use of com.mysql.cj.protocol.a.authentication.AuthenticationLdapSaslClientPlugin in project ABC by RuiPinto96274.
the class AuthenticationTest method authLdapSaslCliPluginChallengeBadNonce.
/**
* Test wrong 'server-first-message' due to bad server nonce.
* Data based on test vector from <a href="https://tools.ietf.org/html/rfc5802#section-5">RFC 5802, Section 5</a>.
*
* @throws Exception
*/
@Test
public void authLdapSaslCliPluginChallengeBadNonce() throws Exception {
AuthenticationPlugin<NativePacketPayload> authPlugin = new AuthenticationLdapSaslClientPlugin();
// Initialize plugin with some protocol (none is needed).
authPlugin.init(null);
// Set authentication parameters.
authPlugin.setAuthenticationParameters("user", "pencil");
// Initial server packet: Protocol::AuthSwitchRequest
// [authentication_ldap_sasl_client.SCRAM-SHA-1]
// ;; "." --> 0 byte.
// ;; first part of the packet is already processed.
NativePacketPayload challenge = new NativePacketPayload("SCRAM-SHA-1".getBytes("ASCII"));
// Expected 'client-first-message':
// [n,,n=user,r=<CNONCE>]
// ;; <CNONCE> is generated internally and needs to be replaced by the expected value from the test vector in order to continue the test.
List<NativePacketPayload> response = new ArrayList<>();
authPlugin.nextAuthenticationStep(challenge, response);
assertEquals(1, response.size());
String data = response.get(0).readString(StringSelfDataType.STRING_EOF, "UTF-8");
assertTrue(data.startsWith("n,,n=user,r="));
assertEquals("n,,n=user,r=".length() + 32, data.length());
// Replace the internal plugin data in order to match the expected 'client-first-message':
// [n,,n=user,r=fyko+d2lbbFgONRv9qkxdawL]
overrideSaslClientData(authPlugin, "fyko+d2lbbFgONRv9qkxdawL");
// Server's 'server-first-message':
// [r=XXXXXXXXXXXXXXXXXXXXXXXX3rfcNHYJY1ZVvWVs7j,s=QSXCR+Q6sek8bf92,i=4096]
// ;; Bad 'r' attribute.
NativePacketPayload badChallenge = new NativePacketPayload("r=XXXXXXXXXXXXXXXXXXXXXXXX3rfcNHYJY1ZVvWVs7j,s=QSXCR+Q6sek8bf92,i=4096".getBytes("UTF-8"));
// Expect Exception.
CJException ex = assertThrows(CJException.class, "Error while processing an authentication iteration for the authentication mechanism 'SCRAM-SHA-1'\\.", () -> authPlugin.nextAuthenticationStep(badChallenge, response));
assertEquals(SaslException.class, ex.getCause().getClass());
assertEquals("Invalid server nonce for SCRAM-SHA-1 authentication.", ex.getCause().getMessage());
}
use of com.mysql.cj.protocol.a.authentication.AuthenticationLdapSaslClientPlugin in project ABC by RuiPinto96274.
the class AuthenticationTest method authLdapSaslCliPluginChallengeBadIterations.
/**
* Test wrong 'server-first-message' due to insufficient iterations.
* Data based on test vector from <a href="https://tools.ietf.org/html/rfc5802#section-5">RFC 5802, Section 5</a>.
*
* @throws Exception
*/
@Test
public void authLdapSaslCliPluginChallengeBadIterations() throws Exception {
AuthenticationPlugin<NativePacketPayload> authPlugin = new AuthenticationLdapSaslClientPlugin();
// Initialize plugin with some protocol (none is needed).
authPlugin.init(null);
// Set authentication parameters.
authPlugin.setAuthenticationParameters("user", "pencil");
// Initial server packet: Protocol::AuthSwitchRequest
// [authentication_ldap_sasl_client.SCRAM-SHA-1]
// ;; "." --> 0 byte.
// ;; first part of the packet is already processed.
NativePacketPayload challenge = new NativePacketPayload("SCRAM-SHA-1".getBytes("ASCII"));
// Expected 'client-first-message':
// [n,,n=user,r=<CNONCE>]
// ;; <CNONCE> is generated internally and needs to be replaced by the expected value from the test vector in order to continue the test.
