mirror of
https://github.com/moparisthebest/Conversations
synced 2024-11-24 17:52:17 -05:00
Add SCRAM-SHA1 support
Factor out GS2 tokanization into own class Add authentication exception class Fixes #71
This commit is contained in:
parent
c61120bfc4
commit
0e550789d3
@ -0,0 +1,11 @@
|
|||||||
|
package eu.siacs.conversations.crypto.sasl;
|
||||||
|
|
||||||
|
public class AuthenticationException extends Exception {
|
||||||
|
public AuthenticationException(final String message) {
|
||||||
|
super(message);
|
||||||
|
}
|
||||||
|
|
||||||
|
public AuthenticationException(final Exception inner) {
|
||||||
|
super(inner);
|
||||||
|
}
|
||||||
|
}
|
@ -17,20 +17,28 @@ public class DigestMd5 extends SaslMechanism {
|
|||||||
super(tagWriter, account, rng);
|
super(tagWriter, account, rng);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
public static String getMechanism() {
|
||||||
public String getMechanism() {
|
|
||||||
return "DIGEST-MD5";
|
return "DIGEST-MD5";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private enum State {
|
||||||
|
INITIAL,
|
||||||
|
RESPONSE_SENT,
|
||||||
|
}
|
||||||
|
|
||||||
|
private State state = State.INITIAL;
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public String getResponse(final String challenge) {
|
public String getResponse(final String challenge) throws AuthenticationException {
|
||||||
|
switch (state) {
|
||||||
|
case INITIAL:
|
||||||
|
state = State.RESPONSE_SENT;
|
||||||
final String encodedResponse;
|
final String encodedResponse;
|
||||||
try {
|
try {
|
||||||
final String[] challengeParts = new String(Base64.decode(challenge,
|
final Tokenizer tokenizer = new Tokenizer(Base64.decode(challenge, Base64.DEFAULT));
|
||||||
Base64.DEFAULT)).split(",");
|
|
||||||
String nonce = "";
|
String nonce = "";
|
||||||
for (int i = 0; i < challengeParts.length; ++i) {
|
for (final String token : tokenizer) {
|
||||||
String[] parts = challengeParts[i].split("=");
|
final String[] parts = token.split("=");
|
||||||
if (parts[0].equals("nonce")) {
|
if (parts[0].equals("nonce")) {
|
||||||
nonce = parts[1].replace("\"", "");
|
nonce = parts[1].replace("\"", "");
|
||||||
} else if (parts[0].equals("rspauth")) {
|
} else if (parts[0].equals("rspauth")) {
|
||||||
@ -68,5 +76,9 @@ public class DigestMd5 extends SaslMechanism {
|
|||||||
}
|
}
|
||||||
|
|
||||||
return encodedResponse;
|
return encodedResponse;
|
||||||
|
case RESPONSE_SENT:
|
||||||
|
return "";
|
||||||
|
}
|
||||||
|
return "";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -12,13 +12,12 @@ public class Plain extends SaslMechanism {
|
|||||||
super(tagWriter, account, null);
|
super(tagWriter, account, null);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
public static String getMechanism() {
|
||||||
public String getMechanism() {
|
|
||||||
return "PLAIN";
|
return "PLAIN";
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public String getStartAuth() {
|
public String getClientFirstMessage() {
|
||||||
final String sasl = '\u0000' + account.getUsername() + '\u0000' + account.getPassword();
