Merge pull request #672 from SamWhited/development

Don't escape passwords in SASL
This commit is contained in:
Daniel Gultsch 2014-11-16 03:13:53 +01:00
commit 2c65477532
2 changed files with 3 additions and 3 deletions

View file

@ -52,7 +52,7 @@ public class ScramSha1 extends SaslMechanism {
final String[] kparts = k.split(",", 4); final String[] kparts = k.split(",", 4);
try { try {
final byte[] saltedPassword, serverKey, clientKey; final byte[] saltedPassword, serverKey, clientKey;
saltedPassword = hi(CryptoHelper.saslPrep(CryptoHelper.hexToString(kparts[1])).getBytes(), saltedPassword = hi(CryptoHelper.hexToString(kparts[1]).getBytes(),
Base64.decode(CryptoHelper.hexToString(kparts[2]), Base64.DEFAULT), Integer.valueOf(kparts[3])); Base64.decode(CryptoHelper.hexToString(kparts[2]), Base64.DEFAULT), Integer.valueOf(kparts[3]));
serverKey = hmac(saltedPassword, SERVER_KEY_BYTES); serverKey = hmac(saltedPassword, SERVER_KEY_BYTES);
clientKey = hmac(saltedPassword, CLIENT_KEY_BYTES); clientKey = hmac(saltedPassword, CLIENT_KEY_BYTES);
@ -88,7 +88,7 @@ public class ScramSha1 extends SaslMechanism {
@Override @Override
public String getClientFirstMessage() { public String getClientFirstMessage() {
if (clientFirstMessageBare.isEmpty() && state == State.INITIAL) { if (clientFirstMessageBare.isEmpty() && state == State.INITIAL) {
clientFirstMessageBare = "n=" + CryptoHelper.saslPrep(account.getUsername()) + clientFirstMessageBare = "n=" + CryptoHelper.saslEscape(CryptoHelper.saslPrep(account.getUsername())) +
",r=" + this.clientNonce; ",r=" + this.clientNonce;
state = State.AUTH_TEXT_SENT; state = State.AUTH_TEXT_SENT;
} }

View file

@ -80,7 +80,7 @@ public class CryptoHelper {
} }
public static String saslPrep(final String s) { public static String saslPrep(final String s) {
return saslEscape(Normalizer.normalize(s, Normalizer.Form.NFKC)); return Normalizer.normalize(s, Normalizer.Form.NFKC);
} }
public static String prettifyFingerprint(String fingerprint) { public static String prettifyFingerprint(String fingerprint) {