diff options
| author | Robert Godfrey <rgodfrey@apache.org> | 2014-07-06 21:28:20 +0000 |
|---|---|---|
| committer | Robert Godfrey <rgodfrey@apache.org> | 2014-07-06 21:28:20 +0000 |
| commit | b6734fbbbcef795654b243a8cbcc5c39b4547fd1 (patch) | |
| tree | 7a27166e09f1c1ae9699ef84df6942096c60bb2e /qpid/java/broker-plugins | |
| parent | 5dd593582a0d39ac2334a3690ed7d82dae2dc8ec (diff) | |
| download | qpid-python-b6734fbbbcef795654b243a8cbcc5c39b4547fd1.tar.gz | |
QPID-5878 : [Java Broker] Add SCRAM-SHA-256 SASL support
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1608295 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'qpid/java/broker-plugins')
2 files changed, 26 insertions, 12 deletions
diff --git a/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/authorization/sasl.js b/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/authorization/sasl.js index c00f0eae19..82404d100c 100644 --- a/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/authorization/sasl.js +++ b/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/authorization/sasl.js @@ -138,10 +138,20 @@ var saslCramMD5 = function saslCramMD5(user, password, saslMechanism, callbackFu }; - var saslScramSha1 = function saslScramSha1(user, password, saslMechanism, callbackFunction) - { + var saslScramSha1 = function saslScramSha1(user, password, saslMechanism, callbackFunction) { + saslScram("sha1",user,password,saslMechanism,callbackFunction); + }; + + var saslScramSha256 = function saslScramSha1(user, password, saslMechanism, callbackFunction) { + saslScram("sha256",user,password,saslMechanism,callbackFunction); + }; + + var saslScram = function saslScramSha1(mechanism, user, password, saslMechanism, callbackFunction) { - script.get("webjars/cryptojs/3.1.2/rollups/hmac-sha1.js").then( function() + var DIGEST = mechanism.toUpperCase(); + var HMAC = "Hmac"+DIGEST; + + script.get("webjars/cryptojs/3.1.2/rollups/hmac-"+mechanism+".js").then( function() { script.get("webjars/cryptojs/3.1.2/components/enc-base64-min.js").then ( function() { @@ -187,7 +197,7 @@ var saslCramMD5 = function saslCramMD5(user, password, saslMechanism, callbackFu var generateSaltedPassword = function generateSaltedPassword(salt, password, iterationCount) { - var hmac = CryptoJS.algo.HMAC.create(CryptoJS.algo.SHA1, password); + var hmac = CryptoJS.algo.HMAC.create(CryptoJS.algo[DIGEST], password); hmac.update(salt); hmac.update(CryptoJS.enc.Hex.parse("00000001")); @@ -196,7 +206,7 @@ var saslCramMD5 = function saslCramMD5(user, password, saslMechanism, callbackFu var previous = null; for(var i = 1 ;i < iterationCount; i++) { - hmac = CryptoJS.algo.HMAC.create(CryptoJS.algo.SHA1, password); + hmac = CryptoJS.algo.HMAC.create(CryptoJS.algo[DIGEST], password); hmac.update( previous != null ? previous : result ); previous = hmac.finalize(); result = xor(result, previous); @@ -238,12 +248,12 @@ var saslCramMD5 = function saslCramMD5(user, password, saslMechanism, callbackFu var saltedPassword = generateSaltedPassword(salt, password, iterationCount) var clientFinalMessageWithoutProof = "c=" + toBase64(GS2_HEADER) + ",r=" + nonce; var authMessage = clientFirstMessageBare + "," + serverFirstMessage + "," + clientFinalMessageWithoutProof; - var clientKey = CryptoJS.HmacSHA1("Client Key", saltedPassword); - var storedKey = CryptoJS.SHA1(clientKey); - var clientSignature = CryptoJS.HmacSHA1(authMessage, storedKey); + var clientKey = CryptoJS[HMAC]("Client Key", saltedPassword); + var storedKey = CryptoJS[DIGEST](clientKey); + var clientSignature = CryptoJS[HMAC](authMessage, storedKey); var clientProof = xor(clientKey, clientSignature); - var serverKey = CryptoJS.HmacSHA1("Server Key", saltedPassword); - serverSignature = CryptoJS.HmacSHA1(authMessage, serverKey); + var serverKey = CryptoJS[HMAC]("Server Key", saltedPassword); + serverSignature = CryptoJS[HMAC](authMessage, serverKey); dojo.xhrPost({ // The URL of the request url: saslServiceUrl, @@ -300,7 +310,11 @@ SaslClient.authenticate = function(username, password, callbackFunction) }).then(function(data) { var mechMap = data.mechanisms; - if(containsMechanism(mechMap, "SCRAM-SHA-1")) + if(containsMechanism(mechMap, "SCRAM-SHA-256")) + { + saslScramSha256(username, password, "SCRAM-SHA-256", callbackFunction) + } + else if(containsMechanism(mechMap, "SCRAM-SHA-1")) { saslScramSha1(username, password, "SCRAM-SHA-1", callbackFunction) } diff --git a/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/common/util.js b/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/common/util.js index 46d0cfa35d..1391d7d5ff 100644 --- a/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/common/util.js +++ b/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/common/util.js @@ -140,7 +140,7 @@ define(["dojo/_base/xhr", util.isProviderManagingUsers = function(type) { - return (type === "PlainPasswordFile" || type === "Base64MD5PasswordFile" || type === "SCRAM-SHA-1"); + return (type === "PlainPasswordFile" || type === "Base64MD5PasswordFile" || type === "SCRAM-SHA-1" || type === "SCRAM-SHA-256"); }; util.showSetAttributesDialog = function(attributeWidgetFactories, data, putURL, dialogTitle, appendNameToUrl) |