1 files changed, 25 insertions, 15 deletions
diff --git a/src/com/isode/stroke/sasl/SCRAMSHA1ClientAuthenticator.java b/src/com/isode/stroke/sasl/SCRAMSHA1ClientAuthenticator.java
index 29a37aa..9797e24 100644
--- a/src/com/isode/stroke/sasl/SCRAMSHA1ClientAuthenticator.java
+++ b/src/com/isode/stroke/sasl/SCRAMSHA1ClientAuthenticator.java
@@ -10,10 +10,13 @@ package com.isode.stroke.sasl;
 
 import com.isode.stroke.base.ByteArray;
 import com.isode.stroke.base.SafeByteArray;
+import com.ibm.icu.text.StringPrepParseException;
 import com.isode.stroke.stringcodecs.Base64;
 import com.isode.stroke.stringcodecs.HMACSHA1;
 import com.isode.stroke.stringcodecs.PBKDF2;
 import com.isode.stroke.stringcodecs.SHA1;
+import com.isode.stroke.idn.IDNConverter;
+import com.isode.stroke.crypto.CryptoProvider;
 import java.text.Normalizer;
 import java.text.Normalizer.Form;
 import java.util.HashMap;
@@ -35,14 +38,13 @@ public class SCRAMSHA1ClientAuthenticator extends ClientAuthenticator {
         return result;
     }
 
-    public SCRAMSHA1ClientAuthenticator(String nonce) {
-        this(nonce, false);
-    }
-    public SCRAMSHA1ClientAuthenticator(String nonce, boolean useChannelBinding) {
+    public SCRAMSHA1ClientAuthenticator(String nonce, boolean useChannelBinding, IDNConverter idnConverter, CryptoProvider crypto) {
         super(useChannelBinding ? "SCRAM-SHA-1-PLUS" : "SCRAM-SHA-1");
         step = Step.Initial;
         clientnonce = nonce;
         this.useChannelBinding = useChannelBinding;
+        this.idnConverter = idnConverter;
+        this.crypto = crypto;
     }
 
     public void setTLSChannelBindingData(ByteArray channelBindingData) {
@@ -53,9 +55,9 @@ public class SCRAMSHA1ClientAuthenticator extends ClientAuthenticator {
         if (step.equals(Step.Initial)) {
             return new SafeByteArray(getGS2Header().append(getInitialBareClientMessage()));
         } else if (step.equals(Step.Proof)) {
-            ByteArray clientKey = HMACSHA1.getResult(saltedPassword, new ByteArray("Client Key"));
-            ByteArray storedKey = SHA1.getHash(clientKey);
-            ByteArray clientSignature = HMACSHA1.getResult(storedKey, authMessage);
+            ByteArray clientKey = crypto.getHMACSHA1(saltedPassword, new ByteArray("Client Key"));
+            ByteArray storedKey = crypto.getSHA1Hash(clientKey);
+            ByteArray clientSignature = crypto.getHMACSHA1(new SafeByteArray(storedKey), authMessage);
             ByteArray clientProof = clientKey;
             byte[] clientProofData = clientProof.getData();
             for (int i = 0; i < clientProofData.length; ++i) {
@@ -104,16 +106,21 @@ public class SCRAMSHA1ClientAuthenticator extends ClientAuthenticator {
                 return false;
             }
 
+            //Not Sure, why this here.
             ByteArray channelBindData = new ByteArray();
             if (useChannelBinding && tlsChannelBindingData != null) {
                 channelBindData = tlsChannelBindingData;
             }
 
             // Compute all the values needed for the server signature
-            saltedPassword = PBKDF2.encode(new ByteArray(SASLPrep(getPassword())), salt, iterations);
+            try {
+                saltedPassword = PBKDF2.encode(idnConverter.getStringPrepared(getPassword(), IDNConverter.StringPrepProfile.SASLPrep), salt, iterations, crypto);         
+            } catch (StringPrepParseException e) {
+
+            }
             authMessage = getInitialBareClientMessage().append(",").append(initialServerMessage).append(",").append(getFinalMessageWithoutProof());
-            ByteArray serverKey = HMACSHA1.getResult(saltedPassword, new ByteArray("Server Key"));
-            serverSignature = HMACSHA1.getResult(serverKey, authMessage);
+            ByteArray serverKey = crypto.getHMACSHA1(saltedPassword, new ByteArray("Server Key"));
+            serverSignature = crypto.getHMACSHA1(serverKey, authMessage);
 
             step = Step.Proof;
             return true;
@@ -126,10 +133,6 @@ public class SCRAMSHA1ClientAuthenticator extends ClientAuthenticator {
         }
     }
 
-    private String SASLPrep(String source) {
-        return Normalizer.normalize(source, Form.NFKC); /* FIXME: Implement real SASLPrep */
-    }
-
     private Map<Character, String> parseMap(String s) {
         HashMap<Character, String> result = new HashMap<Character, String>();
         if (s.length() > 0) {
@@ -157,7 +160,12 @@ public class SCRAMSHA1ClientAuthenticator extends ClientAuthenticator {
     }
 
     private ByteArray getInitialBareClientMessage() {
-        String authenticationID = SASLPrep(getAuthenticationID());
+        String authenticationID = "";
+        try {
+            authenticationID = idnConverter.getStringPrepared(getAuthenticationID(), IDNConverter.StringPrepProfile.SASLPrep);
+        } catch (StringPrepParseException e) {
+
+        }
         return new ByteArray("n=" + escape(authenticationID) + ",r=" + clientnonce);
     }
 
@@ -198,4 +206,6 @@ public class SCRAMSHA1ClientAuthenticator extends ClientAuthenticator {
     private ByteArray serverSignature = new ByteArray();
     private boolean useChannelBinding;
     private ByteArray tlsChannelBindingData;
+    private IDNConverter idnConverter;
+    private CryptoProvider crypto;    
 }