public <C extends Credential> C getCredential(final Class<C> credentialType, final String algorithmName, final AlgorithmParameterSpec parameterSpec) throws IOException { if (PasswordCredential.class.isAssignableFrom(credentialType) && (algorithmName == null || algorithmName.equals(ClearPassword.ALGORITHM_CLEAR)) && parameterSpec == null) { try { final PasswordCallback passwordCallback = new PasswordCallback("Password", false); callbackHandler.handle(new Callback[] { passwordCallback }); final char[] chars = passwordCallback.getPassword(); return chars == null ? null : credentialType.cast(new PasswordCredential(ClearPassword.createRaw(ClearPassword.ALGORITHM_CLEAR, chars))); } catch (UnsupportedCallbackException e) { // fall out and try CredentialCallback } } try { final CredentialCallback credentialCallback = new CredentialCallback(credentialType, algorithmName, parameterSpec); callbackHandler.handle(new Callback[] { credentialCallback }); return credentialCallback.getCredential(credentialType, algorithmName, parameterSpec); } catch (UnsupportedCallbackException e) { // no credentials can be acquired; fall out } return null; } }
new DigestPasswordAlgorithmSpec(username, realm) : null; credentialCallback = new CredentialCallback(PasswordCredential.class, credentialAlgorithm, parameterSpec); return credentialCallback.applyToCredential(PasswordCredential.class, c -> c.getPassword().castAndApply(DigestPassword.class, DigestPassword::getDigest) );
final String allowedAlgorithm = credentialCallback.getAlgorithm(); if (allowedAlgorithm != null && credentialCallback.isCredentialTypeSupported(X509CertificateChainPrivateCredential.class, allowedAlgorithm)) { final X509KeyManager keyManager; try { final X509Certificate[] certificateChain = keyManager.getCertificateChain(alias); final PrivateKey privateKey = keyManager.getPrivateKey(alias); credentialCallback.setCredential(new X509CertificateChainPrivateCredential(privateKey, certificateChain)); continue; final Credential credential = config.getCredentialSource().getCredential(credentialCallback.getCredentialType(), credentialCallback.getAlgorithm(), credentialCallback.getParameterSpec()); if (credential != null && credentialCallback.isCredentialSupported(credential)) { credentialCallback.setCredential(credential); continue; } else {
public OAuth2InitialClientMessage getInitialResponse() throws AuthenticationMechanismException { final CredentialCallback credentialCallback = new CredentialCallback(BearerTokenCredential.class); try { MechanismUtil.handleCallbacks(log, this.callbackHandler, credentialCallback); } catch (UnsupportedCallbackException e) { throw log.mechCallbackHandlerUnsupportedCallback(e); } assertTrue(credentialCallback.isCredentialTypeSupported(BearerTokenCredential.class)); final String token = credentialCallback.applyToCredential(BearerTokenCredential.class, BearerTokenCredential::getToken); if (token == null) { throw log.mechNoTokenGiven(); } final ByteStringBuilder encoded = new ByteStringBuilder(); encoded.append("n").append(","); if (this.authorizationId != null) { encoded.append('a').append('='); StringPrep.encode(this.authorizationId, encoded, StringPrep.PROFILE_SASL_STORED | StringPrep.MAP_SCRAM_LOGIN_CHARS); } encoded.append(",").append(KV_DELIMITER).append("auth").append("=").append("Bearer").append(" ").append(token).append(KV_DELIMITER); return new OAuth2InitialClientMessage(null, null, encoded.toArray()); }
String requestedRealm = stateRef.get().getMechanismRealmConfiguration().getRealmName(); final Credential credential = getCredential(credentialCallback.getCredentialType(), credentialCallback.getAlgorithm(), credentialCallback.getParameterSpec()); if (credential != null) { if (credential instanceof PasswordCredential) { credentialCallback.setCredential(credential); handleOne(callbacks, idx + 1); return;
@Override public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { for (Callback callback : callbacks) { if (callback instanceof PasswordCallback) { ((PasswordCallback) callback).setPassword(credential.toCharArray()); } else if (callback instanceof NameCallback) { ((NameCallback) callback).setName(name); } else if (callback instanceof RealmCallback) { ((RealmCallback) callback).setText(realm); } else if (callback instanceof CredentialCallback) { CredentialCallback cb = (CredentialCallback) callback; Password password; switch (cb.getAlgorithm()) { case ALGORITHM_CLEAR: password = ClearPassword.createRaw(ALGORITHM_CLEAR, credential.toCharArray()); break; case ALGORITHM_DIGEST_MD5: byte[] decodedDigest = ByteIterator.ofBytes(credential.getBytes(StandardCharsets.UTF_8)).hexDecode().drain(); password = DigestPassword.createRaw(ALGORITHM_DIGEST_MD5, name, realm, decodedDigest); break; default: continue; } cb.setCredential(cb.getCredentialType().cast(new PasswordCredential(password))); } } }
