X-OAUTH2 encoding issue

mbecker · June 1, 2016, 8:11am

We work on a google cloud print integration and need to connect to google talk via oauth2.
While testing the smack library I could not login to talk.google.com with the auth error response of incorrect-encoding.

On investigating the issue I found it seems to be related to a double base64 encoding of the authentication text. (I’m no expert in smack so I might be wrong) Here is what I think is going on:

SASLXOauth2Mechanism.getAuthenticationText():
encodes the authentication text to a base64 encoded byte array with
Base64.encode(toBytes(’\u0000’ + authenticationId + ‘\u0000’ + password));
This would be Base64.encode(byte[] ) for the first time.
SASLMechanism.authenticate():
Calls the SASLXOauth2Mechanism.getAuthenticationText() to get the authentication text as a byte array.
It then converts the byte array to a string with Base64.encodeToString(byte[])
Base64.encodeToString(byte[]):
Before calling the String constructor it calls Base64.encode(byte[] ) on the byte array input argument.
This would be Base64.encode(byte[] ) for the second time.
So as far as I can see the authentication text is double base64 encoded and hence the incorrect-encoding issue. (google can’t find the ‘\u0000’ separators)

When I replaced the original SASLXOauth2Mechanism.getAuthenticationText() with the simple line
return toBytes(’\u0000’ + authenticationId + ‘\u0000’ + password);
The login returned with a success message.

Let me know if you can reproduce the issue.

Thanks and regards

Matt

Flow · June 1, 2016, 12:24pm

Thanks for reporting https://igniterealtime.org/issues/browse/SMACK-722

I’ve uploaded Samck 4.2.0-beta2-SNAPSHOT with Do not base64 twice in SASL X-OAUTH2 · Flowdalic/Smack@ac5d9d5 · GitHub

Could you test and report back if it fixes the issue for you?

mbecker · June 2, 2016, 7:44am

Yes the fix worked for me.
On a side note I used 4.1.7 and the switch to 4.2.0 had a little hick up.
Before I could test the fix I got a “java.security.KeyStoreException: Uninitialized keystore” exception.

So I needed to set XMPPTCPConnectionConfiguration.builder().setKeystoreType(null) to get it working.
As a user I would have expected it to just run with the default value for this advanced setting.

Nonetheless… Thank you very much for the fast response and fix.

Cheers

Matt

Flow · June 2, 2016, 12:06pm

Do you have the full stacktrace of that exception for me?

mbecker · June 2, 2016, 12:57pm

Sure… here is the log output with the stacktrace

02:54:08 PM SENT (0): <stream:stream xmlns=‘jabber:client’ to=‘gmail.com’ xmlns:stream=‘http://etherx.jabber.org/streams’ version=‘1.0’ xml:lang=‘en’>

02:54:08 PM RECV (0): <stream:stream from=“gmail.com” id=“038FCFDCE42EFD49” version=“1.0” xmlns:stream=“http://etherx.jabber.org/streams” xmlns=“jabber:client”>stream:featuresX-OAUTH2X-GOOGLE-TOKEN</stream:features>

02:54:08 PM SENT (0):

02:54:08 PM RECV (0):

Jun 02, 2016 2:54:08 PM org.jivesoftware.smack.AbstractXMPPConnection callConnectionClosedOnErrorListener

WARNING: Connection XMPPTCPConnection[not-authenticated] (0) closed with error

java.security.KeyStoreException: Uninitialized keystore

at java.security.KeyStore.aliases(KeyStore.java:1221)

at sun.security.ssl.SunX509KeyManagerImpl.(SunX509KeyManagerImpl.java:127)

at sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl .java:70)

at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:256)

at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnecti on.java:732)

at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$1000(XMPPTCPConnection.java :146)

at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPC onnection.java:1017)

at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPCon nection.java:951)

at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnecti on.java:966)

at java.lang.Thread.run(Thread.java:745)