Package org.apache.activemq.artemis.spi.core.security.scram

Class ScramUtils

  • public class ScramUtils
extends java.lang.Object
    Provides static methods for working with SCRAM/SASL

    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      static ScramUtils.NewPasswordStringData byteArrayToStringData​(ScramUtils.NewPasswordByteArrayData ba)
      Transforms NewPasswordByteArrayData into NewPasswordStringData into database friendly (string) representation Uses Base64 to encode the byte arrays into strings
      static byte[] computeHmac​(byte[] key, java.lang.String hmacName, java.lang.String string)
      Computes HMAC byte array for given string
      static byte[] computeHmac​(byte[] key, javax.crypto.Mac hmac, java.lang.String string)  
      static javax.crypto.Mac createHmac​(byte[] keyBytes, java.lang.String hmacName)
      Creates HMAC
      static byte[] generateSaltedPassword​(java.lang.String password, byte[] salt, int iterationsCount, javax.crypto.Mac mac)
      Generates salted password.
      static boolean isNullOrEmpty​(java.lang.String string)
      Checks if string is null or empty
      static ScramUtils.NewPasswordByteArrayData newPassword​(java.lang.String passwordClearText, byte[] salt, int iterations, java.security.MessageDigest messageDigest, javax.crypto.Mac mac)
      Computes the data associated with new password like salted password, keys, etc

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Method Detail

      • generateSaltedPassword

        public static byte[] generateSaltedPassword​(java.lang.String password,
                                            byte[] salt,
                                            int iterationsCount,
                                            javax.crypto.Mac mac)
                                     throws ScramException
        Generates salted password.
        Parameters:
        password - Clear form password, i.e. what user typed
        salt - Salt to be used
        iterationsCount - Iterations for 'salting'
        mac - HMAC to be used
        Returns:
        salted password
        Throws:
        ScramException

      • createHmac

        public static javax.crypto.Mac createHmac​(byte[] keyBytes,
                                          java.lang.String hmacName)
                                   throws java.security.NoSuchAlgorithmException,
                                          java.security.InvalidKeyException
        Creates HMAC
        Parameters:
        keyBytes - key
        hmacName - HMAC name
        Returns:
        Mac
        Throws:
        java.security.InvalidKeyException - if internal error occur while working with SecretKeySpec
        java.security.NoSuchAlgorithmException - if hmacName is not supported by the java

      • computeHmac

        public static byte[] computeHmac​(byte[] key,
                                 java.lang.String hmacName,
                                 java.lang.String string)
                          throws java.security.InvalidKeyException,
                                 java.security.NoSuchAlgorithmException
        Computes HMAC byte array for given string
        Parameters:
        key - key
        hmacName - HMAC name
        string - string for which HMAC will be computed
        Returns:
        computed HMAC
        Throws:
        java.security.InvalidKeyException - if internal error occur while working with SecretKeySpec
        java.security.NoSuchAlgorithmException - if hmacName is not supported by the java

      • computeHmac

        public static byte[] computeHmac​(byte[] key,
                                 javax.crypto.Mac hmac,
                                 java.lang.String string)
                          throws ScramException
        Throws:
        ScramException

      • isNullOrEmpty

        public static boolean isNullOrEmpty​(java.lang.String string)
        Checks if string is null or empty
        Parameters:
        string - String to be tested
        Returns:
        true if the string is null or empty, false otherwise

      • newPassword

        public static ScramUtils.NewPasswordByteArrayData newPassword​(java.lang.String passwordClearText,
                                                              byte[] salt,
                                                              int iterations,
                                                              java.security.MessageDigest messageDigest,
                                                              javax.crypto.Mac mac)
                                                       throws ScramException
        Computes the data associated with new password like salted password, keys, etc

        This method is supposed to be used by a server when user provides new clear form password. We don't want to save it that way so we generate salted password and store it along with other data required by the SCRAM mechanism

        Parameters:
        passwordClearText - Clear form password, i.e. as provided by the user
        salt - Salt to be used
        iterations - Iterations for 'salting'
        mac - HMAC name to be used
        messageDigest - Digest name to be used
        Returns:
        new password data while working with SecretKeySpec
        Throws:
        ScramException

      • byteArrayToStringData

        public static ScramUtils.NewPasswordStringData byteArrayToStringData​(ScramUtils.NewPasswordByteArrayData ba)
        Transforms NewPasswordByteArrayData into NewPasswordStringData into database friendly (string) representation Uses Base64 to encode the byte arrays into strings
        Parameters:
        ba - Byte array data
        Returns:
        String data