diff --git a/chat/protocols/xmpp/xmpp-authmechs.jsm b/chat/protocols/xmpp/xmpp-authmechs.jsm index 274c96fa90..eb03089237 100644 --- a/chat/protocols/xmpp/xmpp-authmechs.jsm +++ b/chat/protocols/xmpp/xmpp-authmechs.jsm @@ -33,113 +33,4 @@ PlainAuth.prototype = { } }; - -/* Handles DIGEST-MD5 authorization mechanism */ - -// md5 function adapted from netwerk/test/unit/test_authentication.js -// If aUTF8 is true, aString will be treated as an UTF8 encoded string, -// otherwise it can contain binary data. -function md5(aString, aUTF8) { - let ch = Cc["@mozilla.org/security/hash;1"].createInstance(Ci.nsICryptoHash); - ch.init(ch.MD5); - - let data; - if (aUTF8) { - let converter = Cc["@mozilla.org/intl/scriptableunicodeconverter"] - .createInstance(Ci.nsIScriptableUnicodeConverter); - converter.charset = "UTF-8"; - data = converter.convertToByteArray(aString); - } - else { - data = Object.keys(aString).map(i => aString.charCodeAt(i)); - } - - ch.update(data, data.length); - return ch.finish(false); -} -function md5hex(aString) { - let hash = md5(aString); - function toHexString(charCode) { return ("0" + charCode.toString(16)).slice(-2); } - return Object.keys(hash).map(i => toHexString(hash.charCodeAt(i))).join(""); -} - -function digestMD5(aName, aRealm, aPassword, aNonce, aCnonce, aDigestUri) { - let y = md5(aName + ":" + aRealm + ":" + aPassword, true); - return md5hex(md5hex(y + ":" + aNonce + ":" + aCnonce) + - ":" + aNonce + ":00000001:" + aCnonce + ":auth:" + - md5hex("AUTHENTICATE:" + aDigestUri)); -} - -function DigestMD5Auth(username, password, domain) { - this._username = username; - this._password = password; - this._domain = domain; - this.next = this._init; -} -DigestMD5Auth.prototype = { - _init: function(aStanza) { - this.next = this._generateResponse; - return { - done: false, - send: Stanza.node("auth", Stanza.NS.sasl, {mechanism: "DIGEST-MD5"}) - }; - }, - - _generateResponse: function(aStanza) { - let decoded = atob(aStanza.innerText.replace(/[^A-Za-z0-9\+\/\=]/g, "")); - let data = {realm: ""}; - - for (let elem of decoded.split(/, */)) { - // Find the first = and use that to split the nonce from the value. - let index = elem.indexOf("="); - if (index == -1) - throw "Error decoding: " + elem; - - // Remove leading and trailing single or double quote, and then remove \ escaping. - data[elem.slice(0, index)] = - elem.slice(index + 1).replace(/^["']|["']$/g, "").replace(/\\(.)/g, "$1"); - } - - data.username = this._username; - - const kChars = - "0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz"; - const kNonceLength = 32; - let nonce = ""; - for (let i = 0; i < kNonceLength; ++i) - nonce += kChars[Math.floor(Math.random() * kChars.length)]; - - data.cnonce = nonce; - data.nc = "00000001"; - data.qop = "auth", - data["digest-uri"] = "xmpp/" + this._domain + (data.host ? "/" + host : ""); - data.response = digestMD5(this._username, data.realm, this._password, - data.nonce, data.cnonce, data["digest-uri"]); - data.charset = "utf-8"; - - let response = - ["username", "realm", "nonce", "cnonce", "nc", "qop", "digest-uri", - "response", "charset"].map(key => key + "=\"" + data[key] + "\"") - .join(","); - - this.next = this._finish; - - return { - done: false, - send: Stanza.node("response", Stanza.NS.sasl, null, btoa(response)), - log: ' (base64 encoded MD5 response containing password not logged)' - }; - }, - - _finish: function(aStanza) { - if (aStanza.localName != "challenge") - throw "Not authorized"; - - return { - done: true, - send: Stanza.node("response", Stanza.NS.sasl) - }; - } -}; - -var XMPPAuthMechanisms = {"PLAIN": PlainAuth, "DIGEST-MD5": DigestMD5Auth}; +var XMPPAuthMechanisms = {"PLAIN": PlainAuth}; diff --git a/chat/protocols/xmpp/xmpp-session.jsm b/chat/protocols/xmpp/xmpp-session.jsm index f7f1ba7096..e6fac7f805 100644 --- a/chat/protocols/xmpp/xmpp-session.jsm +++ b/chat/protocols/xmpp/xmpp-session.jsm @@ -444,13 +444,6 @@ XMPPSession.prototype = { return; } - // OpenFire sometimes sends us a success stanza before the end - // of the DIGEST-MD5 exchange... See bug 787046. - if (aStanza && aStanza.localName == "success") { - this.stanzaListeners.authResult.call(this, aStanza); - return; - } - let result; try { result = aAuthMec.next(aStanza);