|
final String sasl = '\u0000' + account.getUsername() + '\u0000' + account.getPassword();
|
||||||
return Base64.encodeToString(sasl.getBytes(Charset.defaultCharset()), Base64.NO_WRAP);
|
return Base64.encodeToString(sasl.getBytes(Charset.defaultCharset()), Base64.NO_WRAP);
|
||||||
}
|
}
|
||||||
|
@ -17,11 +17,10 @@ public abstract class SaslMechanism {
|
|||||||
this.rng = rng;
|
this.rng = rng;
|
||||||
}
|
}
|
||||||
|
|
||||||
public abstract String getMechanism();
|
public String getClientFirstMessage() {
|
||||||
public String getStartAuth() {
|
|
||||||
return "";
|
return "";
|
||||||
}
|
}
|
||||||
public String getResponse(final String challenge) {
|
public String getResponse(final String challenge) throws AuthenticationException {
|
||||||
return "";
|
return "";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
198
src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha1.java
Normal file
198
src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha1.java
Normal file
@ -0,0 +1,198 @@
|
|||||||
|
package eu.siacs.conversations.crypto.sasl;
|
||||||
|
|
||||||
|
import android.util.Base64;
|
||||||
|
|
||||||
|
import org.bouncycastle.crypto.Digest;
|
||||||
|
import org.bouncycastle.crypto.digests.SHA1Digest;
|
||||||
|
import org.bouncycastle.crypto.macs.HMac;
|
||||||
|
import org.bouncycastle.crypto.params.KeyParameter;
|
||||||
|
|
||||||
|
import java.math.BigInteger;
|
||||||
|
import java.nio.charset.Charset;
|
||||||
|
import java.security.InvalidKeyException;
|
||||||
|
import java.security.SecureRandom;
|
||||||
|
|
||||||
|
import eu.siacs.conversations.entities.Account;
|
||||||
|
import eu.siacs.conversations.utils.CryptoHelper;
|
||||||
|
import eu.siacs.conversations.xml.TagWriter;
|
||||||
|
|
||||||
|
public class ScramSha1 extends SaslMechanism {
|
||||||
|
// TODO: When channel binding (SCRAM-SHA1-PLUS) is supported in future, generalize this to indicate support and/or usage.
|
||||||
|
final private static String GS2_HEADER = "n,,";
|
||||||
|
private String clientFirstMessageBare;
|
||||||
|
private byte[] serverFirstMessage;
|
||||||
|
final private String clientNonce;
|
||||||
|
private byte[] serverSignature = null;
|
||||||
|
private static HMac HMAC;
|
||||||
|
private static Digest DIGEST;
|
||||||
|
private static final byte[] CLIENT_KEY_BYTES = "Client Key".getBytes();
|
||||||
|
private static final byte[] SERVER_KEY_BYTES = "Server Key".getBytes();
|
||||||
|
|
||||||
|
static {
|
||||||
|
DIGEST = new SHA1Digest();
|
||||||
|
HMAC = new HMac(new SHA1Digest());
|
||||||
|
}
|
||||||
|
|
||||||
|
private enum State {
|
||||||
|
INITIAL,
|
||||||
|
AUTH_TEXT_SENT,
|
||||||
|
RESPONSE_SENT,
|
||||||
|
VALID_SERVER_RESPONSE,
|
||||||
|
}
|
||||||
|
|
||||||
|
private State state = State.INITIAL;
|
||||||
|
|
||||||
|
public ScramSha1(final TagWriter tagWriter, final Account account, final SecureRandom rng) {
|
||||||
|
super(tagWriter, account, rng);
|
||||||
|
|
||||||
|
// This nonce should be different for each authentication attempt.
