@@ -76,11 +76,11 @@ class SRPHelper(private val password: String) {
7676 k = BigInteger .fromByteArray(digest.digest(g.toByteArray()), Sign .POSITIVE )
7777 }
7878
79- private var userId: String = " "
80- private var userPoolName: String = " "
79+ private var userId: String? = null
80+ private var userPoolName: String? = null
8181
82- fun setUserPoolParams (userId : String , userPoolName : String ) {
83- this .userId = userId
82+ fun setUserPoolParams (userIdForSrp : String , userPoolName : String ) {
83+ this .userId = userIdForSrp
8484 this .userPoolName = userPoolName
8585 if (userPoolName.contains(" _"
8686 this .userPoolName = userPoolName.split(Regex (" _" 2 )[1 ]
@@ -106,10 +106,11 @@ class SRPHelper(private val password: String) {
106106 }
107107
108108 // x = H(salt | H(poolName | userId | ":" | password))
109+ @Throws(CognitoException ::class )
109110 internal fun computeX (salt : BigInteger ): BigInteger {
110111 digest.reset()
111- digest.update(userPoolName.toByteArray())
112- digest.update(userId.toByteArray())
112+ digest.update(userPoolName? .toByteArray() ? : throw CognitoException . UserPoolNameNotSet )
113+ digest.update(userId? .toByteArray() ? : throw CognitoException . UserIdNotSet )
113114 digest.update(" :"
114115 val userIdPasswordHash = digest.digest(password.toByteArray())
115116
@@ -119,6 +120,7 @@ class SRPHelper(private val password: String) {
119120 }
120121
121122 // verifier = (g ^ x) % N
123+ @Throws(CognitoException ::class )
122124 internal fun computePasswordVerifier (salt : BigInteger ): ModularBigInteger {
123125 val xValue = computeX(salt)
124126 return g.pow(xValue)
@@ -150,14 +152,32 @@ class SRPHelper(private val password: String) {
150152 }
151153
152154 // M1 = MAC(poolId | userId | secret | timestamp, key)
155+ @Throws(CognitoException ::class )
153156 internal fun generateM1Signature (key : ByteArray , secretBlock : String ): ByteArray {
154157 val mac = HmacSHA256 (key)
155- mac.update(userPoolName.toByteArray())
156- mac.update(userId.toByteArray())
158+ mac.update(userPoolName? .toByteArray() ? : throw CognitoException . UserPoolNameNotSet )
159+ mac.update(userId? .toByteArray() ? : throw CognitoException . UserIdNotSet )
157160 mac.update(Base64 .decode(secretBlock))
158161 return mac.doFinal(timestamp.toByteArray())
159162 }
160163
164+ /* *
165+ * Generates a PASSWORD_CLAIM_SIGNATURE for Amplify Cognito authentication.
166+ *
167+ * This function calculates the PASSWORD_CLAIM_SIGNATURE, which is used in the authentication
168+ * process with Amazon Cognito Identity Provider. It combines the provided salt, SRP_B value,
169+ * and secret block to create a secure signature for authentication.
170+ *
171+ * The parameters are returned from calling AWSCognitoIdentityProviderService.InitiateAuth
172+ * Note the you MUST call setUserPoolParams() before calling this function or it will throw
173+ * a CognitoException.
174+ *
175+ * @param salt The salt value used in the authentication process.
176+ * @param srpB The SRP_B value provided by the Cognito service.
177+ * @param secretBlock The secret block - should be passed into PASSWORD_CLAIM_SECRET_BLOCK
178+ * for the subsequent call to AWSCognitoIdentityProviderService.RespondToAuthChallenge
179+ * @return A string representing the PASSWORD_CLAIM_SIGNATURE for authentication.
180+ */
161181 @Throws(CognitoException ::class )
162182 fun getSignature (salt : String , srpB : String , secretBlock : String ): String {
163183 val bigIntSRPB = BigInteger .parseString(srpB, HEX )
0 commit comments