public class ServerStore } /** - * <p>Records a mapping between a session identifier and the Security Context - * of the designated SRP server mechanism instance.</p> - * + * Records a mapping between a session identifier and the Security Context of + * the designated SRP server mechanism instance. + * * @param ttl the session's Time-To-Live indicator (in seconds). * @param ctx the server's security context. */ @@ -159,11 +138,11 @@ public class ServerStore } /** - * <p>Updates the mapping between the designated session identifier and the - * designated server's SASL Security Context. In the process, computes - * and return the underlying mechanism server's evidence that shall be - * returned to the client in a session re-use exchange.</p> - * + * Updates the mapping between the designated session identifier and the + * designated server's SASL Security Context. In the process, computes and + * return the underlying mechanism server's evidence that shall be returned to + * the client in a session re-use exchange. + * * @param sid the identifier of the session to restore. * @return an SRP server's security context. */ @@ -180,8 +159,8 @@ public class ServerStore } /** - * <p>Removes all information related to the designated session ID.</p> - * + * Removes all information related to the designated session ID. + * * @param sid the identifier of the seesion to invalidate. */ void invalidateSession(final byte[] sid) @@ -193,4 +172,4 @@ public class ServerStore sid2ttl.remove(key); } } -}
\ No newline at end of file +} diff --git a/libjava/classpath/gnu/javax/crypto/sasl/srp/StoreEntry.java b/libjava/classpath/gnu/javax/crypto/sasl/srp/StoreEntry.java index c5041fa4b38..130678ebd7a 100644 --- a/libjava/classpath/gnu/javax/crypto/sasl/srp/StoreEntry.java +++ b/libjava/classpath/gnu/javax/crypto/sasl/srp/StoreEntry.java @@ -39,21 +39,13 @@ exception statement from your version. */ package gnu.javax.crypto.sasl.srp; /** - * <p>A simple timing-related object for use by SRP re-use code.</p> + * A simple timing-related object for use by SRP re-use code. */ class StoreEntry { - - // Constants and variables - // ------------------------------------------------------------------------- - private boolean perenial; - private long timeToDie; - // Constructor(s) - // ------------------------------------------------------------------------- - StoreEntry(int ttl) { super(); @@ -70,20 +62,14 @@ class StoreEntry } } - // Class methods - // ------------------------------------------------------------------------- - - // Instance methods - // ------------------------------------------------------------------------- - /** - * <p>Returns <code>true</code> if the Time-To_live period has not elapsed.</p> - * + * Returns <code>true</code> if the Time-To_live period has not elapsed. + * * @return <code>true</code> if the Time-To-Live period (in seconds) has not - * elapsed yet; <code>false</code> otherwise. + * elapsed yet; <code>false</code> otherwise. */ boolean isAlive() { return (perenial ? true : (System.currentTimeMillis() < timeToDie)); } -}
\ No newline at end of file +} |
