@Override public void process(Handler<Boolean> completionHandler) { if (sasl == null) { throw new IllegalStateException("Init was not called with the associated transport"); } boolean done = false; String[] remoteMechanisms = sasl.getRemoteMechanisms(); if (remoteMechanisms.length > 0) { String chosen = remoteMechanisms[0]; if (ProtonSaslAnonymousImpl.MECH_NAME.equals(chosen)) { sasl.done(SaslOutcome.PN_SASL_OK); succeeded = true; } else { sasl.done(SaslOutcome.PN_SASL_AUTH); } done = true; } completionHandler.handle(done); }
@Override public void onSaslInit(Sasl sasl, Transport transport) { log.debug("onSaslInit: " + sasl); dispatchRemoteMechanismChosen(sasl.getRemoteMechanisms()[0]); if (chosenMechanism != null) { processPending(sasl); } else { // no auth available, system error saslComplete(sasl, Sasl.SaslOutcome.PN_SASL_SYS); } }
@Override public void onSaslInit(Sasl sasl, Transport transport) { log.debug("onSaslInit: " + sasl); dispatchRemoteMechanismChosen(sasl.getRemoteMechanisms()[0]); if (chosenMechanism != null) { processPending(sasl); } else { // no auth available, system error saslComplete(sasl, Sasl.SaslOutcome.PN_SASL_SYS); } }
@Override public void onSaslMechanisms(Sasl sasl, Transport transport) { dispatchMechanismsOffered(sasl.getRemoteMechanisms()); if (clientSASLMechanism == null) { log.infof("Outbound connection failed - unknown mechanism, offered mechanisms: %s", Arrays.asList(sasl.getRemoteMechanisms())); dispatchAuthFailed(); } else { sasl.setMechanisms(clientSASLMechanism.getName()); byte[] initialResponse = clientSASLMechanism.getInitialResponse(); if (initialResponse != null) { sasl.send(initialResponse, 0, initialResponse.length); } } }
@Override public void onSaslMechanisms(Sasl sasl, Transport transport) { dispatchMechanismsOffered(sasl.getRemoteMechanisms()); if (clientSASLMechanism == null) { log.infof("Outbound connection failed - unknown mechanism, offered mechanisms: %s", Arrays.asList(sasl.getRemoteMechanisms())); dispatchAuthFailed(); } else { sasl.setMechanisms(clientSASLMechanism.getName()); byte[] initialResponse = clientSASLMechanism.getInitialResponse(); if (initialResponse != null) { sasl.send(initialResponse, 0, initialResponse.length); } } }
protected void checkServerSASL() { if (serverSasl != null && serverSasl.getRemoteMechanisms().length > 0) { // TODO: should we look at the first only? ServerSASL mechanism = saslHandlers.get(serverSasl.getRemoteMechanisms()[0]); if (mechanism != null) { byte[] dataSASL = new byte[serverSasl.pending()]; serverSasl.recv(dataSASL, 0, dataSASL.length); if (log.isTraceEnabled()) { log.trace("Working on sasl::" + ByteUtil.bytesToHex(dataSASL, 2)); } saslResult = mechanism.processSASL(dataSASL); if (saslResult != null && saslResult.isSuccess()) { serverSasl.done(Sasl.SaslOutcome.PN_SASL_OK); serverSasl = null; saslHandlers.clear(); saslHandlers = null; } else { serverSasl.done(Sasl.SaslOutcome.PN_SASL_AUTH); } serverSasl = null; } else { // no auth available, system error serverSasl.done(Sasl.SaslOutcome.PN_SASL_SYS); } } }
@Override public void process(final Handler<Boolean> completionHandler) { String[] remoteMechanisms = sasl.getRemoteMechanisms(); if (remoteMechanisms.length > 0) { String chosenMechanism = remoteMechanisms[0]; LOG.debug("client wants to use {} SASL mechanism [host: {}, state: {}]", chosenMechanism, sasl.getHostname(), sasl.getState().name()); if (MECHANISM_PLAIN.equals(chosenMechanism)) { evaluatePlainResponse(completionHandler); } else if (MECHANISM_EXTERNAL.equals(chosenMechanism)) { evaluateExternalResponse(completionHandler); } else { LOG.info("client wants to use unsupported {} SASL mechanism [host: {}, state: {}]", chosenMechanism, sasl.getHostname(), sasl.getState().name()); sasl.done(SaslOutcome.PN_SASL_AUTH); completionHandler.handle(true); } } else { LOG.debug("client provided an empty list of SASL mechanisms [hostname: {}, state: {}]", sasl.getHostname(), sasl.getState().name()); completionHandler.handle(false); } }
public void handleSaslMechanisms(Sasl sasl, Transport transport) { try { String[] remoteMechanisms = sasl.getRemoteMechanisms(); if (remoteMechanisms != null && remoteMechanisms.length != 0) { try { mechanism = mechanismFinder.apply(remoteMechanisms); } catch (JMSSecurityRuntimeException jmssre){ recordFailure("Could not find a suitable SASL mechanism. " + jmssre.getMessage(), jmssre); return; } byte[] response = mechanism.getInitialResponse(); if (response != null) { sasl.send(response, 0, response.length); } sasl.setMechanisms(mechanism.getName()); } } catch (Throwable error) { recordFailure("Exception while processing SASL init: " + error.getMessage(), error); } }
