@Override public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { for (Callback callback : callbacks) { if (callback instanceof NameCallback) { logger.trace("SASL client callback: setting username"); NameCallback nc = (NameCallback) callback; nc.setName(encodeIdentifier(secretKeyHolder.getSaslUser(secretKeyId))); } else if (callback instanceof PasswordCallback) { logger.trace("SASL client callback: setting password"); PasswordCallback pc = (PasswordCallback) callback; pc.setPassword(encodePassword(secretKeyHolder.getSecretKey(secretKeyId))); } else if (callback instanceof RealmCallback) { logger.trace("SASL client callback: setting realm"); RealmCallback rc = (RealmCallback) callback; rc.setText(rc.getDefaultText()); } else if (callback instanceof RealmChoiceCallback) { // ignore (?) } else { throw new UnsupportedCallbackException(callback, "Unrecognized SASL DIGEST-MD5 Callback"); } } } }
String secret = secretKeyHolder.getSecretKey(challenge.appId); Preconditions.checkState(secret != null, "Trying to authenticate non-registered app %s.", challenge.appId);
String secret = secretKeyHolder.getSecretKey(challenge.appId); Preconditions.checkState(secret != null, "Trying to authenticate non-registered app %s.", challenge.appId);
@Override public void handle(Callback[] callbacks) throws UnsupportedCallbackException { for (Callback callback : callbacks) { if (callback instanceof NameCallback) { logger.trace("SASL client callback: setting username"); NameCallback nc = (NameCallback) callback; nc.setName(encodeIdentifier(secretKeyHolder.getSaslUser(secretKeyId))); } else if (callback instanceof PasswordCallback) { logger.trace("SASL client callback: setting password"); PasswordCallback pc = (PasswordCallback) callback; pc.setPassword(encodePassword(secretKeyHolder.getSecretKey(secretKeyId))); } else if (callback instanceof RealmCallback) { logger.trace("SASL client callback: setting realm"); RealmCallback rc = (RealmCallback) callback; rc.setText(rc.getDefaultText()); } else if (callback instanceof RealmChoiceCallback) { // ignore (?) } else { throw new UnsupportedCallbackException(callback, "Unrecognized SASL DIGEST-MD5 Callback"); } } } }
String secret = secretKeyHolder.getSecretKey(challenge.appId); Preconditions.checkState(secret != null, "Trying to authenticate non-registered app %s.", challenge.appId);
@Override public void handle(Callback[] callbacks) throws UnsupportedCallbackException { for (Callback callback : callbacks) { if (callback instanceof NameCallback) { logger.trace("SASL client callback: setting username"); NameCallback nc = (NameCallback) callback; nc.setName(encodeIdentifier(secretKeyHolder.getSaslUser(secretKeyId))); } else if (callback instanceof PasswordCallback) { logger.trace("SASL client callback: setting password"); PasswordCallback pc = (PasswordCallback) callback; pc.setPassword(encodePassword(secretKeyHolder.getSecretKey(secretKeyId))); } else if (callback instanceof RealmCallback) { logger.trace("SASL client callback: setting realm"); RealmCallback rc = (RealmCallback) callback; rc.setText(rc.getDefaultText()); } else if (callback instanceof RealmChoiceCallback) { // ignore (?) } else { throw new UnsupportedCallbackException(callback, "Unrecognized SASL DIGEST-MD5 Callback"); } } } }
private void doSparkAuth(TransportClient client, Channel channel) throws GeneralSecurityException, IOException { String secretKey = secretKeyHolder.getSecretKey(appId); try (AuthEngine engine = new AuthEngine(appId, secretKey, conf)) { ClientChallenge challenge = engine.challenge(); ByteBuf challengeData = Unpooled.buffer(challenge.encodedLength()); challenge.encode(challengeData); ByteBuffer responseData = client.sendRpcSync(challengeData.nioBuffer(), conf.authRTTimeoutMs()); ServerResponse response = ServerResponse.decodeMessage(responseData); engine.validate(response); engine.sessionCipher().addToChannel(channel); } }
@Override public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { for (Callback callback : callbacks) { if (callback instanceof NameCallback) { logger.trace("SASL client callback: setting username"); NameCallback nc = (NameCallback) callback; nc.setName(encodeIdentifier(secretKeyHolder.getSaslUser(secretKeyId))); } else if (callback instanceof PasswordCallback) { logger.trace("SASL client callback: setting password"); PasswordCallback pc = (PasswordCallback) callback; pc.setPassword(encodePassword(secretKeyHolder.getSecretKey(secretKeyId))); } else if (callback instanceof RealmCallback) { logger.trace("SASL client callback: setting realm"); RealmCallback rc = (RealmCallback) callback; rc.setText(rc.getDefaultText()); } else if (callback instanceof RealmChoiceCallback) { // ignore (?) } else { throw new UnsupportedCallbackException(callback, "Unrecognized SASL DIGEST-MD5 Callback"); } } } }
private void doSparkAuth(TransportClient client, Channel channel) throws GeneralSecurityException, IOException { String secretKey = secretKeyHolder.getSecretKey(appId); try (AuthEngine engine = new AuthEngine(appId, secretKey, conf)) { ClientChallenge challenge = engine.challenge(); ByteBuf challengeData = Unpooled.buffer(challenge.encodedLength()); challenge.encode(challengeData); ByteBuffer responseData = client.sendRpcSync(challengeData.nioBuffer(), conf.authRTTimeoutMs()); ServerResponse response = ServerResponse.decodeMessage(responseData); engine.validate(response); engine.sessionCipher().addToChannel(channel); } }
private SecretKeyHolder createKeyHolder(String secret) { SecretKeyHolder keyHolder = mock(SecretKeyHolder.class); when(keyHolder.getSaslUser(anyString())).thenReturn(appId); when(keyHolder.getSecretKey(anyString())).thenReturn(secret); return keyHolder; }
private void doSparkAuth(TransportClient client, Channel channel) throws GeneralSecurityException, IOException { String secretKey = secretKeyHolder.getSecretKey(appId); try (AuthEngine engine = new AuthEngine(appId, secretKey, conf)) { ClientChallenge challenge = engine.challenge(); ByteBuf challengeData = Unpooled.buffer(challenge.encodedLength()); challenge.encode(challengeData); ByteBuffer responseData = client.sendRpcSync(challengeData.nioBuffer(), conf.authRTTimeoutMs()); ServerResponse response = ServerResponse.decodeMessage(responseData); engine.validate(response); engine.sessionCipher().addToChannel(channel); } }
private SecretKeyHolder createKeyHolder(String secret) { SecretKeyHolder keyHolder = mock(SecretKeyHolder.class); when(keyHolder.getSaslUser(anyString())).thenReturn(appId); when(keyHolder.getSecretKey(anyString())).thenReturn(secret); return keyHolder; }
@BeforeClass public static void beforeAll() throws IOException { conf = new TransportConf("shuffle", MapConfigProvider.EMPTY); context = new TransportContext(conf, new TestRpcHandler()); secretKeyHolder = mock(SecretKeyHolder.class); when(secretKeyHolder.getSaslUser(eq("app-1"))).thenReturn("app-1"); when(secretKeyHolder.getSecretKey(eq("app-1"))).thenReturn("app-1"); when(secretKeyHolder.getSaslUser(eq("app-2"))).thenReturn("app-2"); when(secretKeyHolder.getSecretKey(eq("app-2"))).thenReturn("app-2"); when(secretKeyHolder.getSaslUser(anyString())).thenReturn("other-app"); when(secretKeyHolder.getSecretKey(anyString())).thenReturn("correct-password"); TransportServerBootstrap bootstrap = new SaslServerBootstrap(conf, secretKeyHolder); server = context.createServer(Arrays.asList(bootstrap)); }
@BeforeClass public static void beforeAll() throws IOException { conf = new TransportConf("shuffle", MapConfigProvider.EMPTY); context = new TransportContext(conf, new TestRpcHandler()); secretKeyHolder = mock(SecretKeyHolder.class); when(secretKeyHolder.getSaslUser(eq("app-1"))).thenReturn("app-1"); when(secretKeyHolder.getSecretKey(eq("app-1"))).thenReturn("app-1"); when(secretKeyHolder.getSaslUser(eq("app-2"))).thenReturn("app-2"); when(secretKeyHolder.getSecretKey(eq("app-2"))).thenReturn("app-2"); when(secretKeyHolder.getSaslUser(anyString())).thenReturn("other-app"); when(secretKeyHolder.getSecretKey(anyString())).thenReturn("correct-password"); TransportServerBootstrap bootstrap = new SaslServerBootstrap(conf, secretKeyHolder); server = context.createServer(Arrays.asList(bootstrap)); }
@BeforeClass public static void beforeAll() throws IOException { conf = new TransportConf("shuffle", MapConfigProvider.EMPTY); context = new TransportContext(conf, new TestRpcHandler()); secretKeyHolder = mock(SecretKeyHolder.class); when(secretKeyHolder.getSaslUser(eq("app-1"))).thenReturn("app-1"); when(secretKeyHolder.getSecretKey(eq("app-1"))).thenReturn("app-1"); when(secretKeyHolder.getSaslUser(eq("app-2"))).thenReturn("app-2"); when(secretKeyHolder.getSecretKey(eq("app-2"))).thenReturn("app-2"); when(secretKeyHolder.getSaslUser(anyString())).thenReturn("other-app"); when(secretKeyHolder.getSecretKey(anyString())).thenReturn("correct-password"); TransportServerBootstrap bootstrap = new SaslServerBootstrap(conf, secretKeyHolder); server = context.createServer(Arrays.asList(bootstrap)); }
@Override public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { for (Callback callback : callbacks) { if (callback instanceof NameCallback) { logger.trace("SASL server callback: setting username"); NameCallback nc = (NameCallback) callback; nc.setName(encodeIdentifier(secretKeyHolder.getSaslUser(secretKeyId))); } else if (callback instanceof PasswordCallback) { logger.trace("SASL server callback: setting password"); PasswordCallback pc = (PasswordCallback) callback; pc.setPassword(encodePassword(secretKeyHolder.getSecretKey(secretKeyId))); } else if (callback instanceof RealmCallback) { logger.trace("SASL server callback: setting realm"); RealmCallback rc = (RealmCallback) callback; rc.setText(rc.getDefaultText()); } else if (callback instanceof AuthorizeCallback) { AuthorizeCallback ac = (AuthorizeCallback) callback; String authId = ac.getAuthenticationID(); String authzId = ac.getAuthorizationID(); ac.setAuthorized(authId.equals(authzId)); if (ac.isAuthorized()) { ac.setAuthorizedID(authzId); } logger.debug("SASL Authorization complete, authorized set to {}", ac.isAuthorized()); } else { throw new UnsupportedCallbackException(callback, "Unrecognized SASL DIGEST-MD5 Callback"); } } } }
@Override public void handle(Callback[] callbacks) throws UnsupportedCallbackException { for (Callback callback : callbacks) { if (callback instanceof NameCallback) { logger.trace("SASL server callback: setting username"); NameCallback nc = (NameCallback) callback; nc.setName(encodeIdentifier(secretKeyHolder.getSaslUser(secretKeyId))); } else if (callback instanceof PasswordCallback) { logger.trace("SASL server callback: setting password"); PasswordCallback pc = (PasswordCallback) callback; pc.setPassword(encodePassword(secretKeyHolder.getSecretKey(secretKeyId))); } else if (callback instanceof RealmCallback) { logger.trace("SASL server callback: setting