public boolean hasInitialResponse() { return delegate.hasInitialResponse(); }
public byte[] getInitialResponse() throws SaslException { if (saslClient.hasInitialResponse()) { return saslClient.evaluateChallenge(EMPTY_TOKEN); } else { return EMPTY_TOKEN; } }
void sendHello(Channel c) throws Exception { byte[] hello = client.hasInitialResponse() ? client.evaluateChallenge(new byte[0]) : new byte[0]; c.writeAndFlush(new SaslMessage(clientId, hello)).addListener(future -> { if (!future.isSuccess()) { LOG.error("Failed to send test message to HiveServer2", future.cause()); onError(future.cause()); } }); } }
@Override protected byte[] getAuthenticationText() throws SmackException { if (sc.hasInitialResponse()) { try { return sc.evaluateChallenge(new byte[0]); } catch (SaslException e) { throw new SmackException(e); } } return null; }
public void initialize(ClientCnxn cnxn) throws SaslException { if (saslClient == null) { saslState = SaslState.FAILED; throw new SaslException("saslClient failed to initialize properly: it's null."); } if (saslState == SaslState.INITIAL) { if (saslClient.hasInitialResponse()) { sendSaslPacket(cnxn); } else { byte[] emptyToken = new byte[0]; sendSaslPacket(emptyToken, cnxn); } saslState = SaslState.INTERMEDIATE; } }
private byte[] createSaslToken(final byte[] saslToken, boolean isInitial) throws SaslException { if (saslToken == null) throw new IllegalSaslStateException("Error authenticating with the Kafka Broker: received a `null` saslToken."); try { if (isInitial && !saslClient.hasInitialResponse()) return saslToken; else return Subject.doAs(subject, (PrivilegedExceptionAction<byte[]>) () -> saslClient.evaluateChallenge(saslToken)); } catch (PrivilegedActionException e) { String error = "An error: (" + e + ") occurred when evaluating SASL token received from the Kafka Broker."; KerberosError kerberosError = KerberosError.fromException(e); // Try to provide hints to use about what went wrong so they can fix their configuration. if (kerberosError == KerberosError.SERVER_NOT_FOUND) { error += " This may be caused by Java's being unable to resolve the Kafka Broker's" + " hostname correctly. You may want to try to adding" + " '-Dsun.net.spi.nameservice.provider.1=dns,sun' to your client's JVMFLAGS environment." + " Users must configure FQDN of kafka brokers when authenticating using SASL and" + " `socketChannel.socket().getInetAddress().getHostName()` must match the hostname in `principal/hostname@realm`"; } error += " Kafka Client will go to AUTHENTICATION_FAILED state."; //Unwrap the SaslException inside `PrivilegedActionException` Throwable cause = e.getCause(); // Treat transient Kerberos errors as non-fatal SaslExceptions that are processed as I/O exceptions // and all other failures as fatal SaslAuthenticationException. if (kerberosError != null && kerberosError.retriable()) throw new SaslException(error, cause); else throw new SaslAuthenticationException(error, cause); } }
public void initialize(ClientCnxn cnxn) throws SaslException { if (saslClient == null) { saslState = SaslState.FAILED; throw new SaslException("saslClient failed to initialize properly: it's null."); } if (saslState == SaslState.INITIAL) { if (saslClient.hasInitialResponse()) { sendSaslPacket(cnxn); } else { byte[] emptyToken = new byte[0]; sendSaslPacket(emptyToken, cnxn); } saslState = SaslState.INTERMEDIATE; } }
public Message addHeader(Message msg, byte[] payload) throws SaslException { byte[] response; if (payload == null) { if (client.hasInitialResponse()) { response = evaluateChallenge(EMPTY_CHALLENGE); } else { response = EMPTY_CHALLENGE; } } else { response = evaluateChallenge(payload); } if (response != null) { return msg.putHeader(SASL.SASL_ID, new SaslHeader(Type.RESPONSE, response)); } else { return null; } }
@Override public SaslMessage getInitialMessage(String channelId) throws SaslException { byte[] initiateSaslResponse = null; if (mSaslClient.hasInitialResponse()) { initiateSaslResponse = mSaslClient.evaluateChallenge(S_PLAIN_INITIATE_CHANNEL); } SaslMessage.Builder initialResponse = SaslMessage.newBuilder().setMessageType(SaslMessageType.CHALLENGE) .setAuthenticationName(AuthType.SIMPLE.getAuthName()); if (initiateSaslResponse != null) { initialResponse.setMessage(ByteString.copyFrom(initiateSaslResponse)); } initialResponse.setClientId(channelId); return initialResponse.build(); } }
