You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
50 lines
1.5 KiB
50 lines
1.5 KiB
// Copyright 2018 by David A. Golden. All rights reserved. |
|
// |
|
// Licensed under the Apache License, Version 2.0 (the "License"); you may |
|
// not use this file except in compliance with the License. You may obtain |
|
// a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 |
|
|
|
package scram |
|
|
|
import "sync" |
|
|
|
// Server implements the server side of SCRAM authentication. It holds |
|
// configuration values needed to initialize new server-side conversations. |
|
// Generally, this can be persistent within an application. |
|
type Server struct { |
|
sync.RWMutex |
|
credentialCB CredentialLookup |
|
nonceGen NonceGeneratorFcn |
|
hashGen HashGeneratorFcn |
|
} |
|
|
|
func newServer(cl CredentialLookup, fcn HashGeneratorFcn) (*Server, error) { |
|
return &Server{ |
|
credentialCB: cl, |
|
nonceGen: defaultNonceGenerator, |
|
hashGen: fcn, |
|
}, nil |
|
} |
|
|
|
// WithNonceGenerator replaces the default nonce generator (base64 encoding of |
|
// 24 bytes from crypto/rand) with a custom generator. This is provided for |
|
// testing or for users with custom nonce requirements. |
|
func (s *Server) WithNonceGenerator(ng NonceGeneratorFcn) *Server { |
|
s.Lock() |
|
defer s.Unlock() |
|
s.nonceGen = ng |
|
return s |
|
} |
|
|
|
// NewConversation constructs a server-side authentication conversation. |
|
// Conversations cannot be reused, so this must be called for each new |
|
// authentication attempt. |
|
func (s *Server) NewConversation() *ServerConversation { |
|
s.RLock() |
|
defer s.RUnlock() |
|
return &ServerConversation{ |
|
nonceGen: s.nonceGen, |
|
hashGen: s.hashGen, |
|
credentialCB: s.credentialCB, |
|
} |
|
}
|
|
|