public SaslClient createSaslClient(String[] mechanisms, String authorizationId, String protocol, String serverName, Map<String, ?> props, CallbackHandler callbackHandler) { boolean matchedMechanism = false; for (int i = 0; i < mechanisms.length; ++i) { if ("XOAUTH2".equalsIgnoreCase(mechanisms[i])) { matchedMechanism = true; break; } } if (!matchedMechanism) { logger.info("Failed to match any mechanisms"); return null; } return new OAuth2SaslClient((String) props.get(OAUTH_TOKEN_PROP), callbackHandler); }
SaslOutputStream(SaslClient sc, OutputStream out) throws SaslException { super(out); this.sc = sc; if (debug) { System.err.println("SaslOutputStream: " + out); } String str = (String) sc.getNegotiatedProperty(Sasl.RAW_SEND_SIZE); if (str != null) { try { rawSendSize = Integer.parseInt(str); } catch (NumberFormatException e) { throw new SaslException(Sasl.RAW_SEND_SIZE + " property must be numeric string: " + str); } } }
SaslInputStream(SaslClient sc, InputStream in) throws SaslException { super(); this.in = in; this.sc = sc; String str = (String) sc.getNegotiatedProperty(Sasl.MAX_BUFFER); if (str != null) { try { recvMaxBufSize = Integer.parseInt(str); } catch (NumberFormatException e) { throw new SaslException(Sasl.MAX_BUFFER + " property must be numeric string: " + str); } } saslBuffer = new byte[recvMaxBufSize]; }
static SaslClient createSaslClient(final String user, final String password) throws SaslException { return Sasl.createSaslClient(new String[]{"PLAIN"}, user, null, null, null, new CallbackHandler() { @Override public void handle(final Callback[] callbacks) throws IOException, UnsupportedCallbackException { for (final Callback callback : callbacks) { if (callback instanceof PasswordCallback) { ((PasswordCallback) callback).setPassword(password.toCharArray()); } else if (callback instanceof NameCallback) { ((NameCallback) callback).setName(user); } } } }); }
private void runNegotiation(CallbackHandler clientCbh, CallbackHandler serverCbh) throws SaslException { String mechanism = AuthMethod.PLAIN.getMechanismName(); SaslClient saslClient = Sasl.createSaslClient( new String[]{ mechanism }, null, null, null, null, clientCbh); assertNotNull(saslClient); SaslServer saslServer = Sasl.createSaslServer( mechanism, null, "localhost", null, serverCbh); assertNotNull("failed to find PLAIN server", saslServer); byte[] response = saslClient.evaluateChallenge(new byte[0]); assertNotNull(response); assertTrue(saslClient.isComplete()); response = saslServer.evaluateResponse(response); assertNull(response); assertTrue(saslServer.isComplete()); assertNotNull(saslServer.getAuthorizationID()); }
@Override public SaslClient createSaslClient(String[] mechanisms, String authorizationId, String protocol, String serverName, Map<String, ?> props, CallbackHandler cbh) throws SaslException { ScramMechanism mechanism = null; for (String mech : mechanisms) { mechanism = ScramMechanism.forMechanismName(mech); if (mechanism != null) break; } if (mechanism == null) throw new SaslException(String.format("Requested mechanisms '%s' not supported. Supported mechanisms are '%s'.", Arrays.asList(mechanisms), ScramMechanism.mechanismNames())); try { return new ScramSaslClient(mechanism, cbh); } catch (NoSuchAlgorithmException e) { throw new SaslException("Hash algorithm not supported for mechanism " + mechanism, e); } }
@Override protected void channelRead0(final ChannelHandlerContext channelHandlerContext, final ResponseMessage response) throws Exception { // We are only interested in AUTHENTICATE responses here. Everything else can // get passed down the pipeline if (response.getStatus().getCode() == ResponseStatusCode.AUTHENTICATE) { final Attribute<SaslClient> saslClient = channelHandlerContext.attr(saslClientKey); final Attribute<Subject> subject = channelHandlerContext.attr(subjectKey); RequestMessage.Builder messageBuilder = RequestMessage.build(Tokens.OPS_AUTHENTICATION); // First time through we don't have a sasl client if (saslClient.get() == null) { subject.set(login()); saslClient.set(saslClient(getHostName(channelHandlerContext))); messageBuilder.addArg(Tokens.ARGS_SASL_MECHANISM, getMechanism()); messageBuilder.addArg(Tokens.ARGS_SASL, saslClient.get().hasInitialResponse() ? evaluateChallenge(subject, saslClient, NULL_CHALLENGE) : null); } else { messageBuilder.addArg(Tokens.ARGS_SASL, evaluateChallenge(subject, saslClient, (byte[])response.getResult().getData())); } channelHandlerContext.writeAndFlush(messageBuilder.create()); } else { channelHandlerContext.fireChannelRead(response); } }
