/** * Hex-encode the current stream. * * @return an iterator over the encoded characters */ public CodePointIterator hexEncode() { return hexEncode(false); }
private byte[] calculateResponseDigest(MessageDigest messageDigest, byte[] hA1, String nonce, String method, byte[] digestUri, byte[] qop, byte[] cnonce, byte[] nc) { messageDigest.update(method.getBytes(UTF_8)); messageDigest.update(COLON); byte[] hA2 = messageDigest.digest(digestUri); messageDigest.update(ByteIterator.ofBytes(hA1).hexEncode().drainToString().getBytes(UTF_8)); messageDigest.update(COLON); messageDigest.update(nonce.getBytes(UTF_8)); if(qop != null) { messageDigest.update(COLON); messageDigest.update(nc); messageDigest.update(COLON); messageDigest.update(cnonce); messageDigest.update(COLON); messageDigest.update(qop); } messageDigest.update(COLON); return messageDigest.digest(ByteIterator.ofBytes(hA2).hexEncode().drainToString().getBytes(UTF_8)); }
/** * Convert the given OTP hash into hexadecimal format. * * @param otp the OTP hash * @return the hexadecimal value that corresponds to the given OTP hash */ public static String convertToHex(byte[] otp) { return ByteIterator.ofBytes(otp).hexEncode().drainToString(); }
public String generateHashedHexURP(final String userName, final String realm, final char[] password, final boolean utf8StringConversion) { byte[] hashedURP = generateHashedURP(userName, realm, password, utf8StringConversion); return ByteIterator.ofBytes(hashedURP).hexEncode().drainToString(); }
/** * Generate a new encoded nonce to send to the client. * * @param salt additional data to use when creating the overall signature for the nonce. * @return a new encoded nonce to send to the client. */ String generateNonce(byte[] salt) { try { MessageDigest messageDigest = MessageDigest.getInstance(algorithm); ByteBuffer byteBuffer = ByteBuffer.allocate(PREFIX_LENGTH + messageDigest.getDigestLength()); byteBuffer.putInt(nonceCounter.incrementAndGet()); byteBuffer.putLong(System.nanoTime()); byteBuffer.put(digest(byteBuffer.array(), 0, PREFIX_LENGTH, salt, messageDigest)); String nonce = ByteIterator.ofBytes(byteBuffer.array()).base64Encode().drainToString(); if (log.isTraceEnabled()) { String saltString = salt == null ? "null" : ByteIterator.ofBytes(salt).hexEncode().drainToString(); log.tracef("New nonce generated %s, using seed %s", nonce, saltString); } return nonce; } catch (GeneralSecurityException e) { throw new IllegalStateException(e); } }
mac.init(new SecretKeySpec(password.getDigest(), mac.getAlgorithm())); byte[] serverKey = mac.doFinal(ScramUtil.SERVER_KEY_BYTES); if(trace) saslScram.tracef("[C] Server key: %s%n", ByteIterator.ofBytes(serverKey).hexEncode().drainToString()); mac.init(new SecretKeySpec(serverKey, mac.getAlgorithm())); byte[] clientFirstMessage = finalResponse.getInitialResponse().getRawMessageBytes(); mac.update(clientFinalMessage, 0, finalResponse.getProofOffset()); byte[] serverSignature = mac.doFinal(); if(trace) saslScram.tracef("[C] Recovered server signature: %s%n", ByteIterator.ofBytes(serverSignature).hexEncode().drainToString()); if (! Arrays.equals(finalChallenge.getRawServerSignature(), serverSignature)) { throw saslScram.mechServerAuthenticityCannotBeVerified();
