private void saslComplete(Sasl sasl, Sasl.SaslOutcome saslOutcome) { log.debug("saslComplete: " + sasl); sasl.done(saslOutcome); if (chosenMechanism != null) { chosenMechanism.done(); chosenMechanism = null; } }
private void saslComplete(Sasl sasl, Sasl.SaslOutcome saslOutcome) { log.debug("saslComplete: " + sasl); sasl.done(saslOutcome); if (chosenMechanism != null) { chosenMechanism.done(); chosenMechanism = null; } }
@Override public void process(Handler<Boolean> completionHandler) { if (sasl == null) { throw new IllegalStateException("Init was not called with the associated transport"); } boolean done = false; String[] remoteMechanisms = sasl.getRemoteMechanisms(); if (remoteMechanisms.length > 0) { String chosen = remoteMechanisms[0]; if (ProtonSaslAnonymousImpl.MECH_NAME.equals(chosen)) { sasl.done(SaslOutcome.PN_SASL_OK); succeeded = true; } else { sasl.done(SaslOutcome.PN_SASL_AUTH); } done = true; } completionHandler.handle(done); }
private void addPrincipal(final Principal authzId) { succeeded = true; protonConnection.attachments().set(Constants.KEY_CLIENT_PRINCIPAL, Principal.class, authzId); LOG.debug("authentication of client [authorization ID: {}] succeeded", authzId.getName()); sasl.done(SaslOutcome.PN_SASL_OK); }
private void evaluateExternalResponse(final Handler<Boolean> completionHandler) { if (peerCertificateChain == null) { LOG.debug("SASL EXTERNAL authentication of client failed, client did not provide valid certificate chain"); sasl.done(SaslOutcome.PN_SASL_AUTH); } else { Principal clientIdentity = peerCertificateChain[0].getSubjectDN(); String commonName = getCommonName(clientIdentity.getName()); if (commonName == null) { LOG.debug("SASL EXTERNAL authentication of client failed, could not determine authorization ID"); sasl.done(SaslOutcome.PN_SASL_AUTH); } else { addPrincipal(commonName); } } completionHandler.handle(true); }
protected void checkServerSASL() { if (serverSasl != null && serverSasl.getRemoteMechanisms().length > 0) { // TODO: should we look at the first only? ServerSASL mechanism = saslHandlers.get(serverSasl.getRemoteMechanisms()[0]); if (mechanism != null) { byte[] dataSASL = new byte[serverSasl.pending()]; serverSasl.recv(dataSASL, 0, dataSASL.length); if (log.isTraceEnabled()) { log.trace("Working on sasl::" + ByteUtil.bytesToHex(dataSASL, 2)); } saslResult = mechanism.processSASL(dataSASL); if (saslResult != null && saslResult.isSuccess()) { serverSasl.done(Sasl.SaslOutcome.PN_SASL_OK); serverSasl = null; saslHandlers.clear(); saslHandlers = null; } else { serverSasl.done(Sasl.SaslOutcome.PN_SASL_AUTH); } serverSasl = null; } else { // no auth available, system error serverSasl.done(Sasl.SaslOutcome.PN_SASL_SYS); } } }
private void evaluatePlainResponse(final Handler<Boolean> completionHandler) { byte[] saslResponse = new byte[sasl.pending()]; sasl.recv(saslResponse, 0, saslResponse.length); final DeliveryOptions options = new DeliveryOptions().setSendTimeout(AUTH_REQUEST_TIMEOUT_MILLIS); final JsonObject authenticationRequest = getAuthenticationRequest(MECHANISM_PLAIN, saslResponse); vertx.eventBus().send(EVENT_BUS_ADDRESS_AUTHENTICATION_IN, authenticationRequest, options, reply -> { if (reply.succeeded()) { JsonObject result = (JsonObject) reply.result().body(); LOG.debug("received result of successful authentication request: {}", result); addPrincipal(result.getString(FIELD_AUTHORIZATION_ID)); } else { LOG.debug("authentication of client failed", reply.cause()); sasl.done(SaslOutcome.PN_SASL_AUTH); } completionHandler.handle(true); }); }
public void processSaslExchange(ConnectionInfo connectionInfo) { if (sasl.getRemoteMechanisms().length > 0) { SaslMechanism mechanism = getSaslMechanism(sasl.getRemoteMechanisms()); if (mechanism != null) { LOG.debug("SASL [{}} Handshake started.", mechanism.getMechanismName()); mechanism.processSaslStep(sasl); if (!mechanism.isFailed()) { connectionInfo.setUserName(mechanism.getUsername()); connectionInfo.setPassword(mechanism.getPassword()); if (tryAuthenticate(connectionInfo, transport.getPeerCertificates())) { sasl.done(Sasl.SaslOutcome.PN_SASL_OK); } else { sasl.done(Sasl.SaslOutcome.PN_SASL_AUTH); } LOG.debug("SASL [{}} Handshake complete.", mechanism.getMechanismName()); } else { LOG.debug("SASL [{}} Handshake failed: {}", mechanism.getMechanismName(), mechanism.getFailureReason()); sasl.done(Sasl.SaslOutcome.PN_SASL_AUTH); } } else { LOG.info("SASL: could not find supported mechanism"); sasl.done(Sasl.SaslOutcome.PN_SASL_PERM); } } }
