You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Martin Ritchie (JIRA)" <qp...@incubator.apache.org> on 2008/05/14 12:27:55 UTC
[jira] Created: (QPID-1058) Add support for CRAM-MD5-HASHED as used
by Java Broker
Add support for CRAM-MD5-HASHED as used by Java Broker
------------------------------------------------------
Key: QPID-1058
URL: https://issues.apache.org/jira/browse/QPID-1058
Project: Qpid
Issue Type: New Feature
Components: Dot Net Client
Affects Versions: M2, M2.1
Reporter: Martin Ritchie
Fix For: M3
Summary:
As shown on the Qpid Interoperability page the .Net does not currently support the CRAM-MD5-HASHED SASL mechanism offered by the Java broker.
http://cwiki.apache.org/confluence/display/qpid/Qpid+Interoperability+Documentation
For the .Net client to interoperate with the Java broker using the Base64 encoded MD5Hashed password file the .Net client needs to support this mechanism.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (QPID-1058) Add support for CRAM-MD5-HASHED as
used by Java Broker
Posted by "Aidan Skinner (JIRA)" <qp...@incubator.apache.org>.
[ https://issues.apache.org/jira/browse/QPID-1058?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Aidan Skinner resolved QPID-1058.
---------------------------------
Resolution: Fixed
This is done, but is hideous
> Add support for CRAM-MD5-HASHED as used by Java Broker
> ------------------------------------------------------
>
> Key: QPID-1058
> URL: https://issues.apache.org/jira/browse/QPID-1058
> Project: Qpid
> Issue Type: New Feature
> Components: Dot Net Client
> Affects Versions: M2, M2.1
> Reporter: Martin Ritchie
> Assignee: Martin Ritchie
> Fix For: M3
>
>
> Summary:
> As shown on the Qpid Interoperability page the .Net does not currently support the CRAM-MD5-HASHED SASL mechanism offered by the Java broker.
> http://cwiki.apache.org/confluence/display/qpid/Qpid+Interoperability+Documentation
> For the .Net client to interoperate with the Java broker using the Base64 encoded MD5Hashed password file the .Net client needs to support this mechanism.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (QPID-1058) Add support for CRAM-MD5-HASHED as
used by Java Broker
Posted by "Martin Ritchie (JIRA)" <qp...@incubator.apache.org>.
[ https://issues.apache.org/jira/browse/QPID-1058?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12602969#action_12602969 ]
Martin Ritchie commented on QPID-1058:
--------------------------------------
The concern with that solution was the reduced key space but given that the MD5 isn't exactly secure then this approach would at least allow us to have a working SASL mechanism that will work with non-java languages.
While this is not ideal users do not have to use it if they are concerned about the security implications.
We should really try and get Kevin Smith to provide us documentation on how the SSL work he did works as this would allow us to secure a standard PLAIN authentication.
> Add support for CRAM-MD5-HASHED as used by Java Broker
> ------------------------------------------------------
>
> Key: QPID-1058
> URL: https://issues.apache.org/jira/browse/QPID-1058
> Project: Qpid
> Issue Type: New Feature
> Components: Dot Net Client
> Affects Versions: M2, M2.1
> Reporter: Martin Ritchie
> Assignee: Martin Ritchie
> Fix For: M3
>
>
> Summary:
> As shown on the Qpid Interoperability page the .Net does not currently support the CRAM-MD5-HASHED SASL mechanism offered by the Java broker.
> http://cwiki.apache.org/confluence/display/qpid/Qpid+Interoperability+Documentation
> For the .Net client to interoperate with the Java broker using the Base64 encoded MD5Hashed password file the .Net client needs to support this mechanism.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (QPID-1058) Add support for CRAM-MD5-HASHED as
used by Java Broker
Posted by "Martin Ritchie (JIRA)" <qp...@incubator.apache.org>.
[ https://issues.apache.org/jira/browse/QPID-1058?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Martin Ritchie reassigned QPID-1058:
------------------------------------
Assignee: Martin Ritchie
> Add support for CRAM-MD5-HASHED as used by Java Broker
> ------------------------------------------------------
>
> Key: QPID-1058
> URL: https://issues.apache.org/jira/browse/QPID-1058
> Project: Qpid
> Issue Type: New Feature
> Components: Dot Net Client
> Affects Versions: M2, M2.1
> Reporter: Martin Ritchie
> Assignee: Martin Ritchie
> Fix For: M3
>
>
> Summary:
> As shown on the Qpid Interoperability page the .Net does not currently support the CRAM-MD5-HASHED SASL mechanism offered by the Java broker.
