Java Code Examples for org.apache.qpid.proton.engine.Sasl#pending()

The following examples show how to use org.apache.qpid.proton.engine.Sasl#pending() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: SaslTest.java    From qpid-proton-j with Apache License 2.0 6 votes vote down vote up
@Override
public void onSaslInit(Sasl s, Transport t)
{
    assertArrayEquals("Server should now know the client's chosen mechanism.",
            new String[]{TESTMECH1}, s.getRemoteMechanisms());

    byte[] serverReceivedInitialBytes = new byte[s.pending()];
    s.recv(serverReceivedInitialBytes, 0, serverReceivedInitialBytes.length);

    assertArrayEquals("Server should now know the client's initial response.",
            INITIAL_RESPONSE_BYTES, serverReceivedInitialBytes);

    s.send(CHALLENGE_BYTES, 0, CHALLENGE_BYTES.length);

    assertFalse("Should not have already received init", initReceived.getAndSet(true));
}
 
Example 2
Source File: ProtonHandler.java    From activemq-artemis with Apache License 2.0 6 votes vote down vote up
private void processPending(Sasl sasl) {
   byte[] dataSASL = new byte[sasl.pending()];

   int received = sasl.recv(dataSASL, 0, dataSASL.length);
   if (log.isTraceEnabled()) {
      log.trace("Working on sasl, length:" + received);
   }

   byte[] response = chosenMechanism.processSASL(received != -1 ? dataSASL : null);
   if (response != null) {
      sasl.send(response, 0, response.length);
   }

   saslResult = chosenMechanism.result();
   if (saslResult != null) {
      if (saslResult.isSuccess()) {
         saslComplete(sasl, Sasl.SaslOutcome.PN_SASL_OK);
      } else {
         saslComplete(sasl, Sasl.SaslOutcome.PN_SASL_AUTH);
      }
   }
}
 
Example 3
Source File: SaslTest.java    From qpid-proton-j with Apache License 2.0 5 votes vote down vote up
@Override
public void onSaslResponse(Sasl s, Transport t)
{
    byte[] serverReceivedResponseBytes = new byte[s.pending()];
    s.recv(serverReceivedResponseBytes, 0, serverReceivedResponseBytes.length);

    assertArrayEquals("Server should now know the client's response", RESPONSE_BYTES, serverReceivedResponseBytes);

    s.send(ADDITIONAL_DATA_BYTES, 0, ADDITIONAL_DATA_BYTES.length);
    s.done(SaslOutcome.PN_SASL_OK);

    assertFalse("Should not have already received response", responseReceived.getAndSet(true));
}
 
Example 4
Source File: SaslTest.java    From qpid-proton-j with Apache License 2.0 5 votes vote down vote up
@Override
public void onSaslChallenge(Sasl s, Transport t)
{
    byte[] clientReceivedChallengeBytes = new byte[s.pending()];
    s.recv(clientReceivedChallengeBytes, 0, clientReceivedChallengeBytes.length);

    assertEquals("Unexpected SASL outcome at client", SaslOutcome.PN_SASL_NONE, s.getOutcome());
    assertArrayEquals("Client should now know the server's challenge",
                      CHALLENGE_BYTES, clientReceivedChallengeBytes);

    s.send(RESPONSE_BYTES, 0, RESPONSE_BYTES.length);

    assertFalse("Should not have already received challenge", challengeReceived.getAndSet(true));
}
 
Example 5
Source File: SaslTest.java    From qpid-proton-j with Apache License 2.0 5 votes vote down vote up
@Override
public void onSaslOutcome(Sasl s, Transport t)
{
    assertEquals("Unexpected SASL outcome at client", SaslOutcome.PN_SASL_OK, s.getOutcome());

    byte[] clientReceivedAdditionalBytes = new byte[s.pending()];
    s.recv(clientReceivedAdditionalBytes, 0, clientReceivedAdditionalBytes.length);

    assertArrayEquals("Client should now know the server's outcome additional data", clientReceivedAdditionalBytes,
            clientReceivedAdditionalBytes);

    assertFalse("Should not have already received outcome", outcomeReceived.getAndSet(true));
}
 
Example 6
Source File: ProtonHandler.java    From activemq-artemis with Apache License 2.0 5 votes vote down vote up
@Override
public void onSaslChallenge(Sasl sasl, Transport transport) {
   int challengeSize = sasl.pending();
   byte[] challenge = new byte[challengeSize];
   sasl.recv(challenge, 0, challengeSize);
   byte[] response = clientSASLMechanism.getResponse(challenge);
   sasl.send(response, 0, response.length);
}
 
Example 7
Source File: ProtonServerImplTest.java    From vertx-proton with Apache License 2.0 5 votes vote down vote up
private boolean evaluatePlainResponse(Sasl sasl) {
  byte[] response = new byte[sasl.pending()];
  sasl.recv(response, 0, response.length);

  // Per https://tools.ietf.org/html/rfc4616 the PLAIN message format is: [authzid] UTF8NUL authcid UTF8NUL passwd
  // Break initial response into its constituent parts.
  int authzidTerminatorPos = findNullPosition(response, 0);
  if (authzidTerminatorPos < 0) {
    // Invalid PLAIN encoding, authzid null terminator not found
    return false;
  }

  int authcidTerminatorPos = findNullPosition(response, authzidTerminatorPos + 1);
  if (authcidTerminatorPos < 0) {
    // Invalid PLAIN encoding, authcid null terminator not found
    return false;
  }

  if (authcidTerminatorPos == response.length - 1) {
    // Invalid PLAIN encoding, no password present
    return false;
  }

  // Grab the authcid and password (ignoring authzid if present)
  String authcid = new String(response, authzidTerminatorPos + 1, authcidTerminatorPos - authzidTerminatorPos - 1,
      StandardCharsets.UTF_8);
  String passwd = new String(response, authcidTerminatorPos + 1, response.length - authcidTerminatorPos - 1,
      StandardCharsets.UTF_8);

  // Now verify the given credentials
  if (GOOD_USER.equals(authcid) && PASSWD.equals(passwd)) {
    // Success
    return true;
  }

  return false;
}
 
Example 8
Source File: AmqpSaslAuthenticator.java    From qpid-jms with Apache License 2.0 5 votes vote down vote up
public void handleSaslChallenge(Sasl sasl, Transport transport) {
    try {
        if (sasl.pending() >= 0) {
            byte[] challenge = new byte[sasl.pending()];
            sasl.recv(challenge, 0, challenge.length);
            byte[] response = mechanism.getChallengeResponse(challenge);
            if (response != null) {
                sasl.send(response, 0, response.length);
            }
        }
    } catch (Throwable error) {
        recordFailure("Exception while processing SASL step: " + error.getMessage(), error);
    }
}
 
Example 9
Source File: AmqpSaslAuthenticator.java    From qpid-jms with Apache License 2.0 5 votes vote down vote up
private void handleSaslCompletion(Sasl sasl) {
    try {
        if (sasl.pending() != 0) {
            byte[] additionalData = new byte[sasl.pending()];
            sasl.recv(additionalData, 0, additionalData.length);
            mechanism.getChallengeResponse(additionalData);
        }
        mechanism.verifyCompletion();
        complete = true;
    } catch (Throwable error) {
        recordFailure("Exception while processing SASL exchange completion: " + error.getMessage(), error);
    }
}
 
Example 10
Source File: SaslTest.java    From qpid-proton-j with Apache License 2.0 4 votes vote down vote up
/** 5.3.2 SASL Negotiation. */
@Test
public void testSaslNegotiation() throws Exception
{
    getClient().transport = Proton.transport();
    getServer().transport = Proton.transport();

    Sasl clientSasl = getClient().transport.sasl();
    clientSasl.client();
    assertEquals("Unexpected SASL outcome at client", SaslOutcome.PN_SASL_NONE, clientSasl.getOutcome());

    Sasl serverSasl = getServer().transport.sasl();
    serverSasl.server();
    serverSasl.setMechanisms(TESTMECH1, TESTMECH2);
    assertEquals("Server should not yet know the remote's chosen mechanism.",
                 0,
                 serverSasl.getRemoteMechanisms().length);

    pumpClientToServer();
    pumpServerToClient();

    assertArrayEquals("Client should now know the server's mechanisms.",
                      new String[]{TESTMECH1, TESTMECH2},
                      clientSasl.getRemoteMechanisms());
    assertEquals("Unexpected SASL outcome at client", SaslOutcome.PN_SASL_NONE, clientSasl.getOutcome());
    clientSasl.setMechanisms(TESTMECH1);

    pumpClientToServer();

    assertArrayEquals("Server should now know the client's chosen mechanism.",
                      new String[]{TESTMECH1},
                      serverSasl.getRemoteMechanisms());

    serverSasl.send(CHALLENGE_BYTES, 0, CHALLENGE_BYTES.length);

    pumpServerToClient();

    byte[] clientReceivedChallengeBytes = new byte[clientSasl.pending()];
    clientSasl.recv(clientReceivedChallengeBytes, 0, clientReceivedChallengeBytes.length);

    assertEquals("Unexpected SASL outcome at client", SaslOutcome.PN_SASL_NONE, clientSasl.getOutcome());
    assertArrayEquals("Client should now know the server's challenge",
                      CHALLENGE_BYTES,
                      clientReceivedChallengeBytes);

    clientSasl.send(RESPONSE_BYTES, 0, RESPONSE_BYTES.length);

    pumpClientToServer();

    byte[] serverReceivedResponseBytes = new byte[serverSasl.pending()];
    serverSasl.recv(serverReceivedResponseBytes, 0, serverReceivedResponseBytes.length);

    assertArrayEquals("Server should now know the client's response",
                      RESPONSE_BYTES,
                      serverReceivedResponseBytes);

    serverSasl.done(SaslOutcome.PN_SASL_OK);
    pumpServerToClient();

    assertEquals("Unexpected SASL outcome at client", SaslOutcome.PN_SASL_OK, clientSasl.getOutcome());
}
 
Example 11
Source File: SaslTest.java    From qpid-proton-j with Apache License 2.0 4 votes vote down vote up
/**
 *  5.3.3.5 The additional-data field carries additional data on successful authentication outcome as specified
 *  by the SASL specification [RFC4422].
 */
@Test
public void testOutcomeAdditionalData() throws Exception
{
    getClient().transport = Proton.transport();
    getServer().transport = Proton.transport();

    Sasl clientSasl = getClient().transport.sasl();
    clientSasl.client();
    assertEquals("Unexpected SASL outcome at client", SaslOutcome.PN_SASL_NONE, clientSasl.getOutcome());

    Sasl serverSasl = getServer().transport.sasl();
    serverSasl.server();
    serverSasl.setMechanisms(TESTMECH1);

    pumpClientToServer();
    pumpServerToClient();

    assertEquals("Unexpected SASL outcome at client", SaslOutcome.PN_SASL_NONE, clientSasl.getOutcome());
    clientSasl.setMechanisms(TESTMECH1);

    pumpClientToServer();

    serverSasl.send(CHALLENGE_BYTES, 0, CHALLENGE_BYTES.length);

    pumpServerToClient();

    byte[] clientReceivedChallengeBytes = new byte[clientSasl.pending()];
    clientSasl.recv(clientReceivedChallengeBytes, 0, clientReceivedChallengeBytes.length);

    assertEquals("Unexpected SASL outcome at client", SaslOutcome.PN_SASL_NONE, clientSasl.getOutcome());
    clientSasl.send(RESPONSE_BYTES, 0, RESPONSE_BYTES.length);

    pumpClientToServer();

    byte[] serverReceivedResponseBytes = new byte[serverSasl.pending()];
    serverSasl.recv(serverReceivedResponseBytes, 0, serverReceivedResponseBytes.length);

    serverSasl.send(ADDITIONAL_DATA_BYTES, 0, ADDITIONAL_DATA_BYTES.length);
    serverSasl.done(SaslOutcome.PN_SASL_OK);
    pumpServerToClient();

    byte[] clientReceivedAdditionalDataBytes = new byte[clientSasl.pending()];
    clientSasl.recv(clientReceivedAdditionalDataBytes, 0, clientReceivedAdditionalDataBytes.length);

    assertEquals("Unexpected SASL outcome at client", SaslOutcome.PN_SASL_OK, clientSasl.getOutcome());
    assertArrayEquals("Client should now know the serrver's additional-data",
                      ADDITIONAL_DATA_BYTES,
                      clientReceivedAdditionalDataBytes);
}
 
Example 12
Source File: SaslTest.java    From qpid-proton-j with Apache License 2.0 4 votes vote down vote up
@Test
public void testSaslNegotiationWithConfiguredLargerFrameSize() throws Exception
{
    final byte[] largeInitialResponseBytesOrig = fillBytes("initialResponse", 1431);
    final byte[] largeChallengeBytesOrig = fillBytes("challenge", 1375);
    final byte[] largeResponseBytesOrig = fillBytes("response", 1282);
    final byte[] largeAdditionalBytesOrig = fillBytes("additionalData", 1529);

    getClient().transport = Proton.transport();
    getServer().transport = Proton.transport();

    // Configure transports to allow for larger initial frame sizes
    getClient().transport.setInitialRemoteMaxFrameSize(2048);
    getServer().transport.setInitialRemoteMaxFrameSize(2048);

    Sasl clientSasl = getClient().transport.sasl();
    clientSasl.client();

    Sasl serverSasl = getServer().transport.sasl();
    serverSasl.server();

