sum7/Conversations
sum7
/
Conversations
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

handle invalid base64 is SASl SCRAM response

This commit is contained in:
Daniel Gultsch 2016-05-07 11:34:17 +02:00
parent e2d3bef739
commit 76889b9c58
1 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha1.java
View File

@ -185,13 +185,17 @@ public class ScramSha1 extends SaslMechanism {
state = State.RESPONSE_SENT;
return Base64.encodeToString(clientFinalMessage.getBytes(), Base64.NO_WRAP);
case RESPONSE_SENT:
final String clientCalculatedServerFinalMessage = "v=" +
Base64.encodeToString(serverSignature, Base64.NO_WRAP);
if (challenge == null || !clientCalculatedServerFinalMessage.equals(new String(Base64.decode(challenge, Base64.DEFAULT)))) {
try {
final String clientCalculatedServerFinalMessage = "v=" +
Base64.encodeToString(serverSignature, Base64.NO_WRAP);
if (!clientCalculatedServerFinalMessage.equals(new String(Base64.decode(challenge, Base64.DEFAULT)))) {
throw new Exception();
};
state = State.VALID_SERVER_RESPONSE;
return "";
} catch(Exception e) {
throw new AuthenticationException("Server final message does not match calculated final message");
}
state = State.VALID_SERVER_RESPONSE;
return "";
default:
throw new InvalidStateException(state);
}