Package com.impossibl.postgres.protocol.sasl.scram.client

Class ScramSession

  • public class ScramSession
extends Object
    A class that represents a SCRAM client. Use this class to perform a SCRAM negotiation with a SCRAM server. This class performs an authentication execution for a given user, and has state related to it. Thus, it cannot be shared across users or authentication executions.

    • Method Detail

      • getScramMechanismName

        public String getScramMechanismName()
        Name of the session's selected SCRAM mechanism.

      • clientFirstMessage

        public byte[] clientFirstMessage​(String authzid)
        Returns the text representation of a SCRAM client-first-message
        Parameters:
        authzid - Optional authzid (may be null)
        Returns:
        The message

      • getChannelBindMethod

        public String getChannelBindMethod()
        Selected method the client should use to generate channel-bind data
        Returns:
        Name of channel-bind method

      • receiveServerFirstMessage

        public byte[] receiveServerFirstMessage​(String serverFirstMessage,
                                        byte[] channelBindData,
                                        String password)
                                 throws ScramException
        Generates a client-final-message from the received server-first-message, channel-bind data (if any), and the user's password. A matching ScramSession.ClientFinalProcessor is stored internally for a later call to receiveServerFinalMessage(String) to complete the authentication.
        Parameters:
        serverFirstMessage - The message
        channelBindData - Optional channel-bind data (my be null)
        password - The user's password
        Returns:
        The generated client-final-message.
        Throws:
        ScramParseException - If the message is not a valid server-first-message
        ScramException

      • receiveServerFirstMessage

        public byte[] receiveServerFirstMessage​(String serverFirstMessage,
                                        byte[] channelBindData,
                                        byte[] clientKey,
                                        byte[] storedKey)
                                 throws ScramException
        Generates a client-final-message from the received server-first-message, channel-bind data (if any), and the clientKey and storedKey which, if available, provide an optimized path versus providing the original user's passwordthe user's password. A matching ScramSession.ClientFinalProcessor is stored internally for a later call to receiveServerFinalMessage(String) to complete the authentication.
        Parameters:
        serverFirstMessage - The message
        channelBindData - Optional channel-bind data (my be null)
        clientKey - The client key, as per the SCRAM algorithm. It can be generated with: ScramFunctions.clientKey(ScramMechanism, StringPreparation, String, byte[], int)
        storedKey - The stored key, as per the SCRAM algorithm. It can be generated from the client key with: ScramFunctions.storedKey(ScramMechanism, byte[])
        Returns:
        The generated client-final-message.
        Throws:
        ScramParseException - If the message is not a valid server-first-message
        ScramException