use of javax.security.sasl.SaslException in project zookeeper by apache.
the class ZooKeeperSaslClient method sendSaslPacket.
private void sendSaslPacket(ClientCnxn cnxn) throws SaslException {
if (LOG.isDebugEnabled()) {
LOG.debug("ClientCnxn:sendSaslPacket:length=" + saslToken.length);
}
GetSASLRequest request = new GetSASLRequest();
request.setToken(createSaslToken());
SetSASLResponse response = new SetSASLResponse();
ServerSaslResponseCallback cb = new ServerSaslResponseCallback();
try {
cnxn.sendPacket(request, response, cb, ZooDefs.OpCode.sasl);
} catch (IOException e) {
throw new SaslException("Failed to send SASL packet to server due " + "to IOException:", e);
}
}
use of javax.security.sasl.SaslException in project Smack by igniterealtime.
the class SASLJavaXMechanism method authenticateInternal.
@Override
protected void authenticateInternal() throws SmackException {
String[] mechanisms = { getName() };
Map<String, String> props = getSaslProps();
String authzid = null;
if (authorizationId != null) {
authzid = authorizationId.toString();
}
try {
sc = Sasl.createSaslClient(mechanisms, authzid, "xmpp", getServerName().toString(), props, new CallbackHandler() {
@Override
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof NameCallback) {
NameCallback ncb = (NameCallback) callbacks[i];
ncb.setName(authenticationId);
} else if (callbacks[i] instanceof PasswordCallback) {
PasswordCallback pcb = (PasswordCallback) callbacks[i];
pcb.setPassword(password.toCharArray());
} else if (callbacks[i] instanceof RealmCallback) {
RealmCallback rcb = (RealmCallback) callbacks[i];
// Retrieve the REALM from the challenge response that
// the server returned when the client initiated the
// authentication exchange. If this value is not null or
// empty, *this value* has to be sent back to the server
// in the client's response to the server's challenge
String text = rcb.getDefaultText();
// The SASL client (sc) created in smack uses
// rcb.getText when creating the negotiatedRealm to send
// it back to the server. Make sure that this value
// matches the server's realm
rcb.setText(text);
} else if (callbacks[i] instanceof RealmChoiceCallback) {
// unused, prevents UnsupportedCallbackException
// RealmChoiceCallback rccb =
// (RealmChoiceCallback)callbacks[i];
} else {
throw new UnsupportedCallbackException(callbacks[i]);
}
}
}
});
} catch (SaslException e) {
throw new SmackException(e);
}
}
use of javax.security.sasl.SaslException in project Openfire by igniterealtime.
the class JiveSharedSecretSaslServer method evaluateResponse.
@Override
public byte[] evaluateResponse(byte[] response) throws SaslException {
if (isComplete()) {
throw new IllegalStateException("Authentication exchange already completed.");
}
if (response == null || response.length == 0) {
// No info was provided so send a challenge to get it.
return new byte[0];
}
complete = true;
// Parse data and obtain username & password.
final StringTokenizer tokens = new StringTokenizer(new String(response, StandardCharsets.UTF_8), "\0");
tokens.nextToken();
final String secretDigest = tokens.nextToken();
if (authenticateSharedSecret(secretDigest)) {
// Success!
return null;
} else {
// Otherwise, authentication failed.
throw new SaslException("Authentication failed");
}
}
use of javax.security.sasl.SaslException in project Openfire by igniterealtime.
the class SaslServerPlainImpl method evaluateResponse.
/**
* Evaluates the response data and generates a challenge.
*
* If a response is received from the client during the authentication
* process, this method is called to prepare an appropriate next
* challenge to submit to the client. The challenge is null if the
* authentication has succeeded and no more challenge data is to be sent
* to the client. It is non-null if the authentication must be continued
* by sending a challenge to the client, or if the authentication has
* succeeded but challenge data needs to be processed by the client.
* <tt>isComplete()</tt> should be called
* after each call to <tt>evaluateResponse()</tt>,to determine if any further
* response is needed from the client.
*
* @param response The non-null (but possibly empty) response sent
* by the client.
*
* @return The possibly null challenge to send to the client.
* It is null if the authentication has succeeded and there is
* no more challenge data to be sent to the client.
* @exception SaslException If an error occurred while processing
* the response or generating a challenge.
*/
@Override
public byte[] evaluateResponse(byte[] response) throws SaslException {
if (completed) {
throw new IllegalStateException("PLAIN authentication already completed");
}
if (aborted) {
throw new IllegalStateException("PLAIN authentication previously aborted due to error");
}
try {
if (response.length != 0) {
String data = new String(response, StandardCharsets.UTF_8);
StringTokenizer tokens = new StringTokenizer(data, "\0");
if (tokens.countTokens() > 2) {
username = tokens.nextToken();
principal = tokens.nextToken();
} else {
username = tokens.nextToken();
principal = username;
}
password = tokens.nextToken();
NameCallback ncb = new NameCallback("PLAIN authentication ID: ", principal);
VerifyPasswordCallback vpcb = new VerifyPasswordCallback(password.toCharArray());
cbh.handle(new Callback[] { ncb, vpcb });
if (vpcb.getVerified()) {
vpcb.clearPassword();
AuthorizeCallback acb = new AuthorizeCallback(principal, username);
cbh.handle(new Callback[] { acb });
if (acb.isAuthorized()) {
username = acb.getAuthorizedID();
completed = true;
} else {
completed = true;
username = null;
throw new SaslException("PLAIN: user not authorized: " + principal);
}
} else {
throw new SaslException("PLAIN: user not authorized: " + principal);
}
} else {
//Client gave no initial response
if (counter++ > 1) {
throw new SaslException("PLAIN expects a response");
}
return null;
}
} catch (UnsupportedCallbackException | IOException e) {
aborted = true;
throw new SaslException("PLAIN authentication failed for: " + username, e);
}
return null;
}
use of javax.security.sasl.SaslException in project Openfire by igniterealtime.
the class ScramSha1SaslServer method evaluateResponse.
/**
* Evaluates the response data and generates a challenge.
*
* If a response is received from the client during the authentication
* process, this method is called to prepare an appropriate next
* challenge to submit to the client. The challenge is null if the
* authentication has succeeded and no more challenge data is to be sent
* to the client. It is non-null if the authentication must be continued
* by sending a challenge to the client, or if the authentication has
* succeeded but challenge data needs to be processed by the client.
* <tt>isComplete()</tt> should be called
* after each call to <tt>evaluateResponse()</tt>,to determine if any further
* response is needed from the client.
*
* @param response The non-null (but possibly empty) response sent
* by the client.
*
* @return The possibly null challenge to send to the client.
* It is null if the authentication has succeeded and there is
* no more challenge data to be sent to the client.
* @exception SaslException If an error occurred while processing
* the response or generating a challenge.
*/
@Override
public byte[] evaluateResponse(final byte[] response) throws SaslException {
try {
byte[] challenge;
switch(state) {
case INITIAL:
challenge = generateServerFirstMessage(response);
state = State.IN_PROGRESS;
break;
case IN_PROGRESS:
challenge = generateServerFinalMessage(response);
state = State.COMPLETE;
break;
case COMPLETE:
if (response == null || response.length == 0) {
challenge = new byte[0];
break;
}
default:
throw new SaslException("No response expected in state " + state);
}
return challenge;
} catch (RuntimeException ex) {
throw new SaslException("Unexpected exception while evaluating SASL response.", ex);
}
}
Aggregations