Examples with SaslException javax.security.sasl.SaslException used on opensource projects

Example 11 with SaslException

use of javax.security.sasl.SaslException in project zookeeper by apache.

the class ZooKeeperSaslClient method sendSaslPacket.

private void sendSaslPacket(ClientCnxn cnxn) throws SaslException {
    if (LOG.isDebugEnabled()) {
        LOG.debug("ClientCnxn:sendSaslPacket:length=" + saslToken.length);
    }
    GetSASLRequest request = new GetSASLRequest();
    request.setToken(createSaslToken());
    SetSASLResponse response = new SetSASLResponse();
    ServerSaslResponseCallback cb = new ServerSaslResponseCallback();
    try {
        cnxn.sendPacket(request, response, cb, ZooDefs.OpCode.sasl);
    } catch (IOException e) {
        throw new SaslException("Failed to send SASL packet to server due " + "to IOException:", e);
    }
}

Example 12 with SaslException

use of javax.security.sasl.SaslException in project Smack by igniterealtime.

the class SASLJavaXMechanism method authenticateInternal.

@Override
protected void authenticateInternal() throws SmackException {
    String[] mechanisms = { getName() };
    Map<String, String> props = getSaslProps();
    String authzid = null;
    if (authorizationId != null) {
        authzid = authorizationId.toString();
    }
    try {
        sc = Sasl.createSaslClient(mechanisms, authzid, "xmpp", getServerName().toString(), props, new CallbackHandler() {

            @Override
            public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
                for (int i = 0; i < callbacks.length; i++) {
                    if (callbacks[i] instanceof NameCallback) {
                        NameCallback ncb = (NameCallback) callbacks[i];
                        ncb.setName(authenticationId);
                    } else if (callbacks[i] instanceof PasswordCallback) {
                        PasswordCallback pcb = (PasswordCallback) callbacks[i];
                        pcb.setPassword(password.toCharArray());
                    } else if (callbacks[i] instanceof RealmCallback) {
                        RealmCallback rcb = (RealmCallback) callbacks[i];
                        // Retrieve the REALM from the challenge response that
                        // the server returned when the client initiated the
                        // authentication exchange. If this value is not null or
                        // empty, *this value* has to be sent back to the server
                        // in the client's response to the server's challenge
                        String text = rcb.getDefaultText();
                        // The SASL client (sc) created in smack uses
                        // rcb.getText when creating the negotiatedRealm to send
                        // it back to the server. Make sure that this value
                        // matches the server's realm
                        rcb.setText(text);
                    } else if (callbacks[i] instanceof RealmChoiceCallback) {
                    // unused, prevents UnsupportedCallbackException
                    // RealmChoiceCallback rccb =
                    // (RealmChoiceCallback)callbacks[i];
                    } else {
                        throw new UnsupportedCallbackException(callbacks[i]);
                    }
                }
            }
        });
    } catch (SaslException e) {
        throw new SmackException(e);
    }
}

Example 13 with SaslException

use of javax.security.sasl.SaslException in project Openfire by igniterealtime.

the class JiveSharedSecretSaslServer method evaluateResponse.

@Override
public byte[] evaluateResponse(byte[] response) throws SaslException {
    if (isComplete()) {
        throw new IllegalStateException("Authentication exchange already completed.");
    }
    if (response == null || response.length == 0) {
        // No info was provided so send a challenge to get it.
        return new byte[0];
    }
    complete = true;
    // Parse data and obtain username & password.
    final StringTokenizer tokens = new StringTokenizer(new String(response, StandardCharsets.UTF_8), "\0");
    tokens.nextToken();
    final String secretDigest = tokens.nextToken();
    if (authenticateSharedSecret(secretDigest)) {
        // Success!
        return null;
    } else {
        // Otherwise, authentication failed.
        throw new SaslException("Authentication failed");
    }
}

Example 14 with SaslException

use of javax.security.sasl.SaslException in project Openfire by igniterealtime.

the class SaslServerPlainImpl method evaluateResponse.

