Search in sources :

Example 1 with SaslContext

use of org.jgroups.auth.sasl.SaslContext in project JGroups by belaban.

the class SASL method up.

@Override
public Object up(Message msg) {
    SaslHeader saslHeader = msg.getHeader(SASL_ID);
    GmsHeader gmsHeader = msg.getHeader(GMS_ID);
    Address remoteAddress = msg.getSrc();
    if (needsAuthentication(gmsHeader, remoteAddress)) {
        if (saslHeader == null)
            throw new IllegalStateException("Found GMS join or merge request but no SASL header");
        if (!serverChallenge(gmsHeader, saslHeader, msg))
            // failed auth, don't pass up
            return null;
    } else if (saslHeader != null) {
        SaslContext saslContext = sasl_context.get(remoteAddress);
        if (saslContext == null) {
            throw new IllegalStateException(String.format("Cannot find server context to challenge SASL request from %s", remoteAddress.toString()));
        }
        switch(saslHeader.getType()) {
            case CHALLENGE:
                try {
                    if (log.isTraceEnabled())
                        log.trace("%s: received CHALLENGE from %s", getAddress(), remoteAddress);
                    // the response computed can be null if the challenge-response cycle has ended
                    Message response = saslContext.nextMessage(remoteAddress, saslHeader);
                    if (response != null) {
                        if (log.isTraceEnabled())
                            log.trace("%s: sending RESPONSE to %s", getAddress(), remoteAddress);
                        down_prot.down(response);
                    } else {
                        if (!saslContext.isSuccessful()) {
                            throw new SaslException("computed response is null but challenge-response cycle not complete!");
                        }
                        if (log.isTraceEnabled())
                            log.trace("%s: authentication complete from %s", getAddress(), remoteAddress);
                    }
                } catch (SaslException e) {
                    disposeContext(remoteAddress);
                    if (log.isWarnEnabled()) {
                        log.warn(getAddress() + ": failed to validate CHALLENGE from " + remoteAddress + ", token", e);
                    }
                }
                break;
            case RESPONSE:
                try {
                    if (log.isTraceEnabled())
                        log.trace("%s: received RESPONSE from %s", getAddress(), remoteAddress);
                    Message challenge = saslContext.nextMessage(remoteAddress, saslHeader);
                    // the challenge computed can be null if the challenge-response cycle has ended
                    if (challenge != null) {
                        if (log.isTraceEnabled())
                            log.trace("%s: sending CHALLENGE to %s", getAddress(), remoteAddress);
                        down_prot.down(challenge);
                    } else {
                        if (!saslContext.isSuccessful()) {
                            throw new SaslException("computed challenge is null but challenge-response cycle not complete!");
                        }
                        if (log.isTraceEnabled())
                            log.trace("%s: authentication complete from %s", getAddress(), remoteAddress);
                    }
                } catch (SaslException e) {
                    disposeContext(remoteAddress);
                    if (log.isWarnEnabled()) {
                        log.warn("failed to validate RESPONSE from " + remoteAddress + ", token", e);
                    }
                }
                break;
        }
        return null;
    }
    return up_prot.up(msg);
}
Also used : Address(org.jgroups.Address) Message(org.jgroups.Message) GmsHeader(org.jgroups.protocols.pbcast.GMS.GmsHeader) SaslException(javax.security.sasl.SaslException) SaslContext(org.jgroups.auth.sasl.SaslContext)

Aggregations

SaslException (javax.security.sasl.SaslException)1 Address (org.jgroups.Address)1 Message (org.jgroups.Message)1 SaslContext (org.jgroups.auth.sasl.SaslContext)1 GmsHeader (org.jgroups.protocols.pbcast.GMS.GmsHeader)1