vanitasvitae/Smack
1
0
Fork 0
mirror of https://github.com/vanitasvitae/Smack.git synced 2025-09-10 09:39:39 +02:00
Code Issues Releases Wiki Activity

Add SCRAM-SHA1 support

Browse source 
Thanks to Stefan Karlsson for helping with the implementation.

Also add SASLMechanism.checkIfSuccessfulOrThrow(), to increase the
security by verifying the mechanisms state at the end of SASL
authentication.

SASLMechanism now has a SASLPrep StringTransformer.

Refactor SHA1 functions out of StringUtils into SHA1 utility class.

Add MAC utility class.

Make DummyConnection getSentpacket() methods use generics to make unit
testing SCRAM-SHA1 easier.

Fixes SMACK-398
This commit is contained in:
Florian Schmaus 2014-10-21 11:59:11 +02:00
parent 6a2bc0c02d
commit 403ecff2b2
18 changed files with 704 additions and 80 deletions
Download patch file Download diff file Expand all files Collapse all files

14
smack-core/src/test/java/org/jivesoftware/smack/DummyConnection.java
View file

@ -23,9 +23,9 @@ import java.util.concurrent.BlockingQueue;
import java.util.concurrent.LinkedBlockingQueue;
import java.util.concurrent.TimeUnit;
import org.jivesoftware.smack.packet.Element;
import org.jivesoftware.smack.packet.Packet;
import org.jivesoftware.smack.packet.PlainStreamElement;
import org.jivesoftware.smack.packet.TopLevelStreamElement;
/**
* A dummy implementation of {@link XMPPConnection}, intended to be used during
@ -53,7 +53,7 @@ public class DummyConnection extends AbstractXMPPConnection {
private String connectionID;
private Roster roster;
private final BlockingQueue<Element> queue = new LinkedBlockingQueue<Element>();
private final BlockingQueue<TopLevelStreamElement> queue = new LinkedBlockingQueue<TopLevelStreamElement>();
public DummyConnection() {
this(new ConnectionConfiguration("example.com"));
@ -211,8 +211,9 @@ public class DummyConnection extends AbstractXMPPConnection {
* @return a sent packet.
* @throws InterruptedException
*/
public Packet getSentPacket() throws InterruptedException {
return (Packet) queue.poll();
@SuppressWarnings("unchecked")
public <P extends TopLevelStreamElement> P getSentPacket() throws InterruptedException {
return (P) queue.poll();
}
/**
@ -224,8 +225,9 @@ public class DummyConnection extends AbstractXMPPConnection {
* @return a sent packet.
* @throws InterruptedException
*/
public Packet getSentPacket(int wait) throws InterruptedException {
return (Packet) queue.poll(wait, TimeUnit.SECONDS);
@SuppressWarnings("unchecked")
public <P extends TopLevelStreamElement> P getSentPacket(int wait) throws InterruptedException {
return (P) queue.poll(wait, TimeUnit.SECONDS);
}
/**

72
smack-core/src/test/java/org/jivesoftware/smack/sasl/core/SCRAMSHA1MechanismTest.java Normal file
View file

@ -0,0 +1,72 @@
/**
*
* Copyright 2014 Florian Schmaus
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.jivesoftware.smack.sasl.core;
import static org.junit.Assert.assertEquals;
import org.jivesoftware.smack.DummyConnection;
import org.jivesoftware.smack.SmackException;
import org.jivesoftware.smack.SmackException.NotConnectedException;
import org.jivesoftware.smack.sasl.packet.SaslStreamElements.AuthMechanism;
import org.jivesoftware.smack.sasl.packet.SaslStreamElements.Response;
import org.jivesoftware.smack.test.util.SmackTestSuite;
import org.jivesoftware.smack.util.stringencoder.Base64;
import org.junit.Before;
import org.junit.Test;
public class SCRAMSHA1MechanismTest {
public static final String USERNAME = "user";
public static final String PASSWORD = "pencil";
public static final String CLIENT_FIRST_MESSAGE = "n,,n=user,r=fyko+d2lbbFgONRv9qkxdawL";
public static final String SERVER_FIRST_MESSAGE = "r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,s=QSXCR+Q6sek8bf92,i=4096";
public static final String CLIENT_FINAL_MESSAGE = "c=biws,r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,p=v0X8v3Bz2T0CJGbJQyF0X+HI4Ts=";
public static final String SERVER_FINAL_MESSAGE = "v=rmF9pqV8S7suAoZWja4dJRkFsKQ=";
@Before
public void init() {
SmackTestSuite.init();
}
@Test
public void testScramSha1Mechanism() throws NotConnectedException, SmackException, InterruptedException {
final DummyConnection con = new DummyConnection();
SCRAMSHA1Mechanism mech = new SCRAMSHA1Mechanism() {
@Override
public String getRandomAscii() {
this.connection = con;
return "fyko+d2lbbFgONRv9qkxdawL";
}
};
mech.authenticate(USERNAME, "unusedFoo", "unusedBar", PASSWORD);
AuthMechanism authMechanism = con.getSentPacket();
assertEquals(SCRAMSHA1Mechanism.NAME, authMechanism.getMechanism());
assertEquals(CLIENT_FIRST_MESSAGE, saslLayerString(authMechanism.getAuthenticationText()));
mech.challengeReceived(Base64.encode(SERVER_FIRST_MESSAGE), false);
Response response = con.getSentPacket();
assertEquals(CLIENT_FINAL_MESSAGE, saslLayerString(response.getAuthenticationText()));
mech.challengeReceived(Base64.encode(SERVER_FINAL_MESSAGE), true);
mech.checkIfSuccessfulOrThrow();
}
private static String saslLayerString(String string) {
return Base64.decodeToString(string);
}
}

