@Override protected void performRuntime(OperationContext context, ModelNode operation, ModelNode model) throws OperationFailedException { RuntimeCapability<Void> runtimeCapability = SASL_SERVER_FACTORY_RUNTIME_CAPABILITY.fromBaseCapability(context.getCurrentAddressValue()); ServiceName saslServerFactoryName = runtimeCapability.getCapabilityServiceName(SaslServerFactory.class); commonDependencies(installService(context, saslServerFactoryName, model)) .setInitialMode(Mode.ACTIVE) .install(); }
public Class<? extends SaslServerFactory> getServerFactoryClassForJCARegistration() { // since the CRAM-MD5 provider is registered as part of the JDK, we do not // return the factory class here since we do not need to register it ourselves. if (_hashDirection == HashDirection.PASSWORD_FILE) { return null; } else { //fixme we need a server that will correctly has the incomming plain text for comparison to file. _logger.warn("we need a server that will correctly convert the incomming plain text for comparison to file."); return null; } }
@Override public SaslServer createSaslServer(String mechanism, String protocol, String serverName, Map<String,?> props, CallbackHandler cbh) throws SaslException { SaslServer saslServer = null; List<SaslServerFactory> factories = factoryCache.get(mechanism); if (factories != null) { for (SaslServerFactory factory : factories) { saslServer = factory.createSaslServer( mechanism, protocol, serverName, props, cbh); if (saslServer != null) { break; } } } return saslServer; }
private void refresh() { final Enumeration<SaslServerFactory> factories = Sasl.getSaslServerFactories(); final Map<String, List<SaslServerFactory>> map = Maps.newHashMap(); while (factories.hasMoreElements()) { final SaslServerFactory factory = factories.nextElement(); // Passing null so factory is populated with all possibilities. Properties passed when // instantiating a server are what really matter. See createSaslServer. for (final String mechanismName : factory.getMechanismNames(null)) { if (!map.containsKey(mechanismName)) { map.put(mechanismName, new ArrayList<SaslServerFactory>()); } map.get(mechanismName).add(factory); } } serverFactories = ImmutableMap.copyOf(map); if (logger.isDebugEnabled()) { logger.debug("Registered sasl server factories: {}", serverFactories.keySet()); } }
public SaslServerContext(final SaslServerFactory saslServerFactory, final String mech, final String serverName, final CallbackHandler callback_handler, final Map<String, String> props, final Subject subject) throws SaslException { this.subject = subject; if (this.subject != null) { try { server = Subject.doAs(this.subject, new PrivilegedExceptionAction<SaslServer>() { @Override public SaslServer run() throws Exception { return saslServerFactory.createSaslServer(mech, SASL.SASL_PROTOCOL_NAME, serverName, props, callback_handler); } }); } catch (PrivilegedActionException e) { throw (SaslException)e.getCause(); // The createSaslServer will only throw this type of exception } } else { server = saslServerFactory.createSaslServer(mech, SASL.SASL_PROTOCOL_NAME, serverName, props, callback_handler); } }
public void initialise() { final Map<String, Class<? extends SaslServerFactory>> providerMap = new TreeMap<String, Class<? extends SaslServerFactory>>(); initialiseAuthenticationMechanisms(providerMap, _principalDatabase); if (providerMap.size() > 0) { // Ensure we are used before the defaults if (Security.insertProviderAt(new JCAProvider(PROVIDER_NAME, providerMap), 1) == -1) { _logger.error("Unable to load custom SASL providers. Qpid custom SASL authenticators unavailable."); } else { _logger.info("Additional SASL providers successfully registered."); } } else { _logger.warn("No additional SASL providers registered."); } registerManagement(); }
private void initialiseAuthenticationMechanism(String mechanism, AuthenticationProviderInitialiser initialiser, Map<String, Class<? extends SaslServerFactory>> providerMap) { if (_mechanisms == null) { _mechanisms = mechanism; } else { // simple append should be fine since the number of mechanisms is small and this is a one time initialisation _mechanisms = _mechanisms + " " + mechanism; } _callbackHandlerMap.put(mechanism, initialiser.getCallbackHandler()); _serverCreationProperties.put(mechanism, initialiser.getProperties()); Class<? extends SaslServerFactory> factory = initialiser.getServerFactoryClassForJCARegistration(); if (factory != null) { providerMap.put(mechanism, factory); } _logger.info("Initialised " + mechanism + " SASL provider successfully"); }
