@Override public void unregisterChannel(UUID channelId) { AuthenticatedChannelInfo channelInfo = mChannels.remove(channelId); if (channelInfo != null) { try { channelInfo.getSaslServer().dispose(); } catch (SaslException e) { LOG.warn("Failed to dispose sasl client for channel-Id: {}. Error: {}", channelId, e.getMessage()); } } }
/** * Add and validate all the configured extensions. * Token keys, apart from passing regex validation, must not be equal to the reserved key {@link OAuthBearerClientInitialResponse#AUTH_KEY} */ private void handleExtensionsCallback(SaslExtensionsCallback callback) { Map<String, String> extensions = new HashMap<>(); for (Map.Entry<String, String> configEntry : this.moduleOptions.entrySet()) { String key = configEntry.getKey(); if (!key.startsWith(EXTENSION_PREFIX)) continue; extensions.put(key.substring(EXTENSION_PREFIX.length()), configEntry.getValue()); } SaslExtensions saslExtensions = new SaslExtensions(extensions); try { OAuthBearerClientInitialResponse.validateExtensions(saslExtensions); } catch (SaslException e) { throw new ConfigException(e.getMessage()); } callback.extensions(saslExtensions); }
@Override public SaslClient createSaslClient(String username, String password, String impersonationUser) throws UnauthenticatedException { try { return Sasl.createSaslClient(new String[] {PlainSaslServerProvider.MECHANISM}, impersonationUser, null, null, new HashMap<String, String>(), new PlainSaslClientCallbackHandler(username, password)); } catch (SaslException e) { throw new UnauthenticatedException(e.getMessage(), e); } }
/** * @throws SaslAuthenticationException * if access token cannot be validated * <p> * <b>Note:</b> This method may throw * {@link SaslAuthenticationException} to provide custom error * messages to clients. But care should be taken to avoid including * any information in the exception message that should not be * leaked to unauthenticated clients. It may be safer to throw * {@link SaslException} in some cases so that a standard error * message is returned to clients. * </p> */ @Override public byte[] evaluateResponse(byte[] response) throws SaslException, SaslAuthenticationException { if (response.length == 1 && response[0] == OAuthBearerSaslClient.BYTE_CONTROL_A && errorMessage != null) { log.debug("Received %x01 response from client after it received our error"); throw new SaslAuthenticationException(errorMessage); } errorMessage = null; OAuthBearerClientInitialResponse clientResponse; try { clientResponse = new OAuthBearerClientInitialResponse(response); } catch (SaslException e) { log.debug(e.getMessage()); throw e; } return process(clientResponse.tokenValue(), clientResponse.authorizationId(), clientResponse.extensions()); }
/** * Starts authentication with the server and wait until completion. * @param channelId channel that is authenticating with the server * @throws UnauthenticatedException */ public void start(String channelId) throws UnauthenticatedException, UnavailableException { try { // Send the server initial message. mRequestObserver.onNext(mSaslHandshakeClientHandler.getInitialMessage(channelId)); // Wait until authentication status changes. mAuthenticated.get(mGrpcAuthTimeoutMs, TimeUnit.MILLISECONDS); } catch (SaslException se) { throw new UnauthenticatedException(se.getMessage(), se); } catch (InterruptedException ie) { Thread.currentThread().interrupt(); throw new UnauthenticatedException(ie.getMessage(), ie); } catch (ExecutionException e) { Throwable cause = e.getCause(); if (cause != null && cause instanceof StatusRuntimeException) { if (((StatusRuntimeException) cause).getStatus().getCode() == Status.Code.UNAVAILABLE) { throw new UnavailableException(cause.getMessage(), cause); } } throw new UnauthenticatedException(cause.getMessage(), cause); } catch (TimeoutException e) { throw new UnavailableException(e); } } }
