Java Code Examples for javax.security.sasl.Sasl#createSaslClient()

private void runNegotiation(CallbackHandler clientCbh,
                            CallbackHandler serverCbh)
                                throws SaslException {
  String mechanism = AuthMethod.PLAIN.getMechanismName();

  SaslClient saslClient = Sasl.createSaslClient(
      new String[]{ mechanism }, null, null, null, null, clientCbh);
  assertNotNull(saslClient);

  SaslServer saslServer = Sasl.createSaslServer(
      mechanism, null, "localhost", null, serverCbh);
  assertNotNull("failed to find PLAIN server", saslServer);
  
  byte[] response = saslClient.evaluateChallenge(new byte[0]);
  assertNotNull(response);
  assertTrue(saslClient.isComplete());

  response = saslServer.evaluateResponse(response);
  assertNull(response);
  assertTrue(saslServer.isComplete());
  assertNotNull(saslServer.getAuthorizationID());
}
 

@Override
public SaslClient createClient(Configuration conf, InetAddress serverAddr,
    SecurityInfo securityInfo, Token<? extends TokenIdentifier> token, boolean fallbackAllowed,
    Map<String, String> saslProps) throws IOException {
  return Sasl.createSaslClient(new String[] { getSaslAuthMethod().getSaslMechanism() }, null,
      null, SaslUtil.SASL_DEFAULT_REALM, saslProps, new DigestSaslClientCallbackHandler(token));
}
 

public SampleClient(String requestedQOPs) throws SaslException {

        Map<String,String> properties = new HashMap<String,String>();

        if (requestedQOPs != null) {
            properties.put(Sasl.QOP, requestedQOPs);
        }
        saslClient = Sasl.createSaslClient(new String[]{ DIGEST_MD5 }, null,
            "local", "127.0.0.1", properties, new SampleCallbackHandler());
    }
 

@Override
public SaslClient createClient(Configuration conf, InetAddress serverAddr,
    SecurityInfo securityInfo, Token<? extends TokenIdentifier> token, boolean fallbackAllowed,
    Map<String, String> saslProps) throws IOException {
  String serverPrincipal = getServerPrincipal(conf, securityInfo, serverAddr);
  LOG.debug("Setting up Kerberos RPC to server={}", serverPrincipal);
  String[] names = SaslUtil.splitKerberosName(serverPrincipal);
  if (names.length != 3) {
    throw new IOException("Kerberos principal '" + serverPrincipal
        + "' does not have the expected format");
  }
  return Sasl.createSaslClient(new String[] { getSaslAuthMethod().getSaslMechanism() }, null,
      names[0], names[1], saslProps, null);
}
 

public SampleClient(String requestedQOPs) throws SaslException {

        Map<String,String> properties = new HashMap<String,String>();

        if (requestedQOPs != null) {
            properties.put(Sasl.QOP, requestedQOPs);
        }
        saslClient = Sasl.createSaslClient(new String[]{ DIGEST_MD5 }, null,
            "local", "127.0.0.1", properties, new SampleCallbackHandler());
    }
 

public SampleClient(String requestedQOPs) throws SaslException {

        Map<String,String> properties = new HashMap<String,String>();

        if (requestedQOPs != null) {
            properties.put(Sasl.QOP, requestedQOPs);
        }
        saslClient = Sasl.createSaslClient(new String[]{ DIGEST_MD5 }, null,
            "local", "127.0.0.1", properties, new SampleCallbackHandler());
    }
 

public SampleClient(String requestedQOPs) throws SaslException {

        Map<String,String> properties = new HashMap<String,String>();

        if (requestedQOPs != null) {
            properties.put(Sasl.QOP, requestedQOPs);
        }
        saslClient = Sasl.createSaslClient(new String[]{ DIGEST_MD5 }, null,
            "local", "127.0.0.1", properties, new SampleCallbackHandler());
    }
 

public static void main(String[] args) throws Exception {

        Map<String, String> props = new TreeMap<String, String>();
        props.put(Sasl.QOP, "auth");