/** * Test for <code>getSaslServerFactories()</code> method * * Assertion: returns enumeration of factories for producing SaslServer. * * Enumeration consists of 4 elements. * * 4 different providers define different mechanism and refer to the same * SaslServerFactory class */ public void testGetServer02() throws SaslException { mProv = new Provider[] { (new SpiEngUtils()).new MyProvider("MySaslServerProvider1", "Testing provider SaslServerFactory - 1", SRVSSRV .concat(mech[0]), fServerClass01), (new SpiEngUtils()).new MyProvider("MySaslServerProvider2", "Testing provider SaslServerFactory - 2", SRVSSRV .concat(mech[1]), fServerClass01), (new SpiEngUtils()).new MyProvider("MySaslServerProvider3", "Testing provider SaslServerFactory - 3", SRVSSRV .concat(mech[2]), fServerClass01), (new SpiEngUtils()).new MyProvider("MySaslServerProvider4", "Testing provider SaslServerFactory - 4", SRVSSRV .concat(mech[3]), fServerClass01) }; addProviders(); Enumeration<SaslServerFactory> en = Sasl.getSaslServerFactories(); assertNotNull("List of SaslServerFactories should not be null", en); assertTrue("List of SaslServerFactories should have elements", en .hasMoreElements()); myServerFactory01 mm01 = new myServerFactory01(); String[] mech01 = mm01.getMechanismNames(null); int l = 0; while (en.hasMoreElements()) { SaslServerFactory f = en.nextElement(); if (f instanceof myServerFactory01) { l++; assertNull("Incorect SaslServer", f.createSaslServer(null, null, null, null, null)); String[] mech00 = f.getMechanismNames(null); assertEquals("Wrong length", mech00.length, mech01.length); for (int i = 0; i < mech00.length; i++) { assertEquals("Wrong mechanism name", mech00[i], mech01[i]); } } } assertEquals("Incorrect number of enumeration elements", l, mProv.length); }
FastSaslServerFactory(Map<String,?> props) { final Enumeration<SaslServerFactory> factories = Sasl.getSaslServerFactories(); while (factories.hasMoreElements()) { SaslServerFactory factory = factories.nextElement(); for (String mech : factory.getMechanismNames(props)) { if (!factoryCache.containsKey(mech)) { factoryCache.put(mech, new ArrayList<SaslServerFactory>()); } factoryCache.get(mech).add(factory); } } }
@Override public SaslServer createSaslServer(String mechanism, String protocol, String serverName, Map<String, ?> props, CallbackHandler cbh) throws SaslException { final List<SaslServerFactory> factories = serverFactories.get(mechanism); if (factories != null) { for (final SaslServerFactory factory : factories) { final SaslServer saslServer = factory.createSaslServer(mechanism, protocol, serverName, props, cbh); if (saslServer != null) { return saslServer; } } } return null; }
public static SaslServerFactory getSaslServerFactory(String mech, Map<String, ?> props) { Iterator<SaslServerFactory> saslFactories = SaslUtils.getSaslServerFactories(SaslUtils.class.getClassLoader(), true); while (saslFactories.hasNext()) { SaslServerFactory saslFactory = saslFactories.next(); for (String supportedMech : saslFactory.getMechanismNames(props)) { if (supportedMech.equals(mech)) { return saslFactory; } } } throw new IllegalArgumentException("No SASL server factory for mech " + mech); }
/** * Returns a collection of mechanism names for which the JVM has an implementation available. * <p/> * Note that this need not (and likely will not) correspond with the list of mechanisms that is offered to XMPP * peer entities, which is provided by #getSupportedMechanisms. * * @return a collection of SASL mechanism names (never null, possibly empty) */ public static Set<String> getImplementedMechanisms() { final Set<String> result = new HashSet<>(); final Enumeration<SaslServerFactory> saslServerFactories = Sasl.getSaslServerFactories(); while ( saslServerFactories.hasMoreElements() ) { final SaslServerFactory saslServerFactory = saslServerFactories.nextElement(); Collections.addAll( result, saslServerFactory.getMechanismNames( null ) ); } return result; }
/** * Test for <code>getSaslServerFactories()</code> method * * Assertion: returns enumeration of factories for producing SaslServer. * * Enumeration consists of 4 elements. * * 1 provider defines different mechanism and refer to the same * SaslServerFactory classes */ public void testGetServer04() throws SaslException { mProv = new Provider[] { (new SpiEngUtils()).new MyProvider( "MySaslServerProvider1", "Testing provider SaslServerFactory - 1", SRVSSRV .concat(mech[0]), fServerClass02) }; mProv[0].put(SRVSSRV.concat(mech[1]), fServerClass02); mProv[0].put(SRVSSRV.concat(mech[2]), fServerClass02); mProv[0].put(SRVSSRV.concat(mech[3]), fServerClass02); addProviders(); Enumeration<SaslServerFactory> en = Sasl.getSaslServerFactories(); assertNotNull("List of SaslServerFactories should not be null", en); assertTrue("List of SaslServerFactories should have elements", en .hasMoreElements()); int l = 0; while (en.hasMoreElements()) { SaslServerFactory f = en.nextElement(); if ((f instanceof myServerFactory02)) { l++; try { f.createSaslServer(null, null, null, null, null); fail("SaslException should be thrown"); } catch (SaslException e) { } assertNull("Incorect SaslServer", f.createSaslServer(null, "", null, null, null)); assertNull("Wrong length", f.getMechanismNames(null)); } } assertEquals("Incorrect number of enumeration elements", l, mProv.length); }