/** * @see org.jboss.security.auth.spi.UsernamePasswordLoginModule#getUsersPassword() */ @Override protected String getUsersPassword() throws LoginException { if (validationMode == ValidationMode.VALIDATION) { return null; } RealmCallback rcb = new RealmCallback("Realm", securityRealm.getName()); NameCallback ncb = new NameCallback("User Name", getUsername()); String password = null; switch (validationMode) { case DIGEST: CredentialCallback cc = new CredentialCallback(PasswordCredential.class, ALGORITHM_DIGEST_MD5); handle(new Callback[]{rcb, ncb, cc}); PasswordCredential passwordCredential = (PasswordCredential) cc.getCredential(); DigestPassword digestPassword = passwordCredential.getPassword(DigestPassword.class); password = ByteIterator.ofBytes(digestPassword.getDigest()).hexEncode().drainToString(); break; case PASSWORD: PasswordCallback pcb = new PasswordCallback("Password", false); handle(new Callback[]{rcb, ncb, pcb}); password = String.valueOf(pcb.getPassword()); break; } return password; }
String saltString = salt == null ? "null" : ByteIterator.ofBytes(salt).hexEncode().drainToString(); log.tracef("Nonce %s rejected due to failed comparison using secret key with seed %s.", nonce, saltString);
KD.append(ByteIterator.ofBytes(H_A1).hexEncode().drainToString().getBytes(StandardCharsets.US_ASCII)); KD.append(':'); KD.append(nonce); KD.append(qop_value); KD.append(':'); KD.append(ByteIterator.ofBytes(digest_A2).hexEncode().drainToString().getBytes(StandardCharsets.US_ASCII)); return ByteIterator.ofBytes(messageDigest.digest()).hexEncode().drainToString().getBytes(StandardCharsets.US_ASCII);
mac.update(ScramUtil.CLIENT_KEY_BYTES); clientKey = mac.doFinal(); if(trace) saslScram.tracef("[S] Client key: %s%n", ByteIterator.ofBytes(clientKey).hexEncode().drainToString()); messageDigest.update(clientKey); storedKey = messageDigest.digest(); if(trace) saslScram.tracef("[S] Stored key: %s%n", ByteIterator.ofBytes(storedKey).hexEncode().drainToString()); final int clientFirstMessageBareStart = clientMessage.getInitialResponse().getInitialPartIndex(); mac.update(clientFirstMessage, clientFirstMessageBareStart, clientFirstMessage.length - clientFirstMessageBareStart); if(trace) saslScram.tracef("[S] Using client first message: %s%n", ByteIterator.ofBytes(copyOfRange(clientFirstMessage, clientFirstMessageBareStart, clientFirstMessage.length)).hexEncode().drainToString()); mac.update((byte) ','); final byte[] serverFirstMessage = initialResult.getScramInitialChallenge().getRawMessageBytes(); mac.update(serverFirstMessage); if(trace) saslScram.tracef("[S] Using server first message: %s%n", ByteIterator.ofBytes(serverFirstMessage).hexEncode().drainToString()); mac.update((byte) ','); final byte[] response = clientMessage.getRawMessageBytes(); final int proofOffset = clientMessage.getProofOffset(); mac.update(response, 0, proofOffset); // client-final-message-without-proof if(trace) saslScram.tracef("[S] Using client final message without proof: %s%n", ByteIterator.ofBytes(copyOfRange(response, 0, proofOffset)).hexEncode().drainToString()); byte[] clientSignature = mac.doFinal(); if(trace) saslScram.tracef("[S] Client signature: %s%n", ByteIterator.ofBytes(clientSignature).hexEncode().drainToString()); mac.update(ScramUtil.SERVER_KEY_BYTES); serverKey = mac.doFinal(); if(trace) saslScram.tracef("[S] Server key: %s%n", ByteIterator.ofBytes(serverKey).hexEncode().drainToString()); mac.update(response, 0, proofOffset); // client-final-message-without-proof serverSignature = mac.doFinal();
