User: starksm
Date: 01/11/09 02:19:28
Modified: src/main/org/jboss/security/srp Tag: Branch_2_4
SRPClientSession.java SRPConf.java
SRPPermission.java SRPRemoteServer.java
SRPRemoteServerInterface.java
SRPServerInterface.java SRPServerProxy.java
SRPServerSession.java SRPService.java
SRPServiceMBean.java SRPVerifierStore.java
SRPVerifierStoreService.java
SRPVerifierStoreServiceMBean.java
SerialObjectStore.java
Log:
Clean up the logging.
Revision Changes Path
No revision
No revision
1.2.4.1 +52 -48 jbosssx/src/main/org/jboss/security/srp/SRPClientSession.java
Index: SRPClientSession.java
===================================================================
RCS file:
/cvsroot/jboss/jbosssx/src/main/org/jboss/security/srp/SRPClientSession.java,v
retrieving revision 1.2
retrieving revision 1.2.4.1
diff -u -r1.2 -r1.2.4.1
--- SRPClientSession.java 2001/04/04 21:46:03 1.2
+++ SRPClientSession.java 2001/11/09 10:19:28 1.2.4.1
@@ -13,6 +13,7 @@
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
+import org.jboss.security.Logger;
import org.jboss.security.Util;
/** The client side logic to the SRP protocol. The class is intended to be used
@@ -36,11 +37,12 @@
This product uses the 'Secure Remote Password' cryptographic
authentication system developed by Tom Wu ([EMAIL PROTECTED]).
-@author [EMAIL PROTECTED]
-@version $Revision: 1.2 $
+@author [EMAIL PROTECTED]
+@version $Revision: 1.2.4.1 $
*/
public class SRPClientSession
{
+ private static Logger log = Logger.getInstance(SRPClientSession.class);
private BigInteger N;
private BigInteger g;
private BigInteger x;
@@ -76,48 +78,50 @@
this.s = s;
this.g = new BigInteger(1, gb);
this.N = new BigInteger(1, nb);
- if( PkgCategory.isTraceEnabled() )
- PkgCategory.trace("g: "+Util.tob64(gb));
+ if( log.isTraceEnabled() )
+ log.trace("g: "+Util.tob64(gb));
// Calculate x = H(s | H(U | ':' | password))
- byte[] xb = Util.calculatePasswordHash(username, password, s, N, g);
+ byte[] xb = Util.calculatePasswordHash(username, password, s);
+ if( log.isTraceEnabled() )
+ log.trace("x: "+Util.tob64(xb));
this.x = new BigInteger(1, xb);
- v = g.modPow(x, N); // g^x % N
- if( PkgCategory.isTraceEnabled() )
- PkgCategory.trace("v: "+Util.tob64(v.toByteArray()));
+ this.v = g.modPow(x, N); // g^x % N
+ if( log.isTraceEnabled() )
+ log.trace("v: "+Util.tob64(v.toByteArray()));
serverHash = Util.newDigest();
clientHash = Util.newDigest();
// H(N)
byte[] hn = Util.newDigest().digest(nb);
- if( PkgCategory.isTraceEnabled() )
- PkgCategory.trace("H(N): "+Util.tob64(hn));
+ if( log.isTraceEnabled() )
+ log.trace("H(N): "+Util.tob64(hn));
// H(g)
byte[] hg = Util.newDigest().digest(gb);
- if( PkgCategory.isTraceEnabled() )
- PkgCategory.trace("H(g): "+Util.tob64(hg));
+ if( log.isTraceEnabled() )
+ log.trace("H(g): "+Util.tob64(hg));
// clientHash = H(N) xor H(g)
byte[] hxg = Util.xor(hn, hg, 20);
- if( PkgCategory.isTraceEnabled() )
- PkgCategory.trace("H(N) xor H(g): "+Util.tob64(hxg));
+ if( log.isTraceEnabled() )
+ log.trace("H(N) xor H(g): "+Util.tob64(hxg));
clientHash.update(hxg);
- if( PkgCategory.isTraceEnabled() )
+ if( log.isTraceEnabled() )
{
MessageDigest tmp = Util.copy(clientHash);
- PkgCategory.trace("H[H(N) xor H(g)]: "+Util.tob64(tmp.digest()));
+ log.trace("H[H(N) xor H(g)]: "+Util.tob64(tmp.digest()));
}
// clientHash = H(N) xor H(g) | H(U)
clientHash.update(Util.newDigest().digest(username.getBytes()));
- if( PkgCategory.isTraceEnabled() )
+ if( log.isTraceEnabled() )
{
MessageDigest tmp = Util.copy(clientHash);
- PkgCategory.trace("H[H(N) xor H(g) | H(U)]: "+Util.tob64(tmp.digest()));
+ log.trace("H[H(N) xor H(g) | H(U)]: "+Util.tob64(tmp.digest()));
}
// clientHash = H(N) xor H(g) | H(U) | s
clientHash.update(s);
- if( PkgCategory.isTraceEnabled() )
+ if( log.isTraceEnabled() )
{
MessageDigest tmp = Util.copy(clientHash);
- PkgCategory.trace("H[H(N) xor H(g) | H(U) | s]:
"+Util.tob64(tmp.digest()));
+ log.trace("H[H(N) xor H(g) | H(U) | s]: "+Util.tob64(tmp.digest()));
}
key = null;
}
@@ -139,10 +143,10 @@
Abytes = Util.trim(A.toByteArray());
// clientHash = H(N) xor H(g) | H(U) | A
clientHash.update(Abytes);
- if( PkgCategory.isTraceEnabled() )
+ if( log.isTraceEnabled() )
{
MessageDigest tmp = Util.copy(clientHash);
- PkgCategory.trace("H[H(N) xor H(g) | H(U) | s | A]:
"+Util.tob64(tmp.digest()));
+ log.trace("H[H(N) xor H(g) | H(U) | s | A]:
"+Util.tob64(tmp.digest()));
}
// serverHash = A
serverHash.update(Abytes);
@@ -157,51 +161,51 @@
{
// clientHash = H(N) xor H(g) | H(U) | s | A | B
clientHash.update(Bbytes);
- if( PkgCategory.isTraceEnabled() )
+ if( log.isTraceEnabled() )
{
MessageDigest tmp = Util.copy(clientHash);
- PkgCategory.trace("H[H(N) xor H(g) | H(U) | s | A | B]:
"+Util.tob64(tmp.digest()));
+ log.trace("H[H(N) xor H(g) | H(U) | s | A | B]:
"+Util.tob64(tmp.digest()));
}
// Calculate u as the first 32 bits of H(B)
byte[] hB = Util.newDigest().digest(Bbytes);
byte[] ub = {hB[0], hB[1], hB[2], hB[3]};
