Package org.mariadb.jdbc.plugin.authentication.standard

Class NativePasswordPlugin

java.lang.Object

org.mariadb.jdbc.plugin.authentication.standard.NativePasswordPlugin

All Implemented Interfaces:

AuthenticationPlugin

public class NativePasswordPlugin
extends Object
implements AuthenticationPlugin

Native password implementation

Constructor Summary

Constructors

Constructor	Description
NativePasswordPlugin(String authenticationData, byte[] seed)	Initialized data.

Method Summary

Modifier and Type	Method	Description
static byte[]	encryptPassword(CharSequence password, byte[] seed)	Encrypts a password.
byte[]	hash(Credential credential)	Return Hash
boolean	isMitMProof()	Can plugins is MitM-proof, permitting returning HASH
org.mariadb.jdbc.client.ReadableByteBuf	process(Writer out, Reader in, org.mariadb.jdbc.client.Context context)	Process native password plugin authentication.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

NativePasswordPlugin

public NativePasswordPlugin(String authenticationData,
 byte[] seed)

Initialized data.

Parameters:

authenticationData - authentication data (password/token)

seed - server provided seed

Method Details

encryptPassword

public static byte[] encryptPassword(CharSequence password,
 byte[] seed)

Encrypts a password.

protocol for authentication is like this:

• Server sends a random array of bytes (the seed)
• client makes a sha1 digest of the password
• client hashes the output of 2
• client digests the seed
• client updates the digest with the output from 3
• an xor of the output of 5 and 2 is sent to server
• server does the same thing and verifies that the scrambled passwords match

Parameters:

password - the password to encrypt

seed - the seed to use

Returns:

a scrambled password

process

public org.mariadb.jdbc.client.ReadableByteBuf process(Writer out,
 Reader in,
 org.mariadb.jdbc.client.Context context)
                                                throws IOException

Process native password plugin authentication. see https://mariadb.com/kb/en/library/authentication-plugin-mysql_native_password/

Specified by:

process in interface AuthenticationPlugin

Parameters:

out - out stream

in - in stream

context - connection context

Returns:

response packet

Throws:

IOException - if socket error

isMitMProof

public boolean isMitMProof()

Description copied from interface: AuthenticationPlugin

Can plugins is MitM-proof, permitting returning HASH

Specified by:

isMitMProof in interface AuthenticationPlugin

Returns:

true if permitted

hash

public byte[] hash(Credential credential)

Return Hash

Specified by:

hash in interface AuthenticationPlugin

Parameters:

credential - Credential

Returns:

hash