/*
*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*
*/
package org.apache.qpid.server.security.auth.sasl.plain;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.AuthorizeCallback;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import java.io.IOException;
public class PlainSaslServer implements SaslServer
{
public static final String MECHANISM = "PLAIN";
private CallbackHandler _cbh;
private String _authorizationId;
private boolean _complete = false;
public PlainSaslServer(CallbackHandler cbh)
{
_cbh = cbh;
}
public String getMechanismName()
{
return MECHANISM;
}
public byte[] evaluateResponse(byte[] response) throws SaslException
{
int authzidNullPosition = findNullPosition(response, 0);
if (authzidNullPosition < 0)
{
throw new SaslException("Invalid PLAIN encoding, authzid null terminator not found");
}
int authcidNullPosition = findNullPosition(response, authzidNullPosition + 1);
if (authcidNullPosition < 0)
{
throw new SaslException("Invalid PLAIN encoding, authcid null terminator not found");
}
PlainPasswordCallback passwordCb;
AuthorizeCallback authzCb;
try
{
// we do not currently support authcid in any meaningful way
String authzid = new String(response, authzidNullPosition + 1, authcidNullPosition - authzidNullPosition - 1, "utf8");
// TODO: should not get pwd as a String but as a char array...
int passwordLen = response.length - authcidNullPosition - 1;
String pwd = new String(response, authcidNullPosition + 1, passwordLen, "utf8");
// we do not care about the prompt but it throws if null
NameCallback nameCb = new NameCallback("prompt", authzid);
passwordCb = new PlainPasswordCallback("prompt", false, pwd);
authzCb = new AuthorizeCallback(authzid, authzid);
Callback[] callbacks = new Callback[]{nameCb, passwordCb, authzCb};
_cbh.handle(callbacks);
}
catch (IOException e)
{
if(e instanceof SaslException)
{
throw (SaslException) e;
}
throw new SaslException("Error processing data: " + e, e);
}
catch (UnsupportedCallbackException e)
{
throw new SaslException("Unable to obtain data from callback handler: " + e, e);
}
if (passwordCb.isAuthenticated())
{
_complete = true;
}
if (authzCb.isAuthorized() && _complete)
{
_authorizationId = authzCb.getAuthenticationID();
return null;
}
else
{
throw new SaslException("Authentication failed");
}
}
private int findNullPosition(byte[] response, int startPosition)
{
int position = startPosition;
while (position < response.length)
{
if (response[position] == (byte) 0)
{
return position;
}
position++;
}
return -1;
}
public boolean isComplete()
{
return _complete;
}
public String getAuthorizationID()
{
return _authorizationId;
}
public byte[] unwrap(byte[] incoming, int offset, int len) throws SaslException
{
throw new SaslException("Unsupported operation");
}
public byte[] wrap(byte[] outgoing, int offset, int len) throws SaslException
{
throw new SaslException("Unsupported operation");
}
public Object getNegotiatedProperty(String propName)
{
return null;
}
public void dispose() throws SaslException
{
_cbh = null;
}
}