|
||||||
|
clientNonce = new BigInteger(100, this.rng).toString(32);
|
||||||
|
clientFirstMessageBare = "";
|
||||||
|
}
|
||||||
|
|
||||||
|
public static String getMechanism() {
|
||||||
|
return "SCRAM-SHA-1";
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String getClientFirstMessage() {
|
||||||
|
if (clientFirstMessageBare.isEmpty()) {
|
||||||
|
clientFirstMessageBare = "n=" + CryptoHelper.saslPrep(account.getUsername()) +
|
||||||
|
",r=" + this.clientNonce;
|
||||||
|
}
|
||||||
|
if (state == State.INITIAL) {
|
||||||
|
state = State.AUTH_TEXT_SENT;
|
||||||
|
}
|
||||||
|
return Base64.encodeToString(
|
||||||
|
(GS2_HEADER + clientFirstMessageBare).getBytes(Charset.defaultCharset()),
|
||||||
|
Base64.NO_WRAP);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String getResponse(final String challenge) throws AuthenticationException {
|
||||||
|
switch (state) {
|
||||||
|
case AUTH_TEXT_SENT:
|
||||||
|
serverFirstMessage = Base64.decode(challenge, Base64.DEFAULT);
|
||||||
|
final Tokenizer tokenizer = new Tokenizer(serverFirstMessage);
|
||||||
|
String nonce = "";
|
||||||
|
int iterationCount = -1;
|
||||||
|
String salt = "";
|
||||||
|
for (final String token : tokenizer) {
|
||||||
|
if (token.charAt(1) == '=') {
|
||||||
|
switch (token.charAt(0)) {
|
||||||
|
case 'i':
|
||||||
|
try {
|
||||||
|
iterationCount = Integer.parseInt(token.substring(2));
|
||||||
|
} catch (final NumberFormatException e) {
|
||||||
|
throw new AuthenticationException(e);
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case 's':
|
||||||
|
salt = token.substring(2);
|
||||||
|
break;
|
||||||
|
case 'r':
|
||||||
|
nonce = token.substring(2);
|
||||||
|
break;
|
||||||
|
case 'm':
|
||||||
|
/*
|
||||||
|
* RFC 5802:
|
||||||
|
* m: This attribute is reserved for future extensibility. In this
|
||||||
|
* version of SCRAM, its presence in a client or a server message
|
||||||
|
* MUST cause authentication failure when the attribute is parsed by
|
||||||
|
* the other end.
|
||||||
|
*/
|
||||||
|
throw new AuthenticationException("Server sent reserved token: `m'");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (iterationCount < 0) {
|
||||||
|
throw new AuthenticationException("Server did not send iteration count");
|
||||||
|
}
|
||||||
|
if (nonce.isEmpty() || !nonce.startsWith(clientNonce)) {
|
||||||
|
throw new AuthenticationException("Server nonce does not contain client nonce: " + nonce);
|
||||||
|
}
|
||||||
|
if (salt.isEmpty()) {
|
||||||
|
throw new AuthenticationException("Server sent empty salt");
|
||||||
|
}
|
||||||
|
|
||||||
|
final String clientFinalMessageWithoutProof = "c=" + Base64.encodeToString(
|
||||||
|
GS2_HEADER.getBytes(), Base64.NO_WRAP) + ",r=" + nonce;
|
||||||
|
final byte[] authMessage = (clientFirstMessageBare + ',' + new String(serverFirstMessage) + ','
|
||||||
|
+ clientFinalMessageWithoutProof).getBytes();
|
||||||
|
|
||||||
|
// TODO: In future, cache the clientKey and serverKey and re-use them on re-auth.
|
||||||
|
final byte[] saltedPassword, clientSignature, serverKey, clientKey;
|
||||||
|
try {
|
||||||
|
saltedPassword = hi(CryptoHelper.saslPrep(account.getPassword()).getBytes(),
|
||||||
|
Base64.decode(salt, Base64.DEFAULT), iterationCount);
|
||||||
|
serverKey = hmac(saltedPassword, SERVER_KEY_BYTES);
|
||||||
|
serverSignature = hmac(serverKey, authMessage);
|
||||||
|
clientKey = hmac(saltedPassword, CLIENT_KEY_BYTES);
|
||||||
|
final byte[] storedKey = digest(clientKey);
|
||||||
|
|
||||||
|
clientSignature = hmac(storedKey, authMessage);
|
||||||
|
|
||||||
|
} catch (final InvalidKeyException e) {
|
||||||
|
throw new AuthenticationException(e);
|
||||||
|
}
|
||||||
|
|
||||||
|