+ jdbcUriString + ": " + e.getMessage(), " 08S01", e);
+ reauthInfo.authenticationOrReauthenticationText() + " due to invalid credentials with SASL mechanism " + saslMechanism + ": " + e.getMessage(); sendKafkaResponse(requestContext, new SaslAuthenticateResponse(Errors.SASL_AUTHENTICATION_FAILED, errorMessage));
.code(ResponseStatusCode.FORBIDDEN).statusMessage(saslException.getMessage()).create(); channelHandlerContext.fireChannelRead(clientSideError); return;
try { LOGGER.error("SASL negotiation failure", e); throw sendAndThrowMessage(NegotiationStatus.BAD, e.getMessage()); } finally { underlyingTransport.close();
} catch (SaslException sex) { logger.log(Level.FINE, "Failed to create SASL client", sex); throw new UnsupportedOperationException(sex.getMessage(), sex);
} catch (SaslException sex) { logger.log(Level.FINE, "Failed to create SASL client", sex); throw new UnsupportedOperationException(sex.getMessage(), sex);
} catch (SaslException sex) { logger.log(Level.FINE, "Failed to create SASL client", sex); throw new UnsupportedOperationException(sex.getMessage(), sex);
} catch (SaslException sex) { logger.log(Level.FINE, "Failed to create SASL client", sex); throw new UnsupportedOperationException(sex.getMessage(), sex);
private void createSaslServer(BinaryCommand cmd, MemcachedServer server) throws ProtocolException { try { Bucket bucket = server.getBucket(); saslServer = Sasl.createSaslServer(cmd.getKey(), server.getHostname(), null, new SaslCallbackHandler(bucket.getName(), bucket.getPassword())); } catch (SaslException e) { throw new ProtocolException(e.getMessage()); } }
private void createSaslServer(BinaryCommand cmd, MemcachedServer server) throws ProtocolException { try { Bucket bucket = server.getBucket(); saslServer = Sasl.createSaslServer(cmd.getKey(), server.getHostname(), null, new SaslCallbackHandler(bucket.getName(), bucket.getPassword())); } catch (SaslException e) { throw new ProtocolException(e.getMessage()); } }
@Test public void testServerFirstMessageFail_2() { SaslSCRAMPlus m = create("Ey6OJnGx7JEJAIJp", "5kLrhitKUHVoSOmzdR", "123456", new byte[]{'D', 'P', 'I'}); try { byte[] r = m.evaluateResponse("y,,n=user,r=fyko+d2lbbFgONRv9qkxdawL".getBytes()); fail(); } catch (SaslException e) { Assert.assertEquals("Server supports PLUS. Please use 'p'", e.getMessage()); } }
@Test public void testServerFirstMessageFail_1() { try { SaslSCRAM m = create("QSXCR+Q6sek8bf92", "3rfcNHYJY1ZVvWVs7j", "pencil"); byte[] r = m.evaluateResponse("p=tls-unique,,n=bmalkow,r=SpiXKmhi57DBp5sdE5G3H3ms".getBytes()); fail(); } catch (SaslException e) { Assert.assertEquals("Invalid request for SCRAM-SHA-1", e.getMessage()); } }
@Test public void testServerFirstMessageFail_1() { SaslSCRAMPlus m = create("Ey6OJnGx7JEJAIJp", "5kLrhitKUHVoSOmzdR", "123456", new byte[]{'D', 'P', 'I'}); try { byte[] r = m.evaluateResponse("n,,n=user,r=fyko+d2lbbFgONRv9qkxdawL".getBytes()); fail(); } catch (SaslException e) { Assert.assertEquals("Invalid request for SCRAM-SHA-1-PLUS", e.getMessage()); } }
@Test public void testSaslPlainServerBadPassword() { SaslException e = null; try { runNegotiation( new TestPlainCallbacks.Client("user", "pass1"), new TestPlainCallbacks.Server("user", "pass2")); } catch (SaslException se) { e = se; } assertNotNull(e); assertEquals("PLAIN auth failed: wrong password", e.getMessage()); }
@Test public void testSaslPlainServerBadPassword() { SaslException e = null; try { runNegotiation( new TestPlainCallbacks.Client("user", "pass1"), new TestPlainCallbacks.Server("user", "pass2")); } catch (SaslException se) { e = se; } assertNotNull(e); assertEquals("PLAIN auth failed: wrong password", e.getMessage()); }