SASL Proxy Auth support

This adds the ability to provide a distinct authorization identifier for use
by SASL mechanisms. Not all SASL mechanisms support this operation, in
particular CRAM-MD5.

Both the javax and provided SASL implementations are extended, and an authzid
parameter added to the authenticate method.

The authorization identifier is passed as a EntityBareJid in order to assure the
correct form.

Resolves SMACK-677.

Minor-Modifications-By: Florian Schmaus <flo@geekplace.eu>

smack-sasl-provided/src/main/java/org/jivesoftware/smack/sasl/provided/SASLDigestMD5Mechanism.java

@@ -83,6 +83,11 @@ public class SASLDigestMD5Mechanism extends SASLMechanism {
         return new SASLDigestMD5Mechanism();
     }
 
+    @Override
+    public boolean authzidSupported() {
+      return true;
+    }
+
 
     @Override
     public void checkIfSuccessfulOrThrow() throws SmackException {
@@ -141,7 +146,14 @@ public class SASLDigestMD5Mechanism extends SASLMechanism {
             String responseValue = calcResponse(DigestType.ClientResponse);
             // @formatter:off
             // See RFC 2831 2.1.2 digest-response
+            String authzid;
+            if (authorizationId == null) {
+              authzid = "";
+            } else {
+              authzid = ",authzid=\"" + authorizationId + '"';
+            }
             String saslString = "username=\"" + authenticationId + '"'
+                               + authzid
                                + ",realm=\"" + serviceName + '"'
                                + ",nonce=\"" + nonce + '"'
                                + ",cnonce=\"" + cnonce + '"'

smack-sasl-provided/src/main/java/org/jivesoftware/smack/sasl/provided/SASLExternalMechanism.java

@@ -40,6 +40,10 @@ public class SASLExternalMechanism extends SASLMechanism {
 
     @Override
     protected byte[] getAuthenticationText() throws SmackException {
+        if (authorizationId != null) {
+          return toBytes(authorizationId.toString());
+        }
+
         if (StringUtils.isNullOrEmpty(authenticationId)) {
             return null;
         }
@@ -67,4 +71,9 @@ public class SASLExternalMechanism extends SASLMechanism {
         // No check performed
     }
 
+    @Override
+    public boolean authzidSupported() {
+      return true;
+    }
+
 }

smack-sasl-provided/src/main/java/org/jivesoftware/smack/sasl/provided/SASLPlainMechanism.java

@@ -34,7 +34,13 @@ public class SASLPlainMechanism extends SASLMechanism {
     @Override
     protected byte[] getAuthenticationText() throws SmackException {
         // concatenate and encode username (authcid) and password
-        byte[] authcid = toBytes('\u0000' + authenticationId);
+        String authzid;
+        if (authorizationId == null) {
+          authzid = "";
+        } else {
+          authzid = authorizationId.toString();
+        }
+        byte[] authcid = toBytes(authzid + '\u0000' + authenticationId);
         byte[] passw = toBytes('\u0000' + password);
 
         return ByteUtils.concact(authcid, passw);
@@ -59,4 +65,9 @@ public class SASLPlainMechanism extends SASLMechanism {
     public void checkIfSuccessfulOrThrow() throws SmackException {
         // No check performed
     }
+
+    @Override
+    public boolean authzidSupported() {
+      return true;
+    }
 }

smack-sasl-provided/src/test/java/org/jivesoftware/smack/sasl/provided/SASLDigestMD5Test.java

@@ -29,6 +29,11 @@ public class SASLDigestMD5Test extends DigestMd5SaslTest {
 
     @Test
     public void testDigestMD5() throws NotConnectedException, SmackException, InterruptedException, XmppStringprepException {
-        runTest();
+        runTest(false);
+    }
+
+    @Test
+    public void testDigestMD5Authzid() throws NotConnectedException, SmackException, InterruptedException, XmppStringprepException {
+        runTest(true);
     }
 }