Examples with SaslException - javax.security.sasl.SaslException

Example 56 with SaslException

use of javax.security.sasl.SaslException in project hbase by apache.

the class HBaseSaslRpcClient method saslConnect.

/**
   * Do client side SASL authentication with server via the given InputStream and OutputStream
   * @param inS InputStream to use
   * @param outS OutputStream to use
   * @return true if connection is set up, or false if needs to switch to simple Auth.
   * @throws IOException
   */
public boolean saslConnect(InputStream inS, OutputStream outS) throws IOException {
    DataInputStream inStream = new DataInputStream(new BufferedInputStream(inS));
    DataOutputStream outStream = new DataOutputStream(new BufferedOutputStream(outS));
    try {
        byte[] saslToken = getInitialResponse();
        if (saslToken != null) {
            outStream.writeInt(saslToken.length);
            outStream.write(saslToken, 0, saslToken.length);
            outStream.flush();
            if (LOG.isDebugEnabled()) {
                LOG.debug("Have sent token of size " + saslToken.length + " from initSASLContext.");
            }
        }
        if (!isComplete()) {
            readStatus(inStream);
            int len = inStream.readInt();
            if (len == SaslUtil.SWITCH_TO_SIMPLE_AUTH) {
                if (!fallbackAllowed) {
                    throw new IOException("Server asks us to fall back to SIMPLE auth, " + "but this client is configured to only allow secure connections.");
                }
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Server asks us to fall back to simple auth.");
                }
                dispose();
                return false;
            }
            saslToken = new byte[len];
            if (LOG.isDebugEnabled()) {
                LOG.debug("Will read input token of size " + saslToken.length + " for processing by initSASLContext");
            }
            inStream.readFully(saslToken);
        }
        while (!isComplete()) {
            saslToken = evaluateChallenge(saslToken);
            if (saslToken != null) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Will send token of size " + saslToken.length + " from initSASLContext.");
                }
                outStream.writeInt(saslToken.length);
                outStream.write(saslToken, 0, saslToken.length);
                outStream.flush();
            }
            if (!isComplete()) {
                readStatus(inStream);
                saslToken = new byte[inStream.readInt()];
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Will read input token of size " + saslToken.length + " for processing by initSASLContext");
                }
                inStream.readFully(saslToken);
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("SASL client context established. Negotiated QoP: " + saslClient.getNegotiatedProperty(Sasl.QOP));
        }
        // initial the inputStream, outputStream for both Sasl encryption
        // and Crypto AES encryption if necessary
        // if Crypto AES encryption enabled, the saslInputStream/saslOutputStream is
        // only responsible for connection header negotiation,
        // cryptoInputStream/cryptoOutputStream is responsible for rpc encryption with Crypto AES
        saslInputStream = new SaslInputStream(inS, saslClient);
        saslOutputStream = new SaslOutputStream(outS, saslClient);
        if (initStreamForCrypto) {
            cryptoInputStream = new WrappedInputStream(inS);
            cryptoOutputStream = new WrappedOutputStream(outS);
        }
        return true;
    } catch (IOException e) {
        try {
            saslClient.dispose();
        } catch (SaslException ignored) {
        // ignore further exceptions during cleanup
        }
        throw e;
    }
}

Also used : SaslInputStream(org.apache.hadoop.security.SaslInputStream) SaslOutputStream(org.apache.hadoop.security.SaslOutputStream) BufferedInputStream(java.io.BufferedInputStream) DataOutputStream(java.io.DataOutputStream) IOException(java.io.IOException) DataInputStream(java.io.DataInputStream) SaslException(javax.security.sasl.SaslException) BufferedOutputStream(java.io.BufferedOutputStream)

Example 57 with SaslException

use of javax.security.sasl.SaslException in project Openfire by igniterealtime.

the class DefaultAuthProvider method checkPassword.

public boolean checkPassword(String username, String testPassword) throws UserNotFoundException {
    Connection con = null;
    PreparedStatement pstmt = null;
    ResultSet rs = null;
    if (username.contains("@")) {
        // Check that the specified domain matches the server's domain
        int index = username.indexOf("@");
        String domain = username.substring(index + 1);
        if (domain.equals(XMPPServer.getInstance().getServerInfo().getXMPPDomain())) {
            username = username.substring(0, index);
        } else {
            // Unknown domain.
            throw new UserNotFoundException();
        }
    }
    try {
        con = DbConnectionManager.getConnection();
        pstmt = con.prepareStatement(TEST_PASSWORD);
        pstmt.setString(1, username);
        rs = pstmt.executeQuery();
        if (!rs.next()) {
            throw new UserNotFoundException(username);
        }
        String plainText = rs.getString(1);
        String encrypted = rs.getString(2);
        int iterations = rs.getInt(3);
        String salt = rs.getString(4);
        String storedKey = rs.getString(5);
        if (encrypted != null) {
            try {
                plainText = AuthFactory.decryptPassword(encrypted);
            } catch (UnsupportedOperationException uoe) {
            // Ignore and return plain password instead.
            }
        }
        if (plainText != null) {
            boolean scramOnly = JiveGlobals.getBooleanProperty("user.scramHashedPasswordOnly");
            if (scramOnly) {
                // If we have a password here, but we're meant to be scramOnly, we should reset it.
                setPassword(username, plainText);
            }
            return testPassword.equals(plainText);
        }
        // Don't have either plain or encrypted, so test SCRAM hash.
        if (salt == null || iterations == 0 || storedKey == null) {
            Log.warn("No available credentials for checkPassword.");
            return false;
        }
        byte[] saltShaker = DatatypeConverter.parseBase64Binary(salt);
        byte[] saltedPassword = null, clientKey = null, testStoredKey = null;
        try {
            saltedPassword = ScramUtils.createSaltedPassword(saltShaker, testPassword, iterations);
            clientKey = ScramUtils.computeHmac(saltedPassword, "Client Key");
            testStoredKey = MessageDigest.getInstance("SHA-1").digest(clientKey);
        } catch (SaslException | NoSuchAlgorithmException e) {
            Log.warn("Unable to check SCRAM values for PLAIN authentication.");
            return false;
        }
        return DatatypeConverter.printBase64Binary(testStoredKey).equals(storedKey);
    } catch (SQLException sqle) {
        Log.error("User SQL failure:", sqle);
        throw new UserNotFoundException(sqle);
    } finally {
        DbConnectionManager.closeConnection(rs, pstmt, con);
    }
}

