Search in sources :

Example 56 with NameCallback

use of javax.security.auth.callback.NameCallback in project wildfly by wildfly.

the class DefaultApplicationClientCallbackHandler method handle.

@Override
public void handle(final Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    final SecurityContext context = doPrivileged(SECURITY_CONTEXT);
    for (final Callback current : callbacks) {
        if (current instanceof NameCallback) {
            final NameCallback ncb = (NameCallback) current;
            if (context != null) {
                final Set<Identity> identities = getSubjectInfo(context).getIdentities();
                if (identities.isEmpty()) {
                    ncb.setName(DOLLAR_LOCAL);
                } else {
                    final Identity identity = identities.iterator().next();
                    ncb.setName(identity.getName());
                }
            } else {
                ncb.setName(DOLLAR_LOCAL);
            }
        } else if (current instanceof PasswordCallback) {
            if (context != null) {
                final PasswordCallback pcb = (PasswordCallback) current;
                final Set<Identity> identities = getSubjectInfo(context).getIdentities();
                if (identities.isEmpty()) {
                    throw new UnsupportedCallbackException(current);
                } else {
                    final Identity identity = identities.iterator().next();
                    if (identity instanceof CredentialIdentity) {
                        pcb.setPassword((char[]) ((CredentialIdentity) identity).getCredential());
                    } else {
                        throw new UnsupportedCallbackException(current);
                    }
                }
            }
        } else if (current instanceof RealmCallback) {
            final RealmCallback realmCallback = (RealmCallback) current;
            if (realmCallback.getText() == null) {
                realmCallback.setText(realmCallback.getDefaultText());
            }
        }
    }
}
Also used : CredentialIdentity(org.jboss.security.identity.extensions.CredentialIdentity) RealmCallback(javax.security.sasl.RealmCallback) PasswordCallback(javax.security.auth.callback.PasswordCallback) NameCallback(javax.security.auth.callback.NameCallback) Callback(javax.security.auth.callback.Callback) NameCallback(javax.security.auth.callback.NameCallback) Set(java.util.Set) SecurityContext(org.jboss.security.SecurityContext) PasswordCallback(javax.security.auth.callback.PasswordCallback) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) Identity(org.jboss.security.identity.Identity) CredentialIdentity(org.jboss.security.identity.extensions.CredentialIdentity) RealmCallback(javax.security.sasl.RealmCallback)

Example 57 with NameCallback

use of javax.security.auth.callback.NameCallback in project wildfly by wildfly.

the class ElytronSubjectFactory method createSubject.

/**
     * Create a {@link Subject} with the principal and password credential obtained from the authentication configuration
     * that matches the target {@link URI}.
     *
     * @param authenticationContext the {@link AuthenticationContext} used to select a configuration that matches the
     *                              target {@link URI}.
     * @return the constructed {@link Subject}. It contains a single principal and a {@link PasswordCredential}.
     */
private Subject createSubject(final AuthenticationContext authenticationContext) {
    final AuthenticationConfiguration configuration = AUTH_CONFIG_CLIENT.getAuthenticationConfiguration(this.targetURI, authenticationContext);
    final CallbackHandler handler = AUTH_CONFIG_CLIENT.getCallbackHandler(configuration);
    final NameCallback nameCallback = new NameCallback("Username: ");
    final PasswordCallback passwordCallback = new PasswordCallback("Password: ", false);
    try {
        handler.handle(new Callback[] { nameCallback, passwordCallback });
        Subject subject = new Subject();
        if (nameCallback.getName() != null) {
            subject.getPrincipals().add(new NamePrincipal(nameCallback.getName()));
        }
        // add the password as a private credential in the Subject.
        if (passwordCallback.getPassword() != null) {
            this.addPrivateCredential(subject, new PasswordCredential(nameCallback.getName(), passwordCallback.getPassword()));
        }
        return subject;
    } catch (IOException | UnsupportedCallbackException e) {
        throw new SecurityException(e);
    }
}
Also used : AuthenticationConfiguration(org.wildfly.security.auth.client.AuthenticationConfiguration) CallbackHandler(javax.security.auth.callback.CallbackHandler) NameCallback(javax.security.auth.callback.NameCallback) NamePrincipal(org.wildfly.security.auth.principal.NamePrincipal) PasswordCredential(javax.resource.spi.security.PasswordCredential) PasswordCallback(javax.security.auth.callback.PasswordCallback) IOException(java.io.IOException) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) Subject(javax.security.auth.Subject)

Example 58 with NameCallback

use of javax.security.auth.callback.NameCallback in project wildfly by wildfly.

the class ElytronSASClientInterceptor method createInitialContextToken.

