Search in sources :

Example 61 with SaslException

use of javax.security.sasl.SaslException in project mongo-java-driver by mongodb.

the class GSSAPIAuthenticator method createSaslClient.

@Override
protected SaslClient createSaslClient(final ServerAddress serverAddress) {
    MongoCredential credential = getCredential();
    try {
        Map<String, Object> saslClientProperties = getCredential().getMechanismProperty(JAVA_SASL_CLIENT_PROPERTIES_KEY, null);
        if (saslClientProperties == null) {
            saslClientProperties = new HashMap<String, Object>();
            saslClientProperties.put(Sasl.MAX_BUFFER, "0");
            saslClientProperties.put(Sasl.CREDENTIALS, getGSSCredential(credential.getUserName()));
        }
        SaslClient saslClient = Sasl.createSaslClient(new String[] { GSSAPI.getMechanismName() }, credential.getUserName(), credential.getMechanismProperty(SERVICE_NAME_KEY, SERVICE_NAME_DEFAULT_VALUE), getHostName(serverAddress), saslClientProperties, null);
        if (saslClient == null) {
            throw new MongoSecurityException(credential, String.format("No platform support for %s mechanism", GSSAPI));
        }
        return saslClient;
    } catch (SaslException e) {
        throw new MongoSecurityException(credential, "Exception initializing SASL client", e);
    } catch (GSSException e) {
        throw new MongoSecurityException(credential, "Exception initializing GSSAPI credentials", e);
    } catch (UnknownHostException e) {
        throw new MongoSecurityException(credential, "Unable to canonicalize host name + " + serverAddress);
    }
}
Also used : MongoSecurityException(com.mongodb.MongoSecurityException) GSSException(org.ietf.jgss.GSSException) UnknownHostException(java.net.UnknownHostException) MongoCredential(com.mongodb.MongoCredential) SaslException(javax.security.sasl.SaslException) SaslClient(javax.security.sasl.SaslClient)

Example 62 with SaslException

use of javax.security.sasl.SaslException in project hadoop by apache.

the class TestSaslRPC method testSaslPlainServerBadPassword.

@Test
public void testSaslPlainServerBadPassword() {
    SaslException e = null;
    try {
        runNegotiation(new TestPlainCallbacks.Client("user", "pass1"), new TestPlainCallbacks.Server("user", "pass2"));
    } catch (SaslException se) {
        e = se;
    }
    assertNotNull(e);
    String message = e.getMessage();
    assertContains("PLAIN auth failed", message);
    assertContains("wrong password", message);
}
Also used : SaslException(javax.security.sasl.SaslException) Test(org.junit.Test)

Example 63 with SaslException

use of javax.security.sasl.SaslException in project hadoop by apache.

the class SaslPlainServer method evaluateResponse.

@Override
public byte[] evaluateResponse(byte[] response) throws SaslException {
    if (completed) {
        throw new IllegalStateException("PLAIN authentication has completed");
    }
    if (response == null) {
        throw new IllegalArgumentException("Received null response");
    }
    try {
        String payload;
        try {
            payload = new String(response, "UTF-8");
        } catch (Exception e) {
            throw new IllegalArgumentException("Received corrupt response", e);
        }
        // [ authz, authn, password ]
        String[] parts = payload.split("", 3);
        if (parts.length != 3) {
            throw new IllegalArgumentException("Received corrupt response");
        }
        if (parts[0].isEmpty()) {
            // authz = authn
            parts[0] = parts[1];
        }
        NameCallback nc = new NameCallback("SASL PLAIN");
        nc.setName(parts[1]);
        PasswordCallback pc = new PasswordCallback("SASL PLAIN", false);
        pc.setPassword(parts[2].toCharArray());
        AuthorizeCallback ac = new AuthorizeCallback(parts[1], parts[0]);
        cbh.handle(new Callback[] { nc, pc, ac });
        if (ac.isAuthorized()) {
            authz = ac.getAuthorizedID();
        }
    } catch (Exception e) {
        throw new SaslException("PLAIN auth failed: " + e.toString(), e);
    } finally {
        completed = true;
    }
    return null;
}
Also used : SaslException(javax.security.sasl.SaslException) SaslException(javax.security.sasl.SaslException) AuthorizeCallback(javax.security.sasl.AuthorizeCallback)

Example 64 with SaslException

use of javax.security.sasl.SaslException in project hadoop by apache.

the class SaslRpcClient method saslEvaluateToken.

