SASL Proxy Auth support

This adds the ability to provide a distinct authorization identifier for use by SASL mechanisms. Not all SASL mechanisms support this operation, in particular CRAM-MD5. Both the javax and provided SASL implementations are extended, and an authzid parameter added to the authenticate method. The authorization identifier is passed as a EntityBareJid in order to assure the correct form. Resolves SMACK-677. Minor-Modifications-By: Florian Schmaus <flo@geekplace.eu>
2025-09-10 09:39:39 +02:00 · 2015-06-16 17:50:30 +01:00 · 2015-06-16 17:50:30 +01:00 · 9c772add93
commit 9c772add93
parent a00331dbb4
18 changed files with 182 additions and 32 deletions
--- a/smack-core/src/test/java/org/jivesoftware/smack/sasl/DigestMd5SaslTest.java
+++ b/smack-core/src/test/java/org/jivesoftware/smack/sasl/DigestMd5SaslTest.java
@ -27,6 +27,7 @@ import org.jivesoftware.smack.SmackException.NotConnectedException;
 import org.jivesoftware.smack.util.StringUtils;
 import org.jxmpp.jid.impl.JidCreate;
 import org.jxmpp.stringprep.XmppStringprepException;
+import org.jxmpp.jid.EntityBareJid;

 public class DigestMd5SaslTest extends AbstractSaslTest {

@ -37,9 +38,12 @@ public class DigestMd5SaslTest extends AbstractSaslTest {
        super(saslMechanism);
    }

-    protected void runTest() throws NotConnectedException, SmackException, InterruptedException, XmppStringprepException {
-        saslMechanism.authenticate("florian", "irrelevant", JidCreate.domainBareFrom("xmpp.org"), "secret");
-
+    protected void runTest(boolean useAuthzid) throws NotConnectedException, SmackException, InterruptedException, XmppStringprepException {
+        EntityBareJid authzid = null;
+        if (useAuthzid) {
+            authzid = JidCreate.entityBareFrom("shazbat@xmpp.org");
+        }
+        saslMechanism.authenticate("florian", "irrelevant", JidCreate.domainBareFrom("xmpp.org"), "secret", authzid);
        byte[] response = saslMechanism.evaluateChallenge(challengeBytes);
        String responseString = new String(response);
        String[] responseParts = responseString.split(",");
@ -51,6 +55,11 @@ public class DigestMd5SaslTest extends AbstractSaslTest {
            String value = keyValue[1].replace("\"", "");
            responsePairs.put(key, value);
        }
+        if (useAuthzid) {
+          assertMapValue("authzid", "shazbat@xmpp.org", responsePairs);
+        } else {
+          assert(!responsePairs.containsKey("authzid"));
+        }
        assertMapValue("username", "florian", responsePairs);
        assertMapValue("realm", "xmpp.org", responsePairs);
        assertMapValue("digest-uri", "xmpp/xmpp.org", responsePairs);
@ -58,6 +67,6 @@ public class DigestMd5SaslTest extends AbstractSaslTest {
    }

    private static void assertMapValue(String key, String value, Map<String, String> map) {
-        assertEquals(map.get(key), value);
+        assertEquals(value, map.get(key));
    }
 }
--- a/smack-core/src/test/java/org/jivesoftware/smack/sasl/core/SCRAMSHA1MechanismTest.java
+++ b/smack-core/src/test/java/org/jivesoftware/smack/sasl/core/SCRAMSHA1MechanismTest.java
@ -48,7 +48,7 @@ public class SCRAMSHA1MechanismTest extends SmackTestSuite {
            }
        };

-        mech.authenticate(USERNAME, "unusedFoo", JidTestUtil.DOMAIN_BARE_JID_1, PASSWORD);
+        mech.authenticate(USERNAME, "unusedFoo", JidTestUtil.DOMAIN_BARE_JID_1, PASSWORD, null);
        AuthMechanism authMechanism = con.getSentPacket();
        assertEquals(SCRAMSHA1Mechanism.NAME, authMechanism.getMechanism());
        assertEquals(CLIENT_FIRST_MESSAGE, saslLayerString(authMechanism.getAuthenticationText()));