SimpleNonceManager (Red Hat JBoss Enterprise Application Platform 7.2.0.GA public API)

java.lang.Object
- io.undertow.security.impl.SimpleNonceManager

All Implemented Interfaces:

NonceManager, SessionNonceManager
```
public class SimpleNonceManager
extends Object
implements SessionNonceManager
```
A default NonceManager implementation to provide reasonable single host management of nonces. This NonceManager manages nonces in two groups, the first is the group that are allocated to new requests, this group is a problem as we want to be able to limit how many we distribute so we don't have a DOS storing too many but we also don't a high number of requests to to push the other valid nonces out faster than they can be used. The second group is the set of nonces actively in use - these should be maintained as we can also maintain the nonce count and even track the next nonce once invalid. Maybe group one should be a timestamp and private key hashed together, if used with a nonce count they move to be tracked to ensure the same count is not used again - if successfully used without a nonce count add to a blacklist until expiration? A nonce used without a nonce count will essentially be single use with each request getting a new nonce.

Author:

Darran Lofthouse

Constructor Summary

Constructors
Constructor and Description

SimpleNonceManager()

SimpleNonceManager(String hashAlg)

Constructors
Constructor and Description
`SimpleNonceManager()`
`SimpleNonceManager(String hashAlg)`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`void`	`associateHash(String nonce, byte[] hash)` Associate the supplied hash with the nonce specified.
`byte[]`	`lookupHash(String nonce)` Retrieve the existing hash associated with the nonce specified.
`String`	`nextNonce(String lastNonce, HttpServerExchange exchange)` Select the next nonce to be sent from the server taking into account the last valid nonce.
`boolean`	`validateNonce(String nonce, int nonceCount, HttpServerExchange exchange)` Validate that a nonce can be used.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - SimpleNonceManager
```
public SimpleNonceManager()
```
  - SimpleNonceManager
```
public SimpleNonceManager(String hashAlg)
```
- Method Detail
  - nextNonce
```
public String nextNonce(String lastNonce,
                        HttpServerExchange exchange)
```
    Description copied from interface: NonceManager
    
    Select the next nonce to be sent from the server taking into account the last valid nonce. It is both possible and likely that the nonce last used by the client will still be valid, in that case the same nonce will be returned.
    
    Specified by:
    
    nextNonce in interface NonceManager
    
    Parameters:
    
    lastNonce - - The last valid nonce received from the client or null if we don't already have a nonce.
    
    Returns:
    
    The next nonce to be sent in a challenge to the client.
    
    See Also:
    
    NonceManager.nextNonce(java.lang.String, io.undertow.server.HttpServerExchange)
  - validateNonce
```
public boolean validateNonce(String nonce,
                             int nonceCount,
                             HttpServerExchange exchange)
```
    Description copied from interface: NonceManager
    
    Validate that a nonce can be used. If the nonce can not be used but the related digest was correct then a new nonce should be returned to the client indicating that the nonce was stale. For implementations of this interface this method is not expected by be idempotent, i.e. once a nonce is validated with a specific nonceCount it is not expected that this method will return true again if the same combination is presented. This method is expected to ONLY be called if the users credentials are valid as a storage overhead could be incurred this overhead must not be accessible to unauthenticated clients.
    
    Specified by:
    
    validateNonce in interface NonceManager
    
    Parameters:
    
    nonce - - The nonce received from the client.
    
    nonceCount - - The nonce count from the client or -1 of none specified.
    
    Returns:
    
    true if the nonce can be used otherwise return false.
    
    See Also:
    
    NonceManager.validateNonce(java.lang.String, int, io.undertow.server.HttpServerExchange)
  - associateHash
```
public void associateHash(String nonce,
                          byte[] hash)
```
    Description copied from interface: SessionNonceManager
    
    Associate the supplied hash with the nonce specified.
    
    Specified by:
    
    associateHash in interface SessionNonceManager
    
    Parameters:
    
    nonce - - The nonce the hash is to be associated with.
    
    hash - - The hash to associate.
  - lookupHash
```
public byte[] lookupHash(String nonce)
```
    Description copied from interface: SessionNonceManager
    
    Retrieve the existing hash associated with the nonce specified. If there is no association then null should be returned.
    
    Specified by:
    
    lookupHash in interface SessionNonceManager
    
    Parameters:
    
    nonce - - The nonce the hash is required for.
    
    Returns:
    
    The associated hash or null if there is no association.

Class SimpleNonceManager

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

SimpleNonceManager

SimpleNonceManager

Method Detail

nextNonce

validateNonce

associateHash

lookupHash