Search in sources :

Example 11 with SaslException

use of javax.security.sasl.SaslException in project zookeeper by apache.

the class ZooKeeperSaslClient method sendSaslPacket.

private void sendSaslPacket(ClientCnxn cnxn) throws SaslException {
    if (LOG.isDebugEnabled()) {
        LOG.debug("ClientCnxn:sendSaslPacket:length=" + saslToken.length);
    }
    GetSASLRequest request = new GetSASLRequest();
    request.setToken(createSaslToken());
    SetSASLResponse response = new SetSASLResponse();
    ServerSaslResponseCallback cb = new ServerSaslResponseCallback();
    try {
        cnxn.sendPacket(request, response, cb, ZooDefs.OpCode.sasl);
    } catch (IOException e) {
        throw new SaslException("Failed to send SASL packet to server due " + "to IOException:", e);
    }
}
Also used : SetSASLResponse(org.apache.zookeeper.proto.SetSASLResponse) IOException(java.io.IOException) SaslException(javax.security.sasl.SaslException) GetSASLRequest(org.apache.zookeeper.proto.GetSASLRequest)

Example 12 with SaslException

use of javax.security.sasl.SaslException in project Smack by igniterealtime.

the class SASLJavaXMechanism method authenticateInternal.

@Override
protected void authenticateInternal() throws SmackException {
    String[] mechanisms = { getName() };
    Map<String, String> props = getSaslProps();
    String authzid = null;
    if (authorizationId != null) {
        authzid = authorizationId.toString();
    }
    try {
        sc = Sasl.createSaslClient(mechanisms, authzid, "xmpp", getServerName().toString(), props, new CallbackHandler() {

            @Override
            public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
                for (int i = 0; i < callbacks.length; i++) {
                    if (callbacks[i] instanceof NameCallback) {
                        NameCallback ncb = (NameCallback) callbacks[i];
                        ncb.setName(authenticationId);
                    } else if (callbacks[i] instanceof PasswordCallback) {
                        PasswordCallback pcb = (PasswordCallback) callbacks[i];
                        pcb.setPassword(password.toCharArray());
                    } else if (callbacks[i] instanceof RealmCallback) {
                        RealmCallback rcb = (RealmCallback) callbacks[i];
                        // Retrieve the REALM from the challenge response that
                        // the server returned when the client initiated the
                        // authentication exchange. If this value is not null or
                        // empty, *this value* has to be sent back to the server
                        // in the client's response to the server's challenge
                        String text = rcb.getDefaultText();
                        // The SASL client (sc) created in smack uses
                        // rcb.getText when creating the negotiatedRealm to send
                        // it back to the server. Make sure that this value
                        // matches the server's realm
                        rcb.setText(text);
                    } else if (callbacks[i] instanceof RealmChoiceCallback) {
                    // unused, prevents UnsupportedCallbackException
                    // RealmChoiceCallback rccb =
                    // (RealmChoiceCallback)callbacks[i];
                    } else {
                        throw new UnsupportedCallbackException(callbacks[i]);
                    }
                }
            }
        });
    } catch (SaslException e) {
        throw new SmackException(e);
    }
}
Also used : CallbackHandler(javax.security.auth.callback.CallbackHandler) NameCallback(javax.security.auth.callback.NameCallback) SmackException(org.jivesoftware.smack.SmackException) PasswordCallback(javax.security.auth.callback.PasswordCallback) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) SaslException(javax.security.sasl.SaslException) RealmChoiceCallback(javax.security.sasl.RealmChoiceCallback) RealmCallback(javax.security.sasl.RealmCallback)

Example 13 with SaslException

use of javax.security.sasl.SaslException in project Openfire by igniterealtime.

the class JiveSharedSecretSaslServer method evaluateResponse.

@Override
public byte[] evaluateResponse(byte[] response) throws SaslException {
    if (isComplete()) {
        throw new IllegalStateException("Authentication exchange already completed.");
    }
    if (response == null || response.length == 0) {
        // No info was provided so send a challenge to get it.
        return new byte[0];
    }
    complete = true;
    // Parse data and obtain username & password.
    final StringTokenizer tokens = new StringTokenizer(new String(response, StandardCharsets.UTF_8), "\0");
    tokens.nextToken();
    final String secretDigest = tokens.nextToken();
    if (authenticateSharedSecret(secretDigest)) {
        // Success!
        return null;
    } else {
        // Otherwise, authentication failed.
        throw new SaslException("Authentication failed");
    }
}
Also used : StringTokenizer(java.util.StringTokenizer) SaslException(javax.security.sasl.SaslException)

Example 14 with SaslException

use of javax.security.sasl.SaslException in project Openfire by igniterealtime.

the class SaslServerPlainImpl method evaluateResponse.