public boolean isOptional() { return getCredential() != null; } }
@Override public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { ArrayList<Callback> list = new ArrayList<>(Arrays.asList(callbacks)); Iterator<Callback> it = list.iterator(); CredentialCallback cb = null; while (it.hasNext()) { Callback callback = it.next(); if (callback instanceof AvailableRealmsCallback) { ((AvailableRealmsCallback) callback).setRealmNames(realmList); it.remove(); } else if (callback instanceof CredentialCallback) { cb = (CredentialCallback) callback; } } // If the only callback was AvailableRealmsCallback, we must not pass it to the AuthorizingCallbackHandler if (!list.isEmpty()) { if (cb != null && cb.getAlgorithm().equals(ALGORITHM_DIGEST_MD5)) { // It's necessary to add the NameCallback with the CredentialCallback, otherwise a UserNotFoundException is thrown DigestPasswordAlgorithmSpec spec = (DigestPasswordAlgorithmSpec) cb.getParameterSpec(); list.add(new NameCallback("User", spec.getUsername())); callbacks = list.toArray(new Callback[list.size()]); } delegate.handle(callbacks); } }
} else if (current instanceof CredentialCallback) { final CredentialCallback cc = (CredentialCallback) current; if (digest == null && cc.isCredentialTypeSupported(PasswordCredential.class, ClearPassword.ALGORITHM_CLEAR)) { if (password == null) { showRealm(); cc.setCredential(new PasswordCredential(ClearPassword.createRaw(ClearPassword.ALGORITHM_CLEAR, password))); } else if (digest != null && cc.isCredentialTypeSupported(PasswordCredential.class, DigestPassword.ALGORITHM_DIGEST_MD5)) { cc.setCredential(new PasswordCredential(DigestPassword.createRaw(DigestPassword.ALGORITHM_DIGEST_MD5, username, realm, bytes))); } else if (cc.isCredentialTypeSupported(BearerTokenCredential.class)) { AuthenticationContext context = AuthenticationContext.captureCurrent(); AuthenticationContextConfigurationClient client = AccessController.doPrivileged(AuthenticationContextConfigurationClient.ACTION);
dhc.setCredential(new PasswordCredential(password)); } catch (NoSuchAlgorithmException | InvalidKeySpecException e) { throw HostControllerLogger.ROOT_LOGGER.unableToGenerateHash(e);
public OAuth2InitialClientMessage getInitialResponse() throws AuthenticationMechanismException { final CredentialCallback credentialCallback = new CredentialCallback(BearerTokenCredential.class); try { MechanismUtil.handleCallbacks(log, this.callbackHandler, credentialCallback); } catch (UnsupportedCallbackException e) { throw log.mechCallbackHandlerUnsupportedCallback(e); } assertTrue(credentialCallback.isCredentialTypeSupported(BearerTokenCredential.class)); final String token = credentialCallback.applyToCredential(BearerTokenCredential.class, BearerTokenCredential::getToken); if (token == null) { throw log.mechNoTokenGiven(); } final ByteStringBuilder encoded = new ByteStringBuilder(); encoded.append("n").append(","); if (this.authorizationId != null) { encoded.append('a').append('='); StringPrep.encode(this.authorizationId, encoded, StringPrep.PROFILE_SASL_STORED | StringPrep.MAP_SCRAM_LOGIN_CHARS); } encoded.append(",").append(KV_DELIMITER).append("auth").append("=").append("Bearer").append(" ").append(token).append(KV_DELIMITER); return new OAuth2InitialClientMessage(null, null, encoded.toArray()); }
String requestedRealm = stateRef.get().getMechanismRealmConfiguration().getRealmName(); final Credential credential = getCredential(credentialCallback.getCredentialType(), credentialCallback.getAlgorithm(), credentialCallback.getParameterSpec()); if (credential != null) { if (credential instanceof PasswordCredential) { credentialCallback.setCredential(credential); handleOne(callbacks, idx + 1); return;
if (PasswordCredential.class.isAssignableFrom(cc.getCredentialType())) { String algorithmName = cc.getAlgorithm(); final Password password; if ((algorithmName == null || ALGORITHM_CLEAR.equals(algorithmName)) && plainText) { continue; cc.setCredential(cc.getCredentialType().cast(new PasswordCredential(password)));