// Calculate S = (B - g^x) ^ (a + u * x) % N
BigInteger B = new BigInteger(1, Bbytes);
- if( PkgCategory.isTraceEnabled() )
- PkgCategory.trace("B: "+Util.tob64(B.toByteArray()));
+ if( log.isTraceEnabled() )
+ log.trace("B: "+Util.tob64(B.toByteArray()));
if( B.compareTo(v) < 0 )
B = B.add(N);
- if( PkgCategory.isTraceEnabled() )
- PkgCategory.trace("B': "+Util.tob64(B.toByteArray()));
- if( PkgCategory.isTraceEnabled() )
- PkgCategory.trace("v: "+Util.tob64(v.toByteArray()));
+ if( log.isTraceEnabled() )
+ log.trace("B': "+Util.tob64(B.toByteArray()));
+ if( log.isTraceEnabled() )
+ log.trace("v: "+Util.tob64(v.toByteArray()));
BigInteger u = new BigInteger(1, ub);
- if( PkgCategory.isTraceEnabled() )
- PkgCategory.trace("u: "+Util.tob64(u.toByteArray()));
+ if( log.isTraceEnabled() )
+ log.trace("u: "+Util.tob64(u.toByteArray()));
BigInteger B_v = B.subtract(v);
- if( PkgCategory.isTraceEnabled() )
- PkgCategory.trace("B - v: "+Util.tob64(B_v.toByteArray()));
+ if( log.isTraceEnabled() )
+ log.trace("B - v: "+Util.tob64(B_v.toByteArray()));
BigInteger a_ux = a.add(u.multiply(x));
- if( PkgCategory.isTraceEnabled() )
- PkgCategory.trace("a + u * x: "+Util.tob64(a_ux.toByteArray()));
+ if( log.isTraceEnabled() )
+ log.trace("a + u * x: "+Util.tob64(a_ux.toByteArray()));
BigInteger S = B_v.modPow(a_ux, N);
- if( PkgCategory.isTraceEnabled() )
- PkgCategory.trace("S: "+Util.tob64(S.toByteArray()));
+ if( log.isTraceEnabled() )
+ log.trace("S: "+Util.tob64(S.toByteArray()));
// K = SHA_Interleave(S)
key = Util.sessionKeyHash(Util.trim(S.toByteArray()));
- if( PkgCategory.isTraceEnabled() )
- PkgCategory.trace("K: "+Util.tob64(key));
+ if( log.isTraceEnabled() )
+ log.trace("K: "+Util.tob64(key));
// clientHash = H(N) xor H(g) | H(U) | A | B | K
clientHash.update(key);
byte[] M1 = clientHash.digest();
- if( PkgCategory.isTraceEnabled() )
- PkgCategory.trace("H[H(N) xor H(g) | H(U) | s | A | B | K]:
"+Util.tob64(M1));
+ if( log.isTraceEnabled() )
+ log.trace("M1: H[H(N) xor H(g) | H(U) | s | A | B | K]:
"+Util.tob64(M1));
serverHash.update(M1);
serverHash.update(key);
- if( PkgCategory.isTraceEnabled() )
+ if( log.isTraceEnabled() )
{
- MessageDigest tmp = Util.copy(clientHash);
- PkgCategory.trace("H[A | M | K]: "+Util.tob64(tmp.digest()));
+ MessageDigest tmp = Util.copy(serverHash);
+ log.trace("H[A | M1 | K]: "+Util.tob64(tmp.digest()));
}
return M1;
}
@@ -214,10 +218,10 @@
// M2 = H(A | M1 | K)
byte[] myM2 = serverHash.digest();
boolean valid = Arrays.equals(M2, myM2);
- if( PkgCategory.isTraceEnabled() )
+ if( log.isTraceEnabled() )
{
- PkgCategory.trace("verify serverM2: "+Util.tob64(M2));
- PkgCategory.trace("verify M2: "+Util.tob64(myM2));
+ log.trace("verify serverM2: "+Util.tob64(M2));
+ log.trace("verify M2: "+Util.tob64(myM2));
}
return valid;
}
1.2.4.1 +2 -2 jbosssx/src/main/org/jboss/security/srp/SRPConf.java
Index: SRPConf.java
===================================================================
RCS file: /cvsroot/jboss/jbosssx/src/main/org/jboss/security/srp/SRPConf.java,v
retrieving revision 1.2
retrieving revision 1.2.4.1
diff -u -r1.2 -r1.2.4.1
--- SRPConf.java 2001/04/04 21:46:03 1.2
+++ SRPConf.java 2001/11/09 10:19:28 1.2.4.1
@@ -17,8 +17,8 @@
This product includes software developed by Tom Wu and Eugene
Jhong for the SRP Distribution (http://srp.stanford.edu/srp/).
-@author [EMAIL PROTECTED]
-@version $Revision: 1.2 $
+@author [EMAIL PROTECTED]
+@version $Revision: 1.2.4.1 $
*/
public class SRPConf
{
1.1.4.1 +1 -1 jbosssx/src/main/org/jboss/security/srp/SRPPermission.java
Index: SRPPermission.java
===================================================================
RCS file: /cvsroot/jboss/jbosssx/src/main/org/jboss/security/srp/SRPPermission.java,v
retrieving revision 1.1
retrieving revision 1.1.4.1
diff -u -r1.1 -r1.1.4.1
--- SRPPermission.java 2001/04/04 21:49:15 1.1
+++ SRPPermission.java 2001/11/09 10:19:28 1.1.4.1
@@ -26,7 +26,7 @@
</table>
-@author [EMAIL PROTECTED]
+@author [EMAIL PROTECTED]
@version $Revision:
*/
public class SRPPermission extends BasicPermission
1.1.4.1 +37 -9 jbosssx/src/main/org/jboss/security/srp/SRPRemoteServer.java
Index: SRPRemoteServer.java
===================================================================
RCS file:
/cvsroot/jboss/jbosssx/src/main/org/jboss/security/srp/SRPRemoteServer.java,v
retrieving revision 1.1
retrieving revision 1.1.4.1
diff -u -r1.1 -r1.1.4.1
--- SRPRemoteServer.java 2001/03/06 08:35:30 1.1
+++ SRPRemoteServer.java 2001/11/09 10:19:28 1.1.4.1
@@ -16,20 +16,38 @@
import java.util.HashMap;
import java.util.Map;
+import org.apache.log4j.Category;
+
+import org.jboss.logging.log4j.TracePriority;
+import org.jboss.security.Logger;
+import org.jboss.security.Util;
import org.jboss.security.srp.SRPServerInterface.SRPParameters;
import org.jboss.security.srp.SRPVerifierStore.VerifierInfo;
/** An implementation of the RMI SRPRemoteServerInterface interface.