@Override public Void run() { final SaslClient saslClient = createSaslClient(connection.getDescription().getServerAddress()); throwIfSaslClientIsNull(saslClient); try { byte[] response = (saslClient.hasInitialResponse() ? saslClient.evaluateChallenge(new byte[0]) : null); sendSaslStartAsync(response, connection, new SingleResultCallback<BsonDocument>() { @Override public void onResult(final BsonDocument result, final Throwable t) { if (t != null) { callback.onResult(null, wrapException(t)); } else if (result.getBoolean("done").getValue()) { callback.onResult(null, null); } else { new Continuator(saslClient, result, connection, callback).start(); } } }); } catch (SaslException e) { throw wrapException(e); } return null; } });
public void initiate(final String mechanismName) { logger.trace("Initiating SASL exchange."); try { final ByteString responseData; final SaslClient saslClient = connection.getSaslClient(); if (saslClient.hasInitialResponse()) { responseData = ByteString.copyFrom(evaluateChallenge(ugi, saslClient, new byte[0])); } else { responseData = ByteString.EMPTY; } client.send(new AuthenticationOutcomeListener<>(client, connection, saslRpcType, ugi, completionListener), connection, saslRpcType, SaslMessage.newBuilder() .setMechanism(mechanismName) .setStatus(SaslStatus.SASL_START) .setData(responseData) .build(), SaslMessage.class, true /* the connection will not be backed up at this point */); logger.trace("Initiated SASL exchange."); } catch (final Exception e) { completionListener.failed(RpcException.mapException(e)); } }
QuorumAuth.QUORUM_SERVER_SASL_DIGEST, LOG, "QuorumLearner"); if (sc.hasInitialResponse()) { responseToken = createSaslToken(new byte[0], sc, learnerLogin);
if (sasl.client.hasInitialResponse()) response = ByteBuffer.wrap(sasl.evaluate(response.array())); write(Status.START, sasl.getMechanismName(), response);
QuorumAuth.QUORUM_SERVER_SASL_DIGEST, LOG, "QuorumLearner"); if (sc.hasInitialResponse()) { responseToken = createSaslToken(new byte[0], sc, learnerLogin);
final byte[] response; try { response = usedSaslClient.hasInitialResponse() ? usedSaslClient.evaluateChallenge(EMPTY_BYTES) : null; } catch (Throwable e) { client.tracef("Client authentication failed: %s", e);
if (saslClient.hasInitialResponse()) { try { response = saslClient.evaluateChallenge(NO_BYTES);
@Override public Void run() { SaslClient saslClient = createSaslClient(connection.getDescription().getServerAddress()); throwIfSaslClientIsNull(saslClient); try { byte[] response = (saslClient.hasInitialResponse() ? saslClient.evaluateChallenge(new byte[0]) : null); BsonDocument res = sendSaslStart(response, connection); BsonInt32 conversationId = res.getInt32("conversationId"); while (!(res.getBoolean("done")).getValue()) { response = saslClient.evaluateChallenge((res.getBinary("payload")).getData()); if (response == null) { throw new MongoSecurityException(getMongoCredential(), "SASL protocol error: no client response to challenge for credential " + getMongoCredential()); } res = sendSaslContinue(conversationId, response, connection); } } catch (Exception e) { throw wrapException(e); } finally { disposeOfSaslClient(saslClient); } return null; } });
public byte[] getInitialResponse() throws SaslException { if (saslClient.hasInitialResponse()) { return saslClient.evaluateChallenge(EMPTY_TOKEN); } else { return EMPTY_TOKEN; } }
saslAuthType = SaslAuth.newBuilder(saslAuthType).clearChallenge().build(); } else if (saslClient.hasInitialResponse()) { challengeToken = new byte[0];
private Command startAuth() throws SaslException { // destroy previous client. destroySaslClient(); this.saslClient = Sasl.createSaslClient(authInfo.getMechanisms(), null, "memcached", memcachedTCPSession.getRemoteSocketAddress().toString(), null, this.authInfo.getCallbackHandler()); byte[] response = saslClient.hasInitialResponse() ? saslClient.evaluateChallenge(EMPTY_BYTES) : EMPTY_BYTES; CountDownLatch latch = new CountDownLatch(1); Command command = this.commandFactory.createAuthStartCommand(saslClient.getMechanismName(), latch, response); if (!this.memcachedTCPSession.isClosed()) this.memcachedTCPSession.write(command); else { log.error("Authentication fail,because the connection has been closed"); throw new RuntimeException("Authentication fai,connection has been close"); } return command; }