Fix auth when upgrading from SCRAM-SHA-1 to -256 (#3192)
This commit is contained in:
parent
9015d0a1fc
commit
ef4cfacaf4
|
@ -43,7 +43,7 @@ abstract class ScramMechanism extends SaslMechanism {
|
||||||
static {
|
static {
|
||||||
CACHE = new LruCache<String, KeyPair>(10) {
|
CACHE = new LruCache<String, KeyPair>(10) {
|
||||||
protected KeyPair create(final String k) {
|
protected KeyPair create(final String k) {
|
||||||
// Map keys are "bytesToHex(JID),bytesToHex(password),bytesToHex(salt),iterations".
|
// Map keys are "bytesToHex(JID),bytesToHex(password),bytesToHex(salt),iterations,SASL-Mechanism".
|
||||||
// Changing any of these values forces a cache miss. `CryptoHelper.bytesToHex()'
|
// Changing any of these values forces a cache miss. `CryptoHelper.bytesToHex()'
|
||||||
// is applied to prevent commas in the strings breaking things.
|
// is applied to prevent commas in the strings breaking things.
|
||||||
final String[] kparts = k.split(",", 4);
|
final String[] kparts = k.split(",", 4);
|
||||||
|
@ -147,12 +147,13 @@ abstract class ScramMechanism extends SaslMechanism {
|
||||||
final byte[] authMessage = (clientFirstMessageBare + ',' + new String(serverFirstMessage) + ','
|
final byte[] authMessage = (clientFirstMessageBare + ',' + new String(serverFirstMessage) + ','
|
||||||
+ clientFinalMessageWithoutProof).getBytes();
|
+ clientFinalMessageWithoutProof).getBytes();
|
||||||
|
|
||||||
// Map keys are "bytesToHex(JID),bytesToHex(password),bytesToHex(salt),iterations".
|
// Map keys are "bytesToHex(JID),bytesToHex(password),bytesToHex(salt),iterations,SASL-Mechanism".
|
||||||
final KeyPair keys = CACHE.get(
|
final KeyPair keys = CACHE.get(
|
||||||
CryptoHelper.bytesToHex(account.getJid().asBareJid().toString().getBytes()) + ","
|
CryptoHelper.bytesToHex(account.getJid().asBareJid().toString().getBytes()) + ","
|
||||||
+ CryptoHelper.bytesToHex(account.getPassword().getBytes()) + ","
|
+ CryptoHelper.bytesToHex(account.getPassword().getBytes()) + ","
|
||||||
+ CryptoHelper.bytesToHex(salt.getBytes()) + ","
|
+ CryptoHelper.bytesToHex(salt.getBytes()) + ","
|
||||||
+ String.valueOf(iterationCount)
|
+ String.valueOf(iterationCount)
|
||||||
|
+ getMechanism()
|
||||||
);
|
);
|
||||||
if (keys == null) {
|
if (keys == null) {
|
||||||
throw new AuthenticationException("Invalid keys generated");
|
throw new AuthenticationException("Invalid keys generated");
|
||||||
|
|
Loading…
Reference in New Issue