Examples of javax.security.sasl.SaslClient

• javax.security.sasl.SaslClient
  initial response and send to server byte[] response = (sc.hasInitialResponse() ? sc.evaluateChallenge(new byte[0]) : null); LdapResult res = ldap.sendBindRequest(dn, sc.getName(), response); while (!sc.isComplete() &&}(res.status == SASL_BIND_IN_PROGRESS || res.status == SUCCESS)) response = sc.evaluateChallenge(res.getBytes()); if (res.status == SUCCESS) { // we're done; don't expect to send another BIND if (response != null) { throw new SaslException( "Protocol error: attempting to send response after completion"); } break; } res = ldap.sendBindRequest(dn, sc.getName(), response); } if (sc.isComplete() && res.status == SUCCESS) { String qop = (String) sc.getNegotiatedProperty(Sasl.QOP); if (qop != null && (qop.equalsIgnoreCase("auth-int") || qop.equalsIgnoreCase("auth-conf"))) { // Use SaslClient.wrap() and SaslClient.unwrap() for future // communication with server ldap.in = new SecureInputStream(sc, ldap.in); ldap.out = new SecureOutputStream(sc, ldap.out); } } } If the mechanism has an initial response, the library invokes {@code evaluateChallenge()} with an emptychallenge and to get initial response. Protocols such as IMAP4, which do not include an initial response with their first authentication command to the server, initiates the authentication without first calling {@code hasInitialResponse()}or {@code evaluateChallenge()}. When the server responds to the command, it sends an initial challenge. For a SASL mechanism in which the client sends data first, the server should have issued a challenge with no data. This will then result in a call (on the client) to {@code evaluateChallenge()} with an empty challenge. @since 1.5 @see Sasl @see SaslClientFactory @author Rosanna Lee @author Rob Weltman

        } else {
            authorizationId = (String) env.get(Context.SECURITY_PRINCIPAL);
        }

        // Create SASL client to use for authentication
        SaslClient saslClnt = Sasl.createSaslClient(new String[] { saslMech },
                authorizationId, "ldap", host, env, cbh);

        if (saslClnt == null) {
            throw new SaslException("SASL client not available");
        }

        // If the specific mechanism needs initial response, get one
        byte[] response = (saslClnt.hasInitialResponse() ? saslClnt
                .evaluateChallenge(new byte[0]) : null);

        // do bind operation, including the initial
        // response (if any)
        BindOp bind = new BindOp("", "", saslMech, response);
        client.doOperation(bind, controls);
        LdapResult res = bind.getResult();

        // If DefaultCallbackHandler is used, DIGEST-MD5 needs realm in
        // callbacke handler
        if (DIGEST_MD5.equals(saslMech)
                && cbh instanceof DefaultCallbackHandler) {
            ((DefaultCallbackHandler) cbh).setRealm(getRealm(new String(bind
                    .getServerSaslCreds())));
        }

        // Authentication done?
        while (!saslClnt.isComplete()
                && (res.getResultCode() == LdapResult.SASL_BIND_IN_PROGRESS || res
                        .getResultCode() == LdapResult.SUCCESS)) {

            // No, process challenge to get an appropriate next
            // response
            byte[] challenge = bind.getServerSaslCreds();
            response = saslClnt.evaluateChallenge(challenge);

            // May be a success message with no further response
            if (res.getResultCode() == LdapResult.SUCCESS) {

                if (response != null) {

    public void methodReceived(AMQStateManager stateManager, ConnectionSecureBody body, int channelId)
                throws AMQException
    {
        final AMQProtocolSession session = stateManager.getProtocolSession();
        SaslClient client = session.getSaslClient();
        if (client == null)
        {
            throw new AMQException("No SASL client set up - cannot proceed with authentication");
        }



        try
        {
            // Evaluate server challenge
            byte[] response = client.evaluateChallenge(body.getChallenge());

            ConnectionSecureOkBody secureOkBody = session.getMethodRegistry().createConnectionSecureOkBody(response);

            session.writeFrame(secureOkBody.generateFrame(channelId));
        }

                }

                byte[] saslResponse;
                try
                {
                    SaslClient sc =
                        Sasl.createSaslClient(new String[] { mechanism }, null, "AMQP", "localhost", null,
                            createCallbackHandler(mechanism, session));
                    if (sc == null)
                    {
                        throw new AMQException(
                            "Client SASL configuration error: no SaslClient could be created for mechanism " + mechanism
                            + ". Please ensure all factories are registered. See DynamicSaslRegistrar for "
                            + " details of how to register non-standard SASL client providers.");
                    }

                    session.setSaslClient(sc);
                    saslResponse = (sc.hasInitialResponse() ? sc.evaluateChallenge(new byte[0]) : null);
                }
                catch (SaslException e)
                {
                    session.setSaslClient(null);
                    throw new AMQException("Unable to create SASL client: " + e, e);

            {
                properties.put( Sasl.SERVER_AUTH, "true" );
            }

            // Creating a SASL Client
            SaslClient sc = Sasl.createSaslClient(
                new String[]
                    { bindRequest.getSaslMechanism() },
                saslRequest.getAuthorizationId(),
                "ldap",
                config.getLdapHost(),
                properties,
                new SaslCallbackHandler( saslRequest ) );

            // If the SaslClient wasn't created, that means we can't create the SASL client
            // for the requested mechanism. We then produce an Exception
            if ( sc == null )
            {
                String message = "Cannot find a SASL factory for the " + bindRequest.getSaslMechanism() + " mechanism";
                LOG.error( message );
                throw new LdapException( message );
            }

