Merge pull request #1461 from ivassile/JBEAP-20425

ELY-2036 Support DigestSaslServer.getNegotiatedProperty() for QOP and STRENGTH
wildfly-security · Nov 25, 2020 · fc25854 · fc25854
2 parents 2bc80a0 + bf001e7
commit fc25854
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 3 deletions.
diff --git a/sasl/digest/src/main/java/org/wildfly/security/sasl/digest/AbstractDigestMechanism.java b/sasl/digest/src/main/java/org/wildfly/security/sasl/digest/AbstractDigestMechanism.java
@@ -388,6 +388,7 @@ protected void createCiphersAndKeys() throws SaslException {
 
         wrapCipher = createCipher(true);
         unwrapCipher = createCipher(false);
+
     }
 
     protected byte[] createIntegrityKey(boolean wrap){

diff --git a/sasl/digest/src/main/java/org/wildfly/security/sasl/digest/DigestSaslServer.java b/sasl/digest/src/main/java/org/wildfly/security/sasl/digest/DigestSaslServer.java
@@ -317,10 +317,24 @@ public String getAuthorizationID() {
     @Override
     public Object getNegotiatedProperty(final String propName) {
         assertComplete();
-        if (Sasl.BOUND_SERVER_NAME.equals(propName)) {
-            return boundServerName;
+        switch (propName) {
+            case Sasl.BOUND_SERVER_NAME:
+                return boundServerName;
+            case Sasl.MAX_BUFFER:
+                return Integer.toString(receivingMaxBuffSize);
+            case Sasl.QOP:
+                return qop;
+            case Sasl.STRENGTH:
+                if ("3des".equals(cipher)|| "rc4".equals(cipher)) {
+                    return "high";
+                } else if ("des".equals(cipher)|| "rc4-56".equals(cipher)) {
+                    return "medium";
+                } else {
+                    return "low";
+                }
+            default:
+                return null;
         }
-        return null;
     }
 
     /* (non-Javadoc)

diff --git a/tests/base/src/test/java/org/wildfly/security/sasl/digest/CompatibilityServerTest.java b/tests/base/src/test/java/org/wildfly/security/sasl/digest/CompatibilityServerTest.java
@@ -29,6 +29,7 @@
 import java.util.HashMap;
 import java.util.Map;
 
+import javax.security.sasl.Sasl;
 import javax.security.sasl.SaslException;
 import javax.security.sasl.SaslServer;
 
@@ -285,6 +286,8 @@ public void testQopAuthConf() throws Exception {
         assertEquals("rspauth=a804fda66588e2d911bbacd1b1163bc1", new String(message3, "UTF-8"));
         assertTrue(server.isComplete());
         assertEquals("chris", server.getAuthorizationID());
+        assertEquals("auth-conf", server.getNegotiatedProperty(Sasl.QOP));
+        assertEquals("high", server.getNegotiatedProperty(Sasl.STRENGTH));
 
         byte[] incoming1 = CodePointIterator.ofString("13f7644f8c783501177522c1a455cb1f000100000000").hexDecode().drain();
         byte[] incoming1unwrapped = server.unwrap(incoming1, 0, incoming1.length);