Skip to content

Commit 95bb8b2

Browse files
committed
OF-3327: Decouple occupant-ID hashing from the SASL/SCRAM implementation
Do not import `ScramSha1SaslServer` purely to reuse `HMAC_ALGORITHM_NAME` for an internal, authentication-unrelated hash (XEP-0421 occupant IDs). This ties a MUC-layer feature to a SASL-mechanism-specific constant, creating a somewhat awkward muc → sasl dependency for a value that has no conceptual relation to SCRAM authentication.
1 parent b3ae153 commit 95bb8b2

1 file changed

Lines changed: 2 additions & 2 deletions

File tree

  • xmppserver/src/main/java/org/jivesoftware/openfire/muc

xmppserver/src/main/java/org/jivesoftware/openfire/muc/MUCRoom.java

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4204,9 +4204,9 @@ public String generateOccupantId(@Nonnull final JID userJid)
42044204

42054205
try {
42064206
// Keep the room's identifier with they key, rather than with the data, which should have slightly improved security properties.
4207-
final byte[] roomKey = ScramUtils.computeHmac(siteKey.getBytes(StandardCharsets.UTF_8), this.getJID().toBareJID(), ScramSha1SaslServer.HMAC_ALGORITHM_NAME);
4207+
final byte[] roomKey = ScramUtils.computeHmac(siteKey.getBytes(StandardCharsets.UTF_8), this.getJID().toBareJID(), "HmacSHA1");
42084208

4209-
return StringUtils.encodeHex(ScramUtils.computeHmac(roomKey, userJid.toBareJID(), ScramSha1SaslServer.HMAC_ALGORITHM_NAME));
4209+
return StringUtils.encodeHex(ScramUtils.computeHmac(roomKey, userJid.toBareJID(), "HmacSHA1"));
42104210
} catch (SaslException e) {
42114211
throw new RuntimeException("Unable to compute HMAC for user '" + userJid + "' in room '" + this.getJID() + "' while generating an Occupant ID.");
42124212
}

0 commit comments

Comments
 (0)