realm"); RealmCallback rc = (RealmCallback) callback; rc.setText(rc.getDefaultText()); } else if (callback instanceof AuthorizeCallback) { AuthorizeCallback ac = (AuthorizeCallback) callback; String authId = ac.getAuthenticationID(); String authzId = ac.getAuthorizationID(); ac.setAuthorized(authId.equals(authzId)); if (ac.isAuthorized()) { ac.setAuthorizedID(authzId); } logger.debug("SASL Authorization complete, authorized set to {}", ac.isAuthorized()); } else { throw new UnsupportedCallbackException(callback, "Unrecognized SASL DIGEST-MD5 Callback"); } } } }
@Override public void handle(Callback[] callbacks) throws UnsupportedCallbackException { for (Callback callback : callbacks) { if (callback instanceof NameCallback) { logger.trace("SASL server callback: setting username"); NameCallback nc = (NameCallback) callback; nc.setName(encodeIdentifier(secretKeyHolder.getSaslUser(secretKeyId))); } else if (callback instanceof PasswordCallback) { logger.trace("SASL server callback: setting password"); PasswordCallback pc = (PasswordCallback) callback; pc.setPassword(encodePassword(secretKeyHolder.getSecretKey(secretKeyId))); } else if (callback instanceof RealmCallback) { logger.trace("SASL server callback: setting realm"); RealmCallback rc = (RealmCallback) callback; rc.setText(rc.getDefaultText()); } else if (callback instanceof AuthorizeCallback) { AuthorizeCallback ac = (AuthorizeCallback) callback; String authId = ac.getAuthenticationID(); String authzId = ac.getAuthorizationID(); ac.setAuthorized(authId.equals(authzId)); if (ac.isAuthorized()) { ac.setAuthorizedID(authzId); } logger.debug("SASL Authorization complete, authorized set to {}", ac.isAuthorized()); } else { throw new UnsupportedCallbackException(callback, "Unrecognized SASL DIGEST-MD5 Callback"); } } } }
@Override public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { for (Callback callback : callbacks) { if (callback instanceof NameCallback) { logger.trace("SASL server callback: setting username"); NameCallback nc = (NameCallback) callback; nc.setName(encodeIdentifier(secretKeyHolder.getSaslUser(secretKeyId))); } else if (callback instanceof PasswordCallback) { logger.trace("SASL server callback: setting password"); PasswordCallback pc = (PasswordCallback) callback; pc.setPassword(encodePassword(secretKeyHolder.getSecretKey(secretKeyId))); } else if (callback instanceof RealmCallback) { logger.trace("SASL server callback: setting realm"); RealmCallback rc = (RealmCallback) callback; rc.setText(rc.getDefaultText()); } else if (callback instanceof AuthorizeCallback) { AuthorizeCallback ac = (AuthorizeCallback) callback; String authId = ac.getAuthenticationID(); String authzId = ac.getAuthorizationID(); ac.setAuthorized(authId.equals(authzId)); if (ac.isAuthorized()) { ac.setAuthorizedID(authzId); } logger.debug("SASL Authorization complete, authorized set to {}", ac.isAuthorized()); } else { throw new UnsupportedCallbackException(callback, "Unrecognized SASL DIGEST-MD5 Callback"); } } } }
@Test public void testBadClient() { SecretKeyHolder badKeyHolder = mock(SecretKeyHolder.class); when(badKeyHolder.getSaslUser(anyString())).thenReturn("other-app"); when(badKeyHolder.getSecretKey(anyString())).thenReturn("wrong-password"); clientFactory = context.createClientFactory( Arrays.asList(new SaslClientBootstrap(conf, "unknown-app", badKeyHolder))); try { // Bootstrap should fail on startup. clientFactory.createClient(TestUtils.getLocalHost(), server.getPort()); fail("Connection should have failed."); } catch (Exception e) { assertTrue(e.getMessage(), e.getMessage().contains("Mismatched response")); } }