/**
     * Create an encoded {@link InitialContextToken} with an username/password pair obtained from an Elytron client configuration
     * matched by the specified {@link URI} and purpose.
     *
     * @param uri the target {@link URI}.
     * @param purpose a {@link String} representing the purpose of the configuration that will be used.
     * @param secMech a reference to the {@link CompoundSecMech} that was found in the {@link ClientRequestInfo}.
     * @return the encoded {@link InitialContextToken}, if a valid username is obtained from the matched configuration;
     *         an empty {@code byte[]} otherwise;
     * @throws Exception if an error occurs while building the encoded {@link InitialContextToken}.
     */
private byte[] createInitialContextToken(final URI uri, final String purpose, final CompoundSecMech secMech) throws Exception {
    AuthenticationContext authContext = this.authContext == null ? AuthenticationContext.captureCurrent() : this.authContext;
    // obtain the configuration that matches the URI and purpose.
    final AuthenticationConfiguration configuration = AUTH_CONFIG_CLIENT.getAuthenticationConfiguration(uri, authContext, -1, null, null, purpose);
    // get the callback handler from the configuration and use it to obtain a username/password pair.
    final CallbackHandler handler = AUTH_CONFIG_CLIENT.getCallbackHandler(configuration);
    final NameCallback nameCallback = new NameCallback("Username: ");
    final PasswordCallback passwordCallback = new PasswordCallback("Password: ", false);
    try {
        handler.handle(new Callback[] { nameCallback, passwordCallback });
    } catch (UnsupportedCallbackException e) {
        return NO_AUTHENTICATION_TOKEN;
    }
    // if the name callback contains a valid username we create the initial context token.
    if (nameCallback.getName() != null && !nameCallback.getName().equals(AnonymousPrincipal.getInstance().getName())) {
        byte[] encodedTargetName = secMech.as_context_mech.target_name;
        String name = nameCallback.getName();
        if (name.indexOf('@') < 0) {
            byte[] decodedTargetName = CSIv2Util.decodeGssExportedName(encodedTargetName);
            String targetName = new String(decodedTargetName, StandardCharsets.UTF_8);
            // "@default"
            name += "@" + targetName;
        }
        byte[] username = name.getBytes(StandardCharsets.UTF_8);
        byte[] password = {};
        if (passwordCallback.getPassword() != null)
            password = new String(passwordCallback.getPassword()).getBytes(StandardCharsets.UTF_8);
        // create the initial context token and ASN.1-encode it, as defined in RFC 2743.
        InitialContextToken authenticationToken = new InitialContextToken(username, password, encodedTargetName);
        return CSIv2Util.encodeInitialContextToken(authenticationToken, codec);
    }
    return NO_AUTHENTICATION_TOKEN;
}
Also used : AuthenticationConfiguration(org.wildfly.security.auth.client.AuthenticationConfiguration) CallbackHandler(javax.security.auth.callback.CallbackHandler) AuthenticationContext(org.wildfly.security.auth.client.AuthenticationContext) NameCallback(javax.security.auth.callback.NameCallback) InitialContextToken(org.omg.GSSUP.InitialContextToken) PasswordCallback(javax.security.auth.callback.PasswordCallback) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)

Example 59 with NameCallback

use of javax.security.auth.callback.NameCallback in project adempiere by adempiere.

the class EMailOAuth2SaslClient method evaluateChallenge.

@Override
public byte[] evaluateChallenge(byte[] challenge) throws SaslException {
    if (isComplete) {
        return new byte[] {};
    }
    NameCallback nameCallback = new NameCallback("Enter name");
    Callback[] callbacks = new Callback[] { nameCallback };
    try {
        callback.handle(callbacks);
    } catch (UnsupportedCallbackException e) {
        throw new SaslException("Unsupported callback: " + e);
    } catch (IOException e) {
        throw new SaslException("Failed to execute callback: " + e);
    }
    String email = nameCallback.getName();
    byte[] response = String.format("user=%s\1auth=Bearer %s\1\1", email, token).getBytes();
    isComplete = true;
    return response;
}
Also used : NameCallback(javax.security.auth.callback.NameCallback) NameCallback(javax.security.auth.callback.NameCallback) Callback(javax.security.auth.callback.Callback) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) IOException(java.io.IOException) SaslException(javax.security.sasl.SaslException)

Example 60 with NameCallback

use of javax.security.auth.callback.NameCallback in project zm-mailbox by Zimbra.

the class OAuth2SaslClient method evaluateChallenge.

public byte[] evaluateChallenge(byte[] challenge) throws SaslException {
    if (isComplete) {
        // Empty final response from server, just ignore it.
        return new byte[] {};
    }
    NameCallback nameCallback = new NameCallback("Enter name");
    Callback[] callbacks = new Callback[] { nameCallback };
    try {
        callbackHandler.handle(callbacks);
    } catch (UnsupportedCallbackException e) {
        throw new SaslException("Unsupported callback: " + e);
    } catch (IOException e) {
        throw new SaslException("Failed to execute callback: " + e);
    }
    String username = nameCallback.getName();
    byte[] response = String.format("user=%s\1auth=Bearer %s\1\1", username, oauthToken).getBytes();
    isComplete = true;
    return response;
}
Also used : NameCallback(javax.security.auth.callback.NameCallback) NameCallback(javax.security.auth.callback.NameCallback) Callback(javax.security.auth.callback.Callback) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) IOException(java.io.IOException) SaslException(javax.security.sasl.SaslException)

Aggregations

NameCallback (javax.security.auth.callback.NameCallback)203 PasswordCallback (javax.security.auth.callback.PasswordCallback)161 Callback (javax.security.auth.callback.Callback)140 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)101 IOException (java.io.IOException)60 LoginException (javax.security.auth.login.LoginException)51 CallbackHandler (javax.security.auth.callback.CallbackHandler)27 ChoiceCallback (javax.security.auth.callback.ChoiceCallback)22 ConfirmationCallback (javax.security.auth.callback.ConfirmationCallback)22 RealmCallback (javax.security.sasl.RealmCallback)22 Subject (javax.security.auth.Subject)19 FailedLoginException (javax.security.auth.login.FailedLoginException)19 LoginContext (javax.security.auth.login.LoginContext)18 AuthorizeCallback (javax.security.sasl.AuthorizeCallback)18 AuthLoginException (com.sun.identity.authentication.spi.AuthLoginException)17 Test (org.testng.annotations.Test)15 HashMap (java.util.HashMap)14 Test (org.junit.Test)14 IdRepoException (com.sun.identity.idm.IdRepoException)13 TextOutputCallback (javax.security.auth.callback.TextOutputCallback)11