private void complete(boolean dispose) { if (dispose) { try { saslServer.dispose(); } catch (RuntimeException e) { logger.error("Error while disposing SASL server", e); } } saslServer = null; isComplete = true; }
/** Encode a password as a base64-encoded char[] array. */ public static char[] encodePassword(String password) { Preconditions.checkNotNull(password, "Password cannot be null if SASL is enabled"); return getBase64EncodedString(password).toCharArray(); }
saslServer = new SparkSaslServer(saslMessage.appId, secretKeyHolder, conf.saslServerAlwaysEncrypt()); response = saslServer.response(JavaUtils.bufferToArray( saslMessage.body().nioByteBuffer())); } catch (IOException ioe) { if (saslServer.isComplete()) { logger.debug("SASL authentication successful for channel {}", client); isComplete = true; if (SparkSaslServer.QOP_AUTH_CONF.equals(saslServer.getNegotiatedProperty(Sasl.QOP))) { logger.debug("Enabling encryption for channel {}", client); SaslEncryption.addToChannel(channel, saslServer, conf.maxSaslEncryptedBlockSize()); saslServer = null; } else { saslServer.dispose(); saslServer = null;
@Test public void testNonMatching() { SparkSaslClient client = new SparkSaslClient("my-secret", secretKeyHolder, false); SparkSaslServer server = new SparkSaslServer("your-secret", secretKeyHolder, false); assertFalse(client.isComplete()); assertFalse(server.isComplete()); byte[] clientMessage = client.firstToken(); try { while (!client.isComplete()) { clientMessage = client.response(server.response(clientMessage)); } fail("Should not have completed"); } catch (Exception e) { assertTrue(e.getMessage().contains("Mismatched response")); assertFalse(client.isComplete()); assertFalse(server.isComplete()); } }
@Override public void handle(Callback[] callbacks) throws UnsupportedCallbackException { for (Callback callback : callbacks) { if (callback instanceof NameCallback) { logger.trace("SASL client callback: setting username"); NameCallback nc = (NameCallback) callback; nc.setName(encodeIdentifier(secretKeyHolder.getSaslUser(secretKeyId))); } else if (callback instanceof PasswordCallback) { logger.trace("SASL client callback: setting password"); PasswordCallback pc = (PasswordCallback) callback; pc.setPassword(encodePassword(secretKeyHolder.getSecretKey(secretKeyId))); } else if (callback instanceof RealmCallback) { logger.trace("SASL client callback: setting realm"); RealmCallback rc = (RealmCallback) callback; rc.setText(rc.getDefaultText()); } else if (callback instanceof RealmChoiceCallback) { // ignore (?) } else { throw new UnsupportedCallbackException(callback, "Unrecognized SASL DIGEST-MD5 Callback"); } } } }
return; if (saslServer == null || !saslServer.isComplete()) { ByteBuf nettyBuf = Unpooled.wrappedBuffer(message); SaslMessage saslMessage; saslServer = new SparkSaslServer(saslMessage.appId, secretKeyHolder, conf.saslServerAlwaysEncrypt()); response = saslServer.response(JavaUtils.bufferToArray( saslMessage.body().nioByteBuffer())); } catch (IOException ioe) { if (saslServer.isComplete()) { if (!SparkSaslServer.QOP_AUTH_CONF.equals(saslServer.getNegotiatedProperty(Sasl.QOP))) { logger.debug("SASL authentication successful for channel {}", client); complete(true);
@Test public void testNonMatching() { SparkSaslClient client = new SparkSaslClient("my-secret", secretKeyHolder, false); SparkSaslServer server = new SparkSaslServer("your-secret", secretKeyHolder, false); assertFalse(client.isComplete()); assertFalse(server.isComplete()); byte[] clientMessage = client.firstToken(); try { while (!client.isComplete()) { clientMessage = client.response(server.response(clientMessage)); } fail("Should not have completed"); } catch (Exception e) { assertTrue(e.getMessage().contains("Mismatched response")); assertFalse(client.isComplete()); assertFalse(server.isComplete()); } }
@Override public void handle(Callback[] callbacks) throws UnsupportedCallbackException { for (Callback callback : callbacks) { if (callback instanceof NameCallback) { logger.trace("SASL client callback: setting username"); NameCallback nc = (NameCallback) callback; nc.setName(encodeIdentifier(secretKeyHolder.getSaslUser(secretKeyId))); } else if (callback instanceof PasswordCallback) { logger.trace("SASL client callback: setting password"); PasswordCallback pc = (PasswordCallback) callback; pc.setPassword(encodePassword(secretKeyHolder.getSecretKey(secretKeyId))); } else if (callback instanceof RealmCallback) { logger.trace("SASL client callback: setting realm"); RealmCallback rc = (RealmCallback) callback; rc.setText(rc.getDefaultText()); } else if (callback instanceof RealmChoiceCallback) { // ignore (?) } else { throw new UnsupportedCallbackException(callback, "Unrecognized SASL DIGEST-MD5 Callback"); } } } }
return; if (saslServer == null || !saslServer.isComplete()) { ByteBuf nettyBuf = Unpooled.wrappedBuffer(message); SaslMessage saslMessage; saslServer = new SparkSaslServer(saslMessage.appId, secretKeyHolder, conf.saslServerAlwaysEncrypt()); response = saslServer.response(JavaUtils.bufferToArray( saslMessage.body().nioByteBuffer())); } catch (IOException ioe) { if (saslServer.isComplete()) { if (!SparkSaslServer.QOP_AUTH_CONF.equals(saslServer.getNegotiatedProperty(Sasl.QOP))) { logger.debug("SASL authentication successful for channel {}", client); complete(true);
