Java Code Examples for javax.security.sasl.Sasl#createSaslServer()

The following examples show how to use javax.security.sasl.Sasl#createSaslServer() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: Krb5Authenticator.java    From tinkerpop with Apache License 2.0 6 votes vote down vote up
Krb5SaslAuthenticator() {
    try {
        // For sasl properties regarding GSSAPI, see:
        //   https://docs.oracle.com/javase/8/docs/technotes/guides/security/sasl/sasl-refguide.html#SERVER
        // Rely on GSSAPI defaults for Sasl.MAX_BUFFER and Sasl.QOP. Note, however, that gremlin-driver has
        // Sasl.SERVER_AUTH fixed to true (mutual authentication) and one can configure SSL for enhanced confidentiality,
        // Sasl policy properties for negotiating the authenticatin mechanism are not relevant here, because
        // GSSAPI is the only available mechanism for this authenticator
        final Map props = new HashMap<String, Object>();
        final String[] principalParts = principalName.split("/|@");
        if (principalParts.length < 3) throw new IllegalArgumentException("Use principal name of format 'service/fqdn@kdcrealm'");
        saslServer = Sasl.createSaslServer(mechanism, principalParts[0], principalParts[1], props, Krb5SaslAuthenticator.this);
    } catch(Exception e) {
        logger.error("Creating sasl server failed: ", e);
    }
    logger.debug("SaslServer created with: " + saslServer.getMechanismName());
}
 
Example 2
Source File: KerberosNegotiator.java    From qpid-broker-j with Apache License 2.0 6 votes vote down vote up
public KerberosNegotiator(final AuthenticationProvider<?> authenticationProvider, final String localFQDN)
{
    _authenticationProvider = authenticationProvider;
    SaslServer saslServer = null;
    SaslException exception = null;
    try
    {
        saslServer = Sasl.createSaslServer(GSSAPI_MECHANISM, "AMQP", localFQDN,
                                           null, new GssApiCallbackHandler());
    }
    catch (SaslException e)
    {
        exception = e;
        LOGGER.warn("Creation of SASL server for mechanism '{}' failed.", GSSAPI_MECHANISM, e);
    }
    _exception = exception;
    _saslServer = saslServer;
}
 
Example 3
Source File: CheckNegotiatedQOPs.java    From openjdk-jdk8u with GNU General Public License v2.0 5 votes vote down vote up
public SampleServer(String supportedQOPs) throws SaslException {

        Map<String,String> properties = new HashMap<String,String>();

        if (supportedQOPs != null) {
            properties.put(Sasl.QOP, supportedQOPs);
        }
        saslServer = Sasl.createSaslServer(DIGEST_MD5, "local", "127.0.0.1",
            properties, new SampleCallbackHandler());
    }
 
Example 4
Source File: DigestSaslServerAuthenticationProvider.java    From hbase with Apache License 2.0 5 votes vote down vote up
@Override
public AttemptingUserProvidingSaslServer createServer(
    SecretManager<TokenIdentifier> secretManager,
    Map<String, String> saslProps) throws IOException {
  if (secretManager == null) {
    throw new AccessDeniedException("Server is not configured to do DIGEST authentication.");
  }
  final SaslServer server = Sasl.createSaslServer(getSaslAuthMethod().getSaslMechanism(), null,
    SaslUtil.SASL_DEFAULT_REALM, saslProps,
    new SaslDigestCallbackHandler(secretManager, attemptingUser));

  return new AttemptingUserProvidingSaslServer(server, () -> attemptingUser.get());
}
 
Example 5
Source File: CheckNegotiatedQOPs.java    From jdk8u_jdk with GNU General Public License v2.0 5 votes vote down vote up
public SampleServer(String supportedQOPs) throws SaslException {

        Map<String,String> properties = new HashMap<String,String>();

        if (supportedQOPs != null) {
            properties.put(Sasl.QOP, supportedQOPs);
        }
        saslServer = Sasl.createSaslServer(DIGEST_MD5, "local", "127.0.0.1",
            properties, new SampleCallbackHandler());
    }
 