final Credential credential = ((CredentialCallback) callback).getCredential(); if (credential instanceof X509CertificateChainCredential) { final X500Principal principal = ((X509CertificateChainCredential) credential).getFirstCertificate().getSubjectX500Principal();
@Override public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { // We have to provide the available realms via this callback // Ideally we would utilise org.wildfly.security.sasl.util.AvailableRealmsSaslServerFactory, however as we can't // pass the SaslServerFactory impl to JGroups we must do it here instead. ArrayList<Callback> list = new ArrayList<>(Arrays.asList(callbacks)); Iterator<Callback> it = list.iterator(); CredentialCallback cb = null; while (it.hasNext()) { Callback callback = it.next(); if (callback instanceof AvailableRealmsCallback) { ((AvailableRealmsCallback) callback).setRealmNames(realmList); it.remove(); } else if (callback instanceof CredentialCallback) { cb = (CredentialCallback) callback; } } // If the only callback was AvailableRealmsCallback, we must not pass it to the AuthorizingCallbackHandler if (!list.isEmpty()) { if (cb != null && cb.getAlgorithm().equals(ALGORITHM_DIGEST_MD5)) { // It's necessary to add the NameCallback with the CredentialCallback, otherwise a UserNotFoundException is thrown DigestPasswordAlgorithmSpec spec = (DigestPasswordAlgorithmSpec) cb.getParameterSpec(); list.add(new NameCallback("User", spec.getUsername())); callbacks = list.toArray(new Callback[list.size()]); } getMechCallbackHandler().handle(callbacks); } }
} else if (current instanceof CredentialCallback) { final CredentialCallback cc = (CredentialCallback) current; if (digest == null && cc.isCredentialTypeSupported(PasswordCredential.class, ClearPassword.ALGORITHM_CLEAR)) { if (password == null) { showRealm(); cc.setCredential(new PasswordCredential(ClearPassword.createRaw(ClearPassword.ALGORITHM_CLEAR, password))); } else if (digest != null && cc.isCredentialTypeSupported(PasswordCredential.class, DigestPassword.ALGORITHM_DIGEST_MD5)) { cc.setCredential(new PasswordCredential(DigestPassword.createRaw(DigestPassword.ALGORITHM_DIGEST_MD5, username, realm, bytes))); } else if (cc.isCredentialTypeSupported(BearerTokenCredential.class)) { AuthenticationContext context = AuthenticationContext.captureCurrent(); AuthenticationContextConfigurationClient client = AccessController.doPrivileged(AuthenticationContextConfigurationClient.ACTION);
dhc.setCredential(new PasswordCredential(password)); } catch (NoSuchAlgorithmException | InvalidKeySpecException e) { throw HostControllerLogger.ROOT_LOGGER.unableToGenerateHash(e);
final NameCallback nameCallback = new NameCallback("Username: "); final PasswordCallback passwordCallback = new PasswordCallback("Password: ", false); final CredentialCallback credentialCallback = new CredentialCallback(GSSKerberosCredential.class); try { handler.handle(new Callback[]{nameCallback, passwordCallback, credentialCallback}); Subject subject = new Subject(); if (credentialCallback.getCredential() != null) { GSSKerberosCredential kerberosCredential = GSSKerberosCredential.class.cast(credentialCallback.getCredential()); this.addPrivateCredential(subject, kerberosCredential.getKerberosTicket()); this.addPrivateCredential(subject, kerberosCredential.getGssCredential());
final CallbackHandler callbackHandler = client.getCallbackHandler(authenticationConfiguration); final NameCallback nameCallback = new NameCallback(getRequestingPrompt()); final CredentialCallback credentialCallback = new CredentialCallback(PasswordCredential.class); final TwoWayPassword twoWayPassword = credentialCallback.applyToCredential(PasswordCredential.class, c -> c.getPassword().castAs(TwoWayPassword.class)); if (twoWayPassword == null) { return null;
final String allowedAlgorithm = credentialCallback.getAlgorithm(); if (allowedAlgorithm != null && credentialCallback.isCredentialTypeSupported(X509CertificateChainPrivateCredential.class, allowedAlgorithm)) { final X509KeyManager keyManager; try { final X509Certificate[] certificateChain = keyManager.getCertificateChain(alias); final PrivateKey privateKey = keyManager.getPrivateKey(alias); credentialCallback.setCredential(new X509CertificateChainPrivateCredential(privateKey, certificateChain)); continue; final Credential credential = config.getCredentialSource().getCredential(credentialCallback.getCredentialType(), credentialCallback.getAlgorithm(), credentialCallback.getParameterSpec()); if (credential != null && credentialCallback.isCredentialSupported(credential)) { credentialCallback.setCredential(credential); continue; } else {