List<NativePacketPayload> response = new ArrayList<>();
authPlugin.nextAuthenticationStep(challenge, response);
assertEquals(1, response.size());
String data = response.get(0).readString(StringSelfDataType.STRING_EOF, "UTF-8");
assertTrue(data.startsWith("n,,n=user,r="));
assertEquals("n,,n=user,r=".length() + 32, data.length());
// Replace the internal plugin data in order to match the expected 'client-first-message':
// [n,,n=user,r=fyko+d2lbbFgONRv9qkxdawL]
overrideSaslClientData(authPlugin, "fyko+d2lbbFgONRv9qkxdawL");
// Server's 'server-first-message':
// [r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,s=QSXCR+Q6sek8bf92,i=1024]
// ;; Bad 'i' attribute.
NativePacketPayload badChallenge = new NativePacketPayload("r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,s=QSXCR+Q6sek8bf92,i=1024".getBytes("UTF-8"));
// Expect Exception.
CJException ex = assertThrows(CJException.class, "Error while processing an authentication iteration for the authentication mechanism 'SCRAM-SHA-1'\\.", () -> authPlugin.nextAuthenticationStep(badChallenge, response));
assertEquals(SaslException.class, ex.getCause().getClass());
assertEquals("Announced SCRAM-SHA-1 iteration count is too low.", ex.getCause().getMessage());
}
use of com.mysql.cj.protocol.a.authentication.AuthenticationLdapSaslClientPlugin in project ABC by RuiPinto96274.
the class AuthenticationTest method authLdapSaslCliPluginChallengeMissingProof.
/**
* Test wrong 'server-final-message' due to missing proof.
* Data based on test vector from <a href="https://tools.ietf.org/html/rfc5802#section-5">RFC 5802, Section 5</a>.
*
* @throws Exception
*/
@Test
public void authLdapSaslCliPluginChallengeMissingProof() throws Exception {
AuthenticationPlugin<NativePacketPayload> authPlugin = new AuthenticationLdapSaslClientPlugin();
// Initialize plugin with some protocol (none is needed).
authPlugin.init(null);
// Set authentication parameters.
authPlugin.setAuthenticationParameters("user", "pencil");
// Initial server packet: Protocol::AuthSwitchRequest
// [authentication_ldap_sasl_client.SCRAM-SHA-1]
// ;; "." --> 0 byte.
// ;; first part of the packet is already processed.
NativePacketPayload challenge = new NativePacketPayload("SCRAM-SHA-1".getBytes("ASCII"));
// Expected 'client-first-message':
// [n,,n=user,r=<CNONCE>]
// ;; <CNONCE> is generated internally and needs to be replaced by the expected value from the test vector in order to continue the test.
List<NativePacketPayload> response = new ArrayList<>();
authPlugin.nextAuthenticationStep(challenge, response);
assertEquals(1, response.size());
String data = response.get(0).readString(StringSelfDataType.STRING_EOF, "UTF-8");
assertTrue(data.startsWith("n,,n=user,r="));
assertEquals("n,,n=user,r=".length() + 32, data.length());
// Replace the internal plugin data in order to match the expected 'client-first-message':
// [n,,n=user,r=fyko+d2lbbFgONRv9qkxdawL]
overrideSaslClientData(authPlugin, "fyko+d2lbbFgONRv9qkxdawL");
// Server's 'server-first-message':
// [r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,s=QSXCR+Q6sek8bf92,i=4096]
challenge = new NativePacketPayload("r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,s=QSXCR+Q6sek8bf92,i=4096".getBytes("UTF-8"));
// Expected 'client-final-message':
// [c=biws,r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,p=v0X8v3Bz2T0CJGbJQyF0X+HI4Ts=]
authPlugin.nextAuthenticationStep(challenge, response);
assertEquals(1, response.size());
data = response.get(0).readString(StringSelfDataType.STRING_EOF, "UTF-8");
assertEquals("c=biws,r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,p=v0X8v3Bz2T0CJGbJQyF0X+HI4Ts=", data);
// Server's 'server-final-message':
// [x=rmF9pqV8S7suAoZWja4dJRkFsKQ=]
// ;; Missing 'v' attribute.
NativePacketPayload badChallenge = new NativePacketPayload("x=rmF9pqV8S7suAoZWja4dJRkFsKQ=".getBytes("UTF-8"));
// Expected Exception.
