Example 1 with SASLFrame
use of org.apache.qpid.server.protocol.v1_0.framing.SASLFrame in project qpid-broker-j by apache.
the class AMQPConnection_1_0Impl method continueSaslNegotiation.
private void continueSaslNegotiation(final byte[] challenge) {
SaslChallenge challengeBody = new SaslChallenge();
challengeBody.setChallenge(new Binary(challenge));
send(new SASLFrame(challengeBody), null);
_connectionState = ConnectionState.AWAIT_SASL_RESPONSE;
}
Also used :
SaslChallenge(org.apache.qpid.server.protocol.v1_0.type.security.SaslChallenge)
SASLFrame(org.apache.qpid.server.protocol.v1_0.framing.SASLFrame)
Binary(org.apache.qpid.server.protocol.v1_0.type.Binary)
Example 2 with SASLFrame
use of org.apache.qpid.server.protocol.v1_0.framing.SASLFrame in project qpid-broker-j by apache.
the class AMQPConnection_1_0Impl method processProtocolHeader.
private void processProtocolHeader(final QpidByteBuffer msg) {
if (msg.remaining() >= 8) {
byte[] header = new byte[8];
msg.get(header);
final AuthenticationProvider<?> authenticationProvider = getPort().getAuthenticationProvider();
if (Arrays.equals(header, SASL_HEADER)) {
if (_saslComplete) {
throw new ConnectionScopedRuntimeException("SASL Layer header received after SASL already established");
}
try (QpidByteBuffer protocolHeader = QpidByteBuffer.wrap(SASL_HEADER)) {
getSender().send(protocolHeader);
}
SaslMechanisms mechanisms = new SaslMechanisms();
ArrayList<Symbol> mechanismsList = new ArrayList<>();
for (String name : authenticationProvider.getAvailableMechanisms(getTransport().isSecure())) {
mechanismsList.add(Symbol.valueOf(name));
}
mechanisms.setSaslServerMechanisms(mechanismsList.toArray(new Symbol[mechanismsList.size()]));
send(new SASLFrame(mechanisms), null);
_connectionState = ConnectionState.AWAIT_SASL_INIT;
_frameHandler = getFrameHandler(true);
} else if (Arrays.equals(header, AMQP_HEADER)) {
if (!_saslComplete) {
final List<String> mechanisms = authenticationProvider.getAvailableMechanisms(getTransport().isSecure());
if (mechanisms.contains(ExternalAuthenticationManagerImpl.MECHANISM_NAME) && getNetwork().getPeerPrincipal() != null) {
setUserPrincipal(new AuthenticatedPrincipal(getNetwork().getPeerPrincipal()));
} else if (mechanisms.contains(AnonymousAuthenticationManager.MECHANISM_NAME)) {
setUserPrincipal(new AuthenticatedPrincipal(((AnonymousAuthenticationManager) authenticationProvider).getAnonymousPrincipal()));
} else {
LOGGER.warn("{} : attempt to initiate AMQP connection without correctly authenticating", getLogSubject());
_connectionState = ConnectionState.CLOSED;
getNetwork().close();
}
}
try (QpidByteBuffer protocolHeader = QpidByteBuffer.wrap(AMQP_HEADER)) {
getSender().send(protocolHeader);
}
_connectionState = ConnectionState.AWAIT_OPEN;
_frameHandler = getFrameHandler(false);
} else {
LOGGER.warn("{} : unknown AMQP header {}", getLogSubject(), Functions.str(header));
_connectionState = ConnectionState.CLOSED;
getNetwork().close();
}
}
}
Also used :
Symbol(org.apache.qpid.server.protocol.v1_0.type.Symbol)
SASLFrame(org.apache.qpid.server.protocol.v1_0.framing.SASLFrame)
ArrayList(java.util.ArrayList)
SaslMechanisms(org.apache.qpid.server.protocol.v1_0.type.security.SaslMechanisms)
AuthenticatedPrincipal(org.apache.qpid.server.security.auth.AuthenticatedPrincipal)
AnonymousAuthenticationManager(org.apache.qpid.server.security.auth.manager.AnonymousAuthenticationManager)
ConnectionScopedRuntimeException(org.apache.qpid.server.util.ConnectionScopedRuntimeException)
QpidByteBuffer(org.apache.qpid.server.bytebuffer.QpidByteBuffer)
Futures.allAsList(com.google.common.util.concurrent.Futures.allAsList)
ArrayList(java.util.ArrayList)
List(java.util.List)
Example 3 with SASLFrame
use of org.apache.qpid.server.protocol.v1_0.framing.SASLFrame in project qpid-broker-j by apache.
