use of javax.security.sasl.SaslException in project Openfire by igniterealtime.
the class ExternalClientSaslServer method evaluateResponse.
@Override
public byte[] evaluateResponse(byte[] response) throws SaslException {
if (isComplete()) {
throw new IllegalStateException("Authentication exchange already completed.");
}
// There will be no further steps. Either authentication succeeds or fails, but in any case, we're done.
complete = true;
final Connection connection = session.getConnection();
Certificate[] peerCertificates = connection.getPeerCertificates();
if (peerCertificates == null || peerCertificates.length < 1) {
throw new SaslException("No peer certificates.");
}
final KeyStore keyStore = connection.getConfiguration().getIdentityStore().getStore();
final KeyStore trustStore = connection.getConfiguration().getTrustStore().getStore();
final X509Certificate trusted = CertificateManager.getEndEntityCertificate(peerCertificates, keyStore, trustStore);
if (trusted == null) {
throw new SaslException("Certificate chain of peer is not trusted.");
}
// Process client identities / principals.
final ArrayList<String> principals = new ArrayList<>();
principals.addAll(CertificateManager.getClientIdentities(trusted));
String principal;
switch(principals.size()) {
case 0:
principal = "";
break;
default:
Log.debug("More than one principal found, using the first one.");
// intended fall-through;
case 1:
principal = principals.get(0);
break;
}
// Process requested user name.
String username;
if (response != null && response.length > 0) {
username = new String(response, StandardCharsets.UTF_8);
} else {
username = null;
}
if (username == null || username.length() == 0) {
// cause an authorization failure.
for (String princ : principals) {
final String mappedUsername = AuthorizationManager.map(princ);
if (!mappedUsername.equals(princ)) {
username = mappedUsername;
principal = princ;
break;
}
}
if (username == null || username.length() == 0) {
// Still no username. Punt.
username = principal;
}
Log.debug("No username requested, using: {}", username);
}
// Its possible that either/both username and principal are null here. The providers should not allow a null authorization
if (AuthorizationManager.authorize(username, principal)) {
Log.debug("Principal {} authorized to username {}", principal, username);
authorizationID = username;
// Success!
return null;
}
throw new SaslException();
}
use of javax.security.sasl.SaslException in project AuthMeReloaded by AuthMe.
the class OAuth2SaslClient method evaluateChallenge.
public byte[] evaluateChallenge(byte[] challenge) throws SaslException {
if (isComplete) {
// Empty final response from server, just ignore it.
return new byte[] {};
}
NameCallback nameCallback = new NameCallback("Enter name");
Callback[] callbacks = new Callback[] { nameCallback };
try {
callbackHandler.handle(callbacks);
} catch (UnsupportedCallbackException e) {
throw new SaslException("Unsupported callback: " + e);
} catch (IOException e) {
throw new SaslException("Failed to execute callback: " + e);
}
String email = nameCallback.getName();
byte[] response = String.format("user=%s\1auth=Bearer %s\1\1", email, oauthToken).getBytes();
isComplete = true;
return response;
}
use of javax.security.sasl.SaslException in project alluxio by Alluxio.
the class PlainSaslServer method evaluateResponse.
@Override
public byte[] evaluateResponse(byte[] response) throws SaslException {
Preconditions.checkState(!mCompleted, "PLAIN authentication has completed");
Preconditions.checkArgument(response != null, "Received null response");
try {
// parse the response
// message = [authorizationId] UTF8NUL authenticationId UTF8NUL passwd'
// authorizationId may be empty,then the authorizationId = authenticationId
String payload;
try {
payload = new String(response, "UTF-8");
} catch (Exception e) {
throw new IllegalArgumentException("Received corrupt response", e);
}
String[] parts = payload.split("