Examples with SaslException javax.security.sasl.SaslException used on opensource projects

Example 26 with SaslException

use of javax.security.sasl.SaslException in project drill by apache.

the class AbstractServerConnection method finalizeSaslSession.

@Override
public void finalizeSaslSession() throws IOException {
    final String authorizationID = getSaslServer().getAuthorizationID();
    final String remoteShortName = new HadoopKerberosName(authorizationID).getShortName();
    final String localShortName = UserGroupInformation.getLoginUser().getShortUserName();
    if (!localShortName.equals(remoteShortName)) {
        throw new SaslException(String.format("'primary' part of remote drillbit's service principal " + "does not match with this drillbit's. Expected: '%s' Actual: '%s'", localShortName, remoteShortName));
    }
    getLogger().debug("Authenticated connection for {}", authorizationID);
}

Example 27 with SaslException

use of javax.security.sasl.SaslException in project drill by apache.

the class ControlConnection method setSaslClient.

@Override
public void setSaslClient(final SaslClient saslClient) {
    checkState(this.saslClient == null);
    this.saslClient = saslClient;
    // object. This is later used to do wrap/unwrap in handlers.
    if (isEncryptionEnabled()) {
        saslCodec = new SaslCodec() {

            @Override
            public byte[] wrap(byte[] data, int offset, int len) throws SaslException {
                assert saslClient != null;
                return saslClient.wrap(data, offset, len);
            }

            @Override
            public byte[] unwrap(byte[] data, int offset, int len) throws SaslException {
                assert saslClient != null;
                return saslClient.unwrap(data, offset, len);
            }
        };
    }
}

Example 28 with SaslException

use of javax.security.sasl.SaslException in project drill by apache.

the class KerberosFactory method createSaslServer.

@Override
public SaslServer createSaslServer(final UserGroupInformation ugi, final Map<String, ?> properties) throws SaslException {
    final String qopValue = properties.containsKey(Sasl.QOP) ? properties.get(Sasl.QOP).toString() : "auth";
    try {
        final String primaryName = ugi.getShortUserName();
        final String instanceName = new HadoopKerberosName(ugi.getUserName()).getHostName();
        final SaslServer saslServer = ugi.doAs(new PrivilegedExceptionAction<SaslServer>() {

            @Override
            public SaslServer run() throws Exception {
                return FastSaslServerFactory.getInstance().createSaslServer(KerberosUtil.KERBEROS_SASL_NAME, primaryName, instanceName, properties, new KerberosServerCallbackHandler());
            }
        });
        logger.trace("GSSAPI SaslServer created with QOP {}.", qopValue);
        return saslServer;
    } catch (final UndeclaredThrowableException e) {
        final Throwable cause = e.getCause();
        logger.debug("Authentication failed.", cause);
        if (cause instanceof SaslException) {
            throw (SaslException) cause;
        } else {
            throw new SaslException(String.format("Unexpected failure trying to authenticate using Kerberos with QOP %s", qopValue), cause);
        }
    } catch (final IOException | InterruptedException e) {
        logger.debug("Authentication failed.", e);
        throw new SaslException(String.format("Unexpected failure trying to authenticate using Kerberos with QOP %s", qopValue), e);
    }
}

Example 29 with SaslException

use of javax.security.sasl.SaslException in project drill by apache.

the class AuthenticationOutcomeListener method handleSuccess.

private static <CC extends ClientConnection> void handleSuccess(SaslChallengeContext<CC> context) throws SaslException {
    final CC connection = context.connection;
    final SaslClient saslClient = connection.getSaslClient();
    try {
        // Check if connection was marked for being secure then verify for negotiated QOP value for
        // correctness.
        final String negotiatedQOP = saslClient.getNegotiatedProperty(Sasl.QOP).toString();
        final String expectedQOP = connection.isEncryptionEnabled() ? SaslProperties.QualityOfProtection.PRIVACY.getSaslQop() : SaslProperties.QualityOfProtection.AUTHENTICATION.getSaslQop();
        if (!(negotiatedQOP.equals(expectedQOP))) {
            throw new SaslException(String.format("Mismatch in negotiated QOP value: %s and Expected QOP value: %s", negotiatedQOP, expectedQOP));
        }
        // negotiated size of buffer.
        if (connection.isEncryptionEnabled()) {
            final int negotiatedRawSendSize = Integer.parseInt(saslClient.getNegotiatedProperty(Sasl.RAW_SEND_SIZE).toString());
            if (negotiatedRawSendSize <= 0) {
                throw new SaslException(String.format("Negotiated rawSendSize: %d is invalid. Please check the configured " + "value of encryption.sasl.max_wrapped_size. It might be configured to a very small value.", negotiatedRawSendSize));
            }
            connection.setWrapSizeLimit(negotiatedRawSendSize);
        }
    } catch (Exception e) {
        throw new SaslException(String.format("Unexpected failure while retrieving negotiated property values (%s)", e.getMessage()), e);
    }
    if (connection.isEncryptionEnabled()) {
        connection.addSecurityHandlers();
    } else {
        // Encryption is not required hence we don't need to hold on to saslClient object.
        connection.disposeSaslClient();
    }
}

Example 30 with SaslException

use of javax.security.sasl.SaslException in project jdk8u_jdk by JetBrains.

the class SaslOutputStream method close.

public void close() throws IOException {
    SaslException save = null;
    try {
        // Dispose of SaslClient's state
        sc.dispose();
    } catch (SaslException e) {
        // Save exception for throwing after closing 'in'
        save = e;
    }
    // Close underlying output stream
    super.close();
    if (save != null) {
        throw save;
    }
}