org.apache.qpid.jms.sasl.CramMD5Mechanism Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of qpid-jms-client Show documentation
Show all versions of qpid-jms-client Show documentation
The core JMS Client implementation
The newest version!
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.qpid.jms.sasl;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.security.sasl.SaslException;
/**
* Implements the SASL CRAM-MD5 authentication Mechanism.
*/
public class CramMD5Mechanism extends AbstractMechanism {
private static final String ASCII = "ASCII";
private static final String HMACMD5 = "HMACMD5";
private boolean sentResponse;
@Override
public int getPriority() {
return PRIORITY.LOW.getValue();
}
@Override
public String getName() {
return "CRAM-MD5";
}
@Override
public byte[] getInitialResponse() {
return null;
}
@Override
public byte[] getChallengeResponse(byte[] challenge) throws SaslException {
if (!sentResponse && challenge != null && challenge.length != 0) {
try {
SecretKeySpec key = new SecretKeySpec(getPassword().getBytes(ASCII), HMACMD5);
Mac mac = Mac.getInstance(HMACMD5);
mac.init(key);
byte[] bytes = mac.doFinal(challenge);
StringBuffer hash = new StringBuffer(getUsername());
hash.append(' ');
for (int i = 0; i < bytes.length; i++) {
String hex = Integer.toHexString(0xFF & bytes[i]);
if (hex.length() == 1) {
hash.append('0');
}
hash.append(hex);
}
sentResponse = true;
return hash.toString().getBytes(ASCII);
} catch (UnsupportedEncodingException e) {
throw new SaslException("Unable to utilise required encoding", e);
} catch (InvalidKeyException e) {
throw new SaslException("Unable to utilise key", e);
} catch (NoSuchAlgorithmException e) {
throw new SaslException("Unable to utilise required algorithm", e);
}
} else {
return EMPTY;
}
}
@Override
public void verifyCompletion() throws SaslException {
super.verifyCompletion();
if (!sentResponse) {
throw new SaslException("SASL exchange was not fully completed.");
}
}
@Override
public boolean isApplicable(String username, String password, Principal localPrincipal) {
return username != null && username.length() > 0 && password != null && password.length() > 0;
}
}