Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Added support for legacy SSL and SASL EXTERNAL #64

Merged
merged 5 commits into from

2 participants

@eelcocramer

Hi,

I added support for both legacy SSL (port 5223) and the EXTERNAL authentication mechanism (as described in XEP-0178) for both starttls and legacy SSL.

I tested this against my Openfire server.

Best regards,
Eelco

@astro astro merged commit a41c729 into from
@astro
Owner

Looks good, thank you.

I'm considering to convert all tabs to whitespace...

@eelcocramer

Thanks for pulling this in.

You might want to consider updating the readme so it is clear that the EXTERNAL client authentication is also supported. I forgot to add this myself :-/

I'll set my editor to use spaces instead of tabs for future changes...

@eelcocramer

This gist has a sample on how to use legacy SSL / startTLS with SASL EXTERNAL:

https://gist.github.com/2469490

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Apr 19, 2012
  1. Added support for legacy SSL

    Eelco authored
    Support for legacy SSL added so we can test SASL external with on
    openfire.
  2. Added SASL EXTERNAL for legacy SSL

    Eelco authored
  3. Added SASL EXTERNAL support for starttls

    Eelco authored
Commits on Apr 20, 2012
  1. SRV not loaded?

    Eelco authored
This page is out of date. Refresh to see the latest.
Showing with 63 additions and 10 deletions.
  1. +18 −0 lib/xmpp/client.js
  2. +10 −0 lib/xmpp/sasl.js
  3. +35 −10 lib/xmpp/session.js
View
18 lib/xmpp/client.js
@@ -32,6 +32,8 @@ var IQID_SESSION = 'sess',
* port: Number (optional)
* reconnect: Boolean (optional)
* register: Boolean (option) - register account before authentication
+ * legacySSL: Boolean (optional) - connect to the legacy SSL port, requires at least the host to be specified
+ * credentials: Dictionary (optional) - TLS or SSL key and certificate credentials
*
* Example:
* var cl = new xmpp.Client({
@@ -44,6 +46,17 @@ var IQID_SESSION = 'sess',
* access_token: 'abcdefg', // user access token
* host: 'chat.facebook.com',
* });
+ *
+ * Example SASL EXTERNAL:
+ *
+ * var myCredentials = {
+ * // These are necessary only if using the client certificate authentication
+ * key: fs.readFileSync('key.pem'),
+ * cert: fs.readFileSync('cert.pem'),
+ * // passphrase: 'optional'
+ * };
+ * var cl = new xmppClient({jid: "me@example.com", credentials: myCredentials });
+
*/
function Client(opts) {
var self = this;
@@ -55,6 +68,11 @@ function Client(opts) {
Session.call(this, opts);
+ if (opts.credentials) {
+ this.preferredSaslMechanism = 'EXTERNAL';
+ this.availableSaslMechanisms = [ sasl.External ];
+ }
+
this.state = STATE_PREAUTH;
this.addListener('end', function() {
self.state = STATE_PREAUTH;
View
10 lib/xmpp/sasl.js
@@ -94,6 +94,16 @@ Anonymous.prototype.auth = function() {
return this.authzid;
};
+function External() {
+}
+util.inherits(External, Mechanism);
+External.prototype.name = "EXTERNAL";
+External.prototype.auth = function() {
+ return(this.authzid);
+};
+
+exports.External = External;
+
function DigestMD5() {
this.nonce_count = 0;
this.cnonce = generateNonce();
View
45 lib/xmpp/session.js
@@ -4,6 +4,9 @@ var Connection = require('./connection');
var BOSH = require('./bosh');
var WebSockets = require('./websockets');
var JID = require('./jid').JID;
+var tls = require('tls');
+var crypto = require('crypto');
+var SRV = require('./srv');
function Session(opts) {
var self = this;
@@ -43,19 +46,41 @@ function Session(opts) {
});
var connect = function() {
if (opts.host) {
- self.connection.socket.connect(opts.port || 5222, opts.host);
- self.connection.on('connect', function() {
- if (self.connection.startStream)
- self.connection.startStream();
- });
+ self.connection.on('connect', function() {
+ if (self.connection.startStream)
+ self.connection.startStream();
+ });
+
+ if (opts.legacySSL) {
+ self.connection.allowTLS = false;
+ self.connection.socket = tls.connect(opts.port || 5223, opts.host, opts.credentials || {}, function() {
+ self.connection.setupStream();
+ self.connection.startParser();
+ self.connection.emit('connect');
+ });
+ } else {
+ if (opts.credentials) {
+ self.connection.credentials = crypto.createCredentials(opts.credentials);
+ }
+
+ self.connection.socket.connect(opts.port || 5222, opts.host);
+ }
} else if (!SRV) {
- throw "Cannot load SRV";
+ throw "Cannot load SRV";
} else {
- var attempt = SRV.connect(self.connection.socket,
- ['_xmpp-client._tcp'], self.jid.domain, 5222);
- attempt.addListener('connect', function() {
+ if (opts.legacySSL) {
+ throw "LegacySSL mode does not support DNS lookups";
+ }
+
+ if (opts.credentials) {
+ self.connection.credentials = crypto.createCredentials(opts.credentials);
+ }
+
+ var attempt = SRV.connect(self.connection.socket,
+ ['_xmpp-client._tcp'], self.jid.domain, 5222);
+ attempt.addListener('connect', function() {
if (self.connection.startStream)
- self.connection.startStream();
+ self.connection.startStream();
});
attempt.addListener('error', function(e) {
self.emit('error', e);
Something went wrong with that request. Please try again.