diff options
author | Tarun Gupta <tarun1995gupta@gmail.com> | 2015-07-22 22:21:20 (GMT) |
---|---|---|
committer | Nick Hudson <nick.hudson@isode.com> | 2015-08-03 14:06:04 (GMT) |
commit | af3bb03053b9d83f4d38b31d66b292792206a327 (patch) | |
tree | 0e5826f6b1fbb638d899ee6aadca902a7c2fdb18 /src/com/isode/stroke/sasl/SCRAMSHA1ClientAuthenticator.java | |
parent | 32ef37b9059e21de19209a9a1ab4ef2564051918 (diff) | |
download | stroke-af3bb03053b9d83f4d38b31d66b292792206a327.zip stroke-af3bb03053b9d83f4d38b31d66b292792206a327.tar.bz2 |
Make SASL equivalent with Swiften.
Adds DIGESTMD5ClientAuthenticator, DIGESTMD5Properties, ExternalClientAuthenticator, PLAINMessage.
Updates Client, ClientSession, CoreClient, ConnectDisconnect, StrokeGUI to reflect changes made in SASL.
Updates ClientAuthenticator, SCRAMSHA1ClientAuthenticator, PBKDF2.
License:
This patch is BSD-licensed, see Documentation/Licenses/BSD-simplified.txt for details.
Test-Information:
Added tests for DIGESTMD5ClientAuthenticator, DIGESTMD5Properties, PLAINClientAuthenticator, PLAINMessage.
Update test for SCRAMSHA1ClientAuthenticatorTest.
All tests pass.
Change-Id: I4fd38f922cab7e4c4548d9706f6ad3b9e1506e81
Diffstat (limited to 'src/com/isode/stroke/sasl/SCRAMSHA1ClientAuthenticator.java')
-rw-r--r-- | src/com/isode/stroke/sasl/SCRAMSHA1ClientAuthenticator.java | 40 |
1 files changed, 25 insertions, 15 deletions
diff --git a/src/com/isode/stroke/sasl/SCRAMSHA1ClientAuthenticator.java b/src/com/isode/stroke/sasl/SCRAMSHA1ClientAuthenticator.java index 29a37aa..9797e24 100644 --- a/src/com/isode/stroke/sasl/SCRAMSHA1ClientAuthenticator.java +++ b/src/com/isode/stroke/sasl/SCRAMSHA1ClientAuthenticator.java @@ -10,10 +10,13 @@ package com.isode.stroke.sasl; import com.isode.stroke.base.ByteArray; import com.isode.stroke.base.SafeByteArray; +import com.ibm.icu.text.StringPrepParseException; import com.isode.stroke.stringcodecs.Base64; import com.isode.stroke.stringcodecs.HMACSHA1; import com.isode.stroke.stringcodecs.PBKDF2; import com.isode.stroke.stringcodecs.SHA1; +import com.isode.stroke.idn.IDNConverter; +import com.isode.stroke.crypto.CryptoProvider; import java.text.Normalizer; import java.text.Normalizer.Form; import java.util.HashMap; @@ -35,14 +38,13 @@ public class SCRAMSHA1ClientAuthenticator extends ClientAuthenticator { return result; } - public SCRAMSHA1ClientAuthenticator(String nonce) { - this(nonce, false); - } - public SCRAMSHA1ClientAuthenticator(String nonce, boolean useChannelBinding) { + public SCRAMSHA1ClientAuthenticator(String nonce, boolean useChannelBinding, IDNConverter idnConverter, CryptoProvider crypto) { super(useChannelBinding ? "SCRAM-SHA-1-PLUS" : "SCRAM-SHA-1"); step = Step.Initial; clientnonce = nonce; this.useChannelBinding = useChannelBinding; + this.idnConverter = idnConverter; + this.crypto = crypto; } public void setTLSChannelBindingData(ByteArray channelBindingData) { @@ -53,9 +55,9 @@ public class SCRAMSHA1ClientAuthenticator extends ClientAuthenticator { if (step.equals(Step.Initial)) { return new SafeByteArray(getGS2Header().append(getInitialBareClientMessage())); } else if (step.equals(Step.Proof)) { - ByteArray clientKey = HMACSHA1.getResult(saltedPassword, new ByteArray("Client Key")); - ByteArray storedKey = SHA1.getHash(clientKey); - ByteArray clientSignature = HMACSHA1.getResult(storedKey, authMessage); + ByteArray clientKey = crypto.getHMACSHA1(saltedPassword, new ByteArray("Client Key")); + ByteArray storedKey = crypto.getSHA1Hash(clientKey); + ByteArray clientSignature = crypto.getHMACSHA1(new SafeByteArray(storedKey), authMessage); ByteArray clientProof = clientKey; byte[] clientProofData = clientProof.getData(); for (int i = 0; i < clientProofData.length; ++i) { @@ -104,16 +106,21 @@ public class SCRAMSHA1ClientAuthenticator extends ClientAuthenticator { return false; } + //Not Sure, why this here. ByteArray channelBindData = new ByteArray(); if (useChannelBinding && tlsChannelBindingData != null) { channelBindData = tlsChannelBindingData; } // Compute all the values needed for the server signature - saltedPassword = PBKDF2.encode(new ByteArray(SASLPrep(getPassword())), salt, iterations); + try { + saltedPassword = PBKDF2.encode(idnConverter.getStringPrepared(getPassword(), IDNConverter.StringPrepProfile.SASLPrep), salt, iterations, crypto); + } catch (StringPrepParseException e) { + + } authMessage = getInitialBareClientMessage().append(",").append(initialServerMessage).append(",").append(getFinalMessageWithoutProof()); - ByteArray serverKey = HMACSHA1.getResult(saltedPassword, new ByteArray("Server Key")); - serverSignature = HMACSHA1.getResult(serverKey, authMessage); + ByteArray serverKey = crypto.getHMACSHA1(saltedPassword, new ByteArray("Server Key")); + serverSignature = crypto.getHMACSHA1(serverKey, authMessage); step = Step.Proof; return true; @@ -126,10 +133,6 @@ public class SCRAMSHA1ClientAuthenticator extends ClientAuthenticator { } } - private String SASLPrep(String source) { - return Normalizer.normalize(source, Form.NFKC); /* FIXME: Implement real SASLPrep */ - } - private Map<Character, String> parseMap(String s) { HashMap<Character, String> result = new HashMap<Character, String>(); if (s.length() > 0) { @@ -157,7 +160,12 @@ public class SCRAMSHA1ClientAuthenticator extends ClientAuthenticator { } private ByteArray getInitialBareClientMessage() { - String authenticationID = SASLPrep(getAuthenticationID()); + String authenticationID = ""; + try { + authenticationID = idnConverter.getStringPrepared(getAuthenticationID(), IDNConverter.StringPrepProfile.SASLPrep); + } catch (StringPrepParseException e) { + + } return new ByteArray("n=" + escape(authenticationID) + ",r=" + clientnonce); } @@ -198,4 +206,6 @@ public class SCRAMSHA1ClientAuthenticator extends ClientAuthenticator { private ByteArray serverSignature = new ByteArray(); private boolean useChannelBinding; private ByteArray tlsChannelBindingData; + private IDNConverter idnConverter; + private CryptoProvider crypto; } |