com.mysql.cj.protocol.a.authentication

Class Sha256PasswordPlugin

java.lang.Object

com.mysql.cj.protocol.a.authentication.Sha256PasswordPlugin

All Implemented Interfaces:

AuthenticationPlugin<NativePacketPayload>

Direct Known Subclasses:

CachingSha2PasswordPlugin

public class Sha256PasswordPlugin
extends java.lang.Object
implements AuthenticationPlugin<NativePacketPayload>

Field Summary

Fields

Modifier and Type	Field and Description
protected java.lang.String	password
static java.lang.String	PLUGIN_NAME
protected Protocol<NativePacketPayload>	protocol
protected boolean	publicKeyRequested
protected java.lang.String	publicKeyString
protected java.lang.String	seed
protected RuntimeProperty<java.lang.String>	serverRSAPublicKeyFile

Constructor Summary

Constructors

Constructor and Description
Sha256PasswordPlugin()

Method Summary

Modifier and Type	Method and Description
void	destroy() Called by the driver when this extension should release any resources it is holding and cleanup internally before the connection is closed.
protected byte[]	encryptPassword()
protected byte[]	encryptPassword(java.lang.String transformation)
java.lang.String	getProtocolPluginName() Returns the name that the MySQL server uses on the wire for this plugin
void	init(Protocol<NativePacketPayload> prot) We need direct Protocol reference because it isn't available from Connection before authentication complete.
boolean	isReusable()
boolean	nextAuthenticationStep(NativePacketPayload fromServer, java.util.List<NativePacketPayload> toServer) Process authentication handshake data from server and optionally produce data to be sent back to the server.
protected static java.lang.String	readRSAKey(java.lang.String pkPath, PropertySet propertySet, ExceptionInterceptor exceptionInterceptor)
boolean	requiresConfidentiality() Does this plugin require the connection itself to be confidential (i.e.
void	setAuthenticationParameters(java.lang.String user, java.lang.String password) This method called from cJ before first nextAuthenticationStep call.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface com.mysql.cj.protocol.AuthenticationPlugin

reset

Field Detail

PLUGIN_NAME

public static java.lang.String PLUGIN_NAME

protocol

protected Protocol<NativePacketPayload> protocol

password

protected java.lang.String password

seed

protected java.lang.String seed

publicKeyRequested

protected boolean publicKeyRequested

publicKeyString

protected java.lang.String publicKeyString

serverRSAPublicKeyFile

protected RuntimeProperty<java.lang.String> serverRSAPublicKeyFile

Constructor Detail

Sha256PasswordPlugin

public Sha256PasswordPlugin()

Method Detail

init

public void init(Protocol<NativePacketPayload> prot)

Description copied from interface: AuthenticationPlugin

We need direct Protocol reference because it isn't available from Connection before authentication complete.

Specified by:

init in interface AuthenticationPlugin<NativePacketPayload>

Parameters:

prot - protocol instance

destroy

public void destroy()

Description copied from interface: AuthenticationPlugin

Called by the driver when this extension should release any resources it is holding and cleanup internally before the connection is closed.

Specified by:

destroy in interface AuthenticationPlugin<NativePacketPayload>

getProtocolPluginName

public java.lang.String getProtocolPluginName()

Description copied from interface: AuthenticationPlugin

Returns the name that the MySQL server uses on the wire for this plugin

Specified by:

getProtocolPluginName in interface AuthenticationPlugin<NativePacketPayload>

Returns:

plugin name

requiresConfidentiality

public boolean requiresConfidentiality()

Description copied from interface: AuthenticationPlugin

Does this plugin require the connection itself to be confidential (i.e. tls/ssl)...Highly recommended to return "true" for plugins that return the credentials in the clear.

Specified by:

requiresConfidentiality in interface AuthenticationPlugin<NativePacketPayload>

Returns:

true if secure connection is required

isReusable

public boolean isReusable()

Specified by:

isReusable in interface AuthenticationPlugin<NativePacketPayload>

Returns:

true if plugin instance may be reused, false otherwise

setAuthenticationParameters

public void setAuthenticationParameters(java.lang.String user,
                                        java.lang.String password)

Description copied from interface: AuthenticationPlugin

This method called from cJ before first nextAuthenticationStep call. Values of user and password parameters are passed from those in MysqlIO.changeUser(String userName, String password, String database) or MysqlIO.doHandshake(String user, String password, String database). Plugin should use these values instead of values from connection properties because parent method may be a changeUser call which saves user and password into connection only after successful handshake.

Specified by:

setAuthenticationParameters in interface AuthenticationPlugin<NativePacketPayload>

Parameters:

user - user name

password - user password

nextAuthenticationStep

public boolean nextAuthenticationStep(NativePacketPayload fromServer,
                                      java.util.List<NativePacketPayload> toServer)

Description copied from interface: AuthenticationPlugin

Process authentication handshake data from server and optionally produce data to be sent back to the server. The driver will keep calling this method on each new server packet arrival until either an Exception is thrown (authentication failure, please use appropriate SQLStates) or the number of exchange iterations exceeded max limit or an OK packet is sent by server indicating that the connection has been approved. If, on return from this method, toServer is a non-empty list of buffers, then these buffers will be sent to the server in the same order and without any reads in between them. If toServer is an empty list, no data will be sent to server, driver immediately reads the next packet from server. In case of errors the method should throw Exception.

Specified by:

nextAuthenticationStep in interface AuthenticationPlugin<NativePacketPayload>

Parameters:

fromServer - a buffer containing handshake data payload from server (can be empty).

toServer - list of buffers with data to be sent to the server (the list can be empty, but buffers in the list should contain data).

Returns:

return value is ignored.

encryptPassword

protected byte[] encryptPassword()

encryptPassword

protected byte[] encryptPassword(java.lang.String transformation)

readRSAKey

protected static java.lang.String readRSAKey(java.lang.String pkPath,
                                             PropertySet propertySet,
                                             ExceptionInterceptor exceptionInterceptor)