@Override public void setSaslClient(final SaslClient saslClient) { checkState(this.saslClient == null); this.saslClient = saslClient; // If encryption is enabled set the backend wrapper instance corresponding to this SaslClient in the connection // object. This is later used to do wrap/unwrap in handlers. if (isEncryptionEnabled()) { saslCodec = new SaslCodec() { @Override public byte[] wrap(byte[] data, int offset, int len) throws SaslException { assert saslClient != null; return saslClient.wrap(data, offset, len); } @Override public byte[] unwrap(byte[] data, int offset, int len) throws SaslException { assert saslClient != null; return saslClient.unwrap(data, offset, len); } }; } }
@Override public void setSaslClient(final SaslClient saslClient) { checkState(this.saslClient == null); this.saslClient = saslClient; // If encryption is enabled set the backend wrapper instance corresponding to this SaslClient in the connection // object. This is later used to do wrap/unwrap in handlers. if (isEncryptionEnabled()) { saslCodec = new SaslCodec() { @Override public byte[] wrap(byte[] data, int offset, int len) throws SaslException { checkState(saslClient != null); return saslClient.wrap(data, offset, len); } @Override public byte[] unwrap(byte[] data, int offset, int len) throws SaslException { checkState(saslClient != null); return saslClient.unwrap(data, offset, len); } }; } }
public void initiate(final String mechanismName) { logger.trace("Initiating SASL exchange."); try { final ByteString responseData; final SaslClient saslClient = connection.getSaslClient(); if (saslClient.hasInitialResponse()) { responseData = ByteString.copyFrom(evaluateChallenge(ugi, saslClient, new byte[0])); } else { responseData = ByteString.EMPTY; } client.send(new AuthenticationOutcomeListener<>(client, connection, saslRpcType, ugi, completionListener), connection, saslRpcType, SaslMessage.newBuilder() .setMechanism(mechanismName) .setStatus(SaslStatus.SASL_START) .setData(responseData) .build(), SaslMessage.class, true /* the connection will not be backed up at this point */); logger.trace("Initiated SASL exchange."); } catch (final Exception e) { completionListener.failed(RpcException.mapException(e)); } }
@Override public <CC extends ClientConnection> SaslMessage process(SaslChallengeContext<CC> context) throws Exception { final SaslClient saslClient = context.connection.getSaslClient(); if (saslClient.isComplete()) { handleSuccess(context); return null; } else { // server completed before client; so try once, fail otherwise evaluateChallenge(context.ugi, saslClient, context.challenge.getData().toByteArray()); // discard response if (saslClient.isComplete()) { handleSuccess(context); return null; } else { throw new SaslException("Server allegedly succeeded authentication, but client did not. Suspicious?"); } } }
@Override public SaslClient createSaslClient(final UserGroupInformation ugi, final Map<String, ?> properties) throws SaslException { final String userName = (String) properties.get(DrillProperties.USER); final String password = (String) properties.get(DrillProperties.PASSWORD); return FastSaslClientFactory.getInstance().createSaslClient(new String[]{SIMPLE_NAME}, null /** authorization ID */, null, null, properties, new CallbackHandler() { @Override public void handle(final Callback[] callbacks) throws IOException, UnsupportedCallbackException { for (final Callback callback : callbacks) { if (callback instanceof NameCallback) { NameCallback.class.cast(callback).setName(userName); continue; } if (callback instanceof PasswordCallback) { PasswordCallback.class.cast(callback).setPassword(password.toCharArray()); continue; } throw new UnsupportedCallbackException(callback); } } }); }
