Support for SHA-256 (#11240)

Signed-off-by: Pawel Pieczul <pieczul@gmail.com>

diff --git a/bundles/org.openhab.binding.loxone/src/main/java/org/openhab/binding/loxone/internal/security/LxWsSecurity.java b/bundles/org.openhab.binding.loxone/src/main/java/org/openhab/binding/loxone/internal/security/LxWsSecurity.java
index a4b37d26723bfc6faa329470051ce9b003f1bc43..ac12a29b8971a26f2152444e14358ee2145bd951 100644 (file)
--- a/bundles/org.openhab.binding.loxone/src/main/java/org/openhab/binding/loxone/internal/security/LxWsSecurity.java
+++ b/bundles/org.openhab.binding.loxone/src/main/java/org/openhab/binding/loxone/internal/security/LxWsSecurity.java
@@ -126,16 +126,18 @@ public abstract class LxWsSecurity {
      *
      * @param string string to be hashed
      * @param hashKeyHex hash key received from the Miniserver in hex format
+     * @param sha256 if SHA-256 algorithm should be used (SHA-1 otherwise)
      * @return hashed string or null if failed
      */
-    String hashString(String string, String hashKeyHex) {
+    String hashString(String string, String hashKeyHex, boolean sha256) {
         if (string == null || hashKeyHex == null) {
             return null;
         }
         try {
+            String alg = sha256 ? "HmacSHA256" : "HmacSHA1";
             byte[] hashKeyBytes = HexUtils.hexToBytes(hashKeyHex);
-            SecretKeySpec signKey = new SecretKeySpec(hashKeyBytes, "HmacSHA1");
-            Mac mac = Mac.getInstance("HmacSHA1");
+            SecretKeySpec signKey = new SecretKeySpec(hashKeyBytes, alg);
+            Mac mac = Mac.getInstance(alg);
             mac.init(signKey);
             byte[] rawData = mac.doFinal(string.getBytes());
             return HexUtils.bytesToHex(rawData);

diff --git a/bundles/org.openhab.binding.loxone/src/main/java/org/openhab/binding/loxone/internal/security/LxWsSecurityHash.java b/bundles/org.openhab.binding.loxone/src/main/java/org/openhab/binding/loxone/internal/security/LxWsSecurityHash.java
index 2993ac5a0c3454d6d3408d622f70c3477aabbebf..d90e37833948dc32ed040ab6fc5b6943570589fe 100644 (file)
--- a/bundles/org.openhab.binding.loxone/src/main/java/org/openhab/binding/loxone/internal/security/LxWsSecurityHash.java
+++ b/bundles/org.openhab.binding.loxone/src/main/java/org/openhab/binding/loxone/internal/security/LxWsSecurityHash.java
@@ -57,7 +57,7 @@ class LxWsSecurityHash extends LxWsSecurity {
         if (!checkResponse(resp)) {
             return false;
         }
-        String hash = hashString(user + ":" + password, resp.getValueAsString());
+        String hash = hashString(user + ":" + password, resp.getValueAsString(), false);
         if (hash == null) {
             return setError(LxErrorCode.INTERNAL_ERROR, "Error hashing credentials.");
         }

diff --git a/bundles/org.openhab.binding.loxone/src/main/java/org/openhab/binding/loxone/internal/security/LxWsSecurityToken.java b/bundles/org.openhab.binding.loxone/src/main/java/org/openhab/binding/loxone/internal/security/LxWsSecurityToken.java
index 1a8601aea1bf0f9ef1b6b140d2df22171a6bb6f6..b9e54ec633d5748f80bf85af00097e674b35ea66 100644 (file)
--- a/bundles/org.openhab.binding.loxone/src/main/java/org/openhab/binding/loxone/internal/security/LxWsSecurityToken.java
+++ b/bundles/org.openhab.binding.loxone/src/main/java/org/openhab/binding/loxone/internal/security/LxWsSecurityToken.java
@@ -86,6 +86,7 @@ class LxWsSecurityToken extends LxWsSecurity {
     private class LxResponseKeySalt {
         String key;
         String salt;
+        String hashAlg;
     }
 
     /**
@@ -148,6 +149,7 @@ class LxWsSecurityToken extends LxWsSecurity {
     private int tokenRefreshRetryCount;
     private ScheduledFuture<?> tokenRefreshTimer;
     private final Lock tokenRefreshLock = new ReentrantLock();
+    private boolean sha256 = false;
 
     private final byte[] initVector = new byte[IV_LENGTH_BYTES];
     private final Logger logger = LoggerFactory.getLogger(LxWsSecurityToken.class);
@@ -352,14 +354,14 @@ class LxWsSecurityToken extends LxWsSecurity {
         }
     }
 
-    private String hashCredentials(LxResponseKeySalt keySalt) {
+    private String hashCredentials(LxResponseKeySalt keySalt, boolean sha256) {
         try {
-            MessageDigest msgDigest = MessageDigest.getInstance("SHA-1");
+            MessageDigest msgDigest = MessageDigest.getInstance(sha256 ? "SHA-256" : "SHA-1");
             String pwdHashStr = password + ":" + keySalt.salt;
             byte[] rawData = msgDigest.digest(pwdHashStr.getBytes(StandardCharsets.UTF_8));
             String pwdHash = HexUtils.bytesToHex(rawData).toUpperCase();
             logger.debug("[{}] PWDHASH: {}", debugId, pwdHash);
-            return hashString(user + ":" + pwdHash, keySalt.key);
+            return hashString(user + ":" + pwdHash, keySalt.key, sha256);
         } catch (NoSuchAlgorithmException e) {
             logger.debug("[{}] Error hashing token credentials: {}", debugId, e.getMessage());
             return null;
@@ -376,10 +378,12 @@ class LxWsSecurityToken extends LxWsSecurity {
         if (keySalt == null) {
             return setError(null, "Error parsing hash key/salt json: " + resp.getValueAsString());
         }
-
+        if ("SHA256".equals(keySalt.hashAlg)) {
+            sha256 = true;
+        }
         logger.debug("[{}] Hash key: {}, salt: {}", debugId, keySalt.key, keySalt.salt);
         // Hash user name, password, key and salt
-        String hash = hashCredentials(keySalt);
+        String hash = hashCredentials(keySalt, sha256);
         if (hash == null) {
             return false;
         }
@@ -436,7 +440,7 @@ class LxWsSecurityToken extends LxWsSecurity {
         try {
             String hashKey = resp.getValueAsString();
             // here is a difference to the API spec, which says the string to hash is "user:token", but this is "token"
-            String hash = hashString(token, hashKey);
+            String hash = hashString(token, hashKey, sha256);
             if (hash == null) {
                 setError(null, "Error hashing token.");
             }