public AmqpAuthenticator(AmqpTransport transport, Sasl sasl, BrokerService brokerService) { this.brokerService = brokerService; this.transport = transport; this.sasl = sasl; sasl.setMechanisms(mechanisms); sasl.server(); }
public AmqpAuthenticator(AmqpTransport transport, Sasl sasl, BrokerService brokerService) { this.brokerService = brokerService; this.transport = transport; this.sasl = sasl; sasl.setMechanisms(mechanisms); sasl.server(); }
@Override public void createServerSASL(ServerSASL[] handlers) { this.serverSasl = transport.sasl(); saslHandlers = new HashMap<>(); String[] names = new String[handlers.length]; int count = 0; for (ServerSASL handler : handlers) { saslHandlers.put(handler.getName(), handler); names[count++] = handler.getName(); } this.serverSasl.server(); serverSasl.setMechanisms(names); }
public void createServerSASL(String[] mechanisms) { Sasl sasl = transport.sasl(); sasl.server(); sasl.setMechanisms(mechanisms); sasl.setListener(this); }
@Override public void init(NetSocket socket, ProtonConnection protonConnection, Transport transport) { this.sasl = transport.sasl(); sasl.server(); sasl.allowSkip(false); sasl.setMechanisms(ProtonSaslAnonymousImpl.MECH_NAME); succeeded = false; }
@Override public void init(final NetSocket socket, final ProtonConnection protonConnection, final Transport transport) { LOG.debug("initializing SASL authenticator"); this.protonConnection = protonConnection; this.sasl = transport.sasl(); sasl.server(); sasl.allowSkip(false); sasl.setMechanisms(AuthenticationConstants.MECHANISM_PLAIN, AuthenticationConstants.MECHANISM_EXTERNAL); if (socket.isSsl()) { LOG.trace("Client connected through a secured port"); try { peerCertificateChain = socket.sslSession().getPeerCertificates(); } catch (SSLPeerUnverifiedException e) { LOG.debug("Device's Identity cannot be verified: " + e.getMessage()); } } }
@Override public void init(final NetSocket socket, final ProtonConnection protonConnection, final Transport transport) { LOG.debug("initializing SASL authenticator"); this.protonConnection = protonConnection; this.sasl = transport.sasl(); // TODO determine supported mechanisms dynamically based on registered AuthenticationService implementations sasl.server(); sasl.allowSkip(false); sasl.setMechanisms(MECHANISM_EXTERNAL, MECHANISM_PLAIN); if (socket.isSsl()) { LOG.debug("client connected using TLS, extracting client certificate chain"); try { peerCertificateChain = socket.peerCertificateChain(); LOG.debug("found valid client certificate DN [{}]", peerCertificateChain[0].getSubjectDN()); } catch (SSLPeerUnverifiedException e) { LOG.debug("could not extract client certificate chain, maybe TLS based client auth is not required"); } } }
@Override public void init(final NetSocket socket, final ProtonConnection protonConnection, final Transport transport) { LOG.debug("initializing SASL authenticator"); this.protonConnection = protonConnection; this.sasl = transport.sasl(); // TODO determine supported mechanisms dynamically based on registered AuthenticationService implementations sasl.server(); sasl.allowSkip(false); sasl.setMechanisms(MECHANISM_EXTERNAL, MECHANISM_PLAIN); if (socket.isSsl()) { LOG.debug("client connected using TLS, extracting client certificate chain"); try { peerCertificateChain = socket.peerCertificateChain(); LOG.debug("found valid client certificate DN [{}]", peerCertificateChain[0].getSubjectDN()); } catch (final SSLPeerUnverifiedException e) { LOG.debug("could not extract client certificate chain, maybe TLS based client auth is not required"); } } }
@Override public void init(final NetSocket socket, final ProtonConnection protonConnection, final Transport transport) { LOG.debug("initializing SASL authenticator"); this.protonConnection = protonConnection; this.sasl = transport.sasl(); // TODO determine supported mechanisms dynamically based on registered AuthenticationService implementations sasl.server(); sasl.allowSkip(false); sasl.setMechanisms(MECHANISM_EXTERNAL, MECHANISM_PLAIN); if (socket.isSsl()) { LOG.debug("client connected using TLS, extracting client certificate chain"); try { peerCertificateChain = socket.peerCertificateChain(); LOG.debug("found valid client certificate DN [{}]", peerCertificateChain[0].getSubjectDN()); } catch (final SSLPeerUnverifiedException e) { LOG.debug("could not extract client certificate chain, maybe TLS based client auth is not required"); } } }
@Override public void onConnectionBound(Event event) { TRACE_LOGGER.debug("onConnectionBound: hostname:{}", event.getConnection().getHostname()); Transport transport = event.getTransport(); this.addTransportLayers(event, (TransportInternal) transport); Sasl sasl = transport.sasl(); sasl.setMechanisms("ANONYMOUS"); }
public void createServerSASL(String[] mechanisms) { requireHandler(); Sasl sasl = transport.sasl(); sasl.server(); sasl.setMechanisms(mechanisms); sasl.setListener(this); }
