From bf001e73a2c1baa85b92f83ffc3026a2941f2b6b Mon Sep 17 00:00:00 2001 From: Tristan Tarrant Date: Wed, 28 Oct 2020 14:04:52 +0100 Subject: [PATCH] ELY-2036 Support DigestSaslServer.getNegotiatedProperty() for QOP and STRENGTH --- .../sasl/digest/AbstractDigestMechanism.java | 1 + .../sasl/digest/DigestSaslServer.java | 20 ++++++++++++++++--- .../sasl/digest/CompatibilityServerTest.java | 3 +++ 3 files changed, 21 insertions(+), 3 deletions(-) diff --git a/sasl/digest/src/main/java/org/wildfly/security/sasl/digest/AbstractDigestMechanism.java b/sasl/digest/src/main/java/org/wildfly/security/sasl/digest/AbstractDigestMechanism.java index 14c794eda62..897aca19a3a 100644 --- a/sasl/digest/src/main/java/org/wildfly/security/sasl/digest/AbstractDigestMechanism.java +++ b/sasl/digest/src/main/java/org/wildfly/security/sasl/digest/AbstractDigestMechanism.java @@ -388,6 +388,7 @@ protected void createCiphersAndKeys() throws SaslException { wrapCipher = createCipher(true); unwrapCipher = createCipher(false); + } protected byte[] createIntegrityKey(boolean wrap){ diff --git a/sasl/digest/src/main/java/org/wildfly/security/sasl/digest/DigestSaslServer.java b/sasl/digest/src/main/java/org/wildfly/security/sasl/digest/DigestSaslServer.java index 9b307acb11d..bf8f532a745 100644 --- a/sasl/digest/src/main/java/org/wildfly/security/sasl/digest/DigestSaslServer.java +++ b/sasl/digest/src/main/java/org/wildfly/security/sasl/digest/DigestSaslServer.java @@ -317,10 +317,24 @@ public String getAuthorizationID() { @Override public Object getNegotiatedProperty(final String propName) { assertComplete(); - if (Sasl.BOUND_SERVER_NAME.equals(propName)) { - return boundServerName; + switch (propName) { + case Sasl.BOUND_SERVER_NAME: + return boundServerName; + case Sasl.MAX_BUFFER: + return Integer.toString(receivingMaxBuffSize); + case Sasl.QOP: + return qop; + case Sasl.STRENGTH: + if ("3des".equals(cipher)|| "rc4".equals(cipher)) { + return "high"; + } else if ("des".equals(cipher)|| "rc4-56".equals(cipher)) { + return "medium"; + } else { + return "low"; + } + default: + return null; } - return null; } /* (non-Javadoc) diff --git a/tests/base/src/test/java/org/wildfly/security/sasl/digest/CompatibilityServerTest.java b/tests/base/src/test/java/org/wildfly/security/sasl/digest/CompatibilityServerTest.java index 98625ef9747..465d2f96c37 100644 --- a/tests/base/src/test/java/org/wildfly/security/sasl/digest/CompatibilityServerTest.java +++ b/tests/base/src/test/java/org/wildfly/security/sasl/digest/CompatibilityServerTest.java @@ -29,6 +29,7 @@ import java.util.HashMap; import java.util.Map; +import javax.security.sasl.Sasl; import javax.security.sasl.SaslException; import javax.security.sasl.SaslServer; @@ -285,6 +286,8 @@ public void testQopAuthConf() throws Exception { assertEquals("rspauth=a804fda66588e2d911bbacd1b1163bc1", new String(message3, "UTF-8")); assertTrue(server.isComplete()); assertEquals("chris", server.getAuthorizationID()); + assertEquals("auth-conf", server.getNegotiatedProperty(Sasl.QOP)); + assertEquals("high", server.getNegotiatedProperty(Sasl.STRENGTH)); byte[] incoming1 = CodePointIterator.ofString("13f7644f8c783501177522c1a455cb1f000100000000").hexDecode().drain(); byte[] incoming1unwrapped = server.unwrap(incoming1, 0, incoming1.length);