CJException ex = assertThrows(CJException.class, "Error while processing an authentication iteration for the authentication mechanism 'SCRAM-SHA-1'\\.", () -> authPlugin.nextAuthenticationStep(badChallenge, response));
assertEquals(SaslException.class, ex.getCause().getClass());
assertEquals("Missing required SCRAM attribute from server final message.", ex.getCause().getMessage());
}
use of com.mysql.cj.protocol.a.authentication.AuthenticationLdapSaslClientPlugin in project ABC by RuiPinto96274.
the class AuthenticationTest method authLdapSaslCliPluginScramSha1TestVector.
/**
* As per <a href="https://tools.ietf.org/html/rfc5802#section-5">RFC 5802, Section 5</a>.
* Test vector of a SCRAM-SHA-1 authentication exchange when the client doesn't support channel bindings (username 'user' and password 'pencil' are used):
*
* <pre>
* C: n,,n=user,r=fyko+d2lbbFgONRv9qkxdawL
* S: r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,s=QSXCR+Q6sek8bf92,i=4096
* C: c=biws,r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,p=v0X8v3Bz2T0CJGbJQyF0X+HI4Ts=
* S: v=rmF9pqV8S7suAoZWja4dJRkFsKQ=
* </pre>
*
* @throws Exception
*/
@Test
public void authLdapSaslCliPluginScramSha1TestVector() throws Exception {
AuthenticationPlugin<NativePacketPayload> authPlugin = new AuthenticationLdapSaslClientPlugin();
// Initialize plugin with some protocol (none is needed).
authPlugin.init(null);
// Check plugin name.
assertEquals("authentication_ldap_sasl_client", authPlugin.getProtocolPluginName());
// Check confidentiality.
assertFalse(authPlugin.requiresConfidentiality());
// Check if plugin is reusable.
assertFalse(authPlugin.isReusable());
// Set authentication parameters.
authPlugin.setAuthenticationParameters("user", "pencil");
// Initial server packet: Protocol::AuthSwitchRequest
// [authentication_ldap_sasl_client.SCRAM-SHA-1]
// ;; "." --> 0 byte.
// ;; first part of the packet is already processed.
NativePacketPayload challenge = new NativePacketPayload("SCRAM-SHA-1".getBytes("ASCII"));
// Expected 'client-first-message':
// [n,,n=user,r=<CNONCE>]
// ;; <CNONCE> is generated internally and needs to be replaced by the expected value from the test vector in order to continue the test.
List<NativePacketPayload> response = new ArrayList<>();
authPlugin.nextAuthenticationStep(challenge, response);
assertEquals(1, response.size());
String data = response.get(0).readString(StringSelfDataType.STRING_EOF, "UTF-8");
assertTrue(data.startsWith("n,,n=user,r="));
assertEquals("n,,n=user,r=".length() + 32, data.length());
// Replace the internal plugin data in order to match the expected 'client-first-message':
// [n,,n=user,r=fyko+d2lbbFgONRv9qkxdawL]
overrideSaslClientData(authPlugin, "fyko+d2lbbFgONRv9qkxdawL");
// Server's 'server-first-message':
// [r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,s=QSXCR+Q6sek8bf92,i=4096]
challenge = new NativePacketPayload("r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,s=QSXCR+Q6sek8bf92,i=4096".getBytes("UTF-8"));
// Expected 'client-final-message':
// [c=biws,r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,p=v0X8v3Bz2T0CJGbJQyF0X+HI4Ts=]
authPlugin.nextAuthenticationStep(challenge, response);
assertEquals(1, response.size());
data = response.get(0).readString(StringSelfDataType.STRING_EOF, "UTF-8");
assertEquals("c=biws,r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,p=v0X8v3Bz2T0CJGbJQyF0X+HI4Ts=", data);
// Server's 'server-final-message':
// [v=rmF9pqV8S7suAoZWja4dJRkFsKQ=]
challenge = new NativePacketPayload("v=rmF9pqV8S7suAoZWja4dJRkFsKQ=".getBytes("UTF-8"));
// Expected 'nothing'.
// ;; If server's proof is verified then no exception is thrown.
authPlugin.nextAuthenticationStep(challenge, response);
assertEquals(0, response.size());
}
use of com.mysql.cj.protocol.a.authentication.AuthenticationLdapSaslClientPlugin in project ABC by RuiPinto96274.
the class AuthenticationTest method authLdapSaslCliPluginScramSha256TestVector.
/**
* As per <a href="https://tools.ietf.org/html/rfc7677#section-3">RFC 7677, Section 3</a>.