final byte[] clientProof = new byte[clientKey.length];
|
||||||
|
|
||||||
|
for (int i = 0; i < clientProof.length; i++) {
|
||||||
|
clientProof[i] = (byte) (clientKey[i] ^ clientSignature[i]);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
final String clientFinalMessage = clientFinalMessageWithoutProof + ",p=" +
|
||||||
|
Base64.encodeToString(clientProof, Base64.NO_WRAP);
|
||||||
|
state = State.RESPONSE_SENT;
|
||||||
|
return Base64.encodeToString(clientFinalMessage.getBytes(), Base64.NO_WRAP);
|
||||||
|
case RESPONSE_SENT:
|
||||||
|
final String clientCalculatedServerFinalMessage = "v=" +
|
||||||
|
Base64.encodeToString(serverSignature, Base64.NO_WRAP);
|
||||||
|
if (!clientCalculatedServerFinalMessage.equals(new String(Base64.decode(challenge, Base64.DEFAULT)))) {
|
||||||
|
throw new AuthenticationException("Server final message does not match calculated final message");
|
||||||
|
}
|
||||||
|
state = State.VALID_SERVER_RESPONSE;
|
||||||
|
return "";
|
||||||
|
default:
|
||||||
|
throw new AuthenticationException("Invalid state: " + state);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public static synchronized byte[] hmac(final byte[] key, final byte[] input)
|
||||||
|
throws InvalidKeyException {
|
||||||
|
HMAC.init(new KeyParameter(key));
|
||||||
|
HMAC.update(input, 0, input.length);
|
||||||
|
final byte[] out = new byte[HMAC.getMacSize()];
|
||||||
|
HMAC.doFinal(out, 0);
|
||||||
|
return out;
|
||||||
|
}
|
||||||
|
|
||||||
|
public static synchronized byte[] digest(byte[] bytes) {
|
||||||
|
DIGEST.reset();
|
||||||
|
DIGEST.update(bytes, 0, bytes.length);
|
||||||
|
final byte[] out = new byte[DIGEST.getDigestSize()];
|
||||||
|
DIGEST.doFinal(out, 0);
|
||||||
|
return out;
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Hi() is, essentially, PBKDF2 [RFC2898] with HMAC() as the
|
||||||
|
* pseudorandom function (PRF) and with dkLen == output length of
|
||||||
|
* HMAC() == output length of H().
|
||||||
|
*/
|
||||||
|
private static synchronized byte[] hi(final byte[] key, final byte[] salt, final int iterations)
|
||||||
|
throws InvalidKeyException {
|
||||||
|
byte[] u = hmac(key, CryptoHelper.concatenateByteArrays(salt, CryptoHelper.ONE));
|
||||||
|
byte[] out = u.clone();
|
||||||
|
for (int i = 1; i < iterations; i++) {
|
||||||
|
u = hmac(key, u);
|
||||||
|
for (int j = 0; j < u.length; j++) {
|
||||||
|
out[j] ^= u[j];
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return out;
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,76 @@
|
|||||||
|
package eu.siacs.conversations.crypto.sasl;
|
||||||
|
|
||||||
|
import android.util.Base64;
|
||||||
|
|
||||||
|
import java.util.ArrayList;
|
||||||
|
import java.util.Arrays;
|
||||||
|
import java.util.Iterator;
|
||||||
|
import java.util.List;
|
||||||
|
import java.util.NoSuchElementException;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* A tokenizer for GS2 header strings
|
||||||
|
*/
|
||||||
|
public final class Tokenizer implements Iterator<String>, Iterable<String> {
|
||||||
|
private final List<String> parts;
|
||||||
|
private int index;
|
||||||
|
|
||||||
|
public Tokenizer(final byte[] challenge) {
|
||||||
|
final String challengeString = new String(challenge);
|
||||||
|
parts = new ArrayList<>(Arrays.asList(challengeString.split(",")));
|
||||||
|
index = 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns true if there is at least one more element, false otherwise.
|
||||||
|
*
|
||||||
|
* @see #next
|
||||||
|
*/
|
||||||
|
@Override
|
||||||
|
public boolean hasNext() {
|
||||||
|
return parts.size() != index + 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns the next object and advances the iterator.
