| Don Newton | 379ae25 | 2019-04-01 12:17:06 -0400 | [diff] [blame^] | 1 | // Copyright 2018 by David A. Golden. All rights reserved. |
| 2 | // |
| 3 | // Licensed under the Apache License, Version 2.0 (the "License"); you may |
| 4 | // not use this file except in compliance with the License. You may obtain |
| 5 | // a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 |
| 6 | |
| 7 | package scram |
| 8 | |
| 9 | import "sync" |
| 10 | |
| 11 | // Server implements the server side of SCRAM authentication. It holds |
| 12 | // configuration values needed to initialize new server-side conversations. |
| 13 | // Generally, this can be persistent within an application. |
| 14 | type Server struct { |
| 15 | sync.RWMutex |
| 16 | credentialCB CredentialLookup |
| 17 | nonceGen NonceGeneratorFcn |
| 18 | hashGen HashGeneratorFcn |
| 19 | } |
| 20 | |
| 21 | func newServer(cl CredentialLookup, fcn HashGeneratorFcn) (*Server, error) { |
| 22 | return &Server{ |
| 23 | credentialCB: cl, |
| 24 | nonceGen: defaultNonceGenerator, |
| 25 | hashGen: fcn, |
| 26 | }, nil |
| 27 | } |
| 28 | |
| 29 | // WithNonceGenerator replaces the default nonce generator (base64 encoding of |
| 30 | // 24 bytes from crypto/rand) with a custom generator. This is provided for |
| 31 | // testing or for users with custom nonce requirements. |
| 32 | func (s *Server) WithNonceGenerator(ng NonceGeneratorFcn) *Server { |
| 33 | s.Lock() |
| 34 | defer s.Unlock() |
| 35 | s.nonceGen = ng |
| 36 | return s |
| 37 | } |
| 38 | |
| 39 | // NewConversation constructs a server-side authentication conversation. |
| 40 | // Conversations cannot be reused, so this must be called for each new |
| 41 | // authentication attempt. |
| 42 | func (s *Server) NewConversation() *ServerConversation { |
| 43 | s.RLock() |
| 44 | defer s.RUnlock() |
| 45 | return &ServerConversation{ |
| 46 | nonceGen: s.nonceGen, |
| 47 | hashGen: s.hashGen, |
| 48 | credentialCB: s.credentialCB, |
| 49 | } |
| 50 | } |