Also used : UserNotFoundException(org.jivesoftware.openfire.user.UserNotFoundException) SQLException(java.sql.SQLException) Connection(java.sql.Connection) PreparedStatement(java.sql.PreparedStatement) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) SaslException(javax.security.sasl.SaslException) ResultSet(java.sql.ResultSet)

Example 58 with SaslException

use of javax.security.sasl.SaslException in project Openfire by igniterealtime.

the class ScramUtils method createSha1Hmac.

public static Mac createSha1Hmac(final byte[] keyBytes) throws SaslException {
    try {
        SecretKeySpec key = new SecretKeySpec(keyBytes, "HmacSHA1");
        Mac mac = Mac.getInstance("HmacSHA1");
        mac.init(key);
        return mac;
    } catch (NoSuchAlgorithmException | InvalidKeyException e) {
        throw new SaslException(e.getMessage(), e);
    }
}

Also used : SecretKeySpec(javax.crypto.spec.SecretKeySpec) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) SaslException(javax.security.sasl.SaslException) Mac(javax.crypto.Mac)

Example 59 with SaslException

use of javax.security.sasl.SaslException in project Smack by igniterealtime.

the class SASLJavaXMechanism method authenticateInternal.

@Override
protected void authenticateInternal(CallbackHandler cbh) throws SmackException {
    String[] mechanisms = { getName() };
    Map<String, String> props = getSaslProps();
    try {
        sc = Sasl.createSaslClient(mechanisms, null, "xmpp", host, props, cbh);
    } catch (SaslException e) {
        throw new SmackException(e);
    }
}

Also used : SmackException(org.jivesoftware.smack.SmackException) SaslException(javax.security.sasl.SaslException)

Example 60 with SaslException

use of javax.security.sasl.SaslException in project mongo-java-driver by mongodb.

the class PlainAuthenticator method createSaslClient.

@Override
protected SaslClient createSaslClient(final ServerAddress serverAddress) {
    final MongoCredential credential = getCredential();
    isTrue("mechanism is PLAIN", credential.getAuthenticationMechanism() == PLAIN);
    try {
        return Sasl.createSaslClient(new String[] { PLAIN.getMechanismName() }, credential.getUserName(), DEFAULT_PROTOCOL, serverAddress.getHost(), null, new CallbackHandler() {

            @Override
            public void handle(final Callback[] callbacks) throws IOException, UnsupportedCallbackException {
                for (final Callback callback : callbacks) {
                    if (callback instanceof PasswordCallback) {
                        ((PasswordCallback) callback).setPassword(credential.getPassword());
                    } else if (callback instanceof NameCallback) {
                        ((NameCallback) callback).setName(credential.getUserName());
                    }
                }
            }
        });
    } catch (SaslException e) {
        throw new MongoSecurityException(credential, "Exception initializing SASL client", e);
    }
}

Also used : CallbackHandler(javax.security.auth.callback.CallbackHandler) MongoSecurityException(com.mongodb.MongoSecurityException) PasswordCallback(javax.security.auth.callback.PasswordCallback) NameCallback(javax.security.auth.callback.NameCallback) Callback(javax.security.auth.callback.Callback) NameCallback(javax.security.auth.callback.NameCallback) MongoCredential(com.mongodb.MongoCredential) PasswordCallback(javax.security.auth.callback.PasswordCallback) IOException(java.io.IOException) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) SaslException(javax.security.sasl.SaslException)

Aggregations

SaslException (javax.security.sasl.SaslException)75 IOException (java.io.IOException)24 NameCallback (javax.security.auth.callback.NameCallback)11 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)11 SaslClient (javax.security.sasl.SaslClient)7 PrivilegedActionException (java.security.PrivilegedActionException)6 Callback (javax.security.auth.callback.Callback)6 PasswordCallback (javax.security.auth.callback.PasswordCallback)6 LoginException (javax.security.auth.login.LoginException)6 SaslServer (javax.security.sasl.SaslServer)6 UndeclaredThrowableException (java.lang.reflect.UndeclaredThrowableException)5 InvalidKeyException (java.security.InvalidKeyException)5 AuthorizeCallback (javax.security.sasl.AuthorizeCallback)5 RpcException (org.apache.drill.exec.rpc.RpcException)5 GSSException (org.ietf.jgss.GSSException)5 DataOutputStream (java.io.DataOutputStream)4 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)4 Principal (java.security.Principal)4 CallbackHandler (javax.security.auth.callback.CallbackHandler)4 GSSCredential (org.ietf.jgss.GSSCredential)4