/** * For testing only. */ Properties getCredentials(DistributedMember member, Properties secProps) { String authMethod = secProps.getProperty(SECURITY_PEER_AUTH_INIT); return Handshake.getCredentials(authMethod, secProps, member, true, services.getLogWriter(), services.getSecurityLogWriter()); }
public boolean isOK() { return getReplyCode() == REPLY_OK; }
private void checkIfAuthenticWanSite(DataInputStream dis, DataOutputStream dos, DistributedMember member) throws GemFireSecurityException, IOException { if (this.credentials == null) { return; } String authenticator = this.system.getProperties().getProperty(SECURITY_CLIENT_AUTHENTICATOR); Properties peerWanProps = readCredentials(dis, dos, this.system, this.securityService); verifyCredentials(authenticator, peerWanProps, this.system.getSecurityProperties(), (InternalLogWriter) this.system.getLogWriter(), (InternalLogWriter) this.system.getSecurityLogWriter(), member, this.securityService); } }
@Test public void authRequiredHasCredentials() throws Exception { Handshake.throwIfMissingRequiredCredentials(true, true); }
byte[] overrides = Handshake.extractOverrides(new byte[] {(byte) dis.read()}); clientConflation = overrides[0]; } else { Handshake.readCredentials(dis, dos, system, this.cache.getSecurityService()); if (credentials != null) { if (securityLogWriter.fineEnabled()) { Handshake.verifyCredentials(authenticator, credentials, system.getSecurityProperties(), this.logWriter, this.securityLogWriter, member, this.cache.getSecurityService());
public Object verifyCredentials() throws AuthenticationRequiredException, AuthenticationFailedException { String methodName = this.system.getProperties().getProperty(SECURITY_CLIENT_AUTHENTICATOR); return verifyCredentials(methodName, this.credentials, this.system.getSecurityProperties(), (InternalLogWriter) this.system.getLogWriter(), (InternalLogWriter) this.system.getSecurityLogWriter(), this.id.getDistributedMember(), this.securityService); }
DataSerializer.readByteArray(dis); readMessage(dis, dos, acceptanceCode, member);
protected void setOverrides(byte[] values) { byte override = values[0]; setClientConflation(((byte) (override & 0x03))); }
@Override protected byte writeCredential(DataOutputStream dos, DataInputStream dis, String authInit, boolean isNotification, DistributedMember member, HeapDataOutputStream heapdos) throws IOException, GemFireSecurityException { if (!this.multiuserSecureMode && (authInit == null || authInit.length() == 0)) { // No credentials indicator heapdos.writeByte(CREDENTIALS_NONE); heapdos.flush(); dos.write(heapdos.toByteArray()); dos.flush(); return -1; } return super.writeCredential(dos, dis, authInit, isNotification, member, heapdos); }
protected void readMessage(DataInputStream dis, DataOutputStream dos, byte acceptanceCode, DistributedMember member) throws IOException, AuthenticationRequiredException, AuthenticationFailedException, ServerRefusedConnectionException { String message = dis.readUTF(); if (message.length() == 0 && acceptanceCode != REPLY_WAN_CREDENTIALS) { return; // success } switch (acceptanceCode) { case REPLY_EXCEPTION_AUTHENTICATION_REQUIRED: throw new AuthenticationRequiredException(message); case REPLY_EXCEPTION_AUTHENTICATION_FAILED: throw new AuthenticationFailedException(message); case REPLY_EXCEPTION_DUPLICATE_DURABLE_CLIENT: throw new ServerRefusedConnectionException(member, message); case REPLY_WAN_CREDENTIALS: checkIfAuthenticWanSite(dis, dos, member); break; default: throw new ServerRefusedConnectionException(member, message); } }
@Test public void authNotRequiredHasCredentials() throws Exception { Handshake.throwIfMissingRequiredCredentials(false, true); }