        // client
        SaslClient client = Sasl.createSaslClient(new String[]{ DIGEST_MD5 },
            "user1", "xmpp", "127.0.0.1", props, authCallbackHandler);
        if (client == null) {
            throw new Exception("Unable to find client implementation for: " +
                DIGEST_MD5);
        }

        byte[] response = client.hasInitialResponse()
            ? client.evaluateChallenge(EMPTY) : EMPTY;
        logger.info("initial: " + new String(response));

        // server
        byte[] challenge = null;
        SaslServer server = Sasl.createSaslServer(DIGEST_MD5, "xmpp",
          "127.0.0.1", props, authCallbackHandler);
        if (server == null) {
            throw new Exception("Unable to find server implementation for: " +
                DIGEST_MD5);
        }

        if (!client.isComplete() || !server.isComplete()) {
            challenge = server.evaluateResponse(response);

            logger.info("challenge: " + new String(challenge));

            if (challenge != null) {
                response = client.evaluateChallenge(challenge);
            }
        }

        String challengeString = new String(challenge, "UTF-8").toLowerCase();

        if (challengeString.indexOf("\"md5-sess\"") > 0 ||
            challengeString.indexOf("\"utf-8\"") > 0) {
            throw new Exception("The challenge string's charset and " +
                "algorithm values must not be enclosed within quotes");
        }

        client.dispose();
        server.dispose();
    }
 

public static void main(String[] args) throws Exception {

        Map<String, String> props = new TreeMap<String, String>();
        props.put(Sasl.QOP, "auth");

        // client
        SaslClient client = Sasl.createSaslClient(new String[]{ DIGEST_MD5 },
            "user1", "xmpp", "127.0.0.1", props, authCallbackHandler);
        if (client == null) {
            throw new Exception("Unable to find client implementation for: " +
                DIGEST_MD5);
        }

        byte[] response = client.hasInitialResponse()
            ? client.evaluateChallenge(EMPTY) : EMPTY;
        logger.info("initial: " + new String(response));

        // server
        byte[] challenge = null;
        SaslServer server = Sasl.createSaslServer(DIGEST_MD5, "xmpp",
          "127.0.0.1", props, authCallbackHandler);
        if (server == null) {
            throw new Exception("Unable to find server implementation for: " +
                DIGEST_MD5);
        }

        if (!client.isComplete() || !server.isComplete()) {
            challenge = server.evaluateResponse(response);

            logger.info("challenge: " + new String(challenge));

            if (challenge != null) {
                response = client.evaluateChallenge(challenge);
            }
        }

        String challengeString = new String(challenge, "UTF-8").toLowerCase();

        if (challengeString.indexOf("\"md5-sess\"") > 0 ||
            challengeString.indexOf("\"utf-8\"") > 0) {
            throw new Exception("The challenge string's charset and " +
                "algorithm values must not be enclosed within quotes");
        }

        client.dispose();
        server.dispose();
    }
 

private SaslClient createSaslClient() throws SaslException {
    Map<String, String> props = new HashMap<>();
    props.put(Sasl.QOP, qop);
    return Sasl.createSaslClient(new String[] {mechanism}, USER_ID,
            PROTOCOL, host, props, callback);
}
 

private SaslClient createSaslClient() throws SaslException {
    Map<String, String> props = new HashMap<>();
    props.put(Sasl.QOP, qop);
    return Sasl.createSaslClient(new String[] {mechanism}, USER_ID,
            PROTOCOL, host, props, callback);
}
 

public static void main(String[] args) throws Exception {

        String authorizationId = null;
        String protocol = "ldap";
        String serverName = "server1";

        CallbackHandler callbackHandler = new CallbackHandler(){
            public void handle(Callback[] callbacks) {
            }
        };

        // pass in system properties

        Properties sysprops = System.getProperties();