|
||||||
|
*
|
||||||
|
* @return the next object.
|
||||||
|
* @throws java.util.NoSuchElementException if there are no more elements.
|
||||||
|
* @see #hasNext
|
||||||
|
*/
|
||||||
|
@Override
|
||||||
|
public String next() {
|
||||||
|
if (hasNext()) {
|
||||||
|
return parts.get(index++);
|
||||||
|
} else {
|
||||||
|
throw new NoSuchElementException("No such element. Size is: " + parts.size());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Removes the last object returned by {@code next} from the collection.
|
||||||
|
* This method can only be called once between each call to {@code next}.
|
||||||
|
*
|
||||||
|
* @throws UnsupportedOperationException if removing is not supported by the collection being
|
||||||
|
* iterated.
|
||||||
|
* @throws IllegalStateException if {@code next} has not been called, or {@code remove} has
|
||||||
|
* already been called after the last call to {@code next}.
|
||||||
|
*/
|
||||||
|
@Override
|
||||||
|
public void remove() {
|
||||||
|
if(index <= 0) {
|
||||||
|
throw new IllegalStateException("You can't delete an element before first next() method call");
|
||||||
|
}
|
||||||
|
parts.remove(--index);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns an {@link java.util.Iterator} for the elements in this object.
|
||||||
|
*
|
||||||
|
* @return An {@code Iterator} instance.
|
||||||
|
*/
|
||||||
|
@Override
|
||||||
|
public Iterator<String> iterator() {
|
||||||
|
return parts.iterator();
|
||||||
|
}
|
||||||
|
}
|
@ -1,13 +1,14 @@
|
|||||||
package eu.siacs.conversations.utils;
|
package eu.siacs.conversations.utils;
|
||||||
|
|
||||||
import java.security.SecureRandom;
|
import java.security.SecureRandom;
|
||||||
|
import java.text.Normalizer;
|
||||||
|
|
||||||
public class CryptoHelper {
|
public class CryptoHelper {
|
||||||
public static final String FILETRANSFER = "?FILETRANSFERv1:";
|
public static final String FILETRANSFER = "?FILETRANSFERv1:";
|
||||||
final protected static char[] hexArray = "0123456789abcdef".toCharArray();
|
final protected static char[] hexArray = "0123456789abcdef".toCharArray();
|
||||||
final protected static char[] vowels = "aeiou".toCharArray();
|
final protected static char[] vowels = "aeiou".toCharArray();
|
||||||
final protected static char[] consonants = "bcdfghjklmnpqrstvwxyz"
|
final protected static char[] consonants = "bcdfghjklmnpqrstvwxyz".toCharArray();
|
||||||
.toCharArray();
|
final public static byte[] ONE = new byte[] { 0, 0, 0, 1 };
|
||||||
|
|
||||||
public static String bytesToHex(byte[] bytes) {
|
public static String bytesToHex(byte[] bytes) {
|
||||||
char[] hexChars = new char[bytes.length * 2];
|
char[] hexChars = new char[bytes.length * 2];
|
||||||
@ -51,4 +52,30 @@ public class CryptoHelper {
|
|||||||
}
|
}
|
||||||
return builder.toString();
|
return builder.toString();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Escapes usernames or passwords for SASL.
