Example 6 with SaslException
use of javax.security.sasl.SaslException in project kafka by apache.
the class ScramSaslClient method handleServerFinalMessage.
private void handleServerFinalMessage(byte[] signature) throws SaslException {
try {
byte[] serverKey = formatter.serverKey(saltedPassword);
byte[] serverSignature = formatter.serverSignature(serverKey, clientFirstMessage, serverFirstMessage, clientFinalMessage);
if (!Arrays.equals(signature, serverSignature))
throw new SaslException("Invalid server signature in server final message");
} catch (InvalidKeyException e) {
throw new SaslException("Sasl server signature verification failed", e);
}
}
Also used :
SaslException(javax.security.sasl.SaslException)
InvalidKeyException(java.security.InvalidKeyException)
Example 7 with SaslException
use of javax.security.sasl.SaslException in project kafka by apache.
the class ScramSaslServer method verifyClientProof.
private void verifyClientProof(ClientFinalMessage clientFinalMessage) throws SaslException {
try {
byte[] expectedStoredKey = scramCredential.storedKey();
byte[] clientSignature = formatter.clientSignature(expectedStoredKey, clientFirstMessage, serverFirstMessage, clientFinalMessage);
byte[] computedStoredKey = formatter.storedKey(clientSignature, clientFinalMessage.proof());
if (!Arrays.equals(computedStoredKey, expectedStoredKey))
throw new SaslException("Invalid client credentials");
} catch (InvalidKeyException e) {
throw new SaslException("Sasl client verification failed", e);
}
}
Also used :
SaslException(javax.security.sasl.SaslException)
InvalidKeyException(java.security.InvalidKeyException)
Example 8 with SaslException
use of javax.security.sasl.SaslException in project hive by apache.
the class HiveConnection method createBinaryTransport.
/**
* Create transport per the connection options
* Supported transport options are:
* - SASL based transports over
* + Kerberos
* + Delegation token
* + SSL
* + non-SSL
* - Raw (non-SASL) socket
*
* Kerberos and Delegation token supports SASL QOP configurations
* @throws SQLException, TTransportException
*/
private TTransport createBinaryTransport() throws SQLException, TTransportException {
try {
TTransport socketTransport = createUnderlyingTransport();
// handle secure connection if specified
if (!JdbcConnectionParams.AUTH_SIMPLE.equals(sessConfMap.get(JdbcConnectionParams.AUTH_TYPE))) {
// If Kerberos
Map<String, String> saslProps = new HashMap<String, String>();
SaslQOP saslQOP = SaslQOP.AUTH;
if (sessConfMap.containsKey(JdbcConnectionParams.AUTH_QOP)) {
try {
saslQOP = SaslQOP.fromString(sessConfMap.get(JdbcConnectionParams.AUTH_QOP));
} catch (IllegalArgumentException e) {
throw new SQLException("Invalid " + JdbcConnectionParams.AUTH_QOP + " parameter. " + e.getMessage(), "42000", e);
}
saslProps.put(Sasl.QOP, saslQOP.toString());
} else {
// If the client did not specify qop then just negotiate the one supported by server
saslProps.put(Sasl.QOP, "auth-conf,auth-int,auth");
}
saslProps.put(Sasl.SERVER_AUTH, "true");
if (sessConfMap.containsKey(JdbcConnectionParams.AUTH_PRINCIPAL)) {
transport = KerberosSaslHelper.getKerberosTransport(sessConfMap.get(JdbcConnectionParams.AUTH_PRINCIPAL), host, socketTransport, saslProps, assumeSubject);
} else {
// If there's a delegation token available then use token based connection
String tokenStr = getClientDelegationToken(sessConfMap);
if (tokenStr != null) {
transport = KerberosSaslHelper.getTokenTransport(tokenStr, host, socketTransport, saslProps);
} else {
// we are using PLAIN Sasl connection with user/password
String userName = getUserName();
String passwd = getPassword();
// Overlay the SASL transport on top of the base socket transport (SSL or non-SSL)
transport = PlainSaslHelper.getPlainTransport(userName, passwd, socketTransport);
}
}
} else {
// Raw socket connection (non-sasl)
transport = socketTransport;
}
} catch (SaslException e) {
throw new SQLException("Could not create secure connection to " + jdbcUriString + ": " + e.getMessage(), " 08S01", e);
}
return transport;
}
Also used :
HashMap(java.util.HashMap)
SQLException(java.sql.SQLException)
SaslQOP(org.apache.hive.service.auth.SaslQOP)
TTransport(org.apache.thrift.transport.TTransport)
SaslException(javax.security.sasl.SaslException)
Example 9 with SaslException
use of javax.security.sasl.SaslException in project storm by apache.
the class SaslPlainServer method evaluateResponse.