Example 6
Source File: ClientServerTest.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 5 votes vote down vote up
private SaslServer createSaslServer(String mechanism)
        throws SaslException {
    Map<String, String> props = new HashMap<>();
    props.put(Sasl.QOP, qop);
    return Sasl.createSaslServer(mechanism, PROTOCOL, host, props,
            callback);
}
 
Example 7
Source File: CheckNegotiatedQOPs.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 5 votes vote down vote up
public SampleServer(String supportedQOPs) throws SaslException {

        Map<String,String> properties = new HashMap<String,String>();

        if (supportedQOPs != null) {
            properties.put(Sasl.QOP, supportedQOPs);
        }
        saslServer = Sasl.createSaslServer(DIGEST_MD5, "local", "127.0.0.1",
            properties, new SampleCallbackHandler());
    }
 
Example 8
Source File: CheckNegotiatedQOPs.java    From openjdk-jdk9 with GNU General Public License v2.0 5 votes vote down vote up
public SampleServer(String supportedQOPs) throws SaslException {

        Map<String,String> properties = new HashMap<String,String>();

        if (supportedQOPs != null) {
            properties.put(Sasl.QOP, supportedQOPs);
        }
        saslServer = Sasl.createSaslServer(DIGEST_MD5, "local", "127.0.0.1",
            properties, new SampleCallbackHandler());
    }
 
Example 9
Source File: CheckNegotiatedQOPs.java    From jdk8u-jdk with GNU General Public License v2.0 5 votes vote down vote up
public SampleServer(String supportedQOPs) throws SaslException {

        Map<String,String> properties = new HashMap<String,String>();

        if (supportedQOPs != null) {
            properties.put(Sasl.QOP, supportedQOPs);
        }
        saslServer = Sasl.createSaslServer(DIGEST_MD5, "local", "127.0.0.1",
            properties, new SampleCallbackHandler());
    }
 
Example 10
Source File: CustomSaslAuthenticationProviderTestBase.java    From hbase with Apache License 2.0 5 votes vote down vote up
@Override
public AttemptingUserProvidingSaslServer
  createServer(SecretManager<TokenIdentifier> secretManager, Map<String, String> saslProps)
    throws IOException {
  return new AttemptingUserProvidingSaslServer(
    Sasl.createSaslServer(getSaslAuthMethod().getSaslMechanism(), null,
      SaslUtil.SASL_DEFAULT_REALM, saslProps, new InMemoryServerProviderCallbackHandler()),
    () -> null);
}
 
Example 11
Source File: ClientServerTest.java    From hottub with GNU General Public License v2.0 5 votes vote down vote up
private SaslServer createSaslServer(String mechanism)
        throws SaslException {
    Map<String, String> props = new HashMap<>();
    props.put(Sasl.QOP, qop);
    return Sasl.createSaslServer(mechanism, PROTOCOL, host, props,
            callback);
}
 
Example 12
Source File: ClientServerTest.java    From jdk8u-jdk with GNU General Public License v2.0 5 votes vote down vote up
private SaslServer createSaslServer(String mechanism)
        throws SaslException {
    Map<String, String> props = new HashMap<>();
    props.put(Sasl.QOP, qop);
    return Sasl.createSaslServer(mechanism, PROTOCOL, host, props,
            callback);
}
 
Example 13
Source File: ClientServerTest.java    From TencentKona-8 with GNU General Public License v2.0 5 votes vote down vote up
private SaslServer createSaslServer(String mechanism)
        throws SaslException {
    Map<String, String> props = new HashMap<>();
    props.put(Sasl.QOP, qop);
    return Sasl.createSaslServer(mechanism, PROTOCOL, host, props,
            callback);
}
 