-@author [EMAIL PROTECTED]
-@version $Revision: 1.1 $
+@author [EMAIL PROTECTED]
+@version $Revision: 1.1.4.1 $
*/
public class SRPRemoteServer extends UnicastRemoteObject implements
SRPRemoteServerInterface
{
+ private static Logger log = Logger.getInstance(SRPRemoteServer.class);
+
private Map sessionMap = Collections.synchronizedMap(new HashMap());
+
+ /**
+ * @supplierRole user password store
+ * @clientRole remote access
+ */
private SRPVerifierStore verifierStore;
private SRPServerListener listener;
+ /** @link aggregation
+ * @clientRole session container
+ * @supplierRole server side info
+ * @label created by getSRPParameters()*/
+ /*#SRPServerSession lnkSRPServerSession;*/
+
public interface SRPServerListener
{
public void verifiedUser(String username, SRPServerSession session);
@@ -55,8 +73,8 @@
*/
public void setVerifierStore(SRPVerifierStore verifierStore)
{
- this.verifierStore = verifierStore;
- System.out.println("setVerifierStore, "+verifierStore);
+ this.verifierStore = verifierStore;
+ log.info("setVerifierStore, "+verifierStore);
}
public void addSRPServerListener(SRPServerListener listener)
@@ -74,7 +92,7 @@
public SRPParameters getSRPParameters(String username)
throws KeyException, RemoteException
{
-System.out.println("getSRPParameters, "+username);
+ log.trace("getSRPParameters, "+username);
SRPParameters params = null;
try
{
@@ -85,7 +103,17 @@
params.s = info.salt;
params.g = info.g;
params.N = info.N;
- // Create an SRP session
+ if( log.isTraceEnabled() )
+ {
+ log.trace("N: "+Util.tob64(params.N));
+ log.trace("g: "+Util.tob64(params.g));
+ log.trace("s: "+Util.tob64(params.s));
+ byte[] hn = Util.newDigest().digest(params.N);
+ log.trace("H(N): "+Util.tob64(hn));
+ byte[] hg = Util.newDigest().digest(params.g);
+ log.trace("H(g): "+Util.tob64(hg));
+ }
+ // Create an SRP session
SRPServerSession session = new SRPServerSession(username, params.s,
info.verifier,
params.N, params.g);
sessionMap.put(username, session);
@@ -100,14 +128,14 @@
}
catch(Throwable t)
{
- t.printStackTrace();
+ log.error("Unexpected exception in getSRPParameters", t);
}
return params;
}
public byte[] init(String username, byte[] A) throws SecurityException,
RemoteException
{
-System.out.println("init, "+username);
+ log.trace("init, "+username);
SRPServerSession session = (SRPServerSession) sessionMap.get(username);
if( session == null )
throw new SecurityException("Failed to find active session for
username: "+username);
@@ -120,7 +148,7 @@
public byte[] verify(String username, byte[] M1) throws SecurityException,
RemoteException
{
-System.out.println("verify, "+username);
+ log.trace("verify, "+username);
SRPServerSession session = (SRPServerSession) sessionMap.get(username);
if( session == null )
throw new SecurityException("Failed to find active session for
username: "+username);
1.1.4.1 +2 -2
jbosssx/src/main/org/jboss/security/srp/SRPRemoteServerInterface.java
Index: SRPRemoteServerInterface.java
===================================================================
RCS file:
/cvsroot/jboss/jbosssx/src/main/org/jboss/security/srp/SRPRemoteServerInterface.java,v
retrieving revision 1.1
retrieving revision 1.1.4.1
diff -u -r1.1 -r1.1.4.1
--- SRPRemoteServerInterface.java 2001/03/06 08:35:30 1.1
+++ SRPRemoteServerInterface.java 2001/11/09 10:19:28 1.1.4.1
@@ -13,8 +13,8 @@
the SRPServerInterface interface and the java.rmi.Remote to create an
RMI legal interface.
-@author [EMAIL PROTECTED]
-@version $Revision: 1.1 $
+@author [EMAIL PROTECTED]
+@version $Revision: 1.1.4.1 $
*/
public interface SRPRemoteServerInterface extends Remote, SRPServerInterface
{
1.2.4.1 +2 -2 jbosssx/src/main/org/jboss/security/srp/SRPServerInterface.java
Index: SRPServerInterface.java
===================================================================
RCS file:
/cvsroot/jboss/jbosssx/src/main/org/jboss/security/srp/SRPServerInterface.java,v
retrieving revision 1.2
retrieving revision 1.2.4.1
diff -u -r1.2 -r1.2.4.1
--- SRPServerInterface.java 2001/04/04 21:46:03 1.2
+++ SRPServerInterface.java 2001/11/09 10:19:28 1.2.4.1
@@ -18,8 +18,8 @@
@see org.jboss.security.srp.SRPRemoteServerInterface
-@author [EMAIL PROTECTED]
-@version $Revision: 1.2 $
+@author [EMAIL PROTECTED]
+@version $Revision: 1.2.4.1 $
*/
public interface SRPServerInterface
{
1.1.4.1 +1 -1 jbosssx/src/main/org/jboss/security/srp/SRPServerProxy.java
Index: SRPServerProxy.java
===================================================================
RCS file:
/cvsroot/jboss/jbosssx/src/main/org/jboss/security/srp/SRPServerProxy.java,v
retrieving revision 1.1
retrieving revision 1.1.4.1
diff -u -r1.1 -r1.1.4.1
--- SRPServerProxy.java 2001/04/04 21:49:15 1.1
+++ SRPServerProxy.java 2001/11/09 10:19:28 1.1.4.1
@@ -19,8 +19,8 @@
the interface and not have the RMI stub for the server as it will be downloaded
to them when the SRPServerProxy is unserialized.
-@author [EMAIL PROTECTED]
-@version $Revision: 1.1 $
+@author [EMAIL PROTECTED]
+@version $Revision: 1.1.4.1 $
*/
public class SRPServerProxy implements InvocationHandler, Serializable
{
1.2.4.1 +49 -47 jbosssx/src/main/org/jboss/security/srp/SRPServerSession.java
Index: SRPServerSession.java
===================================================================
RCS file:
/cvsroot/jboss/jbosssx/src/main/org/jboss/security/srp/SRPServerSession.java,v
retrieving revision 1.2
retrieving revision 1.2.4.1
diff -u -r1.2 -r1.2.4.1
--- SRPServerSession.java 2001/04/04 21:46:03 1.2
+++ SRPServerSession.java 2001/11/09 10:19:28 1.2.4.1
@@ -12,6 +12,7 @@
import java.security.MessageDigest;
import java.util.Arrays;
+import org.jboss.security.Logger;
import org.jboss.security.Util;
/** The server side logic to the SRP protocol. The class is the server side
@@ -38,11 +39,14 @@
This product uses the 'Secure Remote Password' cryptographic
authentication system developed by Tom Wu ([EMAIL PROTECTED]).
