Skip to content
This repository

Added support for legacy SSL and SASL EXTERNAL #64

Merged
merged 5 commits into from almost 2 years ago

2 participants

Eelco Astro
Eelco

Hi,

I added support for both legacy SSL (port 5223) and the EXTERNAL authentication mechanism (as described in XEP-0178) for both starttls and legacy SSL.

I tested this against my Openfire server.

Best regards,
Eelco

Astro astro merged commit a41c729 into from April 20, 2012
Astro astro closed this April 20, 2012
Astro
Owner
astro commented April 20, 2012

Looks good, thank you.

I'm considering to convert all tabs to whitespace...

Eelco

Thanks for pulling this in.

You might want to consider updating the readme so it is clear that the EXTERNAL client authentication is also supported. I forgot to add this myself :-/

I'll set my editor to use spaces instead of tabs for future changes...

Eelco

This gist has a sample on how to use legacy SSL / startTLS with SASL EXTERNAL:

https://gist.github.com/2469490

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Showing 5 unique commits by 1 author.

Apr 19, 2012
Added support for legacy SSL
Support for legacy SSL added so we can test SASL external with on
openfire.
899a08d
Added SASL EXTERNAL for legacy SSL b3c8fe5
Added SASL EXTERNAL support for starttls 2daa0e5
Apr 20, 2012
SRV not loaded? 1fd4763
Credentials also added when connecting via SRV dda3475
This page is out of date. Refresh to see the latest.
18  lib/xmpp/client.js
@@ -32,6 +32,8 @@ var IQID_SESSION = 'sess',
32 32
  *   port: Number (optional)
33 33
  *   reconnect: Boolean (optional)
34 34
  *   register: Boolean (option) - register account before authentication
  35
+ *   legacySSL: Boolean (optional) - connect to the legacy SSL port, requires at least the host to be specified
  36
+ *   credentials: Dictionary (optional) - TLS or SSL key and certificate credentials
35 37
  *
36 38
  * Example:
37 39
  *   var cl = new xmpp.Client({
@@ -44,6 +46,17 @@ var IQID_SESSION = 'sess',
44 46
  *       access_token: 'abcdefg', // user access token
45 47
  *       host: 'chat.facebook.com',
46 48
  *   });
  49
+ *
  50
+ * Example SASL EXTERNAL:
  51
+ * 
  52
+ * var myCredentials = { 
  53
+ *   // These are necessary only if using the client certificate authentication
  54
+ *   key: fs.readFileSync('key.pem'),
  55
+ *   cert: fs.readFileSync('cert.pem'),
  56
+ *   // passphrase: 'optional'
  57
+ * };
  58
+ * var cl = new xmppClient({jid: "me@example.com", credentials: myCredentials }); 
  59
+ 
47 60
  */
48 61
 function Client(opts) {
49 62
     var self = this;
@@ -55,6 +68,11 @@ function Client(opts) {
55 68
 
56 69
     Session.call(this, opts);
57 70
 
  71
+    if (opts.credentials) {
  72
+        this.preferredSaslMechanism = 'EXTERNAL';
  73
+        this.availableSaslMechanisms = [ sasl.External ];
  74
+    }
  75
+
58 76
     this.state = STATE_PREAUTH;
59 77
     this.addListener('end', function() {
60 78
         self.state = STATE_PREAUTH;
10  lib/xmpp/sasl.js
@@ -94,6 +94,16 @@ Anonymous.prototype.auth = function() {
94 94
     return this.authzid;
95 95
 };
96 96
 
  97
+function External() {
  98
+}
  99
+util.inherits(External, Mechanism);
  100
+External.prototype.name = "EXTERNAL";
  101
+External.prototype.auth = function() {
  102
+    return(this.authzid);
  103
+};
  104
+
  105
+exports.External = External;
  106
+
97 107
 function DigestMD5() {
98 108
     this.nonce_count = 0;
99 109
     this.cnonce = generateNonce();
45  lib/xmpp/session.js
@@ -4,6 +4,9 @@ var Connection = require('./connection');
4 4
 var BOSH = require('./bosh');
5 5
 var WebSockets = require('./websockets');
6 6
 var JID = require('./jid').JID;
  7
+var tls = require('tls');
  8
+var crypto = require('crypto');
  9
+var SRV = require('./srv');
7 10
 
8 11
 function Session(opts) {
9 12
     var self = this;
@@ -43,19 +46,41 @@ function Session(opts) {
43 46
 	});
44 47
 	var connect = function() {
45 48
 	    if (opts.host) {
46  
-		self.connection.socket.connect(opts.port || 5222, opts.host);
47  
-		self.connection.on('connect', function() {
48  
-		    if (self.connection.startStream)
49  
-			self.connection.startStream();
50  
-		});
  49
+    	    self.connection.on('connect', function() {
  50
+    	        if (self.connection.startStream)
  51
+    		        self.connection.startStream();
  52
+    	    });
  53
+
  54
+	        if (opts.legacySSL) {
  55
+	            self.connection.allowTLS = false;
  56
+	            self.connection.socket = tls.connect(opts.port || 5223, opts.host, opts.credentials || {}, function() {
  57
+	                self.connection.setupStream();
  58
+	                self.connection.startParser();
  59
+            	    self.connection.emit('connect');
  60
+	            });
  61
+	        } else {
  62
+	            if (opts.credentials) {
  63
+	                self.connection.credentials = crypto.createCredentials(opts.credentials);
  64
+	            }
  65
+	            
  66
+        		self.connection.socket.connect(opts.port || 5222, opts.host);
  67
+    		}
51 68
 	    } else if (!SRV) {
52  
-		throw "Cannot load SRV";
  69
+		    throw "Cannot load SRV";
53 70
 	    } else {
54  
-		var attempt = SRV.connect(self.connection.socket,
55  
-		    ['_xmpp-client._tcp'], self.jid.domain, 5222);
56  
-		attempt.addListener('connect', function() {
  71
+	        if (opts.legacySSL) {
  72
+	            throw "LegacySSL mode does not support DNS lookups";
  73
+	        }
  74
+
  75
+            if (opts.credentials) {
  76
+                self.connection.credentials = crypto.createCredentials(opts.credentials);
  77
+            }
  78
+	        
  79
+		    var attempt = SRV.connect(self.connection.socket,
  80
+		        ['_xmpp-client._tcp'], self.jid.domain, 5222);
  81
+		    attempt.addListener('connect', function() {
57 82
 		    if (self.connection.startStream)
58  
-			self.connection.startStream();
  83
+			    self.connection.startStream();
59 84
 		});
60 85
 		attempt.addListener('error', function(e) {
61 86
 		    self.emit('error', e);
Commit_comment_tip

Tip: You can add notes to lines in a file. Hover to the left of a line to make a note

Something went wrong with that request. Please try again.