Example 14
Source File: ClientServerTest.java    From jdk8u_jdk with GNU General Public License v2.0 5 votes vote down vote up
private SaslServer createSaslServer(String mechanism)
        throws SaslException {
    Map<String, String> props = new HashMap<>();
    props.put(Sasl.QOP, qop);
    return Sasl.createSaslServer(mechanism, PROTOCOL, host, props,
            callback);
}
 
Example 15
Source File: NoQuoteParams.java    From hottub with GNU General Public License v2.0 4 votes vote down vote up
public static void main(String[] args) throws Exception {

        Map<String, String> props = new TreeMap<String, String>();
        props.put(Sasl.QOP, "auth");

        // client
        SaslClient client = Sasl.createSaslClient(new String[]{ DIGEST_MD5 },
            "user1", "xmpp", "127.0.0.1", props, authCallbackHandler);
        if (client == null) {
            throw new Exception("Unable to find client implementation for: " +
                DIGEST_MD5);
        }

        byte[] response = client.hasInitialResponse()
            ? client.evaluateChallenge(EMPTY) : EMPTY;
        logger.info("initial: " + new String(response));

        // server
        byte[] challenge = null;
        SaslServer server = Sasl.createSaslServer(DIGEST_MD5, "xmpp",
          "127.0.0.1", props, authCallbackHandler);
        if (server == null) {
            throw new Exception("Unable to find server implementation for: " +
                DIGEST_MD5);
        }

        if (!client.isComplete() || !server.isComplete()) {
            challenge = server.evaluateResponse(response);

            logger.info("challenge: " + new String(challenge));

            if (challenge != null) {
                response = client.evaluateChallenge(challenge);
            }
        }

        String challengeString = new String(challenge, "UTF-8").toLowerCase();

        if (challengeString.indexOf("\"md5-sess\"") > 0 ||
            challengeString.indexOf("\"utf-8\"") > 0) {
            throw new Exception("The challenge string's charset and " +
                "algorithm values must not be enclosed within quotes");
        }

        client.dispose();
        server.dispose();
    }
 
Example 16
Source File: SaslGSS.java    From jdk8u60 with GNU General Public License v2.0 4 votes vote down vote up
public static void main(String[] args) throws Exception {

        String name = "host." + OneKDC.REALM.toLowerCase(Locale.US);

        new OneKDC(null).writeJAASConf();
        System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");

        // Client in JGSS so that it can control wrap privacy mode
        GSSManager m = GSSManager.getInstance();
        GSSContext sc = m.createContext(
                        m.createName(OneKDC.SERVER, GSSUtil.NT_GSS_KRB5_PRINCIPAL),
                        GSSUtil.GSS_KRB5_MECH_OID,
                        null,
                        GSSContext.DEFAULT_LIFETIME);
        sc.requestMutualAuth(false);

        // Server in SASL
        final HashMap props = new HashMap();
        props.put(Sasl.QOP, "auth-conf");
        SaslServer ss = Sasl.createSaslServer("GSSAPI", "server",
                name, props,
                new CallbackHandler() {
                    public void handle(Callback[] callbacks)
                            throws IOException, UnsupportedCallbackException {
                        for (Callback cb : callbacks) {
                            if (cb instanceof RealmCallback) {
                                ((RealmCallback) cb).setText(OneKDC.REALM);
                            } else if (cb instanceof AuthorizeCallback) {
                                ((AuthorizeCallback) cb).setAuthorized(true);
                            }
                        }
                    }
                });

        ByteArrayOutputStream bout = new ByteArrayOutputStream();
        PrintStream oldErr = System.err;
        System.setErr(new PrintStream(bout));

        Logger.getLogger("javax.security.sasl").setLevel(Level.ALL);
        Handler h = new ConsoleHandler();
        h.setLevel(Level.ALL);
        Logger.getLogger("javax.security.sasl").addHandler(h);

        byte[] token = new byte[0];

        try {
            // Handshake
            token = sc.initSecContext(token, 0, token.length);
            token = ss.evaluateResponse(token);
            token = sc.unwrap(token, 0, token.length, new MessageProp(0, false));
            token[0] = (byte)(((token[0] & 4) != 0) ? 4 : 2);
            token = sc.wrap(token, 0, token.length, new MessageProp(0, false));
            ss.evaluateResponse(token);
        } finally {
            System.setErr(oldErr);
        }