String methodName = system.getProperties().getProperty(SECURITY_CLIENT_AUTHENTICATOR); Object principal = Handshake.verifyCredentials(methodName, credentials, system.getSecurityProperties(), (InternalLogWriter) system.getLogWriter(), (InternalLogWriter) system.getSecurityLogWriter(), this.proxyId.getDistributedMember(),
DataSerializer.readByteArray(dis); readMessage(dis, dos, acceptanceCode, member);
@Test public void authNotRequiredHasNoCredentials() throws Exception { Handshake.throwIfMissingRequiredCredentials(false, false); }
/** * Indicates whether some other object is "equal to" this one. * * @param other the reference object with which to compare. * @return true if this object is the same as the obj argument; false otherwise. */ @Override public boolean equals(Object other) { if (other == this) return true; if (!(other instanceof Handshake)) return false; final Handshake that = (Handshake) other; if (this.id.isSameDSMember(that.id) && getReplyCode() == that.getReplyCode()) { return true; } else { return false; } }
protected Properties getCredentials(DistributedMember member) { String authInitMethod = this.system.getProperties().getProperty(SECURITY_CLIENT_AUTH_INIT); return getCredentials(authInitMethod, this.system.getSecurityProperties(), member, false, (InternalLogWriter) this.system.getLogWriter(), (InternalLogWriter) this.system.getSecurityLogWriter()); }
@Test public void authRequiredHasNoCredentials() throws Exception { assertThatThrownBy(() -> Handshake.throwIfMissingRequiredCredentials(true, false)) .isExactlyInstanceOf(AuthenticationRequiredException.class) .hasMessage("No security credentials are provided"); }
@Override public int hashCode() { final int mult = 37; int result = this.id.hashCode(); result = mult * result + getReplyCode(); return result; }
public AuthenticateUserOpImpl(Connection con, ExecutablePool pool) { super(MessageType.USER_CREDENTIAL_MESSAGE, 1); byte[] credentialBytes = null; DistributedMember server = new InternalDistributedMember(con.getSocket().getInetAddress(), con.getSocket().getPort(), false); DistributedSystem sys = InternalDistributedSystem.getConnectedInstance(); String authInitMethod = sys.getProperties().getProperty(SECURITY_CLIENT_AUTH_INIT); Properties tmpSecurityProperties = sys.getSecurityProperties(); // LOG: following passes the DS API LogWriters into the security API Properties credentials = Handshake.getCredentials(authInitMethod, tmpSecurityProperties, server, false, (InternalLogWriter) sys.getLogWriter(), (InternalLogWriter) sys.getSecurityLogWriter()); getMessage().setMessageHasSecurePartFlag(); HeapDataOutputStream heapdos = new HeapDataOutputStream(Version.CURRENT); try { DataSerializer.writeProperties(credentials, heapdos); credentialBytes = ((ConnectionImpl) con).encryptBytes(heapdos.toByteArray()); } catch (Exception e) { throw new ServerOperationException(e); } finally { heapdos.close(); } getMessage().addBytesPart(credentialBytes); }
Properties readCredential(DataInputStream dis, DataOutputStream dos, DistributedSystem system) throws GemFireSecurityException, IOException { Properties credentials = null; boolean requireAuthentication = securityService.isClientSecurityRequired(); try { byte secureMode = dis.readByte(); throwIfMissingRequiredCredentials(requireAuthentication, secureMode != CREDENTIALS_NONE); if (secureMode == CREDENTIALS_NORMAL) { encryptor.setAppSecureMode(CREDENTIALS_NORMAL); } else if (secureMode == CREDENTIALS_DHENCRYPT) { encryptor.readEncryptedCredentials(dis, dos, system, requireAuthentication); } } catch (IOException ex) { throw ex; } catch (GemFireSecurityException ex) { throw ex; } catch (Exception ex) { throw new AuthenticationFailedException( "Failure in reading credentials", ex); } return credentials; }