public void processSaslExchange(ConnectionInfo connectionInfo) { if (sasl.getRemoteMechanisms().length > 0) { SaslMechanism mechanism = getSaslMechanism(sasl.getRemoteMechanisms()); if (mechanism != null) { LOG.debug("SASL [{}} Handshake started.", mechanism.getMechanismName()); mechanism.processSaslStep(sasl); if (!mechanism.isFailed()) { connectionInfo.setUserName(mechanism.getUsername()); connectionInfo.setPassword(mechanism.getPassword()); if (tryAuthenticate(connectionInfo, transport.getPeerCertificates())) { sasl.done(Sasl.SaslOutcome.PN_SASL_OK); } else { sasl.done(Sasl.SaslOutcome.PN_SASL_AUTH); } LOG.debug("SASL [{}} Handshake complete.", mechanism.getMechanismName()); } else { LOG.debug("SASL [{}} Handshake failed: {}", mechanism.getMechanismName(), mechanism.getFailureReason()); sasl.done(Sasl.SaslOutcome.PN_SASL_AUTH); } } else { LOG.info("SASL: could not find supported mechanism"); sasl.done(Sasl.SaslOutcome.PN_SASL_PERM); } } }
@Override public void process(final Handler<Boolean> completionHandler) { final String[] remoteMechanisms = sasl.getRemoteMechanisms(); if (remoteMechanisms.length == 0) { LOG.debug("client provided an empty list of SASL mechanisms [hostname: {}, state: {}]", sasl.getHostname(), sasl.getState().name()); completionHandler.handle(false); } else { final String chosenMechanism = remoteMechanisms[0]; LOG.debug("client wants to authenticate using SASL [mechanism: {}, host: {}, state: {}]", chosenMechanism, sasl.getHostname(), sasl.getState().name()); final Future<HonoUser> authTracker = Future.future(); authTracker.setHandler(s -> { if (s.succeeded()) { final HonoUser user = s.result(); LOG.debug("authentication of client [authorization ID: {}] succeeded", user.getName()); Constants.setClientPrincipal(protonConnection, user); succeeded = true; sasl.done(SaslOutcome.PN_SASL_OK); } else { LOG.debug("authentication failed: " + s.cause().getMessage()); sasl.done(SaslOutcome.PN_SASL_AUTH); } completionHandler.handle(Boolean.TRUE); }); final byte[] saslResponse = new byte[sasl.pending()]; sasl.recv(saslResponse, 0, saslResponse.length); verify(chosenMechanism, saslResponse, authTracker.completer()); } }
@Override public void process(final Handler<Boolean> completionHandler) { final String[] remoteMechanisms = sasl.getRemoteMechanisms(); if (remoteMechanisms.length == 0) { LOG.debug("client provided an empty list of SASL mechanisms [hostname: {}, state: {}]", sasl.getHostname(), sasl.getState().name()); completionHandler.handle(false); } else { final String chosenMechanism = remoteMechanisms[0]; LOG.debug("client wants to authenticate using SASL [mechanism: {}, host: {}, state: {}]", chosenMechanism, sasl.getHostname(), sasl.getState().name()); final Future<HonoUser> authTracker = Future.future(); authTracker.setHandler(s -> { if (s.succeeded()) { final HonoUser user = s.result(); LOG.debug("authentication of client [authorization ID: {}] succeeded", user.getName()); Constants.setClientPrincipal(protonConnection, user); succeeded = true; sasl.done(SaslOutcome.PN_SASL_OK); } else { LOG.debug("authentication failed: " + s.cause().getMessage()); sasl.done(SaslOutcome.PN_SASL_AUTH); } completionHandler.handle(Boolean.TRUE); }); final byte[] saslResponse = new byte[sasl.pending()]; sasl.recv(saslResponse, 0, saslResponse.length); verify(chosenMechanism, saslResponse, authTracker.completer()); } }
@Override public void process(final Handler<Boolean> completionHandler) { String[] remoteMechanisms = sasl.getRemoteMechanisms(); if (remoteMechanisms.length > 0) { String chosenMechanism = remoteMechanisms[0]; LOG.debug("client wants to use {} SASL mechanism [host: {}, state: {}]", chosenMechanism, sasl.getHostname(), sasl.getState().name()); if (MECHANISM_PLAIN.equals(chosenMechanism)) { evaluatePlainResponse(completionHandler); } else if (MECHANISM_EXTERNAL.equals(chosenMechanism)) { evaluateExternalResponse(completionHandler); } else { LOG.info("client wants to use unsupported {} SASL mechanism [host: {}, state: {}]", chosenMechanism, sasl.getHostname(), sasl.getState().name()); sasl.done(SaslOutcome.PN_SASL_AUTH); completionHandler.handle(true); } } else { LOG.debug("client provided an empty list of SASL mechanisms [hostname: {}, state: {}]", sasl.getHostname(), sasl.getState().name()); completionHandler.handle(false); } }
@Override public void run(Selectable selectable) { Reactor reactor = selectable.getReactor(); try { SocketChannel socketChannel = ((ServerSocketChannel)selectable.getChannel()).accept(); if (socketChannel == null) { throw new ReactorInternalException("Selectable readable, but no socket to accept"); } Handler handler = BaseHandler.getHandler(AcceptorImpl.this); if (handler == null) { handler = reactor.getHandler(); } Connection conn = reactor.connection(handler); Transport trans = Proton.transport(); Sasl sasl = trans.sasl(); sasl.server(); sasl.setMechanisms("ANONYMOUS"); sasl.done(SaslOutcome.PN_SASL_OK); trans.bind(conn); IOHandler.selectableTransport(reactor, socketChannel.socket(), trans); } catch(IOException ioException) { sel.error(); } } }
sasl.server(); sasl.setMechanisms("ANONYMOUS"); sasl.done(SaslOutcome.PN_SASL_OK);
sasl.done(Sasl.SaslOutcome.PN_SASL_OK);
sasl.done(Sasl.SaslOutcome.PN_SASL_OK);
sasl.done(Sasl.SaslOutcome.PN_SASL_OK);