com.waveset.adapter
Class RASecureChallenge

java.lang.Object
  extended bycom.waveset.adapter.RASecureChallenge

public class RASecureChallenge
extends java.lang.Object


Field Summary
static java.lang.String code_id
           
 
Constructor Summary
RASecureChallenge()
           
 
Method Summary
 void checkResponseResponse(byte[] response)
          Part 2 in the server (non-initiator) side of the exchange.
 byte[] getChallengeData()
          Return a 16 byte array of the random numbers used in the authentication challenge and response.
 int getProtocolVersion()
           
 void init()
          Initialize for either end.
 byte[] makeChallenge(byte[] resourceName)
          Build a 16 byte structure to send as a challenge to the remote side.
 byte[] makeChallengeResponse(byte[] challenge)
          A challenge has a length, tag, and random numbers.
 byte[] makeResponseResponse(byte[] response)
          Part 2 in the mutual authentication.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

code_id

public static final java.lang.String code_id
See Also:
Constant Field Values
Constructor Detail

RASecureChallenge

public RASecureChallenge()
Method Detail

init

public void init()
Initialize for either end. Separate from the constructor so that we can reuse this object if required for speed (secure random number generation is expensive).


makeChallenge

public byte[] makeChallenge(byte[] resourceName)
                     throws java.io.IOException
Build a 16 byte structure to send as a challenge to the remote side. Do this in the Java way with an output stream to a byte array. Only the first random number is used by the remote side, the second is there to make the encrypted block not match the return challenge. A challenge looks like: length(16), 2 bytes protocol identifier 6 bytes two 32 bit random numbers 8 bytes ----- optional resource name ----- resource type 4 bytes resource name length 2 bytes resource name n bytes (>0)

Throws:
java.io.IOException

makeResponseResponse

public byte[] makeResponseResponse(byte[] response)
                            throws java.lang.SecurityException,
                                   java.io.IOException
Part 2 in the mutual authentication. A response to our challenge has been received and decrypted. Check the response and generate our own response to the embedded challenge. A challenge response has a length, tag, the challenge's random number shuffled and a new challenge random number stuffed in. Validate that the challenge Response random number matches the challenge number. Generate a response to the new challenge by shuffling the inbound challenge. Generate a new random number to keep things mixed up (like the initial challenge random, this will be chucked by the remote side).

Throws:
java.lang.SecurityException
java.io.IOException

checkResponseResponse

public void checkResponseResponse(byte[] response)
                           throws java.lang.SecurityException,
                                  java.io.IOException
Part 2 in the server (non-initiator) side of the exchange. A response response has a length, tag, a disposeable random number, and the response's random number shuffled. Validate that the challenge Response response random number matches the response number.

Throws:
java.lang.SecurityException
java.io.IOException

makeChallengeResponse

public byte[] makeChallengeResponse(byte[] challenge)
                             throws java.lang.SecurityException,
                                    java.io.IOException
A challenge has a length, tag, and random numbers. Validate the length (>= 16), the tag (starts with WSRA), and extract the random numbers. Shuffle the bytes of the first random number, stuff in our own challenge random number bytes, stuff in our own signature, and return the byte array.

Throws:
java.lang.SecurityException
java.io.IOException

getChallengeData

public byte[] getChallengeData()
Return a 16 byte array of the random numbers used in the authentication challenge and response. If the data looks like: challenge = (A,B) remote response = (Shuffle(B), C) response response = (D, Shuffle(C)) The returned data looks like (A,B,C,D)


getProtocolVersion

public int getProtocolVersion()