Package org.jivesoftware.openfire.sasl

Class ScramSha1SaslServer

java.lang.Object
org.jivesoftware.openfire.sasl.ScramSaslServer
org.jivesoftware.openfire.sasl.ScramSha1SaslServer
All Implemented Interfaces:
SaslServer
public class ScramSha1SaslServer extends ScramSaslServer
Implements the SCRAM-SHA-1 (and its channel binding -PLUS variant) server-side mechanism.
Author:
Richard Midwinter, Guus der Kinderen

  • Field Details

  • Constructor Details

    • ScramSha1SaslServer

      public ScramSha1SaslServer(boolean isPlusMechanism, Map<String,?> props)

  • Method Details

    • getServerSecretForNonExistentUsers

      public static String getServerSecretForNonExistentUsers()
      Retrieves a server-side secret used when handling authentication attempts for non-existing users in SCRAM-SHA-1 (-PLUS). This method ensures that the one-time initialization that is required for usage will occur. Instead of failing immediately, the server derives deterministic, fake SCRAM credentials (such as stored keys, server keys, and where applicable salt values) based on this secret. This ensures that authentication processing for non-existing users is indistinguishable from that of existing users. This mechanism helps protect against user enumeration attacks by preventing observable differences in behavior between existing and non-existing accounts. Changing (rotating) this value will cause different derived values to be generated for non-existing users. This does not affect authentication of existing users but can invalidate consistency of ongoing or repeated authentication attempts for non-existing users.
      See Also:

    • getMechanismName

      public String getMechanismName()
      Returns the IANA-registered mechanism name of this SASL server. ("SCRAM-SHA-1").
      Returns:
      A non-null string representing the IANA-registered mechanism name.

    • evaluateResponse

      public byte[] evaluateResponse(byte[] response) throws SaslException
      Evaluates the response data and generates a challenge. If a response is received from the client during the authentication process, this method is called to prepare an appropriate next challenge to submit to the client. The challenge is null if the authentication has succeeded and no more challenge data is to be sent to the client. It is non-null if the authentication must be continued by sending a challenge to the client, or if the authentication has succeeded but challenge data needs to be processed by the client. isComplete() should be called after each call to evaluateResponse(),to determine if any further response is needed from the client.
      Parameters:
      response - The non-null (but possibly empty) response sent by the client.
      Returns:
      The possibly null challenge to send to the client. It is null if the authentication has succeeded and there is no more challenge data to be sent to the client.
      Throws:
      SaslException - If an error occurred while processing the response or generating a challenge.

    • isComplete

      public boolean isComplete()
      Determines whether the authentication exchange has completed. This method is typically called after each invocation of evaluateResponse() to determine whether the authentication has completed successfully or should be continued.
      Returns:
      true if the authentication exchange has completed; false otherwise.

    • getAuthorizationID

      public String getAuthorizationID()
      Reports the authorization ID in effect for the client of this session. This method can only be called if isComplete() returns true.
      Returns:
      The authorization ID of the client.
      Throws:
      IllegalStateException - if this authentication session has not completed

    • unwrap

      public byte[] unwrap(byte[] incoming, int offset, int len) throws SaslException
      Unwraps a byte array received from the client. SCRAM-SHA-1 supports no security layer.
      Throws:
      SaslException - if attempted to use this method.

    • wrap

      public byte[] wrap(byte[] outgoing, int offset, int len) throws SaslException
      Wraps a byte array to be sent to the client. SCRAM-SHA-1 supports no security layer.
      Throws:
      SaslException - if attempted to use this method.

    • getNegotiatedProperty

      public Object getNegotiatedProperty(String propName)
      Retrieves the negotiated property. This method can be called only after the authentication exchange has completed (i.e., when isComplete() returns true); otherwise, an IllegalStateException is thrown.
      Parameters:
      propName - the property
      Returns:
      The value of the negotiated property. If null, the property was not negotiated or is not applicable to this mechanism.
      Throws:
      IllegalStateException - if this authentication exchange has not completed

    • dispose

      public void dispose() throws SaslException
      Disposes of any system resources or security-sensitive information the SaslServer might be using. Invoking this method invalidates the SaslServer instance. This method is idempotent.
      Throws:
      SaslException - If a problem was encountered while disposing the resources.

    • getOrCreateSalt

      protected byte[] getOrCreateSalt(String username)
      Retrieve the salt for a given username. When a salt does not currently exist for an existing user, but a password is set, that value is used to create and persist a new salt for that user. Returns a username-specific salt if the user doesn't exist to mimic an invalid password. This also guards against user enumeration attacks.
      See Also:

    • getOrFakeServerKey

      protected byte[] getOrFakeServerKey(String username)
      Retrieve the server key from the database for a given username, but returns a fake key if none is found. Returning a fake key helps guard against timing attacks: instead of short-circuiting the operation, a fake key is generated to ensure consistent response times and prevent potential timing attacks.
      See Also:

    • getOrFakeStoredKey

      protected byte[] getOrFakeStoredKey(String username)
      Retrieve the stored key from the database for a given username, but returns a fake key if none is found. Returning a fake key helps guard against timing attacks: instead of short-circuiting the operation, a fake key is generated to ensure consistent response times and prevent potential timing attacks.
      See Also: