From d421b2fa1b4c13ae08f5d5d5eef04185ab6e1a14 Mon Sep 17 00:00:00 2001 From: Florian Schmaus Date: Fri, 7 Apr 2017 18:56:51 +0200 Subject: [PATCH] Fix provided SASL DIGEST-MD5 mechanism In case the server provided nonce contained one or more equals characters ("=") the part.split("=") call would return more then the expected two key/value parts. Hence we simply use part.split("=", 2). Also made the unit test check for this case. Fixes SMACK-755 --- .../org/jivesoftware/smack/sasl/DigestMd5SaslTest.java | 8 +++----- .../smack/sasl/provided/SASLDigestMD5Mechanism.java | 5 ++--- 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/smack-core/src/test/java/org/jivesoftware/smack/sasl/DigestMd5SaslTest.java b/smack-core/src/test/java/org/jivesoftware/smack/sasl/DigestMd5SaslTest.java index 9e1862b11..82848c463 100644 --- a/smack-core/src/test/java/org/jivesoftware/smack/sasl/DigestMd5SaslTest.java +++ b/smack-core/src/test/java/org/jivesoftware/smack/sasl/DigestMd5SaslTest.java @@ -1,6 +1,6 @@ /** * - * Copyright © 2014 Florian Schmaus + * Copyright © 2014-2017 Florian Schmaus * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -17,7 +17,6 @@ package org.jivesoftware.smack.sasl; import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertTrue; import java.io.UnsupportedEncodingException; import java.util.HashMap; @@ -32,7 +31,7 @@ import org.jxmpp.jid.EntityBareJid; public class DigestMd5SaslTest extends AbstractSaslTest { - protected static final String challenge = "realm=\"xmpp.org\",nonce=\"aTUr3GXqUtyy2B7HVDW6C+gQs+j+0EhWWjoBKkkg\",qop=\"auth\",charset=utf-8,algorithm=md5-sess"; + protected static final String challenge = "realm=\"xmpp.org\",nonce=\"jgGgnz+cQcmyVaAs2n88kQ==\",qop=\"auth\",charset=utf-8,algorithm=md5-sess"; protected static final byte[] challengeBytes = StringUtils.toBytes(challenge); public DigestMd5SaslTest(SASLMechanism saslMechanism) { @@ -50,8 +49,7 @@ public class DigestMd5SaslTest extends AbstractSaslTest { String[] responseParts = responseString.split(","); Map responsePairs = new HashMap(); for (String part : responseParts) { - String[] keyValue = part.split("="); - assertTrue(keyValue.length == 2); + String[] keyValue = part.split("=", 2); String key = keyValue[0]; String value = keyValue[1].replace("\"", ""); responsePairs.put(key, value); diff --git a/smack-sasl-provided/src/main/java/org/jivesoftware/smack/sasl/provided/SASLDigestMD5Mechanism.java b/smack-sasl-provided/src/main/java/org/jivesoftware/smack/sasl/provided/SASLDigestMD5Mechanism.java index 723256838..34cdbaf5f 100644 --- a/smack-sasl-provided/src/main/java/org/jivesoftware/smack/sasl/provided/SASLDigestMD5Mechanism.java +++ b/smack-sasl-provided/src/main/java/org/jivesoftware/smack/sasl/provided/SASLDigestMD5Mechanism.java @@ -1,6 +1,6 @@ /** * - * Copyright 2014 Florian Schmaus + * Copyright 2014-2017 Florian Schmaus * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -115,8 +115,7 @@ public class SASLDigestMD5Mechanism extends SASLMechanism { switch (state) { case INITIAL: for (String part : challengeParts) { - String[] keyValue = part.split("="); - assert (keyValue.length == 2); + String[] keyValue = part.split("=", 2); String key = keyValue[0]; // RFC 2831 § 7.1 about the formating of the digest-challenge: // "The full form is "#element" indicating at least and