Beispiel #1
0
 public static void main(String[] args) throws Exception {
   try {
     Sasl.createSaslClient(
         new String[] {"NTLM"}, "abc", "ldap", "server", new HashMap<String, Object>(), null);
   } catch (SaslException se) {
     System.out.println(se);
   }
   try {
     Sasl.createSaslServer("NTLM", "ldap", "server", new HashMap<String, Object>(), null);
   } catch (SaslException se) {
     System.out.println(se);
   }
   try {
     Sasl.createSaslClient(
         new String[] {"NTLM"},
         "abc",
         "ldap",
         "server",
         null,
         new CallbackHandler() {
           @Override
           public void handle(Callback[] callbacks)
               throws IOException, UnsupportedCallbackException {}
         });
   } catch (SaslException se) {
     System.out.println(se);
   }
   try {
     SaslServer saslServer =
         Sasl.createSaslServer(
             "NTLM",
             "ldap",
             "abc",
             null,
             new CallbackHandler() {
               @Override
               public void handle(Callback[] callbacks)
                   throws IOException, UnsupportedCallbackException {}
             });
     System.err.println("saslServer = " + saslServer);
     System.err.println("saslServer.isComplete() = " + saslServer.isComplete());
     // IllegalStateException is expected here
     saslServer.getNegotiatedProperty("prop");
     System.err.println("No IllegalStateException");
   } catch (IllegalStateException se) {
     System.out.println(se);
   }
   try {
     SaslServer saslServer =
         Sasl.createSaslServer(
             "NTLM",
             "ldap",
             "abc",
             null,
             new CallbackHandler() {
               @Override
               public void handle(Callback[] callbacks)
                   throws IOException, UnsupportedCallbackException {}