82
smack-core/src/test/java/org/jivesoftware/smack/util/SHA1Test.java Normal file
View file

@ -0,0 +1,82 @@
/**
*
* Copyright 2003-2007 Jive Software.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.jivesoftware.smack.util;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
import org.junit.Test;
/**
* A test case for the SHA1 class.
*/
public class SHA1Test {
@Test
public void testHash() {
// Test null
// @TODO - should the StringUtils.hash(String) method be fixed to handle null input?
try {
SHA1.hex((String) null);
fail();
}
catch (NullPointerException npe) {
assertTrue(true);
}
// Test empty String
String result = SHA1.hex("");
assertEquals("da39a3ee5e6b4b0d3255bfef95601890afd80709", result);
// Test a known hash
String adminInHash = "d033e22ae348aeb5660fc2140aec35850c4da997";
result = SHA1.hex("admin");
assertEquals(adminInHash, result);
// Test a random String - make sure all resulting characters are valid hash characters
// and that the returned string is 32 characters long.
String random = "jive software blah and stuff this is pretty cool";
result = SHA1.hex(random);
assertTrue(isValidHash(result));
// Test junk input:
String junk = "\n\n\t\b\r!@(!)^(#)@+_-\u2031\u09291\u00A9\u00BD\u0394\u00F8";
result = SHA1.hex(junk);
assertTrue(isValidHash(result));
}
/* ----- Utility methods and vars ----- */
private final String HASH_CHARS = "0123456789abcdef";
/**
* Returns true if the input string is valid md5 hash, false otherwise.
*/
private boolean isValidHash(String result) {
boolean valid = true;
for (int i=0; i<result.length(); i++) {
char c = result.charAt(i);
if (HASH_CHARS.indexOf(c) < 0) {
valid = false;
}
}
return valid;
}
}

52
smack-core/src/test/java/org/jivesoftware/smack/util/StringUtilsTest.java
View file

@ -20,7 +20,6 @@ package org.jivesoftware.smack.util;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
import org.junit.Test;
@ -72,57 +71,6 @@ public class StringUtilsTest {
assertEquals(expected.toString(), actual.toString());
}
@Test
public void testHash() {
// Test null
// @TODO - should the StringUtils.hash(String) method be fixed to handle null input?
try {
StringUtils.hash(null);
fail();
}
catch (NullPointerException npe) {
assertTrue(true);
}
// Test empty String
String result = StringUtils.hash("");
assertEquals("da39a3ee5e6b4b0d3255bfef95601890afd80709", result);
// Test a known hash
String adminInHash = "d033e22ae348aeb5660fc2140aec35850c4da997";
result = StringUtils.hash("admin");
assertEquals(adminInHash, result);
// Test a random String - make sure all resulting characters are valid hash characters
// and that the returned string is 32 characters long.
String random = "jive software blah and stuff this is pretty cool";
result = StringUtils.hash(random);
assertTrue(isValidHash(result));
// Test junk input:
String junk = "\n\n\t\b\r!@(!)^(#)@+_-\u2031\u09291\u00A9\u00BD\u0394\u00F8";
result = StringUtils.hash(junk);
assertTrue(isValidHash(result));
}
/* ----- Utility methods and vars ----- */
private final String HASH_CHARS = "0123456789abcdef";
/**
* Returns true if the input string is valid md5 hash, false otherwise.
*/
private boolean isValidHash(String result) {
boolean valid = true;
for (int i=0; i<result.length(); i++) {
char c = result.charAt(i);
if (HASH_CHARS.indexOf(c) < 0) {
valid = false;
}
}
return valid;
}
@Test
public void testEncodeHex() {
String input = "";