/**
   * Evaluate the server provided challenge.  The server must send a token
   * if it's not done.  If the server is done, the challenge token is
   * optional because not all mechanisms send a final token for the client to
   * update its internal state.  The client must also be done after
   * evaluating the optional token to ensure a malicious server doesn't
   * prematurely end the negotiation with a phony success.
   *  
   * @param saslResponse - client response to challenge
   * @param serverIsDone - server negotiation state
   * @throws SaslException - any problems with negotiation
   */
private byte[] saslEvaluateToken(RpcSaslProto saslResponse, boolean serverIsDone) throws SaslException {
    byte[] saslToken = null;
    if (saslResponse.hasToken()) {
        saslToken = saslResponse.getToken().toByteArray();
        saslToken = saslClient.evaluateChallenge(saslToken);
    } else if (!serverIsDone) {
        // the server may only omit a token when it's done
        throw new SaslException("Server challenge contains no token");
    }
    if (serverIsDone) {
        // server tried to report success before our client completed
        if (!saslClient.isComplete()) {
            throw new SaslException("Client is out of sync with server");
        }
        // a client cannot generate a response to a success message
        if (saslToken != null) {
            throw new SaslException("Client generated spurious response");
        }
    }
    return saslToken;
}
Also used : SaslException(javax.security.sasl.SaslException)

Example 65 with SaslException

use of javax.security.sasl.SaslException in project CorfuDB by CorfuDB.

the class PlainTextSaslServer method verify.

private void verify(String authzid, String authcid, String passwd) throws SaslException {
    if (authcid.isEmpty()) {
        throw new SaslException("Authentication failed due to empty username");
    }
    if (passwd.isEmpty()) {
        throw new SaslException("Authentication failed due to empty password");
    }
    if (authzid.isEmpty()) {
        authorizationId = authcid;
    } else {
        authorizationId = authzid;
    }
    try {
        LoginContext lc = new LoginContext("CorfuDB", new PlainTextCallbackHandler(authcid, passwd));
        lc.login();
    } catch (LoginException le) {
        throw new SaslException("Login attempt by '" + authcid + "' failed");
    }
    log.debug("Login by {} is successful", authcid);
    authenticated = true;
}
Also used : LoginContext(javax.security.auth.login.LoginContext) LoginException(javax.security.auth.login.LoginException) SaslException(javax.security.sasl.SaslException)

Aggregations

SaslException (javax.security.sasl.SaslException)75 IOException (java.io.IOException)24 NameCallback (javax.security.auth.callback.NameCallback)11 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)11 SaslClient (javax.security.sasl.SaslClient)7 PrivilegedActionException (java.security.PrivilegedActionException)6 Callback (javax.security.auth.callback.Callback)6 PasswordCallback (javax.security.auth.callback.PasswordCallback)6 LoginException (javax.security.auth.login.LoginException)6 SaslServer (javax.security.sasl.SaslServer)6 UndeclaredThrowableException (java.lang.reflect.UndeclaredThrowableException)5 InvalidKeyException (java.security.InvalidKeyException)5 AuthorizeCallback (javax.security.sasl.AuthorizeCallback)5 RpcException (org.apache.drill.exec.rpc.RpcException)5 GSSException (org.ietf.jgss.GSSException)5 DataOutputStream (java.io.DataOutputStream)4 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)4 Principal (java.security.Principal)4 CallbackHandler (javax.security.auth.callback.CallbackHandler)4 GSSCredential (org.ietf.jgss.GSSCredential)4