> http://cwiki.apache.org/confluence/display/qpid/Qpid+Interoperability+Documentation
> For the .Net client to interoperate with the Java broker using the Base64 encoded MD5Hashed password file the .Net client needs to support this mechanism.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (QPID-1058) Add support for CRAM-MD5-HASHED as
used by Java Broker
Posted by "Aidan Skinner (JIRA)" <qp...@incubator.apache.org>.
[ https://issues.apache.org/jira/browse/QPID-1058?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12598253#action_12598253 ]
Aidan Skinner commented on QPID-1058:
-------------------------------------
It may be possible to use the IndyProject's CRAM-MD5 implementation for this: http://www.indyproject.org
> Add support for CRAM-MD5-HASHED as used by Java Broker
> ------------------------------------------------------
>
> Key: QPID-1058
> URL: https://issues.apache.org/jira/browse/QPID-1058
> Project: Qpid
> Issue Type: New Feature
> Components: Dot Net Client
> Affects Versions: M2, M2.1
> Reporter: Martin Ritchie
> Fix For: M3
>
>
> Summary:
> As shown on the Qpid Interoperability page the .Net does not currently support the CRAM-MD5-HASHED SASL mechanism offered by the Java broker.
> http://cwiki.apache.org/confluence/display/qpid/Qpid+Interoperability+Documentation
> For the .Net client to interoperate with the Java broker using the Base64 encoded MD5Hashed password file the .Net client needs to support this mechanism.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (QPID-1058) Add support for CRAM-MD5-HASHED as
used by Java Broker
Posted by "Robert Greig (JIRA)" <qp...@incubator.apache.org>.
[ https://issues.apache.org/jira/browse/QPID-1058?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12602729#action_12602729 ]
Robert Greig commented on QPID-1058:
------------------------------------
How about this - instead of sending over the hashed bytes as UTF-8 send over the hashed bytes as a hex string [as UTF-8]? Then we just have to be able to handle A-F and 0-9 which should just about be possible :-)
I take it that the hashing is our own scheme so we are free to turn that into a hex string if we want?
> Add support for CRAM-MD5-HASHED as used by Java Broker
> ------------------------------------------------------
>
> Key: QPID-1058
> URL: https://issues.apache.org/jira/browse/QPID-1058
> Project: Qpid
> Issue Type: New Feature
> Components: Dot Net Client
> Affects Versions: M2, M2.1
> Reporter: Martin Ritchie
> Fix For: M3
>
>
> Summary:
> As shown on the Qpid Interoperability page the .Net does not currently support the CRAM-MD5-HASHED SASL mechanism offered by the Java broker.
> http://cwiki.apache.org/confluence/display/qpid/Qpid+Interoperability+Documentation
> For the .Net client to interoperate with the Java broker using the Base64 encoded MD5Hashed password file the .Net client needs to support this mechanism.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (QPID-1058) Add support for CRAM-MD5-HASHED as
used by Java Broker
Posted by "Aidan Skinner (JIRA)" <qp...@incubator.apache.org>.
[ https://issues.apache.org/jira/browse/QPID-1058?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12602698#action_12602698 ]
Aidan Skinner commented on QPID-1058:
-------------------------------------
Wow, ok, lots of pain. Java's penchant for UTF-8 encoding all and sundry totally breaks this, as it and .Net have a different idea of what you do with characters in the undefined range.
I implemented an alternate DIGEST-MD5-HASHED mechanism which I thought would solve the problem as it has a property to twiddle that controls the character encoding, but that's been removed in JDK6.
Current plan would be to implement our own DIGEST-MD5 provider, rather than wrapping the system one and not munging the password, but I've been unable to find an ASL licensced implementation to repurpouse. Harmony doesn't seem to have it, although it claims 100% complete SASL class coverage... *shrug*
> Add support for CRAM-MD5-HASHED as used by Java Broker
> ------------------------------------------------------
>
> Key: QPID-1058
> URL: https://issues.apache.org/jira/browse/QPID-1058
> Project: Qpid
> Issue Type: New Feature
> Components: Dot Net Client
> Affects Versions: M2, M2.1
> Reporter: Martin Ritchie
> Fix For: M3
>
>
> Summary:
> As shown on the Qpid Interoperability page the .Net does not currently support the CRAM-MD5-HASHED SASL mechanism offered by the Java broker.
