Bug 1267649 - Remove DIGEST-MD5. r=aleth
This commit is contained in:
Abdelrhman Ahmed
Родитель
ddf2960fe4
Коммит
54431bb48c
|
|
@ -33,113 +33,4 @@ PlainAuth.prototype = {
|
|||
}
|
||||
};
|
||||
|
||||
|
||||
/* Handles DIGEST-MD5 authorization mechanism */
|
||||
|
||||
// md5 function adapted from netwerk/test/unit/test_authentication.js
|
||||
// If aUTF8 is true, aString will be treated as an UTF8 encoded string,
|
||||
// otherwise it can contain binary data.
|
||||
function md5(aString, aUTF8) {
|
||||
let ch = Cc["@mozilla.org/security/hash;1"].createInstance(Ci.nsICryptoHash);
|
||||
ch.init(ch.MD5);
|
||||
|
||||
let data;
|
||||
if (aUTF8) {
|
||||
let converter = Cc["@mozilla.org/intl/scriptableunicodeconverter"]
|
||||
.createInstance(Ci.nsIScriptableUnicodeConverter);
|
||||
converter.charset = "UTF-8";
|
||||
data = converter.convertToByteArray(aString);
|
||||
}
|
||||
else {
|
||||
data = Object.keys(aString).map(i => aString.charCodeAt(i));
|
||||
}
|
||||
|
||||
ch.update(data, data.length);
|
||||
return ch.finish(false);
|
||||
}
|
||||
function md5hex(aString) {
|
||||
let hash = md5(aString);
|
||||
function toHexString(charCode) { return ("0" + charCode.toString(16)).slice(-2); }
|
||||
return Object.keys(hash).map(i => toHexString(hash.charCodeAt(i))).join("");
|
||||
}
|
||||
|
||||
function digestMD5(aName, aRealm, aPassword, aNonce, aCnonce, aDigestUri) {
|
||||
let y = md5(aName + ":" + aRealm + ":" + aPassword, true);
|
||||
return md5hex(md5hex(y + ":" + aNonce + ":" + aCnonce) +
|
||||
":" + aNonce + ":00000001:" + aCnonce + ":auth:" +
|
||||
md5hex("AUTHENTICATE:" + aDigestUri));
|
||||
}
|
||||
|
||||
function DigestMD5Auth(username, password, domain) {
|
||||
this._username = username;
|
||||
this._password = password;
|
||||
this._domain = domain;
|
||||
this.next = this._init;
|
||||
}
|
||||
DigestMD5Auth.prototype = {
|
||||
_init: function(aStanza) {
|
||||
this.next = this._generateResponse;
|
||||
return {
|
||||
done: false,
|
||||
send: Stanza.node("auth", Stanza.NS.sasl, {mechanism: "DIGEST-MD5"})
|
||||
};
|
||||
},
|
||||
|
||||
_generateResponse: function(aStanza) {
|
||||
let decoded = atob(aStanza.innerText.replace(/[^A-Za-z0-9\+\/\=]/g, ""));
|
||||
let data = {realm: ""};
|
||||
|
||||
for (let elem of decoded.split(/, */)) {
|
||||
// Find the first = and use that to split the nonce from the value.
|
||||
let index = elem.indexOf("=");
|
||||
if (index == -1)
|
||||
throw "Error decoding: " + elem;
|
||||
|
||||
// Remove leading and trailing single or double quote, and then remove \ escaping.
|
||||
data[elem.slice(0, index)] =
|
||||
elem.slice(index + 1).replace(/^["']|["']$/g, "").replace(/\\(.)/g, "$1");
|
||||
}
|
||||
|
||||
data.username = this._username;
|
||||
|
||||
const kChars =
|
||||
"0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz";
|
||||
const kNonceLength = 32;
|
||||
let nonce = "";
|
||||
for (let i = 0; i < kNonceLength; ++i)
|
||||
nonce += kChars[Math.floor(Math.random() * kChars.length)];
|
||||
|
||||
data.cnonce = nonce;
|
||||
data.nc = "00000001";
|
||||
data.qop = "auth",
|
||||
data["digest-uri"] = "xmpp/" + this._domain + (data.host ? "/" + host : "");
|
||||
data.response = digestMD5(this._username, data.realm, this._password,
|
||||
data.nonce, data.cnonce, data["digest-uri"]);
|
||||
data.charset = "utf-8";
|
||||
|
||||
let response =
|
||||
["username", "realm", "nonce", "cnonce", "nc", "qop", "digest-uri",
|
||||
"response", "charset"].map(key => key + "=\"" + data[key] + "\"")
|
||||
.join(",");
|
||||
|
||||
this.next = this._finish;
|
||||
|
||||
return {
|
||||
done: false,
|
||||
send: Stanza.node("response", Stanza.NS.sasl, null, btoa(response)),
|
||||
log: '<response/> (base64 encoded MD5 response containing password not logged)'
|
||||
};
|
||||
},
|
||||
|
||||
_finish: function(aStanza) {
|
||||
if (aStanza.localName != "challenge")
|
||||
throw "Not authorized";
|
||||
|
||||
return {
|
||||
done: true,
|
||||
send: Stanza.node("response", Stanza.NS.sasl)
|
||||
};
|
||||
}
|
||||
};
|
||||
|
||||
var XMPPAuthMechanisms = {"PLAIN": PlainAuth, "DIGEST-MD5": DigestMD5Auth};
|
||||
var XMPPAuthMechanisms = {"PLAIN": PlainAuth};
|
||||
|
|
|
|||
|
|
@ -444,13 +444,6 @@ XMPPSession.prototype = {
|
|||
return;
|
||||
}
|
||||
|
||||
// OpenFire sometimes sends us a success stanza before the end
|
||||
// of the DIGEST-MD5 exchange... See bug 787046.
|
||||
if (aStanza && aStanza.localName == "success") {
|
||||
this.stanzaListeners.authResult.call(this, aStanza);
|
||||
return;
|
||||
}
|
||||
|
||||
let result;
|
||||
try {
|
||||
result = aAuthMec.next(aStanza);
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче