def streamStarted(self):
# Create handshake
hs = domish.Element(("jabber:component:accept", "handshake"))
hs.addContent(xmlstream.hashPassword(self.xmlstream.sid, self.password))
# Setup observer to watch for handshake result
self.xmlstream.addOnetimeObserver("/handshake", self._handshakeEvent)
self.xmlstream.send(hs)
def initialize(self):
xs = self.xmlstream
hs = domish.Element((self.xmlstream.namespace, "handshake"))
hs.addContent(xmlstream.hashPassword(xs.sid, unicode(xs.authenticator.password)))
# Setup observer to watch for handshake result
xs.addOnetimeObserver("/handshake", self._cbHandshake)
xs.send(hs)
self._deferred = defer.Deferred()
return self._deferred
def initialize(self):
xs = self.xmlstream
hs = domish.Element((self.xmlstream.namespace, "handshake"))
digest = xmlstream.hashPassword(xs.sid, xs.authenticator.password)
hs.addContent(str(digest))
# Setup observer to watch for handshake result
xs.addOnetimeObserver("/handshake", self._cbHandshake)
xs.send(hs)
self._deferred = defer.Deferred()
return self._deferred
def onHandshake(self, handshake):
"""
Called upon receiving the handshake request.
This checks that the given hash in C{handshake} is equal to a
calculated hash, responding with a handshake reply or a stream error.
If the handshake was ok, the stream is authorized, and XML Stanzas may
be exchanged.
"""
calculatedHash = xmlstream.hashPassword(self.xmlstream.sid, str(self.secret))
if handshake != calculatedHash:
exc = error.StreamError("not-authorized", text="Invalid hash")
self.xmlstream.sendStreamError(exc)
else:
self.xmlstream.send("<handshake/>")
self.xmlstream.dispatch(self.xmlstream, xmlstream.STREAM_AUTHD_EVENT)
def onHandshake(self, handshake):
"""
Called upon receiving the handshake request.
This checks that the given hash in C{handshake} is equal to a
calculated hash, responding with a handshake reply or a stream error.
If the handshake was ok, the stream is authorized, and XML Stanzas may
be exchanged.
"""
calculatedHash = xmlstream.hashPassword(self.xmlstream.sid, unicode(self.secret))
if handshake != calculatedHash:
exc = error.StreamError("not-authorized", text="Invalid hash")
self.xmlstream.sendStreamError(exc)
else:
self.xmlstream.send("<handshake/>")
self.xmlstream.dispatch(self.xmlstream, xmlstream.STREAM_AUTHD_EVENT)
def _cbAuthQuery(self, iq):
jid = self.xmlstream.authenticator.jid
password = self.xmlstream.authenticator.password
# Construct auth request
reply = xmlstream.IQ(self.xmlstream, "set")
reply.addElement(("jabber:iq:auth", "query"))
reply.query.addElement("username", content = jid.user)
reply.query.addElement("resource", content = jid.resource)
# Prefer digest over plaintext
if DigestAuthQry.matches(iq):
digest = xmlstream.hashPassword(self.xmlstream.sid, unicode(password))
reply.query.addElement("digest", content = digest)
else:
reply.query.addElement("password", content = password)
d = reply.send()
d.addCallbacks(self._cbAuth, self._ebAuth)
return d
def authQueryResultEvent(self, iq, callback):
if iq["type"] == "result":
# Construct auth request
iq = client.IQ(self.xmlstream, "set")
iq.addElement(("jabber:iq:auth", "query"))
iq.query.addElement("username", content = self.jid.user)
iq.query.addElement("resource", content = self.jid.resource)
# Prefer digest over plaintext
if client.DigestAuthQry.matches(iq):
digest = xmlstream.hashPassword(self.xmlstream.sid, self.passwd)
iq.query.addElement("digest", content = digest)
else:
iq.query.addElement("password", content = self.passwd)
iq.addCallback(callback)
iq.send()
else:
# Check for 401 -- Invalid user
if iq.error["code"] == "401":
self.xmlstream.dispatch(iq, INVALID_USER_EVENT)
else:
self.xmlstream.dispatch(iq, AUTH_FAILED_EVENT)
def authQueryResultEvent(self, iq, callback):
if iq["type"] == "result":
# Construct auth request
iq = client.IQ(self.xmlstream, "set")
iq.addElement(("jabber:iq:auth", "query"))
iq.query.addElement("username", content = self.jid.user)
iq.query.addElement("resource", content = self.jid.resource)
# Prefer digest over plaintext
if client.DigestAuthQry.matches(iq):
digest = xmlstream.hashPassword(self.xmlstream.sid, self.passwd)
iq.query.addElement("digest", content = digest)
else:
iq.query.addElement("password", content = self.passwd)
iq.addCallback(callback)
iq.send()
else:
# Check for 401 -- Invalid user
if iq.error["code"] == "401":
self.xmlstream.dispatch(iq, INVALID_USER_EVENT)
else:
self.xmlstream.dispatch(iq, AUTH_FAILED_EVENT)
def test_unicodeSecret(self):
"""
The concatenated sid and password must be encoded to UTF-8 before hashing.
"""
hash = xmlstream.hashPassword(u"12345", u"secr\u00e9t")
self.assertEqual('659bf88d8f8e179081f7f3b4a8e7d224652d2853', hash)
def test_basic(self):
"""
The sid and secret are concatenated to calculate sha1 hex digest.
"""
hash = xmlstream.hashPassword(u"12345", u"secret")
self.assertEqual('99567ee91b2c7cabf607f10cb9f4a3634fa820e0', hash)
def test_unicodeSecret(self):
"""
The concatenated sid and password must be encoded to UTF-8 before hashing.
"""
hash = xmlstream.hashPassword(u"12345", u"secr\u00e9t")
self.assertEqual('659bf88d8f8e179081f7f3b4a8e7d224652d2853', hash)
def test_basic(self):
"""
The sid and secret are concatenated to calculate sha1 hex digest.
"""
hash = xmlstream.hashPassword(u"12345", u"secret")
self.assertEqual('99567ee91b2c7cabf607f10cb9f4a3634fa820e0', hash)