use of com.mysql.cj.protocol.a.NativePacketPayload in project aws-mysql-jdbc by awslabs.
the class AuthenticationTest method authLdapSaslCliPluginChallengeBadProof.
/**
* Test wrong 'server-final-message' due to bad proof.
* Data based on test vector from <a href="https://tools.ietf.org/html/rfc5802#section-5">RFC 5802, Section 5</a>.
*
* @throws Exception
*/
@Test
public void authLdapSaslCliPluginChallengeBadProof() throws Exception {
AuthenticationPlugin<NativePacketPayload> authPlugin = new AuthenticationLdapSaslClientPlugin();
// Initialize plugin with some protocol (none is needed).
authPlugin.init(null);
// Set authentication parameters.
authPlugin.setAuthenticationParameters("user", "pencil");
// Initial server packet: Protocol::AuthSwitchRequest
// [authentication_ldap_sasl_client.SCRAM-SHA-1]
// ;; "." --> 0 byte.
// ;; first part of the packet is already processed.
NativePacketPayload challenge = new NativePacketPayload("SCRAM-SHA-1".getBytes("ASCII"));
// Expected 'client-first-message':
// [n,,n=user,r=<CNONCE>]
// ;; <CNONCE> is generated internally and needs to be replaced by the expected value from the test vector in order to continue the test.
List<NativePacketPayload> response = new ArrayList<>();
authPlugin.nextAuthenticationStep(challenge, response);
assertEquals(1, response.size());
String data = response.get(0).readString(StringSelfDataType.STRING_EOF, "UTF-8");
assertTrue(data.startsWith("n,,n=user,r="));
assertEquals("n,,n=user,r=".length() + 32, data.length());
// Replace the internal plugin data in order to match the expected 'client-first-message':
// [n,,n=user,r=fyko+d2lbbFgONRv9qkxdawL]
overrideSaslClientData(authPlugin, "fyko+d2lbbFgONRv9qkxdawL");
// Server's 'server-first-message':
// [r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,s=QSXCR+Q6sek8bf92,i=4096]
challenge = new NativePacketPayload("r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,s=QSXCR+Q6sek8bf92,i=4096".getBytes("UTF-8"));
// Expected 'client-final-message':
// [c=biws,r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,p=v0X8v3Bz2T0CJGbJQyF0X+HI4Ts=]
authPlugin.nextAuthenticationStep(challenge, response);
assertEquals(1, response.size());
data = response.get(0).readString(StringSelfDataType.STRING_EOF, "UTF-8");
assertEquals("c=biws,r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,p=v0X8v3Bz2T0CJGbJQyF0X+HI4Ts=", data);
// Server's 'server-final-message':
// [v=XXXXXXXXXXXXXXXXXXXXXXXXXXXX]
// ;; Bad 'v' attribute.
NativePacketPayload badChallenge = new NativePacketPayload("v=XXXXXXXXXXXXXXXXXXXXXXXXXXXX".getBytes("UTF-8"));
// Expected Exception.
CJException ex = assertThrows(CJException.class, "Error while processing an authentication iteration for the authentication mechanism 'SCRAM-SHA-1'\\.", () -> authPlugin.nextAuthenticationStep(badChallenge, response));
assertEquals(SaslException.class, ex.getCause().getClass());
assertEquals("SCRAM-SHA-1 server signature could not be verified.", ex.getCause().getMessage());
}
use of com.mysql.cj.protocol.a.NativePacketPayload in project aws-mysql-jdbc by awslabs.
the class AuthenticationTest method authLdapSaslCliPluginChallengeMissingProof.
/**
* Test wrong 'server-final-message' due to missing proof.
* Data based on test vector from <a href="https://tools.ietf.org/html/rfc5802#section-5">RFC 5802, Section 5</a>.
*
* @throws Exception
*/
@Test
public void authLdapSaslCliPluginChallengeMissingProof() throws Exception {
AuthenticationPlugin<NativePacketPayload> authPlugin = new AuthenticationLdapSaslClientPlugin();
// Initialize plugin with some protocol (none is needed).
authPlugin.init(null);
// Set authentication parameters.
authPlugin.setAuthenticationParameters("user", "pencil");
// Initial server packet: Protocol::AuthSwitchRequest
// [authentication_ldap_sasl_client.SCRAM-SHA-1]
// ;; "." --> 0 byte.
// ;; first part of the packet is already processed.
NativePacketPayload challenge = new NativePacketPayload("SCRAM-SHA-1".getBytes("ASCII"));
// Expected 'client-first-message':
// [n,,n=user,r=<CNONCE>]
// ;; <CNONCE> is generated internally and needs to be replaced by the expected value from the test vector in order to continue the test.
List<NativePacketPayload> response = new ArrayList<>();
authPlugin.nextAuthenticationStep(challenge, response);
assertEquals(1, response.size());
String data = response.get(0).readString(StringSelfDataType.STRING_EOF, "UTF-8");
assertTrue(data.startsWith("n,,n=user,r="));
assertEquals("n,,n=user,r=".length() + 32, data.length());
// Replace the internal plugin data in order to match the expected 'client-first-message':
// [n,,n=user,r=fyko+d2lbbFgONRv9qkxdawL]
overrideSaslClientData(authPlugin, "fyko+d2lbbFgONRv9qkxdawL");
// Server's 'server-first-message':
// [r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,s=QSXCR+Q6sek8bf92,i=4096]
challenge = new NativePacketPayload("r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,s=QSXCR+Q6sek8bf92,i=4096".getBytes("UTF-8"));
// Expected 'client-final-message':
// [c=biws,r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,p=v0X8v3Bz2T0CJGbJQyF0X+HI4Ts=]
authPlugin.nextAuthenticationStep(challenge, response);
assertEquals(1, response.size());
data = response.get(0).readString(StringSelfDataType.STRING_EOF, "UTF-8");
assertEquals("c=biws,r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,p=v0X8v3Bz2T0CJGbJQyF0X+HI4Ts=", data);
// Server's 'server-final-message':
// [x=rmF9pqV8S7suAoZWja4dJRkFsKQ=]
// ;; Missing 'v' attribute.