-@author [EMAIL PROTECTED]
-@version $Revision: 1.2 $
+@author [EMAIL PROTECTED]
+@version $Revision: 1.2.4.1 $
*/
public class SRPServerSession
{
+ private static int B_LEN = 64; // 64 bits for 'b'
+ private static Logger log = Logger.getInstance(SRPServerSession.class);
+
private BigInteger N;
private BigInteger g;
private BigInteger v;
@@ -57,8 +61,6 @@
private MessageDigest serverHash;
private byte[] M2;
- private static int B_LEN = 64; // 64 bits for 'b'
-
/** Creates a new SRP server session object from the username, password
verifier,
@param username, the user ID
@@ -73,43 +75,43 @@
this.v = new BigInteger(1, vb);
this.g = new BigInteger(1, gb);
this.N = new BigInteger(1, nb);
- if( PkgCategory.isTraceEnabled() )
- PkgCategory.trace("g: "+Util.tob64(gb));
- if( PkgCategory.isTraceEnabled() )
- PkgCategory.trace("v: "+Util.tob64(vb));
+ if( log.isTraceEnabled() )
+ log.trace("g: "+Util.tob64(gb));
+ if( log.isTraceEnabled() )
+ log.trace("v: "+Util.tob64(vb));
serverHash = Util.newDigest();
clientHash = Util.newDigest();
// H(N)
byte[] hn = Util.newDigest().digest(nb);
- if( PkgCategory.isTraceEnabled() )
- PkgCategory.trace("H(N): "+Util.tob64(hn));
+ if( log.isTraceEnabled() )
+ log.trace("H(N): "+Util.tob64(hn));
// H(g)
byte[] hg = Util.newDigest().digest(gb);
- if( PkgCategory.isTraceEnabled() )
- PkgCategory.trace("H(g): "+Util.tob64(hg));
+ if( log.isTraceEnabled() )
+ log.trace("H(g): "+Util.tob64(hg));
// clientHash = H(N) xor H(g)
byte[] hxg = Util.xor(hn, hg, 20);
- if( PkgCategory.isTraceEnabled() )
- PkgCategory.trace("H(N) xor H(g): "+Util.tob64(hxg));
+ if( log.isTraceEnabled() )
+ log.trace("H(N) xor H(g): "+Util.tob64(hxg));
clientHash.update(hxg);
- if( PkgCategory.isTraceEnabled() )
+ if( log.isTraceEnabled() )
{
MessageDigest tmp = Util.copy(clientHash);
- PkgCategory.trace("H[H(N) xor H(g)]: "+Util.tob64(tmp.digest()));
+ log.trace("H[H(N) xor H(g)]: "+Util.tob64(tmp.digest()));
}
// clientHash = H(N) xor H(g) | H(U)
clientHash.update(Util.newDigest().digest(username.getBytes()));
- if( PkgCategory.isTraceEnabled() )
+ if( log.isTraceEnabled() )
{
MessageDigest tmp = Util.copy(clientHash);
- PkgCategory.trace("H[H(N) xor H(g) | H(U)]: "+Util.tob64(tmp.digest()));
+ log.trace("H[H(N) xor H(g) | H(U)]: "+Util.tob64(tmp.digest()));
}
// clientHash = H(N) xor H(g) | H(U) | s
clientHash.update(s);
- if( PkgCategory.isTraceEnabled() )
+ if( log.isTraceEnabled() )
{
MessageDigest tmp = Util.copy(clientHash);
- PkgCategory.trace("H[H(N) xor H(g) | H(U) | s]:
"+Util.tob64(tmp.digest()));
+ log.trace("H[H(N) xor H(g) | H(U) | s]: "+Util.tob64(tmp.digest()));
}
key = null;
}
@@ -155,22 +157,22 @@
*/
public void buildSessionKey(byte[] ab)
{
- if( PkgCategory.isTraceEnabled() )
- PkgCategory.trace("A: "+Util.tob64(ab));
+ if( log.isTraceEnabled() )
+ log.trace("A: "+Util.tob64(ab));
byte[] nb = Util.trim(B.toByteArray());
// clientHash = H(N) xor H(g) | H(U) | s | A
clientHash.update(ab);
- if( PkgCategory.isTraceEnabled() )
+ if( log.isTraceEnabled() )
{
MessageDigest tmp = Util.copy(clientHash);
- PkgCategory.trace("H[H(N) xor H(g) | H(U) | s | A]:
"+Util.tob64(tmp.digest()));
+ log.trace("H[H(N) xor H(g) | H(U) | s | A]: "+Util.tob64(tmp.digest()));
}
// clientHash = H(N) xor H(g) | H(U) | A | B
clientHash.update(nb);
- if( PkgCategory.isTraceEnabled() )
+ if( log.isTraceEnabled() )
{
MessageDigest tmp = Util.copy(clientHash);
- PkgCategory.trace("H[H(N) xor H(g) | H(U) | s | A | B]:
"+Util.tob64(tmp.digest()));
+ log.trace("H[H(N) xor H(g) | H(U) | s | A | B]:
"+Util.tob64(tmp.digest()));
}
// serverHash = A
serverHash.update(ab);
@@ -179,31 +181,31 @@
byte[] ub = {hB[0], hB[1], hB[2], hB[3]};
// Calculate S = (A * v^u) ^ b % N
BigInteger A = new BigInteger(1, ab);
- if( PkgCategory.isTraceEnabled() )
- PkgCategory.trace("A: "+Util.tob64(A.toByteArray()));
- if( PkgCategory.isTraceEnabled() )
- PkgCategory.trace("B: "+Util.tob64(B.toByteArray()));
- if( PkgCategory.isTraceEnabled() )
- PkgCategory.trace("v: "+Util.tob64(v.toByteArray()));
+ if( log.isTraceEnabled() )
+ log.trace("A: "+Util.tob64(A.toByteArray()));
+ if( log.isTraceEnabled() )
+ log.trace("B: "+Util.tob64(B.toByteArray()));
+ if( log.isTraceEnabled() )
+ log.trace("v: "+Util.tob64(v.toByteArray()));
BigInteger u = new BigInteger(1, ub);
- if( PkgCategory.isTraceEnabled() )
- PkgCategory.trace("u: "+Util.tob64(u.toByteArray()));
+ if( log.isTraceEnabled() )
+ log.trace("u: "+Util.tob64(u.toByteArray()));
BigInteger A_v2u = A.multiply(v.modPow(u, N)).mod(N);
- if( PkgCategory.isTraceEnabled() )
- PkgCategory.trace("A * v^u: "+Util.tob64(A_v2u.toByteArray()));
+ if( log.isTraceEnabled() )
+ log.trace("A * v^u: "+Util.tob64(A_v2u.toByteArray()));
BigInteger S = A_v2u.modPow(b, N);
- if( PkgCategory.isTraceEnabled() )
- PkgCategory.trace("S: "+Util.tob64(S.toByteArray()));
+ if( log.isTraceEnabled() )
+ log.trace("S: "+Util.tob64(S.toByteArray()));
// K = SHA_Interleave(S)
key = Util.sessionKeyHash(Util.trim(S.toByteArray()));
- if( PkgCategory.isTraceEnabled() )
- PkgCategory.trace("K: "+Util.tob64(key));
+ if( log.isTraceEnabled() )
+ log.trace("K: "+Util.tob64(key));
// clientHash = H(N) xor H(g) | H(U) | A | B | K
clientHash.update(key);
- if( PkgCategory.isTraceEnabled() )
+ if( log.isTraceEnabled() )
{
MessageDigest tmp = Util.copy(clientHash);
- PkgCategory.trace("H[H(N) xor H(g) | H(U) | s | A | B | K]:
"+Util.tob64(tmp.digest()));
+ log.trace("H[H(N) xor H(g) | H(U) | s | A | B | K]:
"+Util.tob64(tmp.digest()));
}
}
@@ -242,10 +244,10 @@
boolean valid = false;
// M1 = H(H(N) xor H(g) | H(U) | A | B | K)
M1 = clientHash.digest();
- if( PkgCategory.isTraceEnabled() )
+ if( log.isTraceEnabled() )
{
- PkgCategory.trace("verify M1: "+Util.tob64(M1));
- PkgCategory.trace("verify clientM1: "+Util.tob64(clientM1));