> http://cwiki.apache.org/confluence/display/qpid/Qpid+Interoperability+Documentation
> For the .Net client to interoperate with the Java broker using the Base64 encoded MD5Hashed password file the .Net client needs to support this mechanism.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (QPID-1058) Add support for CRAM-MD5-HASHED as
used by Java Broker
Posted by "Robert Greig (JIRA)" <qp...@incubator.apache.org>.
[ https://issues.apache.org/jira/browse/QPID-1058?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12603032#action_12603032 ]
Robert Greig commented on QPID-1058:
------------------------------------
An alternative, which would give a larger key space, is just to set the highest bit on each byte in the key to zero, thereby guaranteeing they are all representable in UTF-8 in a single bit.
> Add support for CRAM-MD5-HASHED as used by Java Broker
> ------------------------------------------------------
>
> Key: QPID-1058
> URL: https://issues.apache.org/jira/browse/QPID-1058
> Project: Qpid
> Issue Type: New Feature
> Components: Dot Net Client
> Affects Versions: M2, M2.1
> Reporter: Martin Ritchie
> Assignee: Martin Ritchie
> Fix For: M3
>
>
> Summary:
> As shown on the Qpid Interoperability page the .Net does not currently support the CRAM-MD5-HASHED SASL mechanism offered by the Java broker.
> http://cwiki.apache.org/confluence/display/qpid/Qpid+Interoperability+Documentation
> For the .Net client to interoperate with the Java broker using the Base64 encoded MD5Hashed password file the .Net client needs to support this mechanism.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (QPID-1058) Add support for CRAM-MD5-HASHED as
used by Java Broker
Posted by "Martin Ritchie (JIRA)" <qp...@incubator.apache.org>.
[ https://issues.apache.org/jira/browse/QPID-1058?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12603801#action_12603801 ]
Martin Ritchie commented on QPID-1058:
--------------------------------------
Using the hex of the hash I added a CRAM-MD5-HEX authentication mechanism I added the ability for .NET clients to connect to a broker running the Base64MD5PasswordFile. Currently this is only on M2.x and merged to M2.1.x. Will move to trunk shortly.
> Add support for CRAM-MD5-HASHED as used by Java Broker
> ------------------------------------------------------
>
> Key: QPID-1058
> URL: https://issues.apache.org/jira/browse/QPID-1058
> Project: Qpid
> Issue Type: New Feature
> Components: Dot Net Client
> Affects Versions: M2, M2.1
> Reporter: Martin Ritchie
> Assignee: Martin Ritchie
> Fix For: M3
>
>
> Summary:
> As shown on the Qpid Interoperability page the .Net does not currently support the CRAM-MD5-HASHED SASL mechanism offered by the Java broker.
> http://cwiki.apache.org/confluence/display/qpid/Qpid+Interoperability+Documentation
> For the .Net client to interoperate with the Java broker using the Base64 encoded MD5Hashed password file the .Net client needs to support this mechanism.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (QPID-1058) Add support for CRAM-MD5-HASHED as
used by Java Broker
Posted by "Martin Ritchie (JIRA)" <qp...@incubator.apache.org>.
[ https://issues.apache.org/jira/browse/QPID-1058?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12602976#action_12602976 ]
Martin Ritchie commented on QPID-1058:
--------------------------------------
My plan is to create a new mechanism CRAM-MD5-HEX on the Java broker for the Base64MD5PasswordFile which will convert the hash value read from the file in to hex and use that as the password. The .Net will do the same conversion of its hash value which will get us around the UTF-8 encoding problem.
> Add support for CRAM-MD5-HASHED as used by Java Broker
> ------------------------------------------------------
>
> Key: QPID-1058
> URL: https://issues.apache.org/jira/browse/QPID-1058
> Project: Qpid
> Issue Type: New Feature
> Components: Dot Net Client
> Affects Versions: M2, M2.1
> Reporter: Martin Ritchie
> Assignee: Martin Ritchie
> Fix For: M3
>
>
> Summary:
> As shown on the Qpid Interoperability page the .Net does not currently support the CRAM-MD5-HASHED SASL mechanism offered by the Java broker.
> http://cwiki.apache.org/confluence/display/qpid/Qpid+Interoperability+Documentation
> For the .Net client to interoperate with the Java broker using the Base64 encoded MD5Hashed password file the .Net client needs to support this mechanism.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.