From feec659b08661e822c700347c4cf4734a79841a8 Mon Sep 17 00:00:00 2001 From: Sam Whited Date: Tue, 2 Dec 2014 19:33:41 -0500 Subject: Make sure SASL tokenizer strips strings Fix DIGEST-MD5 auth (make sure we're not splitting on BASE64 `==') --- src/main/java/eu/siacs/conversations/crypto/sasl/DigestMd5.java | 2 +- src/main/java/eu/siacs/conversations/crypto/sasl/Tokenizer.java | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) (limited to 'src/main/java/eu/siacs/conversations') diff --git a/src/main/java/eu/siacs/conversations/crypto/sasl/DigestMd5.java b/src/main/java/eu/siacs/conversations/crypto/sasl/DigestMd5.java index 850cacc2a..55c38f409 100644 --- a/src/main/java/eu/siacs/conversations/crypto/sasl/DigestMd5.java +++ b/src/main/java/eu/siacs/conversations/crypto/sasl/DigestMd5.java @@ -39,7 +39,7 @@ public class DigestMd5 extends SaslMechanism { final Tokenizer tokenizer = new Tokenizer(Base64.decode(challenge, Base64.DEFAULT)); String nonce = ""; for (final String token : tokenizer) { - final String[] parts = token.split("="); + final String[] parts = token.split("=", 2); if (parts[0].equals("nonce")) { nonce = parts[1].replace("\"", ""); } else if (parts[0].equals("rspauth")) { diff --git a/src/main/java/eu/siacs/conversations/crypto/sasl/Tokenizer.java b/src/main/java/eu/siacs/conversations/crypto/sasl/Tokenizer.java index 39be02246..e37e0fa71 100644 --- a/src/main/java/eu/siacs/conversations/crypto/sasl/Tokenizer.java +++ b/src/main/java/eu/siacs/conversations/crypto/sasl/Tokenizer.java @@ -16,6 +16,10 @@ public final class Tokenizer implements Iterator, Iterable { public Tokenizer(final byte[] challenge) { final String challengeString = new String(challenge); parts = new ArrayList<>(Arrays.asList(challengeString.split(","))); + // Trim parts. + for (int i = 0; i < parts.size(); i++) { + parts.set(i, parts.get(i).trim()); + } index = 0; } -- cgit v1.2.3