the class AMQPConnection_1_0Impl method processSaslResponse.
private void processSaslResponse(final byte[] response) {
byte[] challenge = null;
SubjectAuthenticationResult authenticationResult = _successfulAuthenticationResult;
if (authenticationResult == null) {
authenticationResult = _subjectCreator.authenticate(_saslNegotiator, response != null ? response : new byte[0]);
challenge = authenticationResult.getChallenge();
}
if (authenticationResult.getStatus() == AuthenticationResult.AuthenticationStatus.SUCCESS) {
final boolean finalChallenge = challenge != null && challenge.length != 0;
_successfulAuthenticationResult = authenticationResult;
if (_sendSaslFinalChallengeAsChallenge && finalChallenge) {
continueSaslNegotiation(challenge);
} else {
setSubject(_successfulAuthenticationResult.getSubject());
SaslOutcome outcome = new SaslOutcome();
outcome.setCode(SaslCode.OK);
if (finalChallenge) {
outcome.setAdditionalData(new Binary(challenge));
}
send(new SASLFrame(outcome), null);
_saslComplete = true;
_connectionState = ConnectionState.AWAIT_AMQP_HEADER;
disposeSaslNegotiator();
}
} else if (authenticationResult.getStatus() == AuthenticationResult.AuthenticationStatus.CONTINUE) {
continueSaslNegotiation(challenge);
} else {
handleSaslError();
}
}
Also used :
SaslOutcome(org.apache.qpid.server.protocol.v1_0.type.security.SaslOutcome)
SASLFrame(org.apache.qpid.server.protocol.v1_0.framing.SASLFrame)
Binary(org.apache.qpid.server.protocol.v1_0.type.Binary)
SubjectAuthenticationResult(org.apache.qpid.server.security.auth.SubjectAuthenticationResult)
Example 4 with SASLFrame
use of org.apache.qpid.server.protocol.v1_0.framing.SASLFrame in project qpid-broker-j by apache.
the class AMQPConnection_1_0Impl method handleSaslError.
private void handleSaslError() {
SaslOutcome outcome = new SaslOutcome();
outcome.setCode(SaslCode.AUTH);
send(new SASLFrame(outcome), null);
_saslComplete = true;
closeSaslWithFailure();
}
Also used :
SaslOutcome(org.apache.qpid.server.protocol.v1_0.type.security.SaslOutcome)
SASLFrame(org.apache.qpid.server.protocol.v1_0.framing.SASLFrame)
Example 5 with SASLFrame
use of org.apache.qpid.server.protocol.v1_0.framing.SASLFrame in project qpid-broker-j by apache.
the class ProtocolEngine_1_0_0Test method testProtocolEngineWithSaslNonTLSandAnon.