+ log.trace("verify M1: "+Util.tob64(M1));
+ log.trace("verify clientM1: "+Util.tob64(clientM1));
}
if( Arrays.equals(clientM1, M1) )
{
@@ -253,10 +255,10 @@
serverHash.update(M1);
// serverHash = A | M | K
serverHash.update(key);
- if( PkgCategory.isTraceEnabled() )
+ if( log.isTraceEnabled() )
{
MessageDigest tmp = Util.copy(serverHash);
- PkgCategory.trace("H(A | M | K)"+Util.tob64(tmp.digest()));
+ log.trace("H(A | M1 | K)"+Util.tob64(tmp.digest()));
}
valid = true;
}
1.1.4.1 +211 -114 jbosssx/src/main/org/jboss/security/srp/SRPService.java
Index: SRPService.java
===================================================================
RCS file: /cvsroot/jboss/jbosssx/src/main/org/jboss/security/srp/SRPService.java,v
retrieving revision 1.1
retrieving revision 1.1.4.1
diff -u -r1.1 -r1.1.4.1
--- SRPService.java 2001/04/04 21:49:15 1.1
+++ SRPService.java 2001/11/09 10:19:28 1.1.4.1
@@ -8,7 +8,10 @@
package org.jboss.security.srp;
import java.lang.reflect.Proxy;
+import java.rmi.server.RMIClientSocketFactory;
+import java.rmi.server.RMIServerSocketFactory;
import javax.naming.InitialContext;
+import javax.naming.Name;
import javax.naming.NamingException;
import org.jboss.naming.NonSerializableFactory;
@@ -22,136 +25,230 @@
import org.jboss.util.TimedCachePolicy;
/** The JMX mbean interface for the SRP service. This mbean sets up an
-RMI implementation of the 'Secure Remote Password' cryptographic authentication
-system described in RFC2945.
-
-@author [EMAIL PROTECTED]
-@version $Revision: 1.1 $
-*/
+ RMI implementation of the 'Secure Remote Password' cryptographic authentication
+ system described in RFC2945.
+
+ @author [EMAIL PROTECTED]
+ @version $Revision: 1.1.4.1 $
+ */
public class SRPService extends ServiceMBeanSupport implements SRPServiceMBean,
SRPServerListener
{
- private SRPRemoteServer server;
- private int serverPort = 10099;
- private SRPVerifierStore verifierStore;
- private String verifierSourceJndiName = "srp:DefaultVerifierSource";
- private String serverJndiName = "srp:SRPServerInterface";
- private String cacheJndiName = "srp:AuthenticationCache";
- private TimedCachePolicy cachePolicy;
+ /**
+ * @supplierRole RMI Access
+ * @supplierCardinality 1
+ * @clientCardinality 1
+ * @clientRole service mangement
+ */
+ private SRPRemoteServer server;
+ private int serverPort = 10099;
+
+ /**
+ * @supplierRole password store
+ * @supplierCardinality 1
+ * @clientRole configures
+ */
+ private SRPVerifierStore verifierStore;
+ private String verifierSourceJndiName = "srp/DefaultVerifierSource";
+ private String serverJndiName = "srp/SRPServerInterface";
+ private String cacheJndiName = "srp/AuthenticationCache";
+ private TimedCachePolicy cachePolicy;
+ private int cacheTimeout = 1800;
+ private int cacheResolution = 60;
+ /** An optional custom client socket factory */
+ private RMIClientSocketFactory clientSocketFactory;
+ /** An optional custom server socket factory */
+ private RMIServerSocketFactory serverSocketFactory;
+ /** The class name of the optional custom client socket factory */
+ private String clientSocketFactoryName;
+ /** The class name of the optional custom server socket factory */
+ private String serverSocketFactoryName;
// --- Begin SRPServiceMBean interface methods
/** Get the jndi name for the SRPVerifierSource implementation binding.
*/
- public String getVerifierSourceJndiName()
- {
- return verifierSourceJndiName;
- }
+ public String getVerifierSourceJndiName()
+ {
+ return verifierSourceJndiName;
+ }
/** set the jndi name for the SRPVerifierSource implementation binding.
*/
- public void setVerifierSourceJndiName(String jndiName)
- {
- this.verifierSourceJndiName = jndiName;
- }
+ public void setVerifierSourceJndiName(String jndiName)
+ {
+ this.verifierSourceJndiName = jndiName;
+ }
/** Get the jndi name under which the SRPServerInterface proxy should be bound
*/
- public String getJndiName()
- {
- return serverJndiName;
- }
+ public String getJndiName()
+ {
+ return serverJndiName;
+ }
/** Set the jndi name under which the SRPServerInterface proxy should be bound
*/
- public void setJndiName(String jndiName)
- {
- this.serverJndiName = jndiName;
- }
+ public void setJndiName(String jndiName)
+ {
+ this.serverJndiName = jndiName;
+ }
/** Get the jndi name under which the SRPServerInterface proxy should be bound
*/
- public String getAuthenticationCacheJndiName()
- {
- return cacheJndiName;
- }
+ public String getAuthenticationCacheJndiName()
+ {
+ return cacheJndiName;
+ }
/** Set the jndi name under which the SRPServerInterface proxy should be bound
*/
- public void setAuthenticationCacheJndiName(String jndiName)
- {
- this.cacheJndiName = jndiName;
- }
- /** Get the RMI port for the SRPServerInterface
- */
- public int getServerPort()
- {
- return serverPort;
- }
- /** Get the RMI port for the SRPServerInterface
- */
- public void setServerPort(int serverPort)
- {
- this.serverPort = serverPort;
- }
+ public void setAuthenticationCacheJndiName(String jndiName)
+ {
+ this.cacheJndiName = jndiName;
+ }
+
+ /** Get the auth cache timeout period in seconds
+ */
+ public int getAuthenticationCacheTimeout()
+ {
+ return cacheTimeout;
+ }
+ /** Set the auth cache timeout period in seconds
+ */
+ public void setAuthenticationCacheTimeout(int timeoutInSecs)
+ {
+ this.cacheTimeout = timeoutInSecs;
+ }
+ /** Get the auth cache resolution period in seconds
+ */
+ public int getAuthenticationCacheResolution()
+ {
+ return cacheResolution;
+ }
+ /** Set the auth cache resolution period in seconds
+ */
+ public void setAuthenticationCacheResolution(int resInSecs)
+ {
+ this.cacheResolution = resInSecs;
+ }
+
+ /** Get the RMIClientSocketFactory implementation class. If null the default
+ RMI client socket factory implementation is used.