@Override public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { for (Callback callback : callbacks) { if (callback instanceof NameCallback) { logger.trace("SASL client callback: setting username"); NameCallback nc = (NameCallback) callback; nc.setName(encodeIdentifier(secretKeyHolder.getSaslUser(secretKeyId))); } else if (callback instanceof PasswordCallback) { logger.trace("SASL client callback: setting password"); PasswordCallback pc = (PasswordCallback) callback; pc.setPassword(encodePassword(secretKeyHolder.getSecretKey(secretKeyId))); } else if (callback instanceof RealmCallback) { logger.trace("SASL client callback: setting realm"); RealmCallback rc = (RealmCallback) callback; rc.setText(rc.getDefaultText()); } else if (callback instanceof RealmChoiceCallback) { // ignore (?) } else { throw new UnsupportedCallbackException(callback, "Unrecognized SASL DIGEST-MD5 Callback"); } } } }
private void complete(boolean dispose) { if (dispose) { try { saslServer.dispose(); } catch (RuntimeException e) { logger.error("Error while disposing SASL server", e); } } saslServer = null; isComplete = true; }
/** Encode a password as a base64-encoded char[] array. */ public static char[] encodePassword(String password) { Preconditions.checkNotNull(password, "Password cannot be null if SASL is enabled"); return getBase64EncodedString(password).toCharArray(); }
return; if (saslServer == null || !saslServer.isComplete()) { ByteBuf nettyBuf = Unpooled.wrappedBuffer(message); SaslMessage saslMessage; saslServer = new SparkSaslServer(saslMessage.appId, secretKeyHolder, conf.saslServerAlwaysEncrypt()); response = saslServer.response(JavaUtils.bufferToArray( saslMessage.body().nioByteBuffer())); } catch (IOException ioe) { if (saslServer.isComplete()) { if (!SparkSaslServer.QOP_AUTH_CONF.equals(saslServer.getNegotiatedProperty(Sasl.QOP))) { logger.debug("SASL authentication successful for channel {}", client); complete(true);
@Override public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { for (Callback callback : callbacks) { if (callback instanceof NameCallback) { logger.trace("SASL client callback: setting username"); NameCallback nc = (NameCallback) callback; nc.setName(encodeIdentifier(secretKeyHolder.getSaslUser(secretKeyId))); } else if (callback instanceof PasswordCallback) { logger.trace("SASL client callback: setting password"); PasswordCallback pc = (PasswordCallback) callback; pc.setPassword(encodePassword(secretKeyHolder.getSecretKey(secretKeyId))); } else if (callback instanceof RealmCallback) { logger.trace("SASL client callback: setting realm"); RealmCallback rc = (RealmCallback) callback; rc.setText(rc.getDefaultText()); } else if (callback instanceof RealmChoiceCallback) { // ignore (?) } else { throw new UnsupportedCallbackException(callback, "Unrecognized SASL DIGEST-MD5 Callback"); } } } }
private void complete(boolean dispose) { if (dispose) { try { saslServer.dispose(); } catch (RuntimeException e) { logger.error("Error while disposing SASL server", e); } } saslServer = null; isComplete = true; }
/** Encode a password as a base64-encoded char[] array. */ public static char[] encodePassword(String password) { Preconditions.checkNotNull(password, "Password cannot be null if SASL is enabled"); return getBase64EncodedString(password).toCharArray(); }
@Test public void testMatching() { SparkSaslClient client = new SparkSaslClient("shared-secret", secretKeyHolder, false); SparkSaslServer server = new SparkSaslServer("shared-secret", secretKeyHolder, false); assertFalse(client.isComplete()); assertFalse(server.isComplete()); byte[] clientMessage = client.firstToken(); while (!client.isComplete()) { clientMessage = client.response(server.response(clientMessage)); } assertTrue(server.isComplete()); // Disposal should invalidate server.dispose(); assertFalse(server.isComplete()); client.dispose(); assertFalse(client.isComplete()); }
@Override public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { for (Callback callback : callbacks) { if (callback instanceof NameCallback) { logger.trace("SASL server callback: setting username"); NameCallback nc = (NameCallback) callback; nc.setName(encodeIdentifier(secretKeyHolder.getSaslUser(secretKeyId))); } else if (callback instanceof PasswordCallback) { logger.trace("SASL server callback: setting password"); PasswordCallback pc = (PasswordCallback) callback; pc.setPassword(encodePassword(secretKeyHolder.getSecretKey(secretKeyId))); } else if (callback instanceof RealmCallback) { logger.trace("SASL server callback: setting realm"); RealmCallback rc = (RealmCallback) callback; rc.setText(rc.getDefaultText()); } else if (callback instanceof AuthorizeCallback) { AuthorizeCallback ac = (AuthorizeCallback) callback; String authId = ac.getAuthenticationID(); String authzId = ac.getAuthorizationID(); ac.setAuthorized(authId.equals(authzId)); if (ac.isAuthorized()) { ac.setAuthorizedID(authzId); } logger.debug("SASL Authorization complete, authorized set to {}", ac.isAuthorized()); } else { throw new UnsupportedCallbackException(callback, "Unrecognized SASL DIGEST-MD5 Callback"); } } } }
@Override public void channelInactive(TransportClient client) { try { delegate.channelInactive(client); } finally { if (saslServer != null) { saslServer.dispose(); } } }
public static String encodeIdentifier(String identifier) { Preconditions.checkNotNull(identifier, "User cannot be null if SASL is enabled"); return getBase64EncodedString(identifier); }