Add SCRAM-SHA1 support

Thanks to Stefan Karlsson for helping with the implementation. Also add SASLMechanism.checkIfSuccessfulOrThrow(), to increase the security by verifying the mechanisms state at the end of SASL authentication. SASLMechanism now has a SASLPrep StringTransformer. Refactor SHA1 functions out of StringUtils into SHA1 utility class. Add MAC utility class. Make DummyConnection getSentpacket() methods use generics to make unit testing SCRAM-SHA1 easier. Fixes SMACK-398
Flowdalic · Oct 21, 2014 · 403ecff · 403ecff
1 parent 6a2bc0c
commit 403ecff
Show file tree

Hide file tree

Showing 18 changed files with 704 additions and 80 deletions.
diff --git a/smack-core/src/main/java/org/jivesoftware/smack/SASLAuthentication.java b/smack-core/src/main/java/org/jivesoftware/smack/SASLAuthentication.java
@@ -343,6 +343,7 @@ public void authenticated(Success success) throws SmackException {
         if (success.getData() != null) {
             challengeReceived(success.getData(), true);
         }
+        currentMechanism.checkIfSuccessfulOrThrow();
         authenticationSuccessful = true;
         // Wake up the thread that is waiting in the #authenticate method
         synchronized (this) {

diff --git a/smack-core/src/main/java/org/jivesoftware/smack/SmackInitialization.java b/smack-core/src/main/java/org/jivesoftware/smack/SmackInitialization.java
@@ -29,6 +29,7 @@
 
 import org.jivesoftware.smack.compression.Java7ZlibInputOutputStream;
 import org.jivesoftware.smack.initializer.SmackInitializer;
+import org.jivesoftware.smack.sasl.core.SCRAMSHA1Mechanism;
 import org.jivesoftware.smack.util.FileUtils;
 import org.xmlpull.v1.XmlPullParser;
 import org.xmlpull.v1.XmlPullParserException;
@@ -130,6 +131,8 @@ public final class SmackInitialization {
             // Ignore.
         }
 
+        SASLAuthentication.registerSASLMechanism(new SCRAMSHA1Mechanism());
+
         SmackConfiguration.smackInitialized = true;
     }
 

diff --git a/smack-core/src/main/java/org/jivesoftware/smack/sasl/SASLAnonymous.java b/smack-core/src/main/java/org/jivesoftware/smack/sasl/SASLAnonymous.java
@@ -55,4 +55,9 @@ public SASLAnonymous newInstance() {
         return new SASLAnonymous();
     }
 
+    @Override
+    public void checkIfSuccessfulOrThrow() throws SmackException {
+        // SASL Anonymous is always successful :)
+    }
+
 }
diff --git a/smack-core/src/main/java/org/jivesoftware/smack/sasl/SASLMechanism.java b/smack-core/src/main/java/org/jivesoftware/smack/sasl/SASLMechanism.java
@@ -21,6 +21,7 @@
 import org.jivesoftware.smack.XMPPConnection;
 import org.jivesoftware.smack.sasl.packet.SaslStreamElements.AuthMechanism;
 import org.jivesoftware.smack.sasl.packet.SaslStreamElements.Response;
+import org.jivesoftware.smack.util.StringTransformer;
 import org.jivesoftware.smack.util.StringUtils;
 import org.jivesoftware.smack.util.stringencoder.Base64;
 
@@ -71,6 +72,22 @@ public abstract class SASLMechanism implements Comparable<SASLMechanism> {
     public static final String GSSAPI = "GSSAPI";
     public static final String PLAIN = "PLAIN";
 
+    // TODO Remove once Smack's min Android API is 9, where java.text.Normalizer is available
+    private static StringTransformer saslPrepTransformer;
+
+    /**
+     * Set the SASLPrep StringTransformer.
+     * <p>
+     * A simple SASLPrep StringTransformer would be for example: <code>java.text.Normalizer.normalize(string, Form.NFKC);</code>
+     * </p>
+     * 
+     * @param stringTransformer set StringTransformer to use for SASLPrep.
+     * @see <a href="http://tools.ietf.org/html/rfc4013">RFC 4013 - SASLprep: Stringprep Profile for User Names and Passwords</a>
+     */
+    public static void setSaslPrepTransformer(StringTransformer stringTransformer) {
+        saslPrepTransformer = stringTransformer;
+    }
+
     protected XMPPConnection connection;
 
     /**
@@ -238,6 +255,8 @@ public final int compareTo(SASLMechanism other) {
 
     public abstract int getPriority();
 
+    public abstract void checkIfSuccessfulOrThrow() throws SmackException;
+
     public SASLMechanism instanceForAuthentication(XMPPConnection connection) {
         SASLMechanism saslMechansim = newInstance();
         saslMechansim.connection = connection;
@@ -249,4 +268,19 @@ public SASLMechanism instanceForAuthentication(XMPPConnection connection) {
     protected static byte[] toBytes(String string) {
         return StringUtils.toBytes(string);
     }
+
+    /**
+     * SASLprep the given String.
+     * 
+     * @param string the String to sasl prep.
+     * @return the given String SASL preped
+     * @see <a href="http://tools.ietf.org/html/rfc4013">RFC 4013 - SASLprep: Stringprep Profile for User Names and Passwords</a>
+     */
+    protected static String saslPrep(String string) {
+        StringTransformer stringTransformer = saslPrepTransformer;
+        if (stringTransformer != null) {
+            return stringTransformer.transform(string);
+        }
+        return string;
+    }
 }