Commit 32b6937e authored by Guus der Kinderen's avatar Guus der Kinderen

Merge pull request #286 from guusdk/OF-939

OF-939: Should have safeguards against runtime exceptions.
parents 01fcd6e3 906583ec
...@@ -104,8 +104,10 @@ public class ScramSha1SaslServer implements SaslServer { ...@@ -104,8 +104,10 @@ public class ScramSha1SaslServer implements SaslServer {
*/ */
@Override @Override
public byte[] evaluateResponse(final byte[] response) throws SaslException { public byte[] evaluateResponse(final byte[] response) throws SaslException {
try {
byte[] challenge; byte[] challenge;
switch (state) { switch (state)
{
case INITIAL: case INITIAL:
challenge = generateServerFirstMessage(response); challenge = generateServerFirstMessage(response);
state = State.IN_PROGRESS; state = State.IN_PROGRESS;
...@@ -115,7 +117,8 @@ public class ScramSha1SaslServer implements SaslServer { ...@@ -115,7 +117,8 @@ public class ScramSha1SaslServer implements SaslServer {
state = State.COMPLETE; state = State.COMPLETE;
break; break;
case COMPLETE: case COMPLETE:
if (response == null || response.length == 0) { if (response == null || response.length == 0)
{
challenge = new byte[0]; challenge = new byte[0];
break; break;
} }
...@@ -124,6 +127,9 @@ public class ScramSha1SaslServer implements SaslServer { ...@@ -124,6 +127,9 @@ public class ScramSha1SaslServer implements SaslServer {
} }
return challenge; return challenge;
} catch (RuntimeException ex) {
throw new SaslException("Unexpected exception while evaluating SASL response.", ex);
}
} }
/** /**
...@@ -182,8 +188,14 @@ public class ScramSha1SaslServer implements SaslServer { ...@@ -182,8 +188,14 @@ public class ScramSha1SaslServer implements SaslServer {
try { try {
String authMessage = clientFirstMessageBare + "," + serverFirstMessage + "," + clientFinalMessageWithoutProof; String authMessage = clientFirstMessageBare + "," + serverFirstMessage + "," + clientFinalMessageWithoutProof;
byte[] storedKey = getStoredKey(username); byte[] storedKey = getStoredKey( username );
if (storedKey == null) {
throw new SaslException("No stored key for user '"+username+"'");
}
byte[] serverKey = getServerKey(username); byte[] serverKey = getServerKey(username);
if (serverKey == null) {
throw new SaslException("No server key for user '"+username+"'");
}
byte[] clientSignature = ScramUtils.computeHmac(storedKey, authMessage); byte[] clientSignature = ScramUtils.computeHmac(storedKey, authMessage);
byte[] serverSignature = ScramUtils.computeHmac(serverKey, authMessage); byte[] serverSignature = ScramUtils.computeHmac(serverKey, authMessage);
...@@ -328,15 +340,23 @@ public class ScramSha1SaslServer implements SaslServer { ...@@ -328,15 +340,23 @@ public class ScramSha1SaslServer implements SaslServer {
* Retrieve the server key from the database for a given username. * Retrieve the server key from the database for a given username.
*/ */
private byte[] getServerKey(final String username) throws UserNotFoundException { private byte[] getServerKey(final String username) throws UserNotFoundException {
return DatatypeConverter.parseBase64Binary( final String serverKey = UserManager.getUserProvider().loadUser( username ).getServerKey();
UserManager.getUserProvider().loadUser(username).getServerKey()); if (serverKey == null) {
return null;
} else {
return DatatypeConverter.parseBase64Binary( serverKey );
}
} }
/** /**
* Retrieve the stored key from the database for a given username. * Retrieve the stored key from the database for a given username.
*/ */
private byte[] getStoredKey(final String username) throws UserNotFoundException { private byte[] getStoredKey(final String username) throws UserNotFoundException {
return DatatypeConverter.parseBase64Binary( final String storedKey = UserManager.getUserProvider().loadUser( username ).getStoredKey();
UserManager.getUserProvider().loadUser(username).getStoredKey()); if (storedKey == null) {
return null;
} else {
return DatatypeConverter.parseBase64Binary( storedKey );
}
} }
} }
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment