Examples with SaslMechanisms org.apache.qpid.server.protocol.v1_0.type.security.SaslMechanisms used on opensource projects

Example 6 with SaslMechanisms

use of org.apache.qpid.server.protocol.v1_0.type.security.SaslMechanisms in project qpid-broker-j by apache.

the class AMQPConnection_1_0Impl method processProtocolHeader.

private void processProtocolHeader(final QpidByteBuffer msg) {
    if (msg.remaining() >= 8) {
        byte[] header = new byte[8];
        msg.get(header);
        final AuthenticationProvider<?> authenticationProvider = getPort().getAuthenticationProvider();
        if (Arrays.equals(header, SASL_HEADER)) {
            if (_saslComplete) {
                throw new ConnectionScopedRuntimeException("SASL Layer header received after SASL already established");
            }
            try (QpidByteBuffer protocolHeader = QpidByteBuffer.wrap(SASL_HEADER)) {
                getSender().send(protocolHeader);
            }
            SaslMechanisms mechanisms = new SaslMechanisms();
            ArrayList<Symbol> mechanismsList = new ArrayList<>();
            for (String name : authenticationProvider.getAvailableMechanisms(getTransport().isSecure())) {
                mechanismsList.add(Symbol.valueOf(name));
            }
            mechanisms.setSaslServerMechanisms(mechanismsList.toArray(new Symbol[mechanismsList.size()]));
            send(new SASLFrame(mechanisms), null);
            _connectionState = ConnectionState.AWAIT_SASL_INIT;
            _frameHandler = getFrameHandler(true);
        } else if (Arrays.equals(header, AMQP_HEADER)) {
            if (!_saslComplete) {
                final List<String> mechanisms = authenticationProvider.getAvailableMechanisms(getTransport().isSecure());
                if (mechanisms.contains(ExternalAuthenticationManagerImpl.MECHANISM_NAME) && getNetwork().getPeerPrincipal() != null) {
                    setUserPrincipal(new AuthenticatedPrincipal(getNetwork().getPeerPrincipal()));
                } else if (mechanisms.contains(AnonymousAuthenticationManager.MECHANISM_NAME)) {
                    setUserPrincipal(new AuthenticatedPrincipal(((AnonymousAuthenticationManager) authenticationProvider).getAnonymousPrincipal()));
                } else {
                    LOGGER.warn("{} : attempt to initiate AMQP connection without correctly authenticating", getLogSubject());
                    _connectionState = ConnectionState.CLOSED;
                    getNetwork().close();
                }
            }
            try (QpidByteBuffer protocolHeader = QpidByteBuffer.wrap(AMQP_HEADER)) {
                getSender().send(protocolHeader);
            }
            _connectionState = ConnectionState.AWAIT_OPEN;
            _frameHandler = getFrameHandler(false);
        } else {
            LOGGER.warn("{} : unknown AMQP header {}", getLogSubject(), Functions.str(header));
            _connectionState = ConnectionState.CLOSED;
            getNetwork().close();
        }
    }
}

Example 7 with SaslMechanisms

use of org.apache.qpid.server.protocol.v1_0.type.security.SaslMechanisms in project qpid-broker-j by apache.

the class SaslTest method saslSuccessfulAuthenticationWithPipelinedFrames.

@Test
@SpecificationTest(section = "2.4.2", description = "For applications that use many short-lived connections," + " it MAY be desirable to pipeline the connection negotiation process." + " A peer MAY do this by starting to send subsequent frames before receiving" + " the partner’s connection header or open frame")
public void saslSuccessfulAuthenticationWithPipelinedFrames() throws Exception {
    final InetSocketAddress addr = getBrokerAdmin().getBrokerAddress(BrokerAdmin.PortType.AMQP);
    try (FrameTransport transport = new FrameTransport(addr, true).connect()) {
        final Binary initialResponse = new Binary(String.format("\0%s\0%s", _username, _password).getBytes(StandardCharsets.US_ASCII));
        final Interaction interaction = transport.newInteraction();
        interaction.protocolHeader(SASL_AMQP_HEADER_BYTES).negotiateProtocol().saslMechanism(PLAIN).saslInitialResponse(initialResponse).saslInit().protocolHeader(AMQP_HEADER_BYTES).negotiateProtocol().openContainerId("testContainerId").open();
        final byte[] saslHeaderResponse = interaction.consumeResponse().getLatestResponse(byte[].class);
        assertThat(saslHeaderResponse, is(equalTo(SASL_AMQP_HEADER_BYTES)));
        SaslMechanisms saslMechanismsResponse = interaction.consumeResponse().getLatestResponse(SaslMechanisms.class);
        assertThat(Arrays.asList(saslMechanismsResponse.getSaslServerMechanisms()), hasItem(PLAIN));
        SaslOutcome saslOutcome = interaction.consumeResponse().getLatestResponse(SaslOutcome.class);
        assertThat(saslOutcome.getCode(), equalTo(SaslCode.OK));
        final byte[] headerResponse = interaction.consumeResponse().getLatestResponse(byte[].class);
        assertThat(headerResponse, is(equalTo(AMQP_HEADER_BYTES)));
        interaction.consumeResponse().getLatestResponse(Open.class);
        interaction.doCloseConnection();
    }
}

Example 8 with SaslMechanisms

use of org.apache.qpid.server.protocol.v1_0.type.security.SaslMechanisms in project qpid-broker-j by apache.

the class SaslTest method saslSuccessfulAuthenticationWithChallengeResponse.

@Test
@SpecificationTest(section = "5.3.2", description = "SASL Negotiation [...] challenge/response step occurs once")
public void saslSuccessfulAuthenticationWithChallengeResponse() throws Exception {
    final InetSocketAddress addr = getBrokerAdmin().getBrokerAddress(BrokerAdmin.PortType.AMQP);
    try (FrameTransport transport = new FrameTransport(addr, true).connect()) {
        final Interaction interaction = transport.newInteraction();
        final byte[] saslHeaderResponse = interaction.protocolHeader(SASL_AMQP_HEADER_BYTES).negotiateProtocol().consumeResponse().getLatestResponse(byte[].class);
        assertThat(saslHeaderResponse, is(equalTo(SASL_AMQP_HEADER_BYTES)));
        SaslMechanisms saslMechanismsResponse = interaction.consumeResponse().getLatestResponse(SaslMechanisms.class);
        assertThat(Arrays.asList(saslMechanismsResponse.getSaslServerMechanisms()), hasItem(CRAM_MD5));
        SaslChallenge saslChallenge = interaction.saslMechanism(CRAM_MD5).saslInit().consumeResponse().getLatestResponse(SaslChallenge.class);
        assertThat(saslChallenge.getChallenge(), is(notNullValue()));
        byte[] response = generateCramMD5ClientResponse(_username, _password, saslChallenge.getChallenge().getArray());
        final SaslOutcome saslOutcome = interaction.saslResponseResponse(new Binary(response)).saslResponse().consumeResponse().getLatestResponse(SaslOutcome.class);
        assertThat(saslOutcome.getCode(), equalTo(SaslCode.OK));
        final byte[] headerResponse = interaction.protocolHeader(AMQP_HEADER_BYTES).negotiateProtocol().consumeResponse().getLatestResponse(byte[].class);
        assertThat(headerResponse, is(equalTo(AMQP_HEADER_BYTES)));
        transport.assertNoMoreResponses();
    }
}