            // Corner case : the SASL mech might send an initial challenge, and we have to
            // deal with it immediately.
            if ( sc.hasInitialResponse() )
            {
                byte[] challengeResponse = sc.evaluateChallenge( new byte[0] );

                // Stores the challenge's response, and send it to the server
                bindRequest.setCredentials( challengeResponse );
                writeRequest( bindRequest );

                // Get the server's response, blocking
                bindResponse = bindFuture.get( timeout, TimeUnit.MILLISECONDS );

                if ( bindResponse == null )
                {
                    // We didn't received anything : this is an error
                    LOG.error( "bind failed : timeout occurred" );
                    throw new LdapException( TIME_OUT_ERROR );
                }

                result = bindResponse.getLdapResult().getResultCode();
            }
            else
            {
                // Copy the bindRequest without setting the credentials
                BindRequest bindRequestCopy = new BindRequestImpl();
                bindRequestCopy.setMessageId( newId );

                bindRequestCopy.setName( bindRequest.getName() );
                bindRequestCopy.setSaslMechanism( bindRequest.getSaslMechanism() );
                bindRequestCopy.setSimple( bindRequest.isSimple() );
                bindRequestCopy.setVersion3( bindRequest.getVersion3() );
                bindRequestCopy.addAllControls( bindRequest.getControls().values().toArray( new Control[0] ) );

                writeRequest( bindRequestCopy );

                bindResponse = bindFuture.get( timeout, TimeUnit.MILLISECONDS );

                if ( bindResponse == null )
                {
                    // We didn't received anything : this is an error
                    LOG.error( "bind failed : timeout occurred" );
                    throw new LdapException( TIME_OUT_ERROR );
                }

                result = bindResponse.getLdapResult().getResultCode();
            }

            while ( !sc.isComplete()
                && ( ( result == ResultCodeEnum.SASL_BIND_IN_PROGRESS ) || ( result == ResultCodeEnum.SUCCESS ) ) )
            {
                response = sc.evaluateChallenge( bindResponse.getServerSaslCreds() );

                if ( result == ResultCodeEnum.SUCCESS )
                {
                    if ( response != null )
                    {

                saslProps.put(Sasl.QOP, "auth-conf");
            }
            UsernamePasswordCallbackHandler handler =
                new UsernamePasswordCallbackHandler();
            handler.initialise(conSettings.getUsername(), conSettings.getPassword());
            SaslClient sc = Sasl.createSaslClient
                (mechs, null, conSettings.getSaslProtocol(), conSettings.getSaslServerName(), saslProps, handler);
            conn.setSaslClient(sc);

            byte[] response = sc.hasInitialResponse() ?
                sc.evaluateChallenge(new byte[0]) : null;
            conn.connectionStartOk
                (clientProperties, sc.getMechanismName(), response,
                 conn.getLocale());
        }
        catch (SaslException e)
        {
            conn.exception(e);

        }
    }

    @Override public void connectionSecure(Connection conn, ConnectionSecure secure)
    {
        SaslClient sc = conn.getSaslClient();
        try
        {
            byte[] response = sc.evaluateChallenge(secure.getChallenge());
            conn.connectionSecureOk(response);
        }
        catch (SaslException e)
        {
            conn.exception(e);

        conn.connectionOpen(conSettings.getVhost(), null, Option.INSIST);
    }

    @Override public void connectionOpenOk(Connection conn, ConnectionOpenOk ok)
    {
        SaslClient sc = conn.getSaslClient();
        if (sc != null)
        {
            if (sc.getMechanismName().equals("GSSAPI"))
            {
                String id = getKerberosUser();
                if (id != null)
                {
                    conn.setUserID(id);
                }
            }
            else if (sc.getMechanismName().equals("EXTERNAL"))
            {
                if (conn.getSecurityLayer() != null)
                {
                    conn.setUserID(conn.getSecurityLayer().getUserID());
                }

        SaslAuthenticator(final Mongo mongo, MongoCredential credentials) {
            super(mongo, credentials);
        }

        public CommandResult authenticate()  {
            SaslClient saslClient = createSaslClient();
            try {
                byte[] response = (saslClient.hasInitialResponse() ? saslClient.evaluateChallenge(new byte[0]) : null);
                CommandResult res = sendSaslStart(response);
                res.throwOnError();

                int conversationId = (Integer) res.get("conversationId");

                while (! (Boolean) res.get("done")) {
                    response = saslClient.evaluateChallenge((byte[]) res.get("payload"));

                    if (response == null) {
                        throw new MongoException("SASL protocol error: no client response to challenge");
                    }

                    res = sendSaslContinue(conversationId, response);
                    res.throwOnError();
                }
                return res;
            } catch (IOException e) {
                throw new MongoException.Network("IOException authenticating the connection", e);
            } finally {
                try {
                    saslClient.dispose();
                } catch (SaslException e) {
                    // ignore
                }
            }
        }

        props.put(Sasl.POLICY_NOPLAINTEXT, "false");
        props.put(Sasl.REUSE, "false");
        props.put(Sasl.POLICY_NOANONYMOUS, "true");

        String[] mechsArray = (String[]) mechs.toArray(new String[mechs.size()]);
        SaslClient client = null;
        for (int i = 0; i < mechsArray.length; i++) {
            String mech = mechsArray[i];
            try {
                if ("ANONYMOUS".equals(mech) || "EXTERNAL".equals(mech)) {
                    props.put(Sasl.POLICY_NOANONYMOUS, "false");

                                    }
                            }

                            }
                        };
                        final SaslClient sc = Sasl.createSaslClient(new String[] {"PLAIN"}, null,
                                                                    getConnectionSettings().getSaslProtocol(),
                                                                    getConnectionSettings().getSaslServerName(),
                                                                    saslProps, cbh);

                        return sc;