Not logged in. · Lost password · Register
Forum: MatriX .NET RSS
DIGEST-MD5 problem
Yasu 2011-09-15, 08:31 #1
Member since Sep 2011 · 22 posts
Group memberships: Members, Premium
Show profile · Link to this post
Subject: DIGEST-MD5 problem
I tried to connect to OpenFire by using your sample code:MiniClient and I changed to use BOSH. (MatriX 1.4.2 binary .NET version)
And I found a problem about DIGEST-MD5 authorization.

I used username,password,domain name like this.

username: 012345678910
password: word012345678910
Server :    abc.abdev1.xyz.tests.co.jp  (<- this is a local openfire server)

This long charactor setting causes error at DIGEST-MD5 authorization.
But using shorter username and password, it was successed.

I need to use such a long username,password,domain name for our products.
Can I solve this problem by changing MiniClient?
If this is library's problem, I hope this problem fixed soon.

[failed log]
SEND: <stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" to="abc.abdev1.xyz.tests.co.jp" version="1.0" >
RECV: <stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" from="abc.abdev1.xyz.tests.co.jp" version="1.0" id="a55c5232" >
RECV: <stream:features xmlns:stream="http://etherx.jabber.org/streams">
  <mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl">
    <mechanism>DIGEST-MD5</mechanism>
    <mechanism>PLAIN</mechanism>
    <mechanism>ANONYMOUS</mechanism>
    <mechanism>CRAM-MD5</mechanism>
  </mechanisms>
  <compression xmlns="http://jabber.org/features/compress">
    <method>zlib</method>
  </compression>
  <bind xmlns="urn:ietf:params:xml:ns:xmpp-bind" />
  <session xmlns="urn:ietf:params:xml:ns:xmpp-session" />
</stream:features>
SEND: <auth mechanism="DIGEST-MD5" xmlns="urn:ietf:params:xml:ns:xmpp-sasl" />
RECV: <challenge xmlns="urn:ietf:params:xml:ns:xmpp-sasl">cmVhbG09ImFiYy5hYmRldjEueHl6LnRlc3RzLmNvLmpwIixub25jZT0ibG8reWNEeHp5OHdncTVTYVM0WkNlOW1WZ00xZzRoNDUvUmZ3R3VDMCIscW9wPSJhdXRoIixjaGFyc2V0PXV0Zi04LGFsZ29yaXRobT1tZDUtc2Vzcw==</challenge>
SEND: <response xmlns="urn:ietf:params:xml:ns:xmpp-sasl">dXNlcm5hbWU9IjAxMjM0NTY3ODkwIixyZWFsbT0iYWJjLmFiZGV2MS54eXoudGVzdHMuY28uanAiLG5vbmNlPSJsbyt5Y0R4enk4d2dxNVNhUzRaQ2U5bVZnTTFnNGg0NS9SZndHdUMwIixjbm9uY2U9IjYzMjEyMmNlMGZhODc3OTEwYjY1MzM5NjA5Yzc2ZmEwZGFhMzM4MzA5N2E0YWEzMjZiYmM0ZTYzMzNkZTViMzUiLG5jPTAwMDAwMDAxLHFvcD1hdXRoLGRpZ2VzdC11cmk9InhtcHAvYWJjLmFiZGV2MS54eXoudGVzdHMuY28uanAiLGNoYXJzZXQ9dXRmLTgscmVzcG9uc2U9YjBiNzYyYzU4MjY3YmUxZDdlOWZlNDMzNTBhZTMwM2I=</response>
RECV: <failure xmlns="urn:ietf:params:xml:ns:xmpp-sasl">
  <not-authorized />
</failure>
SEND: </stream:stream>
RECV: </stream:stream>
Avatar
Alex 2011-09-15, 08:50 #2
Member since Feb 2003 · 2700 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
I see no reason why Digest MD5 should fail with long usernames, password or domains. We have many customers using much longer usernames. Have you tried an existing client like Psi?
Anyway, Digest MD5 is deprecated and broken in the design and not recommended to use anymore.

Alex
Alexander Gnauck
AG-Software
Yasu 2011-09-16, 02:29 #3
Member since Sep 2011 · 22 posts
Group memberships: Members, Premium
Show profile · Link to this post
My expression was wrong.

MatriX generates wrong result of encryption at sasl authorization(choose digest-md5 for auth),
when using long string name and password,domain.( when these all three parameters are long string, this happens.)

I tried existing client Sparks,and existing library Smack and strophe.js, but they have no problem.
only MatriX causes this problem, so I think this is something bug of MatriX.

[this is server side log : openfire]
javax.security.sasl.SaslException: DIGEST-MD5: digest response format violation. Mismatched response.
    at com.sun.security.sasl.digest.DigestMD5Server.validateClientResponse(Unknown Source)
    at com.sun.security.sasl.digest.DigestMD5Server.evaluateResponse(Unknown Source)
    at org.jivesoftware.openfire.net.SASLAuthentication.handle(SASLAuthentication.java:296)
    at org.jivesoftware.openfire.SessionPacketRouter.route(SessionPacketRouter.java:58)
    at org.jivesoftware.openfire.http.HttpSession.sendPendingPackets(HttpSession.java:619)
    at org.jivesoftware.openfire.http.HttpSessionManager$HttpPacketSender.run(HttpSessionManager.java:377)
    at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
This post was edited on 2011-09-16, 02:56 by Yasu.
Avatar
Alex 2011-09-16, 10:51 #4
Member since Feb 2003 · 2700 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
please post a username and password combination which fails for you with exact these exception in Openfire.

Alex
Alexander Gnauck
AG-Software
Yasu 2011-09-16, 13:52 #5
Member since Sep 2011 · 22 posts
Group memberships: Members, Premium
Show profile · Link to this post
This is failed combination.

username: 012345678910
password: pass012345678910
domain :    abc.abdev1.xyz.tests.co.jp      (<- this is a local openfire server)
Avatar
Alex 2011-09-16, 14:33 #6
Member since Feb 2003 · 2700 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
I will debug this and come back to you then.

Alex
Alexander Gnauck
AG-Software
Avatar
Alex 2011-09-16, 16:47 #7
Member since Feb 2003 · 2700 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
Ok I can confirm that there is a problem. I while ago I have added a Managed MD5 class for Silverlight and Windows Phone, because there is no MD5 available in the Framework. For longer strings, or depending on the input this hashing class seems create wrong hashes. I am working on a solution and will post the results then.

Alex
Alexander Gnauck
AG-Software
Avatar
Alex 2011-09-16, 20:03 #8
Member since Feb 2003 · 2700 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
problem is fixed. There is a bug in Microsofts managed MD5 Hash class.
see. http://archive.msdn.microsoft.com/SilverlightMD5

I am uploading a new binary 1.4.3.0 in the next minutes.

Alex
Alexander Gnauck
AG-Software
Yasu 2011-09-20, 03:40 #9
Member since Sep 2011 · 22 posts
Group memberships: Members, Premium
Show profile · Link to this post
I tried 1.4.3.0 , It works fine!!

Thanks for your help.
Close Smaller – Larger + Reply to this post:
Verification code: VeriCode Please enter the word from the image into the text field below. (Type the letters only, lower case is okay.)
Smileys: :-) ;-) :-D :-p :blush: :cool: :rolleyes: :huh: :-/ <_< :-( :'( :#: :scared: 8-( :nuts: :-O
Special characters:

Forum: MatriX .NET RSS

we recommend:
XMPP: The Definitive Guide

XMPP-the definite guide