public Message startAuthentication(AuthenticationMessage msg)
throws AuthenticationException, GeneralSecurityException {
if (msg instanceof RequestLoginMessage) {
RequestLoginMessage rlm = (RequestLoginMessage) msg;
username = rlm.getLogin();
if (!allowRoot && username.equals("root")) {
throw new AuthenticationException("Must authenticate as a regular user first.");
}
// generate challange
byte[] passhash = UserManager.v().getPassHash(username);
if (passhash == null) {
throw new AuthenticationException("User has no password");
}
ChallangeMessage cm = new ChallangeMessage();
SecureRandom rand = new SecureRandom();
rand.nextBytes(randNumber);
cm.setChallange(randNumber, passhash);
state = CL_CHALLANGE_SENT;
// send the challange
return cm;
} else if (msg instanceof ChallangeCheckStatusMessage) {
// After authentication is complete the client sends this message
// It can be safely ignored. We don't care that the client has
// actually authenticated us.
return null;
}
throw new AuthenticationException("State Error");
}