/**
     * Evaluates the response data and generates a challenge.
     *
     * If a response is received from the client during the authentication
     * process, this method is called to prepare an appropriate next
     * challenge to submit to the client. The challenge is null if the
     * authentication has succeeded and no more challenge data is to be sent
     * to the client. It is non-null if the authentication must be continued
     * by sending a challenge to the client, or if the authentication has
     * succeeded but challenge data needs to be processed by the client.
     * <tt>isComplete()</tt> should be called
     * after each call to <tt>evaluateResponse()</tt>,to determine if any further
     * response is needed from the client.
     *
     * @param response The non-null (but possibly empty) response sent
     * by the client.
     *
     * @return The possibly null challenge to send to the client.
     * It is null if the authentication has succeeded and there is
     * no more challenge data to be sent to the client.
     * @exception SaslException If an error occurred while processing
     * the response or generating a challenge.
     */
@Override
public byte[] evaluateResponse(byte[] response) throws SaslException {
    if (completed) {
        throw new IllegalStateException("PLAIN authentication already completed");
    }
    if (aborted) {
        throw new IllegalStateException("PLAIN authentication previously aborted due to error");
    }
    try {
        if (response.length != 0) {
            String data = new String(response, StandardCharsets.UTF_8);
            StringTokenizer tokens = new StringTokenizer(data, "\0");
            if (tokens.countTokens() > 2) {
                username = tokens.nextToken();
                principal = tokens.nextToken();
            } else {
                username = tokens.nextToken();
                principal = username;
            }
            password = tokens.nextToken();
            NameCallback ncb = new NameCallback("PLAIN authentication ID: ", principal);
            VerifyPasswordCallback vpcb = new VerifyPasswordCallback(password.toCharArray());
            cbh.handle(new Callback[] { ncb, vpcb });
            if (vpcb.getVerified()) {
                vpcb.clearPassword();
                AuthorizeCallback acb = new AuthorizeCallback(principal, username);
                cbh.handle(new Callback[] { acb });
                if (acb.isAuthorized()) {
                    username = acb.getAuthorizedID();
                    completed = true;
                } else {
                    completed = true;
                    username = null;
                    throw new SaslException("PLAIN: user not authorized: " + principal);
                }
            } else {
                throw new SaslException("PLAIN: user not authorized: " + principal);
            }
        } else {
            //Client gave no initial response
            if (counter++ > 1) {
                throw new SaslException("PLAIN expects a response");
            }
            return null;
        }
    } catch (UnsupportedCallbackException | IOException e) {
        aborted = true;
        throw new SaslException("PLAIN authentication failed for: " + username, e);
    }
    return null;
}

Example 15 with SaslException

use of javax.security.sasl.SaslException in project Openfire by igniterealtime.

the class ScramSha1SaslServer method evaluateResponse.

/**
     * Evaluates the response data and generates a challenge.
     *
     * If a response is received from the client during the authentication
     * process, this method is called to prepare an appropriate next
     * challenge to submit to the client. The challenge is null if the
     * authentication has succeeded and no more challenge data is to be sent
     * to the client. It is non-null if the authentication must be continued
     * by sending a challenge to the client, or if the authentication has
     * succeeded but challenge data needs to be processed by the client.
     * <tt>isComplete()</tt> should be called
     * after each call to <tt>evaluateResponse()</tt>,to determine if any further
     * response is needed from the client.
     *
     * @param response The non-null (but possibly empty) response sent
     * by the client.
     *
     * @return The possibly null challenge to send to the client.
     * It is null if the authentication has succeeded and there is
     * no more challenge data to be sent to the client.
     * @exception SaslException If an error occurred while processing
     * the response or generating a challenge.
     */
@Override
public byte[] evaluateResponse(final byte[] response) throws SaslException {
    try {
        byte[] challenge;
        switch(state) {
            case INITIAL:
                challenge = generateServerFirstMessage(response);
                state = State.IN_PROGRESS;
                break;
            case IN_PROGRESS:
                challenge = generateServerFinalMessage(response);
                state = State.COMPLETE;
                break;
            case COMPLETE:
                if (response == null || response.length == 0) {
                    challenge = new byte[0];
                    break;
                }
            default:
                throw new SaslException("No response expected in state " + state);
        }
        return challenge;
    } catch (RuntimeException ex) {
        throw new SaslException("Unexpected exception while evaluating SASL response.", ex);
    }
}