+ */
+ public String getClientSocketFactory()
+ {
+ return serverSocketFactoryName;
+ }
+ /** Set the RMIClientSocketFactory implementation class. If null the default
+ RMI client socket factory implementation is used.
+ */
+ public void setClientSocketFactory(String factoryClassName)
+ throws ClassNotFoundException, InstantiationException, IllegalAccessException
+ {
+ this.clientSocketFactoryName = factoryClassName;
+ ClassLoader loader = Thread.currentThread().getContextClassLoader();
+ Class clazz = loader.loadClass(clientSocketFactoryName);
+ clientSocketFactory = (RMIClientSocketFactory) clazz.newInstance();
+ }
+
+ /** Get the RMIServerSocketFactory implementation class. If null the default
+ RMI server socket factory implementation is used.
+ */
+ public String getServerSocketFactory()
+ {
+ return serverSocketFactoryName;
+ }
+ /** Set the RMIServerSocketFactory implementation class. If null the default
+ RMI server socket factory implementation is used.
+ */
+ public void setServerSocketFactory(String factoryClassName)
+ throws ClassNotFoundException, InstantiationException, IllegalAccessException
+ {
+ this.serverSocketFactoryName = factoryClassName;
+ ClassLoader loader = Thread.currentThread().getContextClassLoader();
+ Class clazz = loader.loadClass(serverSocketFactoryName);
+ serverSocketFactory = (RMIServerSocketFactory) clazz.newInstance();
+ }
+ /** Get the RMI port for the SRPServerInterface
+ */
+ public int getServerPort()
+ {
+ return serverPort;
+ }
+ /** Get the RMI port for the SRPServerInterface
+ */
+ public void setServerPort(int serverPort)
+ {
+ this.serverPort = serverPort;
+ }
// --- End SRPServiceMBean interface methods
-
- /** Called when username has sucessfully completed the SRP login. This
- places the SRP session into the credential cache using a
- SimplePrincipal based on the username as the key.
- */
- public void verifiedUser(String username, SRPServerSession session)
- {
- try
- {
- SimplePrincipal principal = new SimplePrincipal(username);
- synchronized( cachePolicy )
- { /* We only insert a principal if there is no current entry.
- */
- if( cachePolicy.peek(principal) == null )
- cachePolicy.insert(principal, session);
+
+ /** Called when username has sucessfully completed the SRP login. This
+ places the SRP session into the credential cache using a
+ SimplePrincipal based on the username as the key.
+ */
+ public void verifiedUser(String username, SRPServerSession session)
+ {
+ try
+ {
+ SimplePrincipal principal = new SimplePrincipal(username);
+ synchronized( cachePolicy )
+ {
+ // We only insert a principal if there is no current entry.
+ if( cachePolicy.peek(principal) == null )
+ {
+ cachePolicy.insert(principal, session);
+ category.trace("Cached SRP session for username="+username);
+ }
+ else
+ {
+ category.debug("Ignoring SRP session due to existing session for
username="+username);
}
- }
- catch(Exception e)
- {
- e.printStackTrace();
- }
- }
-
- public String getName()
- {
- return "SRPService";
- }
-
- public void initService() throws Exception
- {
- }
-
- public void startService() throws Exception
- {
- loadStore();
- server = new SRPRemoteServer(verifierStore, serverPort);
- server.addSRPServerListener(this);
- // Bind a proxy into jndi
- SRPServerProxy proxyHandler = new SRPServerProxy(server);
- ClassLoader loader = Thread.currentThread().getContextClassLoader();
- Class[] interfaces = {SRPServerInterface.class};
- Object proxy = Proxy.newProxyInstance(loader, interfaces, proxyHandler);
- InitialContext ctx = new InitialContext();
- ctx.rebind(serverJndiName, proxy);
- System.out.println("Bound SRPServerProxy at "+serverJndiName);
-
- // The type of cache needs to be externalized...
- cachePolicy = new TimedCachePolicy(1800, false, 60);
- cachePolicy.init();
- cachePolicy.start();
- // Bind a reference to store using NonSerializableFactory as the
ObjectFactory
- NonSerializableFactory.rebind(ctx, cacheJndiName, cachePolicy);
- System.out.println("Bound AuthenticationCache at "+cacheJndiName);
- }
-
- private void loadStore() throws NamingException
- {
- InitialContext ctx = new InitialContext();
- // Get the SRPVerifierStore implementation
- verifierStore = (SRPVerifierStore) ctx.lookup(verifierSourceJndiName);
- if( server != null )
- {
- server.setVerifierStore(verifierStore);
- }
- }
-
+ }
+ }
+ catch(Exception e)
+ {
+ category.error("Failed to update SRP cache for username="+username, e);
+ }
+ }
+
+ public String getName()
+ {
+ return "SRPService";
+ }
+
+ public void initService() throws Exception
+ {
+ }
+
+ public void startService() throws Exception
+ {
+ loadStore();
+ server = new SRPRemoteServer(verifierStore, serverPort,
+ clientSocketFactory, serverSocketFactory);
+ server.addSRPServerListener(this);
+ // Bind a proxy to the SRPRemoteServer into jndi
+ SRPServerProxy proxyHandler = new SRPServerProxy(server);
+ ClassLoader loader = Thread.currentThread().getContextClassLoader();
+ Class[] interfaces = {SRPServerInterface.class};
+ Object proxy = Proxy.newProxyInstance(loader, interfaces, proxyHandler);
+ InitialContext ctx = new InitialContext();
+ ctx.rebind(serverJndiName, proxy);
+ category.info("Bound SRPServerProxy at "+serverJndiName);
+
+ // The type of cache needs to be externalized...
