public Message startAuthentication(AuthenticationMessage msg) throws AuthenticationException, GeneralSecurityException { if (msg instanceof RequestLoginMessage) { RequestLoginMessage rlm = (RequestLoginMessage) msg; username = rlm.getLogin(); if (!allowRoot && username.equals("root")) { throw new AuthenticationException("Must authenticate as a regular user first."); } // generate challange byte[] passhash = UserManager.v().getPassHash(username); if (passhash == null) { throw new AuthenticationException("User has no password"); } ChallangeMessage cm = new ChallangeMessage(); SecureRandom rand = new SecureRandom(); rand.nextBytes(randNumber); cm.setChallange(randNumber, passhash); state = CL_CHALLANGE_SENT; // send the challange return cm; } else if (msg instanceof ChallangeCheckStatusMessage) { // After authentication is complete the client sends this message // It can be safely ignored. We don't care that the client has // actually authenticated us. return null; } throw new AuthenticationException("State Error"); }