static ResourceDefinition getProviderSaslServerFactoryDefinition() { AbstractAddStepHandler add = new SaslServerAddHandler(PROVIDERS) { @Override protected ServiceBuilder<SaslServerFactory> installService(OperationContext context, ServiceName saslServerFactoryName, ModelNode model) throws OperationFailedException { String providers = PROVIDERS.resolveModelAttribute(context, model).asStringOrNull(); final InjectedValue<Provider[]> providerInjector = new InjectedValue<Provider[]>(); final Supplier<Provider[]> providerSupplier = providers != null ? (providerInjector::getValue) : (Security::getProviders); TrivialService<SaslServerFactory> saslServiceFactoryService = new TrivialService<SaslServerFactory>(() -> new SecurityProviderSaslServerFactory(providerSupplier)); ServiceTarget serviceTarget = context.getServiceTarget(); ServiceBuilder<SaslServerFactory> serviceBuilder = serviceTarget.addService(saslServerFactoryName, saslServiceFactoryService); if (providers != null) { serviceBuilder.addDependency(context.getCapabilityServiceName(RuntimeCapability.buildDynamicCapabilityName(PROVIDERS_CAPABILITY, providers), Provider[].class), Provider[].class, providerInjector); } return serviceBuilder; } }; return wrap(new SaslServerResourceDefinition(ElytronDescriptionConstants.PROVIDER_SASL_SERVER_FACTORY, add, PROVIDERS), SaslServerDefinitions::getSaslServerAvailableMechanisms); }
private static String[] getSaslServerAvailableMechanisms(OperationContext context) { RuntimeCapability<Void> runtimeCapability = SASL_SERVER_FACTORY_RUNTIME_CAPABILITY.fromBaseCapability(context.getCurrentAddressValue()); ServiceName saslServerFactoryName = runtimeCapability.getCapabilityServiceName(SaslServerFactory.class); ServiceController<SaslServerFactory> serviceContainer = getRequiredService(context.getServiceRegistry(false), saslServerFactoryName, SaslServerFactory.class); if (serviceContainer.getState() != State.UP) { return null; } return serviceContainer.getValue().getMechanismNames(Collections.emptyMap()); }
@Test public void testSaslServerDigest() throws Exception { init(); ServiceName serviceNameServer = Capabilities.SASL_SERVER_FACTORY_RUNTIME_CAPABILITY.getCapabilityServiceName("MySaslServer"); SaslServerFactory serverFactory = (SaslServerFactory) services.getContainer().getService(serviceNameServer).getValue(); Map<String, Object> serverClientProps = new HashMap<String, Object>(); serverClientProps.put("javax.security.sasl.qop", "auth-conf"); SaslServer server = serverFactory.createSaslServer(SaslMechanismInformation.Names.DIGEST_MD5, "protocol", "TestingRealm1", serverClientProps, serverCallbackHandler("user1", "TestingRealm1", "password1")); SaslClient client = Sasl.createSaslClient(new String[]{SaslMechanismInformation.Names.DIGEST_MD5}, "user1", "protocol", "TestingRealm1", serverClientProps, clientCallbackHandler("user1", "TestingRealm1", "password1")); testSaslServerClient(server, client); }
@Override public Collection<String> filterMechanisms(Enumeration<SaslServerFactory> serverFactories, XMPPResourceConnection session) { final Map<String, ?> props = new HashMap<String, Object>(); final ArrayList<String> result = new ArrayList<String>(); while (serverFactories.hasMoreElements()) { SaslServerFactory ss = serverFactories.nextElement(); String[] x = ss.getMechanismNames(props); for (String name : x) { if (match(ss, name, session) && isAllowedForDomain(name, session.getDomain())) result.add(name); } } return result; }
protected boolean match(SaslServerFactory factory, String mechanismName, XMPPResourceConnection session) { if (session.isTlsRequired() && !session.isEncrypted()) return false; if (factory instanceof TigaseSaslServerFactory) { if (!session.getDomain().isAnonymousEnabled() && "ANONYMOUS".equals(mechanismName)) return false; if ("EXTERNAL".equals(mechanismName) && !isJIDInCertificate(session)) return false; if (SaslSCRAMPlus.NAME.equals(mechanismName) && !SaslSCRAMPlus.isAvailable(session)) return false; return true; } return false; }