+ cachePolicy = new TimedCachePolicy(cacheTimeout, true, cacheResolution);
+ cachePolicy.init();
+ cachePolicy.start();
+ // Bind a reference to store using NonSerializableFactory as the ObjectFactory
+ Name name = ctx.getNameParser("").parse(cacheJndiName);
+ NonSerializableFactory.rebind(name, cachePolicy);
+ category.info("Bound AuthenticationCache at "+cacheJndiName);
+ }
+
+ private void loadStore() throws NamingException
+ {
+ InitialContext ctx = new InitialContext();
+ // Get the SRPVerifierStore implementation
+ verifierStore = (SRPVerifierStore) ctx.lookup(verifierSourceJndiName);
+ if( server != null )
+ {
+ server.setVerifierStore(verifierStore);
+ }
+ }
+
}
1.1.4.1 +56 -24 jbosssx/src/main/org/jboss/security/srp/SRPServiceMBean.java
Index: SRPServiceMBean.java
===================================================================
RCS file:
/cvsroot/jboss/jbosssx/src/main/org/jboss/security/srp/SRPServiceMBean.java,v
retrieving revision 1.1
retrieving revision 1.1.4.1
diff -u -r1.1 -r1.1.4.1
--- SRPServiceMBean.java 2001/04/04 21:49:15 1.1
+++ SRPServiceMBean.java 2001/11/09 10:19:28 1.1.4.1
@@ -10,43 +10,75 @@
import javax.naming.NamingException;
/** The JMX mbean interface for the SRP service. This mbean sets up an
-RMI implementation of the 'Secure Remote Password' cryptographic authentication
-system developed by Tom Wu ([EMAIL PROTECTED]). For more info on SRP
-see http://www-cs-students.stanford.edu/~tjw/srp/.
-
-@author [EMAIL PROTECTED]
-@version $Revision: 1.1 $
-*/
+ RMI implementation of the 'Secure Remote Password' cryptographic authentication
+ system developed by Tom Wu ([EMAIL PROTECTED]). For more info on SRP
+ see http://www-cs-students.stanford.edu/~tjw/srp/.
+
+ @author [EMAIL PROTECTED]
+ @version $Revision: 1.1.4.1 $
+ */
public interface SRPServiceMBean extends org.jboss.util.ServiceMBean
{
- // Constants -----------------------------------------------------
- public static final String OBJECT_NAME = ":service=SRPService";
-
+ // Constants -----------------------------------------------------
+ public static final String OBJECT_NAME = ":service=SRPService";
+
/** Get the jndi name for the SRPVerifierSource implementation binding.
*/
- public String getVerifierSourceJndiName();
+ public String getVerifierSourceJndiName();
/** set the jndi name for the SRPVerifierSource implementation binding.
*/
- public void setVerifierSourceJndiName(String jndiName);
-
+ public void setVerifierSourceJndiName(String jndiName);
+
/** Get the jndi name under which the SRPServerInterface proxy should be bound
*/
- public String getJndiName();
+ public String getJndiName();
/** Set the jndi name under which the SRPServerInterface proxy should be bound
*/
- public void setJndiName(String jndiName);
-
+ public void setJndiName(String jndiName);
+
/** Get the jndi name under which the SRPServerInterface proxy should be bound
*/
- public String getAuthenticationCacheJndiName();
+ public String getAuthenticationCacheJndiName();
/** Set the jndi name under which the SRPServerInterface proxy should be bound
+ */
+ public void setAuthenticationCacheJndiName(String jndiName);
+
+ /** Get the auth cache timeout period in seconds
*/
- public void setAuthenticationCacheJndiName(String jndiName);
+ public int getAuthenticationCacheTimeout();
+ /** Set the auth cache timeout period in seconds
+ */
+ public void setAuthenticationCacheTimeout(int timeoutInSecs);
+ /** Get the auth cache resolution period in seconds
+ */
+ public int getAuthenticationCacheResolution();
+ /** Set the auth cache resolution period in seconds
+ */
+ public void setAuthenticationCacheResolution(int resInSecs);
- /** Get the RMI port for the SRPRemoteServerInterface
- */
- public int getServerPort();
- /** Set the RMI port for the SRPRemoteServerInterface
- */
- public void setServerPort(int port);
+ /** Get the RMIClientSocketFactory implementation class. If null the default
+ RMI client socket factory implementation is used.
+ */
+ public String getClientSocketFactory();
+ /** Set the RMIClientSocketFactory implementation class. If null the default
+ RMI client socket factory implementation is used.
+ */
+ public void setClientSocketFactory(String factoryClassName)
+ throws ClassNotFoundException, InstantiationException, IllegalAccessException;
+ /** Get the RMIServerSocketFactory implementation class. If null the default
+ RMI server socket factory implementation is used.
+ */
+ public String getServerSocketFactory();
+ /** Set the RMIServerSocketFactory implementation class. If null the default
+ RMI server socket factory implementation is used.
+ */
+ public void setServerSocketFactory(String factoryClassName)
+ throws ClassNotFoundException, InstantiationException, IllegalAccessException;
+
+ /** Get the RMI port for the SRPRemoteServerInterface
+ */
+ public int getServerPort();
+ /** Set the RMI port for the SRPRemoteServerInterface
+ */
+ public void setServerPort(int port);
}
1.1.4.1 +1 -1 jbosssx/src/main/org/jboss/security/srp/SRPVerifierStore.java
Index: SRPVerifierStore.java
===================================================================
RCS file:
/cvsroot/jboss/jbosssx/src/main/org/jboss/security/srp/SRPVerifierStore.java,v
retrieving revision 1.1
retrieving revision 1.1.4.1
diff -u -r1.1 -r1.1.4.1
--- SRPVerifierStore.java 2001/03/06 08:35:31 1.1
+++ SRPVerifierStore.java 2001/11/09 10:19:28 1.1.4.1
@@ -15,7 +15,7 @@
needed by the server to be plugged in from various sources. E.g., LDAP
servers, databases, files, etc.
-@author [EMAIL PROTECTED]
+@author [EMAIL PROTECTED]
*/
public interface SRPVerifierStore
{
1.1.4.1 +12 -10
jbosssx/src/main/org/jboss/security/srp/SRPVerifierStoreService.java
Index: SRPVerifierStoreService.java
===================================================================
RCS file:
/cvsroot/jboss/jbosssx/src/main/org/jboss/security/srp/SRPVerifierStoreService.java,v
retrieving revision 1.1
retrieving revision 1.1.4.1
diff -u -r1.1 -r1.1.4.1
--- SRPVerifierStoreService.java 2001/04/04 21:49:15 1.1
+++ SRPVerifierStoreService.java 2001/11/09 10:19:28 1.1.4.1
@@ -4,7 +4,6 @@
* Distributable under LGPL license.
* See terms of license at gnu.org.
