Update SCRAM dependency to 3.0 and support channel binding

Signed-off-by: Jorge Solórzano <jorsol@gmail.com>
pgjdbc · Apr 4, 2024 · 2f5845b · 2f5845b
1 parent 0fbd31d
commit 2f5845b
Show file tree

Hide file tree

Showing 6 changed files with 213 additions and 233 deletions.
diff --git a/pgjdbc/build.gradle.kts b/pgjdbc/build.gradle.kts
@@ -84,7 +84,7 @@ dependencies {
     "testImplementation"("org.osgi:org.osgi.service.jdbc") {
         because("DataSourceFactory is needed for PGDataSourceFactoryTest")
     }
-    shaded("com.ongres.scram:client:2.1")
+    shaded("com.ongres.scram:scram-client:3.0")
 
     implementation("org.checkerframework:checker-qual:3.42.0")
     testImplementation("se.jiderhamn:classloader-leak-test-framework:1.1.2")
@@ -188,10 +188,10 @@ tasks.compileJava {
 val getShadedDependencyLicenses by tasks.registering(GatherLicenseTask::class) {
     configuration(shaded)
     extraLicenseDir.set(file("$rootDir/licenses"))
-    overrideLicense("com.ongres.scram:common") {
+    overrideLicense("com.ongres.scram:scram-common") {
         licenseFiles = "scram"
     }
-    overrideLicense("com.ongres.scram:client") {
+    overrideLicense("com.ongres.scram:scram-client") {
         licenseFiles = "scram"
     }
     overrideLicense("com.ongres.stringprep:saslprep") {
@@ -224,6 +224,8 @@ tasks.configureEach<Jar> {
 tasks.shadowJar {
     configurations = listOf(shaded)
     exclude("META-INF/maven/**")
+    exclude("META-INF/versions/**")
+    exclude("META-INF/services/com.ongres.stringprep.Profile") // TODO
     exclude("META-INF/LICENSE*")
     exclude("META-INF/NOTICE*")
     into("META-INF") {
@@ -251,7 +253,7 @@ val osgiJar by tasks.registering(Bundle::class) {
             Bundle-Activator: org.postgresql.osgi.PGBundleActivator
             Bundle-SymbolicName: org.postgresql.jdbc
             Bundle-Name: PostgreSQL JDBC Driver
-            Bundle-Copyright: Copyright (c) 2003-2020, PostgreSQL Global Development Group
+            Bundle-Copyright: Copyright (c) 2003-2024, PostgreSQL Global Development Group
             Require-Capability: osgi.ee;filter:="(&(|(osgi.ee=J2SE)(osgi.ee=JavaSE))(version>=1.8))"
             Provide-Capability: osgi.service;effective:=active;objectClass=org.osgi.service.jdbc.DataSourceFactory;osgi.jdbc.driver.class=org.postgresql.Driver;osgi.jdbc.driver.name=PostgreSQL JDBC Driver
             """

diff --git a/pgjdbc/reduced-pom.xml b/pgjdbc/reduced-pom.xml
@@ -43,8 +43,8 @@
     <dependencies>
         <dependency>
             <groupId>com.ongres.scram</groupId>
-            <artifactId>client</artifactId>
-            <version>%{com.ongres.scram:client}</version>
+            <artifactId>scram-client</artifactId>
+            <version>%{com.ongres.scram:scram-client}</version>
         </dependency>
         <dependency>
             <groupId>se.jiderhamn</groupId>

diff --git a/pgjdbc/src/main/java/org/postgresql/core/v3/ConnectionFactoryImpl.java b/pgjdbc/src/main/java/org/postgresql/core/v3/ConnectionFactoryImpl.java
@@ -27,8 +27,8 @@
 import org.postgresql.hostchooser.HostStatus;
 import org.postgresql.jdbc.GSSEncMode;
 import org.postgresql.jdbc.SslMode;
-import org.postgresql.jre7.sasl.ScramAuthenticator;
 import org.postgresql.plugin.AuthenticationRequestType;
+import org.postgresql.sasl.ScramAuthenticator;
 import org.postgresql.ssl.MakeSSL;
 import org.postgresql.sspi.ISSPIClient;
 import org.postgresql.util.GT;
@@ -835,8 +835,6 @@ private void doAuthentication(PGStream pgStream, String host, String user, Prope
                 break;
 
               case AUTH_REQ_SASL:
-                LOGGER.log(Level.FINEST, " <=BE AuthenticationSASL");
-
                 scramAuthenticator = AuthenticationPluginManager.withPassword(AuthenticationRequestType.SASL, info, password -> {
                   if (password == null) {
                     throw new PSQLException(
@@ -850,18 +848,9 @@ private void doAuthentication(PGStream pgStream, String host, String user, Prope
                             "The server requested SCRAM-based authentication, but the password is an empty string."),
                         PSQLState.CONNECTION_REJECTED);
                   }
-                  return new ScramAuthenticator(user, String.valueOf(password), pgStream);
+                  return new ScramAuthenticator(password, pgStream);
                 });
-                scramAuthenticator.processServerMechanismsAndInit();
                 scramAuthenticator.sendScramClientFirstMessage();
-                // This works as follows:
-                // 1. When tests is run from IDE, it is assumed SCRAM library is on the classpath
-                // 2. In regular build for Java < 8 this `if` is deactivated and the code always throws
-                if (false) {
-                  throw new PSQLException(GT.tr(
-                          "SCRAM authentication is not supported by this driver. You need JDK >= 8 and pgjdbc >= 42.2.0 (not \".jre\" versions)",
-                          areq), PSQLState.CONNECTION_REJECTED);
-                }
                 break;
 
               case AUTH_REQ_SASL_CONTINUE:

diff --git a/pgjdbc/src/main/java/org/postgresql/jre7/sasl/ScramAuthenticator.java b/pgjdbc/src/main/java/org/postgresql/jre7/sasl/ScramAuthenticator.java