51 lines
1.5 KiB
Go
51 lines
1.5 KiB
Go
// Copyright 2018 by David A. Golden. All rights reserved.
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
// not use this file except in compliance with the License. You may obtain
|
|
// a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
package scram
|
|
|
|
import "sync"
|
|
|
|
// Server implements the server side of SCRAM authentication. It holds
|
|
// configuration values needed to initialize new server-side conversations.
|
|
// Generally, this can be persistent within an application.
|
|
type Server struct {
|
|
sync.RWMutex
|
|
credentialCB CredentialLookup
|
|
nonceGen NonceGeneratorFcn
|
|
hashGen HashGeneratorFcn
|
|
}
|
|
|
|
func newServer(cl CredentialLookup, fcn HashGeneratorFcn) (*Server, error) {
|
|
return &Server{
|
|
credentialCB: cl,
|
|
nonceGen: defaultNonceGenerator,
|
|
hashGen: fcn,
|
|
}, nil
|
|
}
|
|
|
|
// WithNonceGenerator replaces the default nonce generator (base64 encoding of
|
|
// 24 bytes from crypto/rand) with a custom generator. This is provided for
|
|
// testing or for users with custom nonce requirements.
|
|
func (s *Server) WithNonceGenerator(ng NonceGeneratorFcn) *Server {
|
|
s.Lock()
|
|
defer s.Unlock()
|
|
s.nonceGen = ng
|
|
return s
|
|
}
|
|
|
|
// NewConversation constructs a server-side authentication conversation.
|
|
// Conversations cannot be reused, so this must be called for each new
|
|
// authentication attempt.
|
|
func (s *Server) NewConversation() *ServerConversation {
|
|
s.RLock()
|
|
defer s.RUnlock()
|
|
return &ServerConversation{
|
|
nonceGen: s.nonceGen,
|
|
hashGen: s.hashGen,
|
|
credentialCB: s.credentialCB,
|
|
}
|
|
}
|