public void testProtocolEngineWithSaslNonTLSandAnon() throws Exception {
final Map<String, Object> attrs = Collections.singletonMap(ConfiguredObject.NAME, getTestName());
final AnonymousAuthenticationManager anonymousAuthenticationManager = (new AnonymousAuthenticationManagerFactory()).create(null, attrs, _broker);
when(_port.getAuthenticationProvider()).thenReturn(anonymousAuthenticationManager);
when(_port.getSubjectCreator(anyBoolean(), anyString())).thenReturn(new SubjectCreator(anonymousAuthenticationManager, Collections.emptyList(), null));
allowMechanisms(AnonymousAuthenticationManager.MECHANISM_NAME);
createEngine(Transport.TCP);
_protocolEngine_1_0_0.received(QpidByteBuffer.wrap(ProtocolEngineCreator_1_0_0_SASL.getInstance().getHeaderIdentifier()));
SaslInit init = new SaslInit();
init.setMechanism(Symbol.valueOf("ANONYMOUS"));
_frameWriter.send(new SASLFrame(init));
_protocolEngine_1_0_0.received(QpidByteBuffer.wrap(ProtocolEngineCreator_1_0_0.getInstance().getHeaderIdentifier()));
Open open = new Open();
open.setContainerId("testContainerId");
_frameWriter.send(AMQFrame.createAMQFrame((short) 0, open));
verify(_virtualHost).registerConnection(any(AMQPConnection.class), any(ConnectionEstablishmentPolicy.class));
AuthenticatedPrincipal principal = (AuthenticatedPrincipal) _connection.getAuthorizedPrincipal();
assertNotNull(principal);
assertEquals(principal, new AuthenticatedPrincipal(anonymousAuthenticationManager.getAnonymousPrincipal()));
}
Also used :
ConnectionEstablishmentPolicy(org.apache.qpid.server.virtualhost.ConnectionEstablishmentPolicy)
AnonymousAuthenticationManagerFactory(org.apache.qpid.server.security.auth.manager.AnonymousAuthenticationManagerFactory)
AnonymousAuthenticationManager(org.apache.qpid.server.security.auth.manager.AnonymousAuthenticationManager)
AMQPConnection(org.apache.qpid.server.transport.AMQPConnection)
SaslInit(org.apache.qpid.server.protocol.v1_0.type.security.SaslInit)
SASLFrame(org.apache.qpid.server.protocol.v1_0.framing.SASLFrame)
ConfiguredObject(org.apache.qpid.server.model.ConfiguredObject)
Matchers.anyString(org.mockito.Matchers.anyString)
SubjectCreator(org.apache.qpid.server.security.SubjectCreator)
Open(org.apache.qpid.server.protocol.v1_0.type.transport.Open)
AuthenticatedPrincipal(org.apache.qpid.server.security.auth.AuthenticatedPrincipal)
Aggregations
SASLFrame (org.apache.qpid.server.protocol.v1_0.framing.SASLFrame)6
Binary (org.apache.qpid.server.protocol.v1_0.type.Binary)2
SaslOutcome (org.apache.qpid.server.protocol.v1_0.type.security.SaslOutcome)2
AuthenticatedPrincipal (org.apache.qpid.server.security.auth.AuthenticatedPrincipal)2
AnonymousAuthenticationManager (org.apache.qpid.server.security.auth.manager.AnonymousAuthenticationManager)2
Futures.allAsList (com.google.common.util.concurrent.Futures.allAsList)1
ArrayList (java.util.ArrayList)1
List (java.util.List)1
QpidByteBuffer (org.apache.qpid.server.bytebuffer.QpidByteBuffer)1
ConfiguredObject (org.apache.qpid.server.model.ConfiguredObject)1
Symbol (org.apache.qpid.server.protocol.v1_0.type.Symbol)1
SaslChallenge (org.apache.qpid.server.protocol.v1_0.type.security.SaslChallenge)1
SaslInit (org.apache.qpid.server.protocol.v1_0.type.security.SaslInit)1
SaslMechanisms (org.apache.qpid.server.protocol.v1_0.type.security.SaslMechanisms)1
Open (org.apache.qpid.server.protocol.v1_0.type.transport.Open)1
SubjectCreator (org.apache.qpid.server.security.SubjectCreator)1
SubjectAuthenticationResult (org.apache.qpid.server.security.auth.SubjectAuthenticationResult)1
AnonymousAuthenticationManagerFactory (org.apache.qpid.server.security.auth.manager.AnonymousAuthenticationManagerFactory)1
AMQPConnection (org.apache.qpid.server.transport.AMQPConnection)1
ConnectionScopedRuntimeException (org.apache.qpid.server.util.ConnectionScopedRuntimeException)1