|
||||||
|
*/
|
||||||
|
public static String saslEscape(final String s) {
|
||||||
|
final StringBuilder sb = new StringBuilder((int) (s.length() * 1.1));
|
||||||
|
for (int i = 0; i < s.length(); i++) {
|
||||||
|
char c = s.charAt(i);
|
||||||
|
switch (c) {
|
||||||
|
case ',':
|
||||||
|
sb.append("=2C");
|
||||||
|
break;
|
||||||
|
case '=':
|
||||||
|
sb.append("=3D");
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
sb.append(c);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return sb.toString();
|
||||||
|
}
|
||||||
|
|
||||||
|
public static String saslPrep(final String s) {
|
||||||
|
return saslEscape(Normalizer.normalize(s, Normalizer.Form.NFKC));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
@ -39,9 +39,11 @@ import javax.net.ssl.SSLSocketFactory;
|
|||||||
import javax.net.ssl.X509TrustManager;
|
import javax.net.ssl.X509TrustManager;
|
||||||
|
|
||||||
import eu.siacs.conversations.Config;
|
import eu.siacs.conversations.Config;
|
||||||
|
import eu.siacs.conversations.crypto.sasl.AuthenticationException;
|
||||||
import eu.siacs.conversations.crypto.sasl.DigestMd5;
|
import eu.siacs.conversations.crypto.sasl.DigestMd5;
|
||||||
import eu.siacs.conversations.crypto.sasl.Plain;
|
import eu.siacs.conversations.crypto.sasl.Plain;
|
||||||
import eu.siacs.conversations.crypto.sasl.SaslMechanism;
|
import eu.siacs.conversations.crypto.sasl.SaslMechanism;
|
||||||
|
import eu.siacs.conversations.crypto.sasl.ScramSha1;
|
||||||
import eu.siacs.conversations.entities.Account;
|
import eu.siacs.conversations.entities.Account;
|
||||||
import eu.siacs.conversations.services.XmppConnectionService;
|
import eu.siacs.conversations.services.XmppConnectionService;
|
||||||
import eu.siacs.conversations.utils.DNSHelper;
|
import eu.siacs.conversations.utils.DNSHelper;
|
||||||
@ -271,6 +273,7 @@ public class XmppConnection implements Runnable {
|
|||||||
private void processStream(final Tag currentTag) throws XmlPullParserException,
|
private void processStream(final Tag currentTag) throws XmlPullParserException,
|
||||||
IOException, NoSuchAlgorithmException {
|
IOException, NoSuchAlgorithmException {
|
||||||
Tag nextTag = tagReader.readTag();
|
Tag nextTag = tagReader.readTag();
|
||||||
|
|
||||||
while ((nextTag != null) && (!nextTag.isEnd("stream"))) {
|
while ((nextTag != null) && (!nextTag.isEnd("stream"))) {
|
||||||
if (nextTag.isStart("error")) {
|
if (nextTag.isStart("error")) {
|
||||||
processStreamError(nextTag);
|
processStreamError(nextTag);
|
||||||
@ -282,7 +285,13 @@ public class XmppConnection implements Runnable {
|
|||||||
switchOverToZLib(nextTag);
|
switchOverToZLib(nextTag);
|
||||||
} else if (nextTag.isStart("success")) {
|
} else if (nextTag.isStart("success")) {
|
||||||
Log.d(Config.LOGTAG, account.getJid().toBareJid().toString() + ": logged in");
|
Log.d(Config.LOGTAG, account.getJid().toBareJid().toString() + ": logged in");
|
||||||
tagReader.readTag();
|
final String challenge = tagReader.readElement(nextTag).getContent();
|
||||||
|
try {
|
||||||
|
saslMechanism.getResponse(challenge);
|
||||||
|
} catch (final AuthenticationException e) {
|
||||||
|
disconnect(true);
|
||||||
|
Log.e(Config.LOGTAG, String.valueOf(e));
|
||||||
|
}
|
||||||
tagReader.reset();
|
tagReader.reset();
|
||||||
sendStartStream();
|
sendStartStream();
|
||||||
processStream(tagReader.readTag());
|
processStream(tagReader.readTag());
|
||||||
@ -295,7 +304,12 @@ public class XmppConnection implements Runnable {
|
|||||||
final Element response = new Element("response");
|
final Element response = new Element("response");
|
||||||
response.setAttribute("xmlns",
|
response.setAttribute("xmlns",
|
||||||
"urn:ietf:params:xml:ns:xmpp-sasl");
|
"urn:ietf:params:xml:ns:xmpp-sasl");
|
||||||
|
try {
|
||||||
response.setContent(saslMechanism.getResponse(challenge));
|
response.setContent(saslMechanism.getResponse(challenge));
|
||||||
|
} catch (final AuthenticationException e) {
|
||||||
|
// TODO: Send auth abort tag.