        SaslClient client1 =
            Sasl.createSaslClient(new String[]{DIGEST, PLAIN}, authorizationId,
                protocol, serverName, (Map) sysprops, callbackHandler);
        System.out.println(client1);

        SaslServer server1 =
            Sasl.createSaslServer(DIGEST, protocol, serverName, (Map) sysprops,
                callbackHandler);
        System.out.println(server1);

        // pass in string-valued props

        Map<String, String> stringProps = new Hashtable<String, String>();
        stringProps.put(Sasl.POLICY_NOPLAINTEXT, "true");

        try {

            SaslClient client2 =
                Sasl.createSaslClient(new String[]{GSSAPI, PLAIN},
                    authorizationId, protocol, serverName, stringProps,
                    callbackHandler);
            System.out.println(client2);

            SaslServer server2 =
                Sasl.createSaslServer(GSSAPI, protocol, serverName,
                    stringProps, callbackHandler);
            System.out.println(server2);

        } catch (SaslException se) {
            Throwable t = se.getCause();
            if (t instanceof GSSException) {
                // allow GSSException because kerberos has not been initialized

            } else {
                throw se;
            }
        }

        // pass in object-valued props

        Map<String, Object> objProps = new Hashtable<String, Object>();
        objProps.put("some.object.valued.property", System.err);

        SaslClient client3 =
            Sasl.createSaslClient(new String[]{EXTERNAL, CRAM}, authorizationId,
                protocol, serverName, objProps, callbackHandler);
        System.out.println(client3);

        SaslServer server3 =
            Sasl.createSaslServer(CRAM, protocol, serverName, objProps,
                callbackHandler);
        System.out.println(server3);

        // pass in raw-type props

        Map rawProps = new Hashtable();
        rawProps.put(Sasl.POLICY_NOPLAINTEXT, "true");
        rawProps.put("some.object.valued.property", System.err);

        SaslClient client4 =
            Sasl.createSaslClient(new String[]{EXTERNAL, CRAM}, authorizationId,
                protocol, serverName, rawProps, callbackHandler);
        System.out.println(client4);

        SaslServer server4 =
            Sasl.createSaslServer(CRAM, protocol, serverName, rawProps,
                callbackHandler);
        System.out.println(server4);

    }
 

public static void main(String[] args) throws Exception {

        Map<String, String> props = new TreeMap<String, String>();
        props.put(Sasl.QOP, "auth");

        // client
        SaslClient client = Sasl.createSaslClient(new String[]{ DIGEST_MD5 },
            "user1", "xmpp", "127.0.0.1", props, authCallbackHandler);
        if (client == null) {
            throw new Exception("Unable to find client implementation for: " +
                DIGEST_MD5);
        }

        byte[] response = client.hasInitialResponse()
            ? client.evaluateChallenge(EMPTY) : EMPTY;
        logger.info("initial: " + new String(response));

        // server
        byte[] challenge = null;
        SaslServer server = Sasl.createSaslServer(DIGEST_MD5, "xmpp",
          "127.0.0.1", props, authCallbackHandler);
        if (server == null) {
            throw new Exception("Unable to find server implementation for: " +
                DIGEST_MD5);
        }

        if (!client.isComplete() || !server.isComplete()) {
            challenge = server.evaluateResponse(response);

            logger.info("challenge: " + new String(challenge));

            if (challenge != null) {
                response = client.evaluateChallenge(challenge);
            }
        }