@Override
public byte[] evaluateResponse(byte[] response) throws SaslException {
if (completed) {
throw new IllegalStateException("PLAIN authentication has completed");
}
if (response == null) {
throw new IllegalArgumentException("Received null response");
}
try {
String payload;
try {
payload = new String(response, "UTF-8");
} catch (Exception e) {
throw new IllegalArgumentException("Received corrupt response", e);
}
// [ authz, authn, password ]
String[] parts = payload.split("�", 3);
if (parts.length != 3) {
throw new IllegalArgumentException("Received corrupt response");
}
if (parts[0].isEmpty()) {
// authz = authn
parts[0] = parts[1];
}
NameCallback nc = new NameCallback("SASL PLAIN");
nc.setName(parts[1]);
PasswordCallback pc = new PasswordCallback("SASL PLAIN", false);
pc.setPassword(parts[2].toCharArray());
AuthorizeCallback ac = new AuthorizeCallback(parts[1], parts[0]);
cbh.handle(new Callback[] { nc, pc, ac });
if (ac.isAuthorized()) {
authz = ac.getAuthorizedID();
}
} catch (Exception e) {
throw new SaslException("PLAIN auth failed: " + e.toString(), e);
} finally {
completed = true;
}
return null;
}
Also used :
NameCallback(javax.security.auth.callback.NameCallback)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
SaslException(javax.security.sasl.SaslException)
SaslException(javax.security.sasl.SaslException)
AuthorizeCallback(javax.security.sasl.AuthorizeCallback)
Example 10 with SaslException
use of javax.security.sasl.SaslException in project zookeeper by apache.
the class ZooKeeperSaslClient method sendSaslPacket.
private void sendSaslPacket(byte[] saslToken, ClientCnxn cnxn) throws SaslException {
if (LOG.isDebugEnabled()) {
LOG.debug("ClientCnxn:sendSaslPacket:length=" + saslToken.length);
}
GetSASLRequest request = new GetSASLRequest();
request.setToken(saslToken);
SetSASLResponse response = new SetSASLResponse();
ServerSaslResponseCallback cb = new ServerSaslResponseCallback();
try {
cnxn.sendPacket(request, response, cb, ZooDefs.OpCode.sasl);
} catch (IOException e) {
throw new SaslException("Failed to send SASL packet to server.", e);
}
}
Also used :
SetSASLResponse(org.apache.zookeeper.proto.SetSASLResponse)
IOException(java.io.IOException)
SaslException(javax.security.sasl.SaslException)
GetSASLRequest(org.apache.zookeeper.proto.GetSASLRequest)
Aggregations
SaslException (javax.security.sasl.SaslException)70
IOException (java.io.IOException)24
UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)12
NameCallback (javax.security.auth.callback.NameCallback)11
Callback (javax.security.auth.callback.Callback)6
PasswordCallback (javax.security.auth.callback.PasswordCallback)6
SaslClient (javax.security.sasl.SaslClient)6
UndeclaredThrowableException (java.lang.reflect.UndeclaredThrowableException)5
InvalidKeyException (java.security.InvalidKeyException)5
LoginException (javax.security.auth.login.LoginException)5
AuthorizeCallback (javax.security.sasl.AuthorizeCallback)5
RpcException (org.apache.drill.exec.rpc.RpcException)5
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)4
PrivilegedActionException (java.security.PrivilegedActionException)4
CallbackHandler (javax.security.auth.callback.CallbackHandler)4
GSSException (org.ietf.jgss.GSSException)4
UserNotFoundException (org.jivesoftware.openfire.user.UserNotFoundException)4
ByteString (com.google.protobuf.ByteString)3
Principal (java.security.Principal)3
SaslServer (javax.security.sasl.SaslServer)3