        // Talk
        // 1. Client sends a auth-int message
        byte[] hello = "hello".getBytes();
        MessageProp qop = new MessageProp(0, false);
        token = sc.wrap(hello, 0, hello.length, qop);
        // 2. Server accepts it anyway
        ss.unwrap(token, 0, token.length);
        // 3. Server sends a message
        token = ss.wrap(hello, 0, hello.length);
        // 4. Client accepts, should be auth-conf
        sc.unwrap(token, 0, token.length, qop);
        if (!qop.getPrivacy()) {
            throw new Exception();
        }

        for (String s: bout.toString().split("\\n")) {
            if (s.contains("KRB5SRV04") && s.contains("NULL")) {
                return;
            }
        }
        System.out.println("=======================");
        System.out.println(bout.toString());
        System.out.println("=======================");
        throw new Exception("Haven't seen KRB5SRV04 with NULL");
    }
 
Example 17
Source File: SaslGSS.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 4 votes vote down vote up
public static void main(String[] args) throws Exception {

        String name = "host." + OneKDC.REALM.toLowerCase(Locale.US);

        new OneKDC(null).writeJAASConf();
        System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");

        // Client in JGSS so that it can control wrap privacy mode
        GSSManager m = GSSManager.getInstance();
        GSSContext sc = m.createContext(
                        m.createName(OneKDC.SERVER, GSSUtil.NT_GSS_KRB5_PRINCIPAL),
                        GSSUtil.GSS_KRB5_MECH_OID,
                        null,
                        GSSContext.DEFAULT_LIFETIME);
        sc.requestMutualAuth(false);

        // Server in SASL
        final HashMap props = new HashMap();
        props.put(Sasl.QOP, "auth-conf");
        SaslServer ss = Sasl.createSaslServer("GSSAPI", "server",
                name, props,
                new CallbackHandler() {
                    public void handle(Callback[] callbacks)
                            throws IOException, UnsupportedCallbackException {
                        for (Callback cb : callbacks) {
                            if (cb instanceof RealmCallback) {
                                ((RealmCallback) cb).setText(OneKDC.REALM);
                            } else if (cb instanceof AuthorizeCallback) {
                                ((AuthorizeCallback) cb).setAuthorized(true);
                            }
                        }
                    }
                });

        ByteArrayOutputStream bout = new ByteArrayOutputStream();
        PrintStream oldErr = System.err;
        System.setErr(new PrintStream(bout));

        Logger.getLogger("javax.security.sasl").setLevel(Level.ALL);
        Handler h = new ConsoleHandler();
        h.setLevel(Level.ALL);
        Logger.getLogger("javax.security.sasl").addHandler(h);

        byte[] token = new byte[0];

        try {
            // Handshake
            token = sc.initSecContext(token, 0, token.length);
            token = ss.evaluateResponse(token);
            token = sc.unwrap(token, 0, token.length, new MessageProp(0, false));
            token[0] = (byte)(((token[0] & 4) != 0) ? 4 : 2);
            token = sc.wrap(token, 0, token.length, new MessageProp(0, false));
            ss.evaluateResponse(token);
        } finally {
            System.setErr(oldErr);
        }

        // Talk
        // 1. Client sends a auth-int message
        byte[] hello = "hello".getBytes();
        MessageProp qop = new MessageProp(0, false);
        token = sc.wrap(hello, 0, hello.length, qop);
        // 2. Server accepts it anyway
        ss.unwrap(token, 0, token.length);
        // 3. Server sends a message
        token = ss.wrap(hello, 0, hello.length);
        // 4. Client accepts, should be auth-conf
        sc.unwrap(token, 0, token.length, qop);
        if (!qop.getPrivacy()) {
            throw new Exception();
        }

        for (String s: bout.toString().split("\\n")) {
            if (s.contains("KRB5SRV04") && s.contains("NULL")) {
                return;
            }
        }
        System.out.println("=======================");
        System.out.println(bout.toString());
        System.out.println("=======================");
        throw new Exception("Haven't seen KRB5SRV04 with NULL");
    }
 
Example 18
Source File: PassSysProps.java    From openjdk-jdk9 with GNU General Public License v2.0 4 votes vote down vote up
public static void main(String[] args) throws Exception {

        String authorizationId = null;
        String protocol = "ldap";
        String serverName = "server1";

        CallbackHandler callbackHandler = new CallbackHandler(){
            public void handle(Callback[] callbacks) {
            }
        };

        // pass in system properties

        Properties sysprops = System.getProperties();

        SaslClient client1 =
            Sasl.createSaslClient(new String[]{DIGEST, PLAIN}, authorizationId,
                protocol, serverName, (Map) sysprops, callbackHandler);
        System.out.println(client1);

        SaslServer server1 =
            Sasl.createSaslServer(DIGEST, protocol, serverName, (Map) sysprops,
                callbackHandler);
        System.out.println(server1);

        // pass in string-valued props

        Map<String, String> stringProps = new Hashtable<String, String>();
        stringProps.put(Sasl.POLICY_NOPLAINTEXT, "true");

        try {

            SaslClient client2 =
                Sasl.createSaslClient(new String[]{GSSAPI, PLAIN},
                    authorizationId, protocol, serverName, stringProps,
                    callbackHandler);
            System.out.println(client2);

            SaslServer server2 =
                Sasl.createSaslServer(GSSAPI, protocol, serverName,
                    stringProps, callbackHandler);
            System.out.println(server2);

        } catch (SaslException se) {
            Throwable t = se.getCause();
            if (t instanceof GSSException) {
                // allow GSSException because kerberos has not been initialized

            } else {
                throw se;
            }
        }

        // pass in object-valued props

        Map<String, Object> objProps = new Hashtable<String, Object>();
        objProps.put("some.object.valued.property", System.err);

        SaslClient client3 =
            Sasl.createSaslClient(new String[]{EXTERNAL, CRAM}, authorizationId,
                protocol, serverName, objProps, callbackHandler);
        System.out.println(client3);

        SaslServer server3 =
            Sasl.createSaslServer(CRAM, protocol, serverName, objProps,
                callbackHandler);
        System.out.println(server3);

        // pass in raw-type props

        Map rawProps = new Hashtable();
        rawProps.put(Sasl.POLICY_NOPLAINTEXT, "true");
        rawProps.put("some.object.valued.property", System.err);

        SaslClient client4 =
            Sasl.createSaslClient(new String[]{EXTERNAL, CRAM}, authorizationId,
                protocol, serverName, rawProps, callbackHandler);
        System.out.println(client4);

        SaslServer server4 =
            Sasl.createSaslServer(CRAM, protocol, serverName, rawProps,
                callbackHandler);
        System.out.println(server4);

    }
 
Example 19
Source File: NoQuoteParams.java    From openjdk-8-source with GNU General Public License v2.0 4 votes vote down vote up
public static void main(String[] args) throws Exception {

        Map<String, String> props = new TreeMap<String, String>();
        props.put(Sasl.QOP, "auth");

        // client
        SaslClient client = Sasl.createSaslClient(new String[]{ DIGEST_MD5 },
            "user1", "xmpp", "127.0.0.1", props, authCallbackHandler);
        if (client == null) {
            throw new Exception("Unable to find client implementation for: " +
                DIGEST_MD5);
        }

        byte[] response = client.hasInitialResponse()
            ? client.evaluateChallenge(EMPTY) : EMPTY;
        logger.info("initial: " + new String(response));

