java.lang.Object
org.apache.activemq.artemis.spi.core.security.scram.ScramUtils

public class ScramUtils extends Object
Provides static methods for working with SCRAM/SASL
  • Method Details

    • generateSaltedPassword

      public static byte[] generateSaltedPassword(String password, byte[] salt, int iterationsCount, Mac mac) throws ScramException
      Generates salted password.
      Parameters:
      password - Clear form password, i.e. what user typed
      salt - Salt to be used
      iterationsCount - Iterations for 'salting'
      mac - HMAC to be used
      Returns:
      salted password
      Throws:
      ScramException
    • createHmac

      public static Mac createHmac(byte[] keyBytes, String hmacName) throws NoSuchAlgorithmException, InvalidKeyException
      Creates HMAC
      Parameters:
      keyBytes - key
      hmacName - HMAC name
      Returns:
      Mac
      Throws:
      InvalidKeyException - if internal error occur while working with SecretKeySpec
      NoSuchAlgorithmException - if hmacName is not supported by the java
    • computeHmac

      public static byte[] computeHmac(byte[] key, String hmacName, String string) throws InvalidKeyException, NoSuchAlgorithmException
      Computes HMAC byte array for given string
      Parameters:
      key - key
      hmacName - HMAC name
      string - string for which HMAC will be computed
      Returns:
      computed HMAC
      Throws:
      InvalidKeyException - if internal error occur while working with SecretKeySpec
      NoSuchAlgorithmException - if hmacName is not supported by the java
    • computeHmac

      public static byte[] computeHmac(byte[] key, Mac hmac, String string) throws ScramException
      Throws:
      ScramException
    • isNullOrEmpty

      public static boolean isNullOrEmpty(String string)
      Checks if string is null or empty
      Parameters:
      string - String to be tested
      Returns:
      true if the string is null or empty, false otherwise
    • newPassword

      public static ScramUtils.NewPasswordByteArrayData newPassword(String passwordClearText, byte[] salt, int iterations, MessageDigest messageDigest, Mac mac) throws ScramException
      Computes the data associated with new password like salted password, keys, etc

      This method is supposed to be used by a server when user provides new clear form password. We don't want to save it that way so we generate salted password and store it along with other data required by the SCRAM mechanism

      Parameters:
      passwordClearText - Clear form password, i.e. as provided by the user
      salt - Salt to be used
      iterations - Iterations for 'salting'
      mac - HMAC name to be used
      messageDigest - Digest name to be used
      Returns:
      new password data while working with SecretKeySpec
      Throws:
      ScramException
    • byteArrayToStringData

      Transforms NewPasswordByteArrayData into NewPasswordStringData into database friendly (string) representation Uses Base64 to encode the byte arrays into strings
      Parameters:
      ba - Byte array data
      Returns:
      String data