NativePacketPayload badChallenge = new NativePacketPayload("x=rmF9pqV8S7suAoZWja4dJRkFsKQ=".getBytes("UTF-8"));
// Expected Exception.
CJException ex = assertThrows(CJException.class, "Error while processing an authentication iteration for the authentication mechanism 'SCRAM-SHA-1'\\.", () -> authPlugin.nextAuthenticationStep(badChallenge, response));
assertEquals(SaslException.class, ex.getCause().getClass());
assertEquals("Missing required SCRAM attribute from server final message.", ex.getCause().getMessage());
}
use of com.mysql.cj.protocol.a.NativePacketPayload in project aws-mysql-jdbc by awslabs.
the class AuthenticationTest method authLdapSaslCliPluginChallengeUnsupportedMech.
/**
* Test unsupported SASL mechanism.
*
* @throws Exception
*/
@Test
public void authLdapSaslCliPluginChallengeUnsupportedMech() throws Exception {
assertThrows(CJException.class, "Unsupported SASL authentication mechanism 'UNKNOWN-MECH'\\.", () -> {
AuthenticationPlugin<NativePacketPayload> ap = new AuthenticationLdapSaslClientPlugin();
ap.init(null);
ap.nextAuthenticationStep(new NativePacketPayload("UNKNOWN-MECH".getBytes("ASCII")), new ArrayList<>());
// Must do it twice because there's a chance to run the first iteration with a hashing seed instead of an authentication mechanism.
ap.nextAuthenticationStep(new NativePacketPayload("UNKNOWN-MECH".getBytes("ASCII")), new ArrayList<>());
return null;
});
}
use of com.mysql.cj.protocol.a.NativePacketPayload in project aws-mysql-jdbc by awslabs.
the class NativeSession method getProcessHost.
public String getProcessHost() {
try {
long threadId = getThreadId();
String processHost = findProcessHost(threadId);
if (processHost == null) {
// http://bugs.mysql.com/bug.php?id=44167 - connection ids on the wire wrap at 4 bytes even though they're 64-bit numbers
this.log.logWarn(String.format("Connection id %d not found in \"SHOW PROCESSLIST\", assuming 32-bit overflow, using SELECT CONNECTION_ID() instead", threadId));
NativePacketPayload resultPacket = sendCommand(this.commandBuilder.buildComQuery(null, "SELECT CONNECTION_ID()"), false, 0);
Resultset rs = ((NativeProtocol) this.protocol).readAllResults(-1, false, resultPacket, false, null, new ResultsetFactory(Type.FORWARD_ONLY, null));
ValueFactory<Long> lvf = new LongValueFactory(getPropertySet());
Row r;
if ((r = rs.getRows().next()) != null) {
threadId = r.getValue(0, lvf);
processHost = findProcessHost(threadId);
} else {
this.log.logError("No rows returned for statement \"SELECT CONNECTION_ID()\", local connection check will most likely be incorrect");
}
}
if (processHost == null) {
this.log.logWarn(String.format("Cannot find process listing for connection %d in SHOW PROCESSLIST output, unable to determine if locally connected", threadId));
}
return processHost;
} catch (IOException e) {
throw ExceptionFactory.createException(e.getMessage(), e);
}
}
use of com.mysql.cj.protocol.a.NativePacketPayload in project aws-mysql-jdbc by awslabs.
the class NativeSession method findProcessHost.
private String findProcessHost(long threadId) {
try {
String processHost = null;
String ps = this.protocol.getServerSession().getServerVariable("performance_schema");
NativePacketPayload resultPacket = // performance_schema.threads in MySQL 5.5 does not contain PROCESSLIST_HOST column
versionMeetsMinimum(5, 6, 0) && ps != null && ("1".contentEquals(ps) || "ON".contentEquals(ps)) ? sendCommand(this.commandBuilder.buildComQuery(null, "select PROCESSLIST_ID, PROCESSLIST_USER, PROCESSLIST_HOST from performance_schema.threads where PROCESSLIST_ID=" + threadId), false, 0) : sendCommand(this.commandBuilder.buildComQuery(null, "SHOW PROCESSLIST"), false, 0);
Resultset rs = ((NativeProtocol) this.protocol).readAllResults(-1, false, resultPacket, false, null, new ResultsetFactory(Type.FORWARD_ONLY, null));
ValueFactory<Long> lvf = new LongValueFactory(getPropertySet());
ValueFactory<String> svf = new StringValueFactory(this.propertySet);
Row r;
while ((r = rs.getRows().next()) != null) {
long id = r.getValue(0, lvf);
if (threadId == id) {
processHost = r.getValue(2, svf);
break;
}
}
return processHost;
} catch (IOException e) {
throw ExceptionFactory.createException(e.getMessage(), e);
}
}
Aggregations