|
||||||
|
Log.e(Config.LOGTAG, e.toString());
|
||||||
|
}
|
||||||
tagWriter.writeElement(response);
|
tagWriter.writeElement(response);
|
||||||
} else if (nextTag.isStart("enabled")) {
|
} else if (nextTag.isStart("enabled")) {
|
||||||
Element enabled = tagReader.readElement(nextTag);
|
Element enabled = tagReader.readElement(nextTag);
|
||||||
@ -616,13 +630,22 @@ public class XmppConnection implements Runnable {
|
|||||||
.findChild("mechanisms"));
|
.findChild("mechanisms"));
|
||||||
final Element auth = new Element("auth");
|
final Element auth = new Element("auth");
|
||||||
auth.setAttribute("xmlns", "urn:ietf:params:xml:ns:xmpp-sasl");
|
auth.setAttribute("xmlns", "urn:ietf:params:xml:ns:xmpp-sasl");
|
||||||
if (mechanisms.contains("DIGEST-MD5")) {
|
if (mechanisms.contains(ScramSha1.getMechanism())) {
|
||||||
|
saslMechanism = new ScramSha1(tagWriter, account, mXmppConnectionService.getRNG());
|
||||||
|
Log.d(Config.LOGTAG, "Authenticating with " + ScramSha1.getMechanism());
|
||||||
|
auth.setAttribute("mechanism", ScramSha1.getMechanism());
|
||||||
|
} else if (mechanisms.contains(DigestMd5.getMechanism())) {
|
||||||
|
Log.d(Config.LOGTAG, "Authenticating with " + DigestMd5.getMechanism());
|
||||||
saslMechanism = new DigestMd5(tagWriter, account, mXmppConnectionService.getRNG());
|
saslMechanism = new DigestMd5(tagWriter, account, mXmppConnectionService.getRNG());
|
||||||
} else if (mechanisms.contains("PLAIN")) {
|
auth.setAttribute("mechanism", DigestMd5.getMechanism());
|
||||||
|
} else if (mechanisms.contains(Plain.getMechanism())) {
|
||||||
|
Log.d(Config.LOGTAG, "Authenticating with " + Plain.getMechanism());
|
||||||
saslMechanism = new Plain(tagWriter, account);
|
saslMechanism = new Plain(tagWriter, account);
|
||||||
auth.setContent(((Plain)saslMechanism).getStartAuth());
|
auth.setAttribute("mechanism", Plain.getMechanism());
|
||||||
|
}
|
||||||
|
if (!saslMechanism.getClientFirstMessage().isEmpty()) {
|
||||||
|
auth.setContent(saslMechanism.getClientFirstMessage());
|
||||||
}
|
}
|
||||||
auth.setAttribute("mechanism", saslMechanism.getMechanism());
|
|
||||||
tagWriter.writeElement(auth);
|
tagWriter.writeElement(auth);
|
||||||
} else if (this.streamFeatures.hasChild("sm", "urn:xmpp:sm:"
|
} else if (this.streamFeatures.hasChild("sm", "urn:xmpp:sm:"
|
||||||
+ smVersion)
|
+ smVersion)
|
||||||
|
@ -117,7 +117,7 @@ public final class Jid {
|
|||||||
finaljid = finaljid + dp;
|
finaljid = finaljid + dp;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Remove trailling "." before storing the domain part.
|
// Remove trailing "." before storing the domain part.
|
||||||
if (dp.endsWith(".")) {
|
if (dp.endsWith(".")) {
|
||||||
try {
|
try {
|
||||||
domainpart = IDN.toASCII(dp.substring(0, dp.length() - 1), IDN.USE_STD3_ASCII_RULES);
|
domainpart = IDN.toASCII(dp.substring(0, dp.length() - 1), IDN.USE_STD3_ASCII_RULES);
|
||||||
|
Loading…
Reference in New Issue
Block a user