Skip to content
Permalink
Browse files

Updated scram to version 2.0 (#1532)

  • Loading branch information...
teoincontatto authored and davecramer committed Jul 24, 2019
1 parent 1d0c477 commit fcbbc3e6408cc1bcf459b740c683f3db40a5050c
@@ -40,7 +40,7 @@
<dependency>
<groupId>com.ongres.scram</groupId>
<artifactId>client</artifactId>
<version>1.0.0-beta.2</version>
<version>2.0</version>
</dependency>
</dependencies>

@@ -495,9 +495,9 @@ private void doAuthentication(PGStream pgStream, String host, String user, Prope
/* SSPI negotiation state, if used */
ISSPIClient sspiClient = null;

//#if mvn.project.property.postgresql.jdbc.spec >= "JDBC4.2"
//#if mvn.project.property.postgresql.jdbc.spec >= "JDBC4.1"
/* SCRAM authentication state, if used */
org.postgresql.jre8.sasl.ScramAuthenticator scramAuthenticator = null;
org.postgresql.jre7.sasl.ScramAuthenticator scramAuthenticator = null;
//#endif

try {
@@ -661,8 +661,8 @@ private void doAuthentication(PGStream pgStream, String host, String user, Prope
case AUTH_REQ_SASL:
LOGGER.log(Level.FINEST, " <=BE AuthenticationSASL");

//#if mvn.project.property.postgresql.jdbc.spec >= "JDBC4.2"
scramAuthenticator = new org.postgresql.jre8.sasl.ScramAuthenticator(user, password, pgStream);
//#if mvn.project.property.postgresql.jdbc.spec >= "JDBC4.1"
scramAuthenticator = new org.postgresql.jre7.sasl.ScramAuthenticator(user, password, pgStream);
scramAuthenticator.processServerMechanismsAndInit();
scramAuthenticator.sendScramClientFirstMessage();
// This works as follows:
@@ -674,12 +674,12 @@ private void doAuthentication(PGStream pgStream, String host, String user, Prope
"SCRAM authentication is not supported by this driver. You need JDK >= 8 and pgjdbc >= 42.2.0 (not \".jre\" versions)",
areq), PSQLState.CONNECTION_REJECTED);
//#endif
//#if mvn.project.property.postgresql.jdbc.spec >= "JDBC4.2"
//#if mvn.project.property.postgresql.jdbc.spec >= "JDBC4.1"
}
break;
//#endif

//#if mvn.project.property.postgresql.jdbc.spec >= "JDBC4.2"
//#if mvn.project.property.postgresql.jdbc.spec >= "JDBC4.1"
case AUTH_REQ_SASL_CONTINUE:
scramAuthenticator.processServerFirstMessage(msgLen - 4 - 4);
break;
@@ -3,7 +3,7 @@
* See the LICENSE file in the project root for more information.
*/

package org.postgresql.jre8.sasl;
package org.postgresql.jre7.sasl;

import org.postgresql.core.PGStream;
import org.postgresql.util.GT;
@@ -36,15 +36,14 @@
private ScramSession.ServerFirstProcessor serverFirstProcessor;
private ScramSession.ClientFinalProcessor clientFinalProcessor;

@FunctionalInterface
private interface BodySender {
void sendBody(PGStream pgStream) throws IOException;
}

private void sendAuthenticationMessage(int bodyLength, BodySender bodySender)
throws IOException {
pgStream.sendChar('p');
pgStream.sendInteger4(Integer.BYTES + bodyLength);
pgStream.sendInteger4(Integer.SIZE / Byte.SIZE + bodyLength);
bodySender.sendBody(pgStream);
pgStream.flush();
}
@@ -94,15 +93,18 @@ public void sendScramClientFirstMessage() throws IOException {
LOGGER.log(Level.FINEST, " FE=> SASLInitialResponse( {0} )", clientFirstMessage);

String scramMechanismName = scramClient.getScramMechanism().getName();
byte[] scramMechanismNameBytes = scramMechanismName.getBytes(StandardCharsets.UTF_8);
byte[] clientFirstMessageBytes = clientFirstMessage.getBytes(StandardCharsets.UTF_8);
final byte[] scramMechanismNameBytes = scramMechanismName.getBytes(StandardCharsets.UTF_8);
final byte[] clientFirstMessageBytes = clientFirstMessage.getBytes(StandardCharsets.UTF_8);
sendAuthenticationMessage(
(scramMechanismNameBytes.length + 1) + 4 + clientFirstMessageBytes.length,
s -> {
s.send(scramMechanismNameBytes);
s.sendChar(0); // List terminated in '\0'
s.sendInteger4(clientFirstMessageBytes.length);
s.send(clientFirstMessageBytes);
new BodySender() {
@Override
public void sendBody(PGStream pgStream) throws IOException {
pgStream.send(scramMechanismNameBytes);
pgStream.sendChar(0); // List terminated in '\0'
pgStream.sendInteger4(clientFirstMessageBytes.length);
pgStream.send(clientFirstMessageBytes);
}
}
);
}
@@ -132,10 +134,15 @@ public void processServerFirstMessage(int length) throws IOException, PSQLExcept
String clientFinalMessage = clientFinalProcessor.clientFinalMessage();
LOGGER.log(Level.FINEST, " FE=> SASLResponse( {0} )", clientFinalMessage);

byte[] clientFinalMessageBytes = clientFinalMessage.getBytes(StandardCharsets.UTF_8);
final byte[] clientFinalMessageBytes = clientFinalMessage.getBytes(StandardCharsets.UTF_8);
sendAuthenticationMessage(
clientFinalMessageBytes.length,
s -> s.send(clientFinalMessageBytes)
new BodySender() {
@Override
public void sendBody(PGStream pgStream) throws IOException {
pgStream.send(clientFinalMessageBytes);
}
}
);
}

0 comments on commit fcbbc3e

Please sign in to comment.
You can’t perform that action at this time.