com.mysql.cj.protocol.a.authentication

Class Sha256PasswordPlugin

java.lang.Object

com.mysql.cj.protocol.a.authentication.Sha256PasswordPlugin

All Implemented Interfaces:

AuthenticationPlugin<NativePacketPayload>

Direct Known Subclasses:

CachingSha2PasswordPlugin

public class Sha256PasswordPlugin
extends java.lang.Object
implements AuthenticationPlugin<NativePacketPayload>

Field Summary

Fields

Modifier and Type	Field and Description
protected java.lang.String	password
static java.lang.String	PLUGIN_NAME
protected Protocol<NativePacketPayload>	protocol
protected boolean	publicKeyRequested
protected java.lang.String	publicKeyString
protected java.lang.String	seed
protected RuntimeProperty<java.lang.String>	serverRSAPublicKeyFile
protected MysqlCallbackHandler	usernameCallbackHandler

Constructor Summary

Constructors

Constructor and Description
Sha256PasswordPlugin()

Method Summary

Modifier and Type	Method and Description
void	destroy() Called by the driver when this extension should release any resources it is holding and cleanup internally before the connection is closed.
protected byte[]	encryptPassword()
protected byte[]	encryptPassword(java.lang.String transformation)
java.lang.String	getProtocolPluginName() Returns the client-side name that the MySQL server uses on the wire for this plugin.
void	init(Protocol<NativePacketPayload> prot, MysqlCallbackHandler cbh) Initializes this plugin with a direct Protocol reference and a generic MysqlCallbackHandler that can be used to pass over information back to the authentication provider.
boolean	isReusable()
boolean	nextAuthenticationStep(NativePacketPayload fromServer, java.util.List<NativePacketPayload> toServer) Process authentication handshake data from server and optionally produce data to be sent back to the server.
protected static java.lang.String	readRSAKey(java.lang.String pkPath, PropertySet propertySet, ExceptionInterceptor exceptionInterceptor)
boolean	requiresConfidentiality() Does this plugin require the connection itself to be confidential (i.e.
void	setAuthenticationParameters(java.lang.String user, java.lang.String password) This method called from Connector/J before first nextAuthenticationStep call.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface com.mysql.cj.protocol.AuthenticationPlugin

init, reset, setSourceOfAuthData

Field Detail

PLUGIN_NAME

public static java.lang.String PLUGIN_NAME

protocol

protected Protocol<NativePacketPayload> protocol

usernameCallbackHandler

protected MysqlCallbackHandler usernameCallbackHandler

password

protected java.lang.String password

seed

protected java.lang.String seed

publicKeyRequested

protected boolean publicKeyRequested

publicKeyString

protected java.lang.String publicKeyString

serverRSAPublicKeyFile

protected RuntimeProperty<java.lang.String> serverRSAPublicKeyFile

Constructor Detail

Sha256PasswordPlugin

public Sha256PasswordPlugin()

Method Detail

init

public void init(Protocol<NativePacketPayload> prot,
                 MysqlCallbackHandler cbh)

Description copied from interface: AuthenticationPlugin

Initializes this plugin with a direct Protocol reference and a generic MysqlCallbackHandler that can be used to pass over information back to the authentication provider. For example an authentication plugin may accept null usernames and use that information to obtain them from some external source, such as the system login.

Specified by:

init in interface AuthenticationPlugin<NativePacketPayload>

Parameters:

prot - the protocol instance

cbh - a callback handler to provide additional information to the authentication provider

destroy

public void destroy()

Description copied from interface: AuthenticationPlugin

Called by the driver when this extension should release any resources it is holding and cleanup internally before the connection is closed.

Specified by:

destroy in interface AuthenticationPlugin<NativePacketPayload>

getProtocolPluginName

public java.lang.String getProtocolPluginName()

Description copied from interface: AuthenticationPlugin

Returns the client-side name that the MySQL server uses on the wire for this plugin.

Specified by:

getProtocolPluginName in interface AuthenticationPlugin<NativePacketPayload>

Returns:

plugin name

requiresConfidentiality

public boolean requiresConfidentiality()

Description copied from interface: AuthenticationPlugin

Does this plugin require the connection itself to be confidential (i.e. tls/ssl)...Highly recommended to return "true" for plugins that return the credentials in the clear.

Specified by:

requiresConfidentiality in interface AuthenticationPlugin<NativePacketPayload>

Returns:

true if secure connection is required

isReusable

public boolean isReusable()

Specified by:

isReusable in interface AuthenticationPlugin<NativePacketPayload>

Returns:

true if plugin instance may be reused, false otherwise

setAuthenticationParameters

public void setAuthenticationParameters(java.lang.String user,
                                        java.lang.String password)

Description copied from interface: AuthenticationPlugin

This method called from Connector/J before first nextAuthenticationStep call. Values of user and password parameters are passed from those in NativeAuthenticationProvider#changeUser() or NativeAuthenticationProvider#connect(). Plugin should use these values instead of values from connection properties because parent method may be a changeUser call which saves user and password into connection only after successful handshake.

Specified by:

setAuthenticationParameters in interface AuthenticationPlugin<NativePacketPayload>

Parameters:

user - user name

password - user password

nextAuthenticationStep

public boolean nextAuthenticationStep(NativePacketPayload fromServer,
                                      java.util.List<NativePacketPayload> toServer)

Description copied from interface: AuthenticationPlugin

Process authentication handshake data from server and optionally produce data to be sent back to the server. The driver will keep calling this method on each new server packet arrival until either an Exception is thrown (authentication failure, please use appropriate SQLStates) or the number of exchange iterations exceeded max limit or an OK packet is sent by server indicating that the connection has been approved. If, on return from this method, toServer is a non-empty list of buffers, then these buffers will be sent to the server in the same order and without any reads in between them. If toServer is an empty list, no data will be sent to server, driver immediately reads the next packet from server. In case of errors the method should throw Exception.

Specified by:

nextAuthenticationStep in interface AuthenticationPlugin<NativePacketPayload>

Parameters:

fromServer - a buffer containing handshake data payload from server (can be empty).

toServer - list of buffers with data to be sent to the server (the list can be empty, but buffers in the list should contain data).

Returns:

return value is ignored.

encryptPassword

protected byte[] encryptPassword()

encryptPassword

protected byte[] encryptPassword(java.lang.String transformation)

readRSAKey

protected static java.lang.String readRSAKey(java.lang.String pkPath,
                                             PropertySet propertySet,
                                             ExceptionInterceptor exceptionInterceptor)