/**
     * Evaluates the response data and generates a challenge.
     *
     * If a response is received from the client during the authentication
     * process, this method is called to prepare an appropriate next
     * challenge to submit to the client. The challenge is null if the
     * authentication has succeeded and no more challenge data is to be sent
     * to the client. It is non-null if the authentication must be continued
     * by sending a challenge to the client, or if the authentication has
     * succeeded but challenge data needs to be processed by the client.
     * <tt>isComplete()</tt> should be called
     * after each call to <tt>evaluateResponse()</tt>,to determine if any further
     * response is needed from the client.
     *
     * @param response The non-null (but possibly empty) response sent
     * by the client.
     *
     * @return The possibly null challenge to send to the client.
     * It is null if the authentication has succeeded and there is
     * no more challenge data to be sent to the client.
     * @exception SaslException If an error occurred while processing
     * the response or generating a challenge.
     */
@Override
public byte[] evaluateResponse(byte[] response) throws SaslException {
    if (completed) {
        throw new IllegalStateException("PLAIN authentication already completed");
    }
    if (aborted) {
        throw new IllegalStateException("PLAIN authentication previously aborted due to error");
    }
    try {
        if (response.length != 0) {
            String data = new String(response, StandardCharsets.UTF_8);
            StringTokenizer tokens = new StringTokenizer(data, "\0");
            if (tokens.countTokens() > 2) {
                username = tokens.nextToken();
                principal = tokens.nextToken();
            } else {
                username = tokens.nextToken();
                principal = username;
            }
            password = tokens.nextToken();
            NameCallback ncb = new NameCallback("PLAIN authentication ID: ", principal);
            VerifyPasswordCallback vpcb = new VerifyPasswordCallback(password.toCharArray());
            cbh.handle(new Callback[] { ncb, vpcb });
            if (vpcb.getVerified()) {
                vpcb.clearPassword();
                AuthorizeCallback acb = new AuthorizeCallback(principal, username);
                cbh.handle(new Callback[] { acb });
                if (acb.isAuthorized()) {
                    username = acb.getAuthorizedID();
                    completed = true;
                } else {
                    completed = true;
                    username = null;
                    throw new SaslException("PLAIN: user not authorized: " + principal);
                }
            } else {
                throw new SaslException("PLAIN: user not authorized: " + principal);
            }
        } else {
            //Client gave no initial response
            if (counter++ > 1) {
                throw new SaslException("PLAIN expects a response");
            }
            return null;
        }
    } catch (UnsupportedCallbackException | IOException e) {
        aborted = true;
        throw new SaslException("PLAIN authentication failed for: " + username, e);
    }
    return null;
}
Also used : StringTokenizer(java.util.StringTokenizer) NameCallback(javax.security.auth.callback.NameCallback) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) IOException(java.io.IOException) SaslException(javax.security.sasl.SaslException) AuthorizeCallback(javax.security.sasl.AuthorizeCallback)

Example 15 with SaslException

use of javax.security.sasl.SaslException in project Openfire by igniterealtime.

the class ScramSha1SaslServer method evaluateResponse.

/**
     * Evaluates the response data and generates a challenge.
     *
     * If a response is received from the client during the authentication
     * process, this method is called to prepare an appropriate next
     * challenge to submit to the client. The challenge is null if the
     * authentication has succeeded and no more challenge data is to be sent
     * to the client. It is non-null if the authentication must be continued
     * by sending a challenge to the client, or if the authentication has
     * succeeded but challenge data needs to be processed by the client.
     * <tt>isComplete()</tt> should be called
     * after each call to <tt>evaluateResponse()</tt>,to determine if any further
     * response is needed from the client.
     *
     * @param response The non-null (but possibly empty) response sent
     * by the client.
     *
     * @return The possibly null challenge to send to the client.
     * It is null if the authentication has succeeded and there is
     * no more challenge data to be sent to the client.
     * @exception SaslException If an error occurred while processing
     * the response or generating a challenge.
     */
@Override
public byte[] evaluateResponse(final byte[] response) throws SaslException {
    try {
        byte[] challenge;
        switch(state) {
            case INITIAL:
                challenge = generateServerFirstMessage(response);
                state = State.IN_PROGRESS;
                break;
            case IN_PROGRESS:
                challenge = generateServerFinalMessage(response);
                state = State.COMPLETE;
                break;
            case COMPLETE:
                if (response == null || response.length == 0) {
                    challenge = new byte[0];
                    break;
                }
            default:
                throw new SaslException("No response expected in state " + state);
        }
        return challenge;
    } catch (RuntimeException ex) {
        throw new SaslException("Unexpected exception while evaluating SASL response.", ex);
    }
}
Also used : SaslException(javax.security.sasl.SaslException)

Aggregations

SaslException (javax.security.sasl.SaslException)70 IOException (java.io.IOException)24 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)12 NameCallback (javax.security.auth.callback.NameCallback)11 Callback (javax.security.auth.callback.Callback)6 PasswordCallback (javax.security.auth.callback.PasswordCallback)6 SaslClient (javax.security.sasl.SaslClient)6 UndeclaredThrowableException (java.lang.reflect.UndeclaredThrowableException)5 InvalidKeyException (java.security.InvalidKeyException)5 LoginException (javax.security.auth.login.LoginException)5 AuthorizeCallback (javax.security.sasl.AuthorizeCallback)5 RpcException (org.apache.drill.exec.rpc.RpcException)5 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)4 PrivilegedActionException (java.security.PrivilegedActionException)4 CallbackHandler (javax.security.auth.callback.CallbackHandler)4 GSSException (org.ietf.jgss.GSSException)4 UserNotFoundException (org.jivesoftware.openfire.user.UserNotFoundException)4 ByteString (com.google.protobuf.ByteString)3 Principal (java.security.Principal)3 SaslServer (javax.security.sasl.SaslServer)3