func (h *digestMD5Handler) Handle() error {
var auth_state *auth.AuthState
if err := h.strm.State().Get(&auth_state); err != nil {
auth_state = &auth.AuthState{}
h.strm.State().Push(auth_state)
}
if err := h.strm.WriteElement(mechanisms.NewChallengeElement(h.md5.Challenge())); err != nil {
return err
}
// Receive a response with encoded MD5
resp_el, err := mechanisms.ReadResponse(h.strm)
if err != nil {
return err
}
// Check MD5
raw_resp_data, err := auth.DecodeBase64(resp_el.Data, h.strm)
if err != nil {
return err
}
if err := h.md5.ParseResponse(raw_resp_data); err != nil {
return err
}
password := auth_state.GetPasswordByUserName(h.md5.UserName())
if err := h.md5.Validate(password); err != nil {
return err
}
// Send response
if err := h.strm.WriteElement(mechanisms.NewChallengeElement(h.md5.Final())); err != nil {
return err
}
rsp, err := mechanisms.ReadResponse(h.strm)
if err != nil {
return err
}
if rsp.Data != "" {
return errors.New("Wrong response, expected empty response")
}
if err := h.strm.WriteElement(mechanisms.SuccessElement{}); err != nil {
return err
}
auth_state.UserName = h.md5.AuthID()
h.strm.ReOpen()
return nil
}
func (h *shaHandler) Handle() error {
if err := h.strm.WriteElement(mechanisms.NewChallengeElement(h.scram.First())); err != nil {
return err
}
// Receive a response with encoded MD5
resp_el, err := mechanisms.ReadResponse(h.strm)
if err != nil {
return err
}
// Check SHA
raw_resp_data, err := auth.DecodeBase64(resp_el.Data, h.strm)
if err != nil {
return err
}
if err := h.scram.CheckClientFinal(raw_resp_data); err != nil {
return err
}
// Send response
if err := h.strm.WriteElement(mechanisms.NewSuccessElement(h.scram.Final())); err != nil {
log.Println("Could not write signature")
return err
}
h.authState.UserName = h.scram.UserName()
h.strm.ReOpen()
return nil
}