String[] mechanisms = sasl.getRemoteMechanisms(); String chosenMechanism = null; try
@Override public void process(final Handler<Boolean> completionHandler) { final String[] remoteMechanisms = sasl.getRemoteMechanisms(); if (remoteMechanisms.length == 0) { LOG.debug("client provided an empty list of SASL mechanisms [hostname: {}, state: {}]", sasl.getHostname(), sasl.getState().name()); completionHandler.handle(false); } else { final String chosenMechanism = remoteMechanisms[0]; LOG.debug("client wants to authenticate using SASL [mechanism: {}, host: {}, state: {}]", chosenMechanism, sasl.getHostname(), sasl.getState().name()); final Future<HonoUser> authTracker = Future.future(); authTracker.setHandler(s -> { if (s.succeeded()) { final HonoUser user = s.result(); LOG.debug("authentication of client [authorization ID: {}] succeeded", user.getName()); Constants.setClientPrincipal(protonConnection, user); succeeded = true; sasl.done(SaslOutcome.PN_SASL_OK); } else { LOG.debug("authentication failed: " + s.cause().getMessage()); sasl.done(SaslOutcome.PN_SASL_AUTH); } completionHandler.handle(Boolean.TRUE); }); final byte[] saslResponse = new byte[sasl.pending()]; sasl.recv(saslResponse, 0, saslResponse.length); verify(chosenMechanism, saslResponse, authTracker.completer()); } }
public void handleSaslMechanisms(Sasl sasl, Transport transport) { try { String[] remoteMechanisms = sasl.getRemoteMechanisms(); if (remoteMechanisms != null && remoteMechanisms.length != 0) { try { mechanism = mechanismFinder.apply(remoteMechanisms); } catch (JMSSecurityRuntimeException jmssre){ recordFailure("Could not find a suitable SASL mechanism. " + jmssre.getMessage(), jmssre); return; } byte[] response = mechanism.getInitialResponse(); if (response != null) { sasl.send(response, 0, response.length); } sasl.setMechanisms(mechanism.getName()); } } catch (Throwable error) { recordFailure("Exception while processing SASL init: " + error.getMessage(), error); } }
@Override public void process(final Handler<Boolean> completionHandler) { final String[] remoteMechanisms = sasl.getRemoteMechanisms(); if (remoteMechanisms.length == 0) { LOG.debug("client provided an empty list of SASL mechanisms [hostname: {}, state: {}]", sasl.getHostname(), sasl.getState().name()); completionHandler.handle(false); } else { final String chosenMechanism = remoteMechanisms[0]; LOG.debug("client wants to authenticate using SASL [mechanism: {}, host: {}, state: {}]", chosenMechanism, sasl.getHostname(), sasl.getState().name()); final Future<HonoUser> authTracker = Future.future(); authTracker.setHandler(s -> { if (s.succeeded()) { final HonoUser user = s.result(); LOG.debug("authentication of client [authorization ID: {}] succeeded", user.getName()); Constants.setClientPrincipal(protonConnection, user); succeeded = true; sasl.done(SaslOutcome.PN_SASL_OK); } else { LOG.debug("authentication failed: " + s.cause().getMessage()); sasl.done(SaslOutcome.PN_SASL_AUTH); } completionHandler.handle(Boolean.TRUE); }); final byte[] saslResponse = new byte[sasl.pending()]; sasl.recv(saslResponse, 0, saslResponse.length); verify(chosenMechanism, saslResponse, authTracker.completer()); } }
private SaslMechanism chooseSaslMechanismAndSendInit(Connection connection, InputStream in, OutputStream out) throws LoginException, IOException { Transport transport = connection.getTransport(); Sasl sasl = transport.sasl(); SaslMechanism mechanism = null; // read from network until we get a sasl-mechanisms readFromNetwork(connection, in, () -> sasl.getState() == PN_SASL_IDLE && sasl.getRemoteMechanisms().length == 0); for (SaslMechanismFactory factory : saslFactories) { if (Arrays.asList(sasl.getRemoteMechanisms()).contains(factory.getName())) { mechanism = factory.newInstance(callbackHandler, sharedState, options); if (mechanism != null) { sasl.setRemoteHostname(saslHostname); sasl.setMechanisms(factory.getName()); byte[] initialResponse = mechanism.getResponse(null); if (initialResponse != null && initialResponse.length != 0) { sasl.send(initialResponse, 0, initialResponse.length); } break; } } } if (mechanism == null) { throw new LoginException("Unable to authenticate using SASL delegation, no supported mechanisms"); } writeToNetwork(connection, out); return mechanism; }
public void processSaslExchange(ConnectionInfo connectionInfo) { if (sasl.getRemoteMechanisms().length > 0) { SaslMechanism mechanism = getSaslMechanism(sasl.getRemoteMechanisms()); if (mechanism != null) { LOG.debug("SASL [{}} Handshake started.", mechanism.getMechanismName()); mechanism.processSaslStep(sasl); if (!mechanism.isFailed()) { connectionInfo.setUserName(mechanism.getUsername()); connectionInfo.setPassword(mechanism.getPassword()); if (tryAuthenticate(connectionInfo, transport.getPeerCertificates())) { sasl.done(Sasl.SaslOutcome.PN_SASL_OK); } else { sasl.done(Sasl.SaslOutcome.PN_SASL_AUTH); } LOG.debug("SASL [{}} Handshake complete.", mechanism.getMechanismName()); } else { LOG.debug("SASL [{}} Handshake failed: {}", mechanism.getMechanismName(), mechanism.getFailureReason()); sasl.done(Sasl.SaslOutcome.PN_SASL_AUTH); } } else { LOG.info("SASL: could not find supported mechanism"); sasl.done(Sasl.SaslOutcome.PN_SASL_PERM); } } }
private void handleSaslInit() throws SecurityException { try { String[] remoteMechanisms = sasl.getRemoteMechanisms(); if (remoteMechanisms != null && remoteMechanisms.length != 0) { mechanism = findMatchingMechanism(remoteMechanisms); if (mechanism != null) { mechanism.setUsername(username); mechanism.setPassword(password); mechanism.setAuthzid(authzid); // TODO - set additional options from URI. // TODO - set a host value. sasl.setMechanisms(mechanism.getName()); byte[] response = mechanism.getInitialResponse(); if (response != null && response.length != 0) { sasl.send(response, 0, response.length); } } else { // TODO - Better error message. throw new SecurityException("Could not find a matching SASL mechanism for the remote peer."); } } } catch (SaslException se) { // TODO - Better error message. SecurityException jmsse = new SecurityException("Exception while processing SASL init."); jmsse.initCause(se); throw jmsse; } }
public void processSaslExchange(ConnectionInfo connectionInfo) { if (sasl.getRemoteMechanisms().length > 0) { SaslMechanism mechanism = getSaslMechanism(sasl.getRemoteMechanisms()); if (mechanism != null) { LOG.debug("SASL [{}} Handshake started.", mechanism.getMechanismName()); mechanism.processSaslStep(sasl); if (!mechanism.isFailed()) { connectionInfo.setUserName(mechanism.getUsername()); connectionInfo.setPassword(mechanism.getPassword()); if (tryAuthenticate(connectionInfo, transport.getPeerCertificates())) { sasl.done(Sasl.SaslOutcome.PN_SASL_OK); } else { sasl.done(Sasl.SaslOutcome.PN_SASL_AUTH); } LOG.debug("SASL [{}} Handshake complete.", mechanism.getMechanismName()); } else { LOG.debug("SASL [{}} Handshake failed: {}", mechanism.getMechanismName(), mechanism.getFailureReason()); sasl.done(Sasl.SaslOutcome.PN_SASL_AUTH); } } else { LOG.info("SASL: could not find supported mechanism"); sasl.done(Sasl.SaslOutcome.PN_SASL_PERM); } } }
if (sasl.getRemoteMechanisms().length > 0) { parameters.protocolVirtualHost = getHostname(sasl); if ("PLAIN".equals(sasl.getRemoteMechanisms()[0])) { byte[] data = new byte[sasl.pending()]; sasl.recv(data, 0, data.length);
if (sasl.getRemoteMechanisms().length > 0) { parameters.protocolVirtualHost = getHostname(sasl); if ("PLAIN".equals(sasl.getRemoteMechanisms()[0])) { byte[] data = new byte[sasl.pending()]; sasl.recv(data, 0, data.length);
return null; HashSet<String> mechanisims = new HashSet<String>(Arrays.asList(sasl.getRemoteMechanisms())); if (!authSent && !mechanisims.isEmpty()) { if (mechanisims.contains("PLAIN")) {
private void handleSaslInit() throws SaslException { String[] remoteMechanisms = sasl.getRemoteMechanisms(); if (remoteMechanisms != null && remoteMechanisms.length != 0) { mechanism = ProtonSaslMechanismFinderImpl.findMatchingMechanism(username, password, mechanismsRestriction, remoteMechanisms); if (mechanism != null) { mechanism.setUsername(username); mechanism.setPassword(password); sasl.setMechanisms(mechanism.getName()); byte[] response = mechanism.getInitialResponse(); if (response != null) { sasl.send(response, 0, response.length); } } else { throw new SaslSystemException( true, "Could not find a suitable SASL mechanism for the remote peer using the available credentials."); } } }