*/
-
package org.jboss.security.srp;
import java.io.File;
@@ -14,6 +13,7 @@
import javax.management.MBeanServer;
import javax.management.ObjectName;
import javax.naming.InitialContext;
+import javax.naming.Name;
import org.jboss.naming.NonSerializableFactory;
import org.jboss.security.srp.SerialObjectStore;
@@ -28,14 +28,15 @@
@see org.jboss.security.srp.SerialObjectStore
-@author [EMAIL PROTECTED]
-@version $Revision: 1.1 $
+@author [EMAIL PROTECTED]
+@version $Revision: 1.1.4.1 $
*/
-public class SRPVerifierStoreService extends ServiceMBeanSupport implements
SRPVerifierStoreServiceMBean
+public class SRPVerifierStoreService extends ServiceMBeanSupport
+ implements SRPVerifierStoreServiceMBean
{
private SerialObjectStore store;
private String fileName = "SRPVerifierStore.ser";
- private String jndiName = "srp:DefaultVerifierSource";
+ private String jndiName = "srp/DefaultVerifierSource";
// --- Begin SRPVerifierStoreServiceMBean interface methods
/** Get the jndi name for the SRPVerifierSource implementation binding.
@@ -66,18 +67,18 @@
{
store.addUser(username, password);
save();
- System.out.println("Added username: "+username);
+ category.debug("Added username: "+username);
}
catch(Exception e)
{
- e.printStackTrace();
+ category.warn("Failed to addUser, username="+username, e);
}
}
public void delUser(String username) throws IOException
{
store.delUser(username);
- System.out.println("Deleted username: "+username);
+ category.debug("Added username: "+username);
save();
}
// --- End SRPVerifierStoreServiceMBean interface methods
@@ -95,10 +96,11 @@
{
File storeFile = new File(fileName);
store = new SerialObjectStore(storeFile);
- System.out.println("Created SerialObjectStore at:
"+storeFile.getAbsolutePath());
- InitialContext ctx = new InitialContext();
+ category.info("Created SerialObjectStore at: "+storeFile.getAbsolutePath());
// Bind a reference to store using NonSerializableFactory as the
ObjectFactory
- NonSerializableFactory.rebind(ctx, jndiName, store);
+ InitialContext ctx = new InitialContext();
+ Name name = ctx.getNameParser("").parse(jndiName);
+ NonSerializableFactory.rebind(name, store);
}
private void save() throws IOException
1.1.4.1 +1 -2
jbosssx/src/main/org/jboss/security/srp/SRPVerifierStoreServiceMBean.java
Index: SRPVerifierStoreServiceMBean.java
===================================================================
RCS file:
/cvsroot/jboss/jbosssx/src/main/org/jboss/security/srp/SRPVerifierStoreServiceMBean.java,v
retrieving revision 1.1
retrieving revision 1.1.4.1
diff -u -r1.1 -r1.1.4.1
--- SRPVerifierStoreServiceMBean.java 2001/04/04 21:49:15 1.1
+++ SRPVerifierStoreServiceMBean.java 2001/11/09 10:19:28 1.1.4.1
@@ -4,15 +4,14 @@
* Distributable under LGPL license.
* See terms of license at gnu.org.
*/
-
package org.jboss.security.srp;
import java.io.IOException;
/** The JMX mbean interface for the SRP password verifier store.
-@author [EMAIL PROTECTED]
-@version $Revision: 1.1 $
+@author [EMAIL PROTECTED]
+@version $Revision: 1.1.4.1 $
*/
public interface SRPVerifierStoreServiceMBean extends org.jboss.util.ServiceMBean
{
1.1.4.1 +43 -6 jbosssx/src/main/org/jboss/security/srp/SerialObjectStore.java
Index: SerialObjectStore.java
===================================================================
RCS file:
/cvsroot/jboss/jbosssx/src/main/org/jboss/security/srp/SerialObjectStore.java,v
retrieving revision 1.1
retrieving revision 1.1.4.1
diff -u -r1.1 -r1.1.4.1
--- SerialObjectStore.java 2001/03/06 08:35:31 1.1
+++ SerialObjectStore.java 2001/11/09 10:19:28 1.1.4.1
@@ -22,6 +22,7 @@
import java.util.HashMap;
import java.util.Map;
+import org.jboss.security.Logger;
import org.jboss.security.Util;
import org.jboss.security.srp.SRPConf;
import org.jboss.security.srp.SRPVerifierStore;
@@ -31,15 +32,19 @@
file store made up of VerifierInfo serialized objects. Users and
be added or removed using the addUser and delUser methods. User passwords
are never stored in plaintext either in memory or in the serialized file.
+Note that usernames and passwords are logged when a user is added
+via the addUser operation. This is a development class and its use in
+a production environment is not advised.
@see #addUser(String, String)
@see #delUser(String)
-@author [EMAIL PROTECTED]
-@version $Revision: 1.1 $
+@author [EMAIL PROTECTED]
+@version $Revision: 1.1.4.1 $
*/
public class SerialObjectStore implements SRPVerifierStore
{
+ private static Logger log = Logger.getInstance(SerialObjectStore.class);
private Map infoMap;
private BigInteger g;
private BigInteger N;
@@ -88,6 +93,12 @@
}
N = SRPConf.getDefaultParams().N();
g = SRPConf.getDefaultParams().g();
+ log.trace("N: "+Util.tob64(N.toByteArray()));
+ log.trace("g: "+Util.tob64(g.toByteArray()));
+ byte[] hn = Util.newDigest().digest(N.toByteArray());
+ log.trace("H(N): "+Util.tob64(hn));
+ byte[] hg = Util.newDigest().digest(g.toByteArray());
+ log.trace("H(g): "+Util.tob64(hg));
}
// --- Begin SRPVerifierStore interface methods
@@ -123,15 +134,41 @@
public void addUser(String username, String password)
{
+ log.trace("addUser, username='"+username+"', password='"+password+"'");
VerifierInfo info = new VerifierInfo();
info.username = username;
+ /*
long r = Util.nextLong();
String rs = Long.toHexString(r);
+ */
+ String rs = "123456";
info.salt = rs.getBytes();
- info.verifier = Util.calculateVerifier(username, password,
- info.salt, N, g);
- info.g = g.toByteArray();
- info.N = N.toByteArray();
+ try
+ {
+ info.verifier = Util.calculateVerifier(username, password,
+ info.salt, N, g);
+ info.g = g.toByteArray();
+ info.N = N.toByteArray();
+ if( log.isTraceEnabled() )
+ {
+ log.trace("N: "+Util.tob64(info.N));
+ log.trace("g: "+Util.tob64(info.g));
+ log.trace("s: "+Util.tob64(info.salt));
+ byte[] xb = Util.calculatePasswordHash(username, password,
info.salt);
+ log.trace("x: "+Util.tob64(xb));
+ log.trace("v: "+Util.tob64(info.verifier));
+ byte[] hn = Util.newDigest().digest(info.N);
+ log.trace("H(N): "+Util.tob64(hn));
+ byte[] hg = Util.newDigest().digest(info.g);
+ log.trace("H(g): "+Util.tob64(hg));
+ }
+ }
+ catch(Throwable t)
+ {
+ log.error("Failed to calculate verifier", t);
+ return;
+ }
+
setUserVerifier(username, info);
}
public void delUser(String username)
_______________________________________________
Jboss-development mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-development