        // server
        byte[] challenge = null;
        SaslServer server = Sasl.createSaslServer(DIGEST_MD5, "xmpp",
          "127.0.0.1", props, authCallbackHandler);
        if (server == null) {
            throw new Exception("Unable to find server implementation for: " +
                DIGEST_MD5);
        }

        if (!client.isComplete() || !server.isComplete()) {
            challenge = server.evaluateResponse(response);

            logger.info("challenge: " + new String(challenge));

            if (challenge != null) {
                response = client.evaluateChallenge(challenge);
            }
        }

        String challengeString = new String(challenge, "UTF-8").toLowerCase();

        if (challengeString.indexOf("\"md5-sess\"") > 0 ||
            challengeString.indexOf("\"utf-8\"") > 0) {
            throw new Exception("The challenge string's charset and " +
                "algorithm values must not be enclosed within quotes");
        }

        client.dispose();
        server.dispose();
    }
 
Example 20
Source File: SaslGSS.java    From jdk8u-jdk with GNU General Public License v2.0 4 votes vote down vote up
public static void main(String[] args) throws Exception {

        String name = "host." + OneKDC.REALM.toLowerCase(Locale.US);

        new OneKDC(null).writeJAASConf();
        System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");

        // Client in JGSS so that it can control wrap privacy mode
        GSSManager m = GSSManager.getInstance();
        GSSContext sc = m.createContext(
                        m.createName(OneKDC.SERVER, GSSUtil.NT_GSS_KRB5_PRINCIPAL),
                        GSSUtil.GSS_KRB5_MECH_OID,
                        null,
                        GSSContext.DEFAULT_LIFETIME);
        sc.requestMutualAuth(false);

        // Server in SASL
        final HashMap props = new HashMap();
        props.put(Sasl.QOP, "auth-conf");
        SaslServer ss = Sasl.createSaslServer("GSSAPI", "server",
                name, props,
                new CallbackHandler() {
                    public void handle(Callback[] callbacks)
                            throws IOException, UnsupportedCallbackException {
                        for (Callback cb : callbacks) {
                            if (cb instanceof RealmCallback) {
                                ((RealmCallback) cb).setText(OneKDC.REALM);
                            } else if (cb instanceof AuthorizeCallback) {
                                ((AuthorizeCallback) cb).setAuthorized(true);
                            }
                        }
                    }
                });

        ByteArrayOutputStream bout = new ByteArrayOutputStream();
        PrintStream oldErr = System.err;
        System.setErr(new PrintStream(bout));

        Logger.getLogger("javax.security.sasl").setLevel(Level.ALL);
        Handler h = new ConsoleHandler();
        h.setLevel(Level.ALL);
        Logger.getLogger("javax.security.sasl").addHandler(h);

        byte[] token = new byte[0];

        try {
            // Handshake
            token = sc.initSecContext(token, 0, token.length);
            token = ss.evaluateResponse(token);
            token = sc.unwrap(token, 0, token.length, new MessageProp(0, false));
            token[0] = (byte)(((token[0] & 4) != 0) ? 4 : 2);
            token = sc.wrap(token, 0, token.length, new MessageProp(0, false));
            ss.evaluateResponse(token);
        } finally {
            System.setErr(oldErr);
        }

        // Talk
        // 1. Client sends a auth-int message
        byte[] hello = "hello".getBytes();
        MessageProp qop = new MessageProp(0, false);
        token = sc.wrap(hello, 0, hello.length, qop);
        // 2. Server accepts it anyway
        ss.unwrap(token, 0, token.length);
        // 3. Server sends a message
        token = ss.wrap(hello, 0, hello.length);
        // 4. Client accepts, should be auth-conf
        sc.unwrap(token, 0, token.length, qop);
        if (!qop.getPrivacy()) {
            throw new Exception();
        }

        for (String s: bout.toString().split("\\n")) {
            if (s.contains("KRB5SRV04") && s.contains("NULL")) {
                return;
            }
        }
        System.out.println("=======================");
        System.out.println(bout.toString());
        System.out.println("=======================");
        throw new Exception("Haven't seen KRB5SRV04 with NULL");
    }