ByteStringBuilder b2 = new ByteStringBuilder(); if (bindingData != null) { if(trace) saslScram.tracef("[C] Binding data: %s%n", ByteIterator.ofBytes(bindingData).hexEncode().drainToString()); if (plus) { b2.append("p="); saslScram); final byte[] saltedPassword = password.getDigest(); if (trace) saslScram.tracef("[C] Client salted password: %s", ByteIterator.ofBytes(saltedPassword).hexEncode().drainToString()); if(trace) saslScram.tracef("[C] Client key: %s", ByteIterator.ofBytes(clientKey).hexEncode().drainToString()); final byte[] storedKey = messageDigest.digest(clientKey); if(trace) saslScram.tracef("[C] Stored key: %s%n", ByteIterator.ofBytes(storedKey).hexEncode().drainToString()); mac.init(new SecretKeySpec(storedKey, mac.getAlgorithm())); final byte[] initialResponseBytes = initialResponse.getRawMessageBytes(); mac.update(initialResponseBytes, initialResponse.getInitialPartIndex(), initialResponseBytes.length - initialResponse.getInitialPartIndex()); if (trace) saslScram.tracef("[C] Using client first message: %s%n", ByteIterator.ofBytes(initialResponseBytes, initialResponse.getInitialPartIndex(), initialResponseBytes.length - initialResponse.getInitialPartIndex()).hexEncode().drainToString()); mac.update((byte) ','); mac.update(initialChallenge.getRawMessageBytes()); if(trace) saslScram.tracef("[C] Using server first message: %s%n", ByteIterator.ofBytes(initialChallenge.getRawMessageBytes()).hexEncode().drainToString()); mac.update((byte) ','); encoded.updateMac(mac); if(trace) saslScram.tracef("[C] Using client final message without proof: %s%n", ByteIterator.ofBytes(encoded.toArray()).hexEncode().drainToString()); final byte[] clientProof = mac.doFinal(); if(trace) saslScram.tracef("[C] Client signature: %s%n", ByteIterator.ofBytes(clientProof).hexEncode().drainToString()); ScramUtil.xor(clientProof, clientKey); if(trace) saslScram.tracef("[C] Client proof: %s%n", ByteIterator.ofBytes(clientProof).hexEncode().drainToString()); int proofStart = encoded.length();
/** * Hex-encode the current stream. * * @return an iterator over the encoded characters */ public CodePointIterator hexEncode() { return hexEncode(false); }
/** * Hex-encode the current stream. * * @return an iterator over the encoded characters */ public CodePointIterator hexEncode() { return hexEncode(false); }
/** * Convert the given OTP hash into hexadecimal format. * * @param otp the OTP hash * @return the hexadecimal value that corresponds to the given OTP hash */ public static String convertToHex(byte[] otp) { return ByteIterator.ofBytes(otp).hexEncode().drainToString(); }
/** * Convert the given OTP hash into hexadecimal format. * * @param otp the OTP hash * @return the hexadecimal value that corresponds to the given OTP hash */ public static String convertToHex(byte[] otp) { return ByteIterator.ofBytes(otp).hexEncode().drainToString(); }
/** * Convert the given OTP hash into hexadecimal format. * * @param otp the OTP hash * @return the hexadecimal value that corresponds to the given OTP hash */ public static String convertToHex(byte[] otp) { return ByteIterator.ofBytes(otp).hexEncode().drainToString(); }
public String generateHashedHexURP(final String userName, final String realm, final char[] password, final boolean utf8StringConversion) { byte[] hashedURP = generateHashedURP(userName, realm, password, utf8StringConversion); return ByteIterator.ofBytes(hashedURP).hexEncode().drainToString(); }
public String generateHashedHexURP(final String userName, final String realm, final char[] password, final boolean utf8StringConversion) { byte[] hashedURP = generateHashedURP(userName, realm, password, utf8StringConversion); return ByteIterator.ofBytes(hashedURP).hexEncode().drainToString(); }
public String generateHashedHexURP(final String userName, final String realm, final char[] password, final boolean utf8StringConversion) { byte[] hashedURP = generateHashedURP(userName, realm, password, utf8StringConversion); return ByteIterator.ofBytes(hashedURP).hexEncode().drainToString(); }