From 101f98623edfd6e39c42397230b84762a0a0abda Mon Sep 17 00:00:00 2001 From: Kabir Khan Date: Fri, 17 Jul 2015 11:13:51 +0200 Subject: [PATCH] Recognise realm callback on digest server, and make authorize callback the last --- .../auth/server/ServerAuthenticationContext.java | 4 +++- .../security/sasl/digest/DigestSaslServer.java | 14 ++++++++++---- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/src/main/java/org/wildfly/security/auth/server/ServerAuthenticationContext.java b/src/main/java/org/wildfly/security/auth/server/ServerAuthenticationContext.java index 074f5940035..7466c37231b 100644 --- a/src/main/java/org/wildfly/security/auth/server/ServerAuthenticationContext.java +++ b/src/main/java/org/wildfly/security/auth/server/ServerAuthenticationContext.java @@ -36,6 +36,7 @@ import javax.security.auth.callback.PasswordCallback; import javax.security.auth.callback.UnsupportedCallbackException; import javax.security.sasl.AuthorizeCallback; +import javax.security.sasl.RealmCallback; import javax.security.sasl.SaslException; import javax.security.sasl.SaslServer; import javax.security.sasl.SaslServerFactory; @@ -582,7 +583,6 @@ private void handleOne(final Callback[] callbacks, final int idx) throws IOExcep throw new FastUnsupportedCallbackException(callback); } passwordCallback.setPassword(clearPasswordSpec.getEncodedPassword()); - handleOne(callbacks, idx + 1); } else if (callback instanceof CredentialCallback) { final CredentialCallback credentialCallback = (CredentialCallback) callback; @@ -625,6 +625,8 @@ private void handleOne(final Callback[] callbacks, final int idx) throws IOExcep } else if (callback instanceof SecurityIdentityCallback) { ((SecurityIdentityCallback) callback).setSecurityIdentity(getAuthorizedIdentity()); handleOne(callbacks, idx + 1); + } else if (callback instanceof RealmCallback) { + handleOne(callbacks, idx + 1); } else { CallbackUtil.unsupported(callback); } diff --git a/src/main/java/org/wildfly/security/sasl/digest/DigestSaslServer.java b/src/main/java/org/wildfly/security/sasl/digest/DigestSaslServer.java index 646a912629a..c3cdf2ecba4 100644 --- a/src/main/java/org/wildfly/security/sasl/digest/DigestSaslServer.java +++ b/src/main/java/org/wildfly/security/sasl/digest/DigestSaslServer.java @@ -18,6 +18,15 @@ package org.wildfly.security.sasl.digest; +import static org.wildfly.security._private.ElytronMessages.log; +import static org.wildfly.security.sasl.digest._private.DigestUtil.H_A1; +import static org.wildfly.security.sasl.digest._private.DigestUtil.QOP_AUTH; +import static org.wildfly.security.sasl.digest._private.DigestUtil.QOP_AUTH_CONF; +import static org.wildfly.security.sasl.digest._private.DigestUtil.QOP_VALUES; +import static org.wildfly.security.sasl.digest._private.DigestUtil.digestResponse; +import static org.wildfly.security.sasl.digest._private.DigestUtil.messageDigestAlgorithm; +import static org.wildfly.security.sasl.digest._private.DigestUtil.userRealmPasswordDigest; + import java.nio.charset.Charset; import java.nio.charset.StandardCharsets; import java.security.MessageDigest; @@ -39,9 +48,6 @@ import org.wildfly.security.password.interfaces.DigestPassword; import org.wildfly.security.util.ByteStringBuilder; -import static org.wildfly.security.sasl.digest._private.DigestUtil.*; -import static org.wildfly.security._private.ElytronMessages.log; - /** * @author Peter Skopek * @@ -262,7 +268,7 @@ private byte[] validateDigestResponse(HashMap parsedDigestRespon try { // first try pre-digested credential - tryHandleCallbacks(realmCallback, nameCallback, authorizeCallback, credentialCallback); + tryHandleCallbacks(realmCallback, nameCallback, credentialCallback, authorizeCallback); DigestPassword password = (DigestPassword) credentialCallback.getCredential(); digest_urp = password.getDigest();