        String challengeString = new String(challenge, "UTF-8").toLowerCase();

        if (challengeString.indexOf("\"md5-sess\"") > 0 ||
            challengeString.indexOf("\"utf-8\"") > 0) {
            throw new Exception("The challenge string's charset and " +
                "algorithm values must not be enclosed within quotes");
        }

        client.dispose();
        server.dispose();
    }
 

private SaslClient createSaslClient() throws SaslException {
    Map<String, String> props = new HashMap<>();
    props.put(Sasl.QOP, qop);
    return Sasl.createSaslClient(new String[] {mechanism}, USER_ID,
            PROTOCOL, host, props, callback);
}
 

public static void main(String[] args) throws Exception {
    if (args.length == 0) {
        pwfile = "pw.properties";
        namesfile = "names.properties";
        auto = true;
    } else {
        int i = 0;
        if (args[i].equals("-m")) {
            i++;
            auto = false;
        }
        if (args.length > i) {
            pwfile = args[i++];

            if (args.length > i) {
                namesfile = args[i++];
            }
        } else {
            pwfile = "pw.properties";
            namesfile = "names.properties";
        }
    }

    CallbackHandler clntCbh = new ClientCallbackHandler(auto);

    CallbackHandler srvCbh =
        new PropertiesFileCallbackHandler(pwfile, namesfile, null);

    SaslClient clnt = Sasl.createSaslClient(
        new String[]{MECH}, null, PROTOCOL, SERVER_FQDN, null, clntCbh);

    SaslServer srv = Sasl.createSaslServer(MECH, PROTOCOL, SERVER_FQDN, null,
        srvCbh);

    if (clnt == null) {
        throw new IllegalStateException(
            "Unable to find client impl for " + MECH);
    }
    if (srv == null) {
        throw new IllegalStateException(
            "Unable to find server impl for " + MECH);
    }

    byte[] response = (clnt.hasInitialResponse()?
        clnt.evaluateChallenge(EMPTY) : EMPTY);
    byte[] challenge;

    while (!clnt.isComplete() || !srv.isComplete()) {
        challenge = srv.evaluateResponse(response);

        if (challenge != null) {
            response = clnt.evaluateChallenge(challenge);
        }
    }

    if (clnt.isComplete() && srv.isComplete()) {
        if (verbose) {
            System.out.println("SUCCESS");
            System.out.println("authzid is " + srv.getAuthorizationID());
        }
    } else {
        throw new IllegalStateException("FAILURE: mismatched state:" +
            " client complete? " + clnt.isComplete() +
            " server complete? " + srv.isComplete());
    }
}
 

public static void main(String[] args) throws Exception {

        Map<String, String> props = new TreeMap<String, String>();
        props.put(Sasl.QOP, "auth");

        // client
        SaslClient client = Sasl.createSaslClient(new String[]{ DIGEST_MD5 },
            "user1", "xmpp", "127.0.0.1", props, authCallbackHandler);
        if (client == null) {
            throw new Exception("Unable to find client implementation for: " +
                DIGEST_MD5);
        }

        byte[] response = client.hasInitialResponse()
            ? client.evaluateChallenge(EMPTY) : EMPTY;
        logger.info("initial: " + new String(response));

        // server
        byte[] challenge = null;
        SaslServer server = Sasl.createSaslServer(DIGEST_MD5, "xmpp",
          "127.0.0.1", props, authCallbackHandler);
        if (server == null) {
            throw new Exception("Unable to find server implementation for: " +
                DIGEST_MD5);
        }

        if (!client.isComplete() || !server.isComplete()) {
            challenge = server.evaluateResponse(response);

            logger.info("challenge: " + new String(challenge));

            if (challenge != null) {
                response = client.evaluateChallenge(challenge);
            }
        }

        String challengeString = new String(challenge, "UTF-8").toLowerCase();

        if (challengeString.indexOf("\"md5-sess\"") > 0 ||
            challengeString.indexOf("\"utf-8\"") > 0) {
            throw new Exception("The challenge string's charset and " +
                "algorithm values must not be enclosed within quotes");
        }