* Test vector of a SCRAM-SHA-256 authentication exchange when the client doesn't support channel bindings. The username 'user' and password 'pencil' are
* being used.:
*
* <pre>
* C: n,,n=user,r=rOprNGfwEbeRWgbNEkqO
* S: r=rOprNGfwEbeRWgbNEkqO%hvYDpWUa2RaTCAfuxFIlj)hNlF$k0,s=W22ZaJ0SNY7soEsUEjb6gQ==,i=4096
* C: c=biws,r=rOprNGfwEbeRWgbNEkqO%hvYDpWUa2RaTCAfuxFIlj)hNlF$k0,p=dHzbZapWIk4jUhN+Ute9ytag9zjfMHgsqmmiz7AndVQ=
* S: v=6rriTRBi23WpRR/wtup+mMhUZUn/dB5nLTJRsjl95G4=
* </pre>
*
* @throws Exception
*/
@Test
public void authLdapSaslCliPluginScramSha256TestVector() throws Exception {
AuthenticationPlugin<NativePacketPayload> authPlugin = new AuthenticationLdapSaslClientPlugin();
// Initialize plugin with some protocol (none is needed).
authPlugin.init(null);
// Check plugin name.
assertEquals("authentication_ldap_sasl_client", authPlugin.getProtocolPluginName());
// Check confidentiality.
assertFalse(authPlugin.requiresConfidentiality());
// Check if plugin is reusable.
assertFalse(authPlugin.isReusable());
// Set authentication parameters.
authPlugin.setAuthenticationParameters("user", "pencil");
// Initial server packet: Protocol::AuthSwitchRequest
// [authentication_ldap_sasl_client.SCRAM-SHA-256]
// ;; "." --> 0 byte.
// ;; first part of the packet is already processed.
NativePacketPayload challenge = new NativePacketPayload("SCRAM-SHA-256".getBytes("ASCII"));
// Expected 'client-first-message':
// [n,,n=user,r=<CNONCE>]
// ;; <CNONCE> is generated internally and needs to be replaced by the expected value from the test vector in order to continue the test.
List<NativePacketPayload> response = new ArrayList<>();
authPlugin.nextAuthenticationStep(challenge, response);
assertEquals(1, response.size());
String data = response.get(0).readString(StringSelfDataType.STRING_EOF, "UTF-8");
assertTrue(data.startsWith("n,,n=user,r="));
assertEquals("n,,n=user,r=".length() + 32, data.length());
// Replace the internal plugin data in order to match the expected 'client-first-message':
// [n,,n=user,r=rOprNGfwEbeRWgbNEkqO]
overrideSaslClientData(authPlugin, "rOprNGfwEbeRWgbNEkqO");
// Server's 'server-first-message':
// [r=rOprNGfwEbeRWgbNEkqO%hvYDpWUa2RaTCAfuxFIlj)hNlF$k0,s=W22ZaJ0SNY7soEsUEjb6gQ==,i=4096]
challenge = new NativePacketPayload("r=rOprNGfwEbeRWgbNEkqO%hvYDpWUa2RaTCAfuxFIlj)hNlF$k0,s=W22ZaJ0SNY7soEsUEjb6gQ==,i=4096".getBytes("UTF-8"));
// Expected 'client-final-message':
// [c=biws,r=rOprNGfwEbeRWgbNEkqO%hvYDpWUa2RaTCAfuxFIlj)hNlF$k0,p=dHzbZapWIk4jUhN+Ute9ytag9zjfMHgsqmmiz7AndVQ=]
authPlugin.nextAuthenticationStep(challenge, response);
assertEquals(1, response.size());
data = response.get(0).readString(StringSelfDataType.STRING_EOF, "UTF-8");
assertEquals("c=biws,r=rOprNGfwEbeRWgbNEkqO%hvYDpWUa2RaTCAfuxFIlj)hNlF$k0,p=dHzbZapWIk4jUhN+Ute9ytag9zjfMHgsqmmiz7AndVQ=", data);
// Server's 'server-final-message':
// [v=6rriTRBi23WpRR/wtup+mMhUZUn/dB5nLTJRsjl95G4=]
challenge = new NativePacketPayload("v=6rriTRBi23WpRR/wtup+mMhUZUn/dB5nLTJRsjl95G4=".getBytes("UTF-8"));
// Expected 'nothing'.
// ;; If server's proof is verified then no exception is thrown.
authPlugin.nextAuthenticationStep(challenge, response);
assertEquals(0, response.size());
}
Aggregations