    // Negotiate the mech
    serverSasl.setMechanisms(TESTMECH1, TESTMECH2);

    pumpClientToServer();
    pumpServerToClient();

    assertArrayEquals("Client should now know the server's mechanisms.", new String[] { TESTMECH1, TESTMECH2 },
            clientSasl.getRemoteMechanisms());
    assertEquals("Unexpected SASL outcome at client", SaslOutcome.PN_SASL_NONE, clientSasl.getOutcome());

    // Select a mech, send large initial response along with it in sasl-init, verify server receives it
    clientSasl.setMechanisms(TESTMECH1);
    byte[] initialResponseBytes = Arrays.copyOf(largeInitialResponseBytesOrig, largeInitialResponseBytesOrig.length);
    clientSasl.send(initialResponseBytes, 0, initialResponseBytes.length);

    pumpClientToServer();

    assertArrayEquals("Server should now know the client's chosen mechanism.", new String[] { TESTMECH1 },
            serverSasl.getRemoteMechanisms());

    byte[] serverReceivedInitialResponseBytes = new byte[serverSasl.pending()];
    serverSasl.recv(serverReceivedInitialResponseBytes, 0, serverReceivedInitialResponseBytes.length);

    assertArrayEquals("Server should now know the clients initial response", largeInitialResponseBytesOrig,
            serverReceivedInitialResponseBytes);

    // Send a large challenge in a sasl-challenge, verify client receives it
    byte[] challengeBytes = Arrays.copyOf(largeChallengeBytesOrig, largeChallengeBytesOrig.length);
    serverSasl.send(challengeBytes, 0, challengeBytes.length);

    pumpServerToClient();

    byte[] clientReceivedChallengeBytes = new byte[clientSasl.pending()];
    clientSasl.recv(clientReceivedChallengeBytes, 0, clientReceivedChallengeBytes.length);

    assertEquals("Unexpected SASL outcome at client", SaslOutcome.PN_SASL_NONE, clientSasl.getOutcome());
    assertArrayEquals("Client should now know the server's challenge", largeChallengeBytesOrig,
            clientReceivedChallengeBytes);

    // Send a large response in a sasl-response, verify server receives it
    byte[] responseBytes = Arrays.copyOf(largeResponseBytesOrig, largeResponseBytesOrig.length);
    clientSasl.send(responseBytes, 0, responseBytes.length);

    pumpClientToServer();

    byte[] serverReceivedResponseBytes = new byte[serverSasl.pending()];
    serverSasl.recv(serverReceivedResponseBytes, 0, serverReceivedResponseBytes.length);

    assertArrayEquals("Server should now know the client's response", largeResponseBytesOrig, serverReceivedResponseBytes);

    // Send an outcome with large additional data in a sasl-outcome, verify client receives it
    byte[] additionalBytes = Arrays.copyOf(largeAdditionalBytesOrig, largeAdditionalBytesOrig.length);
    serverSasl.send(additionalBytes, 0, additionalBytes.length);
    serverSasl.done(SaslOutcome.PN_SASL_OK);
    pumpServerToClient();

    assertEquals("Unexpected SASL outcome at client", SaslOutcome.PN_SASL_OK, clientSasl.getOutcome());

    byte[] clientReceivedAdditionalBytes = new byte[clientSasl.pending()];
    clientSasl.recv(clientReceivedAdditionalBytes, 0, clientReceivedAdditionalBytes.length);

    assertArrayEquals("Client should now know the server's outcome additional data", largeAdditionalBytesOrig,
            clientReceivedAdditionalBytes);
}
 
Example 13
Source File: ProtonHandler.java    From activemq-artemis with Apache License 2.0 4 votes vote down vote up
@Override
public void onSaslOutcome(Sasl sasl, Transport transport) {
   log.debug("onSaslOutcome: " + sasl);
   switch (sasl.getState()) {
      case PN_SASL_FAIL:
         log.info("Outbound connection failed, authentication failure");
         dispatchAuthFailed();
         break;
      case PN_SASL_PASS:
         log.debug("Outbound connection succeeded");

         if (sasl.pending() != 0) {
            byte[] additionalData = new byte[sasl.pending()];
            sasl.recv(additionalData, 0, additionalData.length);
            clientSASLMechanism.getResponse(additionalData);
         }

         saslResult = new SASLResult() {
            @Override
            public String getUser() {
               return null;
            }

            @Override
            public Subject getSubject() {
               return null;
            }

            @Override
            public boolean isSuccess() {
               return true;
            }
         };

         dispatchAuthSuccess();
         break;

      default:
         break;
   }
}