private void register(Map<String, Class<? extends SaslServerFactory>> providerMap) { for (Map.Entry<String, Class<? extends SaslServerFactory>> me : providerMap.entrySet()) { put("SaslServerFactory." + me.getKey(), me.getValue().getName()); } }
public CRAMMD5HashedSaslServer(String mechanism, String protocol, String serverName, Map<String, ?> props, CallbackHandler cbh) throws SaslException { Enumeration factories = Sasl.getSaslServerFactories(); while (factories.hasMoreElements()) { SaslServerFactory factory = (SaslServerFactory) factories.nextElement(); if (factory instanceof CRAMMD5HashedServerFactory) { continue; } String[] mechs = factory.getMechanismNames(props); for (String mech : mechs) { if (mech.equals("CRAM-MD5")) { _realServer = factory.createSaslServer("CRAM-MD5", protocol, serverName, props, cbh); return; } } } throw new RuntimeException("No default SaslServer found for mechanism:" + "CRAM-MD5"); }
public CRAMMD5HexSaslServer(String mechanism, String protocol, String serverName, Map<String, ?> props, CallbackHandler cbh) throws SaslException { Enumeration factories = Sasl.getSaslServerFactories(); while (factories.hasMoreElements()) { SaslServerFactory factory = (SaslServerFactory) factories.nextElement(); if (factory instanceof CRAMMD5HexServerFactory) { continue; } String[] mechs = factory.getMechanismNames(props); for (String mech : mechs) { if (mech.equals("CRAM-MD5")) { _realServer = factory.createSaslServer("CRAM-MD5", protocol, serverName, props, cbh); return; } } } throw new RuntimeException("No default SaslServer found for mechanism:" + "CRAM-MD5"); }
private void initialiseAuthenticationMechanisms(Map<String, Class<? extends SaslServerFactory>> providerMap, PrincipalDatabase database) { if (database == null || database.getMechanisms().size() == 0) { _logger.warn("No Database or no mechanisms to initialise authentication"); return; } for (Map.Entry<String, AuthenticationProviderInitialiser> mechanism : database.getMechanisms().entrySet()) { initialiseAuthenticationMechanism(mechanism.getKey(), mechanism.getValue(), providerMap); } }
@Override public Class<? extends SaslServerFactory> getServerFactoryClass() { return PlainSaslServerFactory.class; }
/** * Test for <code>getSaslServerFactories()</code> method * * Assertion: returns enumeration of factories for producing SaslServer. * * Enumeration consists of 8 elements. * * 4 different providers define different mechanism and refer to the 2 * different SaslServerFactory classes */ public void testGetServer01() throws SaslException { mProv = new Provider[] { (new SpiEngUtils()).new MyProvider("MySaslServerProvider1", "Testing provider SaslServerFactory - 1", SRVSSRV .concat(mech[0]), fServerClass02), (new SpiEngUtils()).new MyProvider("MySaslServerProvider2", "Testing provider SaslServerFactory - 2", SRVSSRV .concat(mech[0]), fServerClass02), (new SpiEngUtils()).new MyProvider("MySaslServerProvider3", "Testing provider SaslServerFactory - 3", SRVSSRV .concat(mech[0]), fServerClass02), (new SpiEngUtils()).new MyProvider("MySaslServerProvider4", "Testing provider SaslServerFactory - 4", SRVSSRV .concat(mech[0]), fServerClass02) }; for (Provider element : mProv) { for (int j = 1; j < mech.length; j++) { element.put(SRVSSRV.concat(mech[j]).concat(mech[j]), fServerClass02); element.put(SRVSSRV.concat(mech[j]).concat(mech[j]), fServerClass01); } element.put(SRVSSRV.concat(mech[0]).concat(mech[0]), fServerClass01); } addProviders(); Enumeration<SaslServerFactory> en = Sasl.getSaslServerFactories(); assertNotNull("List of SaslServerFactories should not be null", en); assertTrue("List of SaslServerFactories should have elements", en .hasMoreElements()); myServerFactory01 mm01 = new myServerFactory01(); String[] mech01 = mm01.getMechanismNames(null); int l = 0; while (en.hasMoreElements()) { SaslServerFactory f = en.nextElement(); if (f instanceof myServerFactory02) { l++; try { f.createSaslServer(null, null, null, null, null); fail("SaslException should be thrown"); } catch (SaslException e) { } assertNull("Incorect SaslClient", f.createSaslServer(null, "a", null, null, null)); assertNull("Wrong length", f.getMechanismNames(null)); } else if (f instanceof myServerFactory01) { l++; assertNull("Not null SaslServer", f.createSaslServer(null, null, null, null, null)); String[] mech00 = f.getMechanismNames(null); assertEquals("Wrong length", mech00.length, mech01.length); for (int i = 0; i < mech00.length; i++) { assertEquals("Wrong mechanism name", mech00[i], mech01[i]); } } } assertEquals("Incorrect number of enumeration elements", l, mProv.length * 2); }
