handle invalid base64 is SASl SCRAM response

This commit is contained in:
Daniel Gultsch 2016-05-07 11:34:17 +02:00
parent e2d3bef739
commit 76889b9c58

View file

@ -185,13 +185,17 @@ public class ScramSha1 extends SaslMechanism {
state = State.RESPONSE_SENT; state = State.RESPONSE_SENT;
return Base64.encodeToString(clientFinalMessage.getBytes(), Base64.NO_WRAP); return Base64.encodeToString(clientFinalMessage.getBytes(), Base64.NO_WRAP);
case RESPONSE_SENT: case RESPONSE_SENT:
final String clientCalculatedServerFinalMessage = "v=" + try {
Base64.encodeToString(serverSignature, Base64.NO_WRAP); final String clientCalculatedServerFinalMessage = "v=" +
if (challenge == null || !clientCalculatedServerFinalMessage.equals(new String(Base64.decode(challenge, Base64.DEFAULT)))) { Base64.encodeToString(serverSignature, Base64.NO_WRAP);
if (!clientCalculatedServerFinalMessage.equals(new String(Base64.decode(challenge, Base64.DEFAULT)))) {
throw new Exception();
};
state = State.VALID_SERVER_RESPONSE;
return "";
} catch(Exception e) {
throw new AuthenticationException("Server final message does not match calculated final message"); throw new AuthenticationException("Server final message does not match calculated final message");
} }
state = State.VALID_SERVER_RESPONSE;
return "";
default: default:
throw new InvalidStateException(state); throw new InvalidStateException(state);
} }