@Override public SaslClient createSaslClient(String[] mechanisms, String authorizationId, String protocol, String serverName, Map<String, ?> props, CallbackHandler cbh) throws SaslException { for (final String mechanism : mechanisms) { final List<SaslClientFactory> factories = clientFactories.get(mechanism); if (factories != null) { for (final SaslClientFactory factory : factories) { final SaslClient saslClient = factory.createSaslClient(new String[]{mechanism}, authorizationId, protocol, serverName, props, cbh); if (saslClient != null) { return saslClient; } } } } return null; }
public SaslClientContext(final SaslClientFactory saslClientFactory, final String mech, final String server_name, final CallbackHandler callback_handler, final Map<String, String> props, final Subject subject) throws SaslException { this.subject = subject; if (this.subject != null) { try { client = Subject.doAs(this.subject, new PrivilegedExceptionAction<SaslClient>() { @Override public SaslClient run() throws Exception { return saslClientFactory.createSaslClient(new String[] { mech }, null, SASL.SASL_PROTOCOL_NAME, server_name, props, callback_handler); } }); } catch (PrivilegedActionException e) { throw (SaslException)e.getCause(); // The createSaslServer will only throw this type of exception } } else { client = saslClientFactory.createSaslClient(new String[] { mech }, null, SASL.SASL_PROTOCOL_NAME, server_name, props, callback_handler); } }
/** * Performs the client side of the initial portion of the Thrift SASL * protocol. Generates and sends the initial response to the server, including * which mechanism this client wants to use. */ @Override protected void handleSaslStartMessage() throws TTransportException, SaslException { SaslClient saslClient = getSaslClient(); byte[] initialResponse = new byte[0]; if (saslClient.hasInitialResponse()) initialResponse = saslClient.evaluateChallenge(initialResponse); LOGGER.debug("Sending mechanism name {} and initial response of length {}", mechanism, initialResponse.length); byte[] mechanismBytes = mechanism.getBytes(); sendSaslMessage(NegotiationStatus.START, mechanismBytes); // Send initial response sendSaslMessage(saslClient.isComplete() ? NegotiationStatus.COMPLETE : NegotiationStatus.OK, initialResponse); underlyingTransport.flush(); }
/** * Test for <code>createSaslClient(String[] mechanisms, * String authanticationID, String protocol, String serverName, * Map prop, CallbackHandler cbh))</code> * method * * Assertions: returns SaslClient; throws SaslClient for NAME-1 mechanism * * All providers are previously removed and 1 new provider was added. */ public void testCreateClient04() throws SaslException { mProv = new Provider[] { (new SpiEngUtils()).new MyProvider( "MySaslClientProvider1", "Testing provider SaslClientFactory - 1", CLNTSRV .concat("NAME-1"), fClientClass) }; mProv[0].put(CLNTSRV.concat("NAME-2"), fClientClass); addProviders(); CallbackHandler cbH = new cbHandN(); SaslClient saslC = Sasl.createSaslClient(new String[] { "NAME-2" }, null, "protocol", null, null, cbH); assertNotNull("Null result for NAME-2", saslC); assertFalse("Incorrect isComplete() result", saslC.isComplete()); // try to create client for wrong mechanism try { saslC = Sasl.createSaslClient(new String[] { "NAME-1" }, null, "protocol", null, null, cbH); fail("SaslException sould be thrown"); } catch (SaslException e) { } }
public SaslClient createSaslClient(String[] mechanisms, String authorizationId, String protocol, String serverName, Map<String, ?> props, CallbackHandler cbh) throws SaslException { for (int i = 0; i < mechanisms.length; i++) { if (mechanisms[i].equals(MECHANISM)) { if (cbh == null) { throw new SaslException("CallbackHandler must not be null"); } String[] mechs = {"CRAM-MD5"}; return Sasl.createSaslClient(mechs, authorizationId, protocol, serverName, props, cbh); } } return null; }