        client.dispose();
        server.dispose();
    }
 

/**
 * Try to create a SaslClient for an authentication type.  May return
 * null if the type isn't supported or the client lacks the required
 * credentials.
 * 
 * @param authType - the requested authentication method
 * @return SaslClient for the authType or null
 * @throws SaslException - error instantiating client
 * @throws IOException - misc errors
 */
private SaslClient createSaslClient(SaslAuth authType)
    throws SaslException, IOException {
  String saslUser = null;
  // SASL requires the client and server to use the same proto and serverId
  // if necessary, auth types below will verify they are valid
  final String saslProtocol = authType.getProtocol();
  final String saslServerName = authType.getServerId();
  Map<String, String> saslProperties =
    saslPropsResolver.getClientProperties(serverAddr.getAddress());  
  CallbackHandler saslCallback = null;
  
  final AuthMethod method = AuthMethod.valueOf(authType.getMethod());
  switch (method) {
    case TOKEN: {
      Token<?> token = getServerToken(authType);
      if (token == null) {
        return null; // tokens aren't supported or user doesn't have one
      }
      saslCallback = new SaslClientCallbackHandler(token);
      break;
    }
    case KERBEROS: {
      if (ugi.getRealAuthenticationMethod().getAuthMethod() !=
          AuthMethod.KERBEROS) {
        return null; // client isn't using kerberos
      }
      String serverPrincipal = getServerPrincipal(authType);
      if (serverPrincipal == null) {
        return null; // protocol doesn't use kerberos
      }
      if (LOG.isDebugEnabled()) {
        LOG.debug("RPC Server's Kerberos principal name for protocol="
            + protocol.getCanonicalName() + " is " + serverPrincipal);
      }
      break;
    }
    default:
      throw new IOException("Unknown authentication method " + method);
  }
  
  String mechanism = method.getMechanismName();
  if (LOG.isDebugEnabled()) {
    LOG.debug("Creating SASL " + mechanism + "(" + method + ") "
        + " client to authenticate to service at " + saslServerName);
  }
  return Sasl.createSaslClient(
      new String[] { mechanism }, saslUser, saslProtocol, saslServerName,
      saslProperties, saslCallback);
}
 

/**
 * Creates a SaslParticipant wrapping a SaslClient.
 *
 * @param userName SASL user name
 * @param saslProps properties of SASL negotiation
 * @param callbackHandler for handling all SASL callbacks
 * @return SaslParticipant wrapping SaslClient
 * @throws SaslException for any error
 */
public static SaslParticipant createClientSaslParticipant(String userName,
    Map<String, String> saslProps, CallbackHandler callbackHandler)
    throws SaslException {
  return new SaslParticipant(Sasl.createSaslClient(new String[] { MECHANISM },
    userName, PROTOCOL, SERVER_NAME, saslProps, callbackHandler));
}
 

/**
 * Creates a SaslParticipant wrapping a SaslClient.
 *
 * @param userName SASL user name
 * @param saslProps properties of SASL negotiation
 * @param callbackHandler for handling all SASL callbacks
 * @return SaslParticipant wrapping SaslClient
 * @throws SaslException for any error
 */
public static SaslParticipant createClientSaslParticipant(String userName,
    Map<String, String> saslProps, CallbackHandler callbackHandler)
    throws SaslException {
  return new SaslParticipant(Sasl.createSaslClient(new String[] { MECHANISM },
    userName, PROTOCOL, SERVER_NAME, saslProps, callbackHandler));
}
 

/**
 * Builds and sends the <tt>auth</tt> stanza to the server. The callback handler will handle any
 * additional information, such as the authentication ID or realm, if it is needed.
 *
 * @param username the username of the user being authenticated.
 * @param host the hostname where the user account resides.
 * @param cbh the CallbackHandler to obtain user information.
 * @throws IOException If a network error occures while authenticating.
 * @throws XMPPException If a protocol error occurs or the user is not authenticated.
 */
public void authenticate(String username, String host, CallbackHandler cbh)
    throws IOException, XMPPException {
  String[] mechanisms = {getName()};
  Map<String, String> props = new HashMap<String, String>();
  sc = Sasl.createSaslClient(mechanisms, null, "xmpp", host, props, cbh);
  authenticate();
}