public class Hash
extends Object
Modifier and Type | Field and Description |
---|---|
static String |
VERSION
Version number of this Package (read-only).
|
Modifier and Type | Method and Description |
---|---|
static byte[] |
HMACMD5(byte[] key,
byte[] challenge)
Generates an HMAC-MD5 hash.
|
static byte[] |
HMACMD5(String key,
String challenge)
Generates an HMAC-MD5 hash.
|
static String |
HMACMD5h(byte[] key,
byte[] challenge)
Generates an HMAC-MD5 hash.
|
static String |
HMACMD5h(String key,
String challenge)
Generates an HMAC-MD5 hash.
|
static byte[] |
MD5(byte... secret)
Generates an MD5 hash.
|
static byte[] |
MD5(String secret)
Generates an MD5 hash.
|
static String |
MD5h(byte... secret)
Generates an MD5 hash.
|
static String |
MD5h(String secret)
Generates an MD5 hash.
|
static String |
SASLDigestResponse(String nonce,
String nc,
String cnonce,
String qop,
String realm,
String username,
String password,
boolean rspauth,
String digesturi,
String authzid)
Calculates and generates the string value for one of two of the following
SASL keywords:
|
public static final String VERSION
public static byte[] HMACMD5(byte[] key, byte[] challenge)
key
- Data that is to be kept secret, such as a passwordchallenge
- Data known by all parties that the message is scrambled withMissingResourceException
- This exception doesn't normally
need to be caught because it will only be thrown if the MD5 algorithm isn't
available (it's always available, so this exception should never be thrown)public static byte[] HMACMD5(String key, String challenge)
key
- Data that is to be kept secret, such as a passwordchallenge
- Data known by all parties that the message is scrambled withMissingResourceException
- This exception doesn't normally
need to be caught because it will only be thrown if the MD5 algorithm isn't
available (it's always available, so this exception should never be thrown)public static String HMACMD5h(byte[] key, byte[] challenge)
key
- Data that is to be kept secret, such as a passwordchallenge
- Data known by all parties that the message is scrambled withMissingResourceException
- This exception doesn't normally
need to be caught because it will only be thrown if the MD5 algorithm isn't
available (it's always available, so this exception should never be thrown)public static String HMACMD5h(String key, String challenge)
key
- Data that is to be kept secret, such as a passwordchallenge
- Data known by all parties that the message is scrambled withMissingResourceException
- This exception doesn't normally
need to be caught because it will only be thrown if the MD5 algorithm isn't
available (it's always available, so this exception should never be thrown)public static byte[] MD5(byte... secret)
secret
- Data to generate an MD5 hash forMissingResourceException
- This exception doesn't normally
need to be caught because it will only be thrown if the MD5 algorithm isn't
available (it's always available, so this exception should never be thrown)public static byte[] MD5(String secret)
secret
- Data to generate an MD5 hash forMissingResourceException
- This exception doesn't normally
need to be caught because it will only be thrown if the MD5 algorithm isn't
available (it's always available, so this exception should never be thrown)public static String MD5h(byte... secret)
secret
- Data to generate an MD5 hash forMissingResourceException
- This exception doesn't normally
need to be caught because it will only be thrown if the MD5 algorithm isn't
available (it's always available, so this exception should never be thrown)public static String MD5h(String secret)
secret
- Data to generate an MD5 hash forMissingResourceException
- This exception doesn't normally
need to be caught because it will only be thrown if the MD5 algorithm isn't
available (it's always available, so this exception should never be thrown)public static String SASLDigestResponse(String nonce, String nc, String cnonce, String qop, String realm, String username, String password, boolean rspauth, String digesturi, String authzid)
See the "rspauth" boolean parameter for more details concerning which of the above values is to be calculated (server uses TRUE before sending the initial challenge to the client, then uses FALSE to validate the "response" from the client).
The entire theme seems to include a variety of consistent characters and strings (which just create additional overhead, most of which appears to be nothing more than "security by obscurity") combined with user-supplied and server-supplied data (which is not supposed to be consistent, and is desirable for data protection algorithms).
One interesting aspect of this algorithm is that some of the data being hashed using the MD5 algorithm is a combination of both hexadecimal and raw 8-bit binary MD5 hashes based on mixtures of consistent and user-supplied data. In short, some MD5 hash values are included in the data supplied to the final MD5 hash calculation.
nonce
- Unique server-specified stringnc
- Nonce count (normally "00000001")cnonce
- Unique client-specified stringqop
- Quality Of Protection specifier string; if null or blank, defaults
to "auth"realm
- The user's realm (usually an IDN {Internet Domain Name})username
- The user's login name (often an eMail address, in which case
it is usually either localpart or addr-spec)password
- The user's passwordrspauth
- TRUE = prefix the "digest-uri" value with ":" in accordance
with RFC2831, section 2.3.1, to generate the value associated with the
"rspauth" keyword; FALSE = prefix the "digest-uri" value with
"AUTHENTICATE:" in accordance with RFC2831, section 2.1.2.1, to generate
the value associated with the "response" keyword (if this matches what the
client provided, then it's extremely like that the client is providing the
correct password)digesturi
- The principal name of the service this authentication is for
(provided in the "digest-uri" keyword during a typical SASL negotiation)authzid
- The authorization ID (may be null)StringParser.refineSASLExchange(java.lang.String)