Examples with SaslClient - javax.security.sasl.SaslClient

Example 11 with SaslClient

use of javax.security.sasl.SaslClient in project drill by apache.

the class AuthenticationOutcomeListener method initiate.

public void initiate(final String mechanismName) {
    logger.trace("Initiating SASL exchange.");
    try {
        final ByteString responseData;
        final SaslClient saslClient = connection.getSaslClient();
        if (saslClient.hasInitialResponse()) {
            responseData = ByteString.copyFrom(evaluateChallenge(ugi, saslClient, new byte[0]));
        } else {
            responseData = ByteString.EMPTY;
        }
        client.send(new AuthenticationOutcomeListener<>(client, connection, saslRpcType, ugi, completionListener), connection, saslRpcType, SaslMessage.newBuilder().setMechanism(mechanismName).setStatus(SaslStatus.SASL_START).setData(responseData).build(), SaslMessage.class, true);
        logger.trace("Initiated SASL exchange.");
    } catch (final Exception e) {
        completionListener.failed(RpcException.mapException(e));
    }
}

Also used : ByteString(com.google.protobuf.ByteString) RpcException(org.apache.drill.exec.rpc.RpcException) IOException(java.io.IOException) SaslException(javax.security.sasl.SaslException) UndeclaredThrowableException(java.lang.reflect.UndeclaredThrowableException) SaslClient(javax.security.sasl.SaslClient)

Example 12 with SaslClient

use of javax.security.sasl.SaslClient in project drill by apache.

the class KerberosFactory method createSaslClient.

@Override
public SaslClient createSaslClient(final UserGroupInformation ugi, final Map<String, ?> properties) throws SaslException {
    final String servicePrincipal = getServicePrincipal(properties);
    final String[] parts = KerberosUtil.splitPrincipalIntoParts(servicePrincipal);
    final String serviceName = parts[0];
    final String serviceHostName = parts[1];
    final String qopValue = properties.containsKey(Sasl.QOP) ? properties.get(Sasl.QOP).toString() : "auth";
    // ignore parts[2]; GSSAPI gets the realm info from the ticket
    try {
        final SaslClient saslClient = ugi.doAs(new PrivilegedExceptionAction<SaslClient>() {

            @Override
            public SaslClient run() throws Exception {
                return FastSaslClientFactory.getInstance().createSaslClient(new String[] { KerberosUtil.KERBEROS_SASL_NAME }, null, /** authorization ID */
                serviceName, serviceHostName, properties, new CallbackHandler() {

                    @Override
                    public void handle(final Callback[] callbacks) throws IOException, UnsupportedCallbackException {
                        throw new UnsupportedCallbackException(callbacks[0]);
                    }
                });
            }
        });
        logger.debug("GSSAPI SaslClient created to authenticate to {} running on {} with QOP value {}", serviceName, serviceHostName, qopValue);
        return saslClient;
    } catch (final UndeclaredThrowableException e) {
        logger.debug("Authentication failed.", e);
        throw new SaslException(String.format("Unexpected failure trying to authenticate to %s using GSSAPI with QOP %s", serviceHostName, qopValue), e.getCause());
    } catch (final IOException | InterruptedException e) {
        logger.debug("Authentication failed.", e);
        if (e instanceof SaslException) {
            throw (SaslException) e;
        }
        throw new SaslException(String.format("Unexpected failure trying to authenticate to %s using GSSAPI with QOP %s", serviceHostName, qopValue), e);
    }
}

Also used : CallbackHandler(javax.security.auth.callback.CallbackHandler) IOException(java.io.IOException) SaslException(javax.security.sasl.SaslException) LoginException(javax.security.auth.login.LoginException) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) SaslException(javax.security.sasl.SaslException) IOException(java.io.IOException) UndeclaredThrowableException(java.lang.reflect.UndeclaredThrowableException) InvocationTargetException(java.lang.reflect.InvocationTargetException) SaslClient(javax.security.sasl.SaslClient) UndeclaredThrowableException(java.lang.reflect.UndeclaredThrowableException) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)

Example 13 with SaslClient

use of javax.security.sasl.SaslClient in project jdk8u_jdk by JetBrains.

the class SampleCallbackHandler method main.

public static void main(String[] args) throws Exception {
    Map<String, String> props = new TreeMap<String, String>();
    props.put(Sasl.QOP, "auth");
    // client
    SaslClient client = Sasl.createSaslClient(new String[] { DIGEST_MD5 }, "user1", "xmpp", "127.0.0.1", props, authCallbackHandler);
    if (client == null) {
        throw new Exception("Unable to find client implementation for: " + DIGEST_MD5);
    }
    byte[] response = client.hasInitialResponse() ? client.evaluateChallenge(EMPTY) : EMPTY;
    logger.info("initial: " + new String(response));
    // server
    byte[] challenge = null;
    SaslServer server = Sasl.createSaslServer(DIGEST_MD5, "xmpp", "127.0.0.1", props, authCallbackHandler);
    if (server == null) {
        throw new Exception("Unable to find server implementation for: " + DIGEST_MD5);
    }
    if (!client.isComplete() || !server.isComplete()) {
        challenge = server.evaluateResponse(response);
        logger.info("challenge: " + new String(challenge));
        if (challenge != null) {
            response = client.evaluateChallenge(challenge);
        }
    }
    String challengeString = new String(challenge, "UTF-8").toLowerCase();
    if (challengeString.indexOf("\"md5-sess\"") > 0 || challengeString.indexOf("\"utf-8\"") > 0) {
        throw new Exception("The challenge string's charset and " + "algorithm values must not be enclosed within quotes");
    }
    client.dispose();
    server.dispose();
}

Also used : SaslServer(javax.security.sasl.SaslServer) TreeMap(java.util.TreeMap) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) IOException(java.io.IOException) SaslException(javax.security.sasl.SaslException) SaslClient(javax.security.sasl.SaslClient)

Aggregations

SaslClient (javax.security.sasl.SaslClient)13 SaslException (javax.security.sasl.SaslException)10 IOException (java.io.IOException)7 RpcException (org.apache.drill.exec.rpc.RpcException)5 UndeclaredThrowableException (java.lang.reflect.UndeclaredThrowableException)3 ByteString (com.google.protobuf.ByteString)2 PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)2 HashMap (java.util.HashMap)2 CallbackHandler (javax.security.auth.callback.CallbackHandler)2 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)2 SaslServer (javax.security.sasl.SaslServer)2 GSSException (org.ietf.jgss.GSSException)2 AbstractCheckedFuture (com.google.common.util.concurrent.AbstractCheckedFuture)1 MongoCredential (com.mongodb.MongoCredential)1 MongoSecurityException (com.mongodb.MongoSecurityException)1 CRLFInputStream (gnu.inet.util.CRLFInputStream)1 CRLFOutputStream (gnu.inet.util.CRLFOutputStream)1 LineInputStream (gnu.inet.util.LineInputStream)1 MessageOutputStream (gnu.inet.util.MessageOutputStream)1 SaslCallbackHandler (gnu.inet.util.SaslCallbackHandler)1