@Override public void createClientSasl(ClientSASL clientSASL) { if (clientSASL != null) { clientSasl = transport.sasl(); clientSasl.setMechanisms(clientSASL.getName()); byte[] initialSasl = clientSASL.getBytes(); clientSasl.send(initialSasl, 0, initialSasl.length); } }
public void handleSaslMechanisms(Sasl sasl, Transport transport) { try { String[] remoteMechanisms = sasl.getRemoteMechanisms(); if (remoteMechanisms != null && remoteMechanisms.length != 0) { try { mechanism = mechanismFinder.apply(remoteMechanisms); } catch (JMSSecurityRuntimeException jmssre){ recordFailure("Could not find a suitable SASL mechanism. " + jmssre.getMessage(), jmssre); return; } byte[] response = mechanism.getInitialResponse(); if (response != null) { sasl.send(response, 0, response.length); } sasl.setMechanisms(mechanism.getName()); } } catch (Throwable error) { recordFailure("Exception while processing SASL init: " + error.getMessage(), error); } }
public void handleSaslMechanisms(Sasl sasl, Transport transport) { try { String[] remoteMechanisms = sasl.getRemoteMechanisms(); if (remoteMechanisms != null && remoteMechanisms.length != 0) { try { mechanism = mechanismFinder.apply(remoteMechanisms); } catch (JMSSecurityRuntimeException jmssre){ recordFailure("Could not find a suitable SASL mechanism. " + jmssre.getMessage(), jmssre); return; } byte[] response = mechanism.getInitialResponse(); if (response != null) { sasl.send(response, 0, response.length); } sasl.setMechanisms(mechanism.getName()); } } catch (Throwable error) { recordFailure("Exception while processing SASL init: " + error.getMessage(), error); } }
@Override public void init(final NetSocket socket, final ProtonConnection protonConnection, final Transport transport) { // allow for frames bigger than 512 bytes to support mechanisms that send (for instance) tokens transport.setInitialRemoteMaxFrameSize(1024*1024); this.sasl = transport.sasl(); sasl.server(); sasl.allowSkip(false); sasl.setMechanisms(getValidMechanisms(getPasswordHashAlgorithms())); connection = protonConnection; }
@Override public void onSaslMechanisms(Sasl sasl, Transport transport) { dispatchMechanismsOffered(sasl.getRemoteMechanisms()); if (clientSASLMechanism == null) { log.infof("Outbound connection failed - unknown mechanism, offered mechanisms: %s", Arrays.asList(sasl.getRemoteMechanisms())); dispatchAuthFailed(); } else { sasl.setMechanisms(clientSASLMechanism.getName()); byte[] initialResponse = clientSASLMechanism.getInitialResponse(); if (initialResponse != null) { sasl.send(initialResponse, 0, initialResponse.length); } } }
@Override public void onSaslMechanisms(Sasl sasl, Transport transport) { dispatchMechanismsOffered(sasl.getRemoteMechanisms()); if (clientSASLMechanism == null) { log.infof("Outbound connection failed - unknown mechanism, offered mechanisms: %s", Arrays.asList(sasl.getRemoteMechanisms())); dispatchAuthFailed(); } else { sasl.setMechanisms(clientSASLMechanism.getName()); byte[] initialResponse = clientSASLMechanism.getInitialResponse(); if (initialResponse != null) { sasl.send(initialResponse, 0, initialResponse.length); } } }
private void handleOpen(Event event) { Connection connection = event.getConnection(); if (connection.getRemoteState() != EndpointState.UNINITIALIZED) { return; } Transport transport = Proton.transport(); Sasl sasl = transport.sasl(); sasl.client(); sasl.setMechanisms("ANONYMOUS"); transport.webSocket(); transport.bind(connection); }
private void handleSaslInit() throws SecurityException { try { String[] remoteMechanisms = sasl.getRemoteMechanisms(); if (remoteMechanisms != null && remoteMechanisms.length != 0) { mechanism = findMatchingMechanism(remoteMechanisms); if (mechanism != null) { mechanism.setUsername(username); mechanism.setPassword(password); mechanism.setAuthzid(authzid); // TODO - set additional options from URI. // TODO - set a host value. sasl.setMechanisms(mechanism.getName()); byte[] response = mechanism.getInitialResponse(); if (response != null && response.length != 0) { sasl.send(response, 0, response.length); } } else { // TODO - Better error message. throw new SecurityException("Could not find a matching SASL mechanism for the remote peer."); } } } catch (SaslException se) { // TODO - Better error message. SecurityException jmsse = new SecurityException("Exception while processing SASL init."); jmsse.initCause(se); throw jmsse; } }
private void handleSaslInit() throws SaslException { String[] remoteMechanisms = sasl.getRemoteMechanisms(); if (remoteMechanisms != null && remoteMechanisms.length != 0) { mechanism = ProtonSaslMechanismFinderImpl.findMatchingMechanism(username, password, mechanismsRestriction, remoteMechanisms); if (mechanism != null) { mechanism.setUsername(username); mechanism.setPassword(password); sasl.setMechanisms(mechanism.getName()); byte[] response = mechanism.getInitialResponse(); if (response != null) { sasl.send(response, 0, response.length); } } else { throw new SaslSystemException( true, "Could not find a suitable SASL mechanism for the remote peer using the available credentials."); } } }