private void performSaslSteps(Connection connection, InputStream in, OutputStream out, SaslMechanism mechanism) throws IOException, LoginException { Transport transport = connection.getTransport(); Sasl sasl = transport.sasl(); do { readFromNetwork(connection, in, () -> !(EnumSet.of(PN_SASL_PASS, PN_SASL_FAIL).contains(sasl.getState()) || (sasl.getState() == PN_SASL_STEP && sasl.pending() > 0))); if (sasl.pending() > 0) { byte[] challenge = new byte[sasl.pending()]; byte[] response = mechanism.getResponse(challenge); if (sasl.getState() == PN_SASL_STEP) { sasl.send(response, 0, response.length); writeToNetwork(connection, out); } } } while (sasl.getState() == PN_SASL_STEP); }
public void handleSaslOutcome(Sasl sasl, Transport transport) { try { switch (sasl.getState()) { case PN_SASL_FAIL: handleSaslFail(sasl); break; case PN_SASL_PASS: handleSaslCompletion(sasl); break; default: break; } } catch (Throwable error) { recordFailure(error.getMessage(), error); } }
@Override public void process(final Handler<Boolean> completionHandler) { String[] remoteMechanisms = sasl.getRemoteMechanisms(); if (remoteMechanisms.length > 0) { String chosenMechanism = remoteMechanisms[0]; LOG.debug("client wants to use {} SASL mechanism [host: {}, state: {}]", chosenMechanism, sasl.getHostname(), sasl.getState().name()); if (MECHANISM_PLAIN.equals(chosenMechanism)) { evaluatePlainResponse(completionHandler); } else if (MECHANISM_EXTERNAL.equals(chosenMechanism)) { evaluateExternalResponse(completionHandler); } else { LOG.info("client wants to use unsupported {} SASL mechanism [host: {}, state: {}]", chosenMechanism, sasl.getHostname(), sasl.getState().name()); sasl.done(SaslOutcome.PN_SASL_AUTH); completionHandler.handle(true); } } else { LOG.debug("client provided an empty list of SASL mechanisms [hostname: {}, state: {}]", sasl.getHostname(), sasl.getState().name()); completionHandler.handle(false); } }
public void handleSaslOutcome(Sasl sasl, Transport transport) { try { switch (sasl.getState()) { case PN_SASL_FAIL: handleSaslFail(sasl); break; case PN_SASL_PASS: handleSaslCompletion(sasl); break; default: break; } } catch (Throwable error) { recordFailure(error.getMessage(), error); } }
private boolean isSaslAuthenticated(Connection connection, SaslMechanism mechanism) { Transport transport = connection.getTransport(); Sasl sasl = transport.sasl(); return sasl.getState() == PN_SASL_PASS && mechanism.completedSuccessfully(); }
switch (sasl.getState()) { case PN_SASL_IDLE: handleSaslInit();
/** * Process the SASL authentication cycle until such time as an outcome is determine. This * method must be called by the managing entity until the return value is true indicating a * successful authentication or a JMSSecurityException is thrown indicating that the * handshake failed. * * @throws SecurityException */ public boolean authenticate() throws SecurityException { switch (sasl.getState()) { case PN_SASL_IDLE: handleSaslInit(); break; case PN_SASL_STEP: handleSaslStep(); break; case PN_SASL_FAIL: handleSaslFail(); break; case PN_SASL_PASS: return true; default: } return false; }
@Override public void process(final Handler<Boolean> completionHandler) { final String[] remoteMechanisms = sasl.getRemoteMechanisms(); if (remoteMechanisms.length == 0) { LOG.debug("client provided an empty list of SASL mechanisms [hostname: {}, state: {}]", sasl.getHostname(), sasl.getState().name()); completionHandler.handle(false); } else { final String chosenMechanism = remoteMechanisms[0]; LOG.debug("client wants to authenticate using SASL [mechanism: {}, host: {}, state: {}]", chosenMechanism, sasl.getHostname(), sasl.getState().name()); final Future<HonoUser> authTracker = Future.future(); authTracker.setHandler(s -> { if (s.succeeded()) { final HonoUser user = s.result(); LOG.debug("authentication of client [authorization ID: {}] succeeded", user.getName()); Constants.setClientPrincipal(protonConnection, user); succeeded = true; sasl.done(SaslOutcome.PN_SASL_OK); } else { LOG.debug("authentication failed: " + s.cause().getMessage()); sasl.done(SaslOutcome.PN_SASL_AUTH); } completionHandler.handle(Boolean.TRUE); }); final byte[] saslResponse = new byte[sasl.pending()]; sasl.recv(saslResponse, 0, saslResponse.length); verify(chosenMechanism, saslResponse, authTracker.completer()); } }
@Override public void process(final Handler<Boolean> completionHandler) { final String[] remoteMechanisms = sasl.getRemoteMechanisms(); if (remoteMechanisms.length == 0) { LOG.debug("client provided an empty list of SASL mechanisms [hostname: {}, state: {}]", sasl.getHostname(), sasl.getState().name()); completionHandler.handle(false); } else { final String chosenMechanism = remoteMechanisms[0]; LOG.debug("client wants to authenticate using SASL [mechanism: {}, host: {}, state: {}]", chosenMechanism, sasl.getHostname(), sasl.getState().name()); final Future<HonoUser> authTracker = Future.future(); authTracker.setHandler(s -> { if (s.succeeded()) { final HonoUser user = s.result(); LOG.debug("authentication of client [authorization ID: {}] succeeded", user.getName()); Constants.setClientPrincipal(protonConnection, user); succeeded = true; sasl.done(SaslOutcome.PN_SASL_OK); } else { LOG.debug("authentication failed: " + s.cause().getMessage()); sasl.done(SaslOutcome.PN_SASL_AUTH); } completionHandler.handle(Boolean.TRUE); }); final byte[] saslResponse = new byte[sasl.pending()]; sasl.recv(saslResponse, 0, saslResponse.length); verify(chosenMechanism, saslResponse, authTracker.completer()); } }
@Override public void onSaslOutcome(Sasl sasl, Transport transport) { log.debug("onSaslOutcome: " + sasl); switch (sasl.getState()) { case PN_SASL_FAIL: log.info("Outbound connection failed, authentication failure");
@Override public void onSaslOutcome(Sasl sasl, Transport transport) { log.debug("onSaslOutcome: " + sasl); switch (sasl.getState()) { case PN_SASL_FAIL: log.info("Outbound connection failed, authentication failure");
if (remoteMechanisms.length == 0) { LOG.debug("client device provided an empty list of SASL mechanisms [hostname: {}, state: {}]", sasl.getHostname(), sasl.getState()); completionHandler.handle(Boolean.FALSE); } else { final String remoteMechanism = remoteMechanisms[0]; LOG.debug("client device wants to authenticate using SASL [mechanism: {}, host: {}, state: {}]", remoteMechanism, sasl.getHostname(), sasl.getState());
private SaslMechanism chooseSaslMechanismAndSendInit(Connection connection, InputStream in, OutputStream out) throws LoginException, IOException { Transport transport = connection.getTransport(); Sasl sasl = transport.sasl(); SaslMechanism mechanism = null; // read from network until we get a sasl-mechanisms readFromNetwork(connection, in, () -> sasl.getState() == PN_SASL_IDLE && sasl.getRemoteMechanisms().length == 0); for (SaslMechanismFactory factory : saslFactories) { if (Arrays.asList(sasl.getRemoteMechanisms()).contains(factory.getName())) { mechanism = factory.newInstance(callbackHandler, sharedState, options); if (mechanism != null) { sasl.setRemoteHostname(saslHostname); sasl.setMechanisms(factory.getName()); byte[] initialResponse = mechanism.getResponse(null); if (initialResponse != null && initialResponse.length != 0) { sasl.send(initialResponse, 0, initialResponse.length); } break; } } } if (mechanism == null) { throw new LoginException("Unable to authenticate using SASL delegation, no supported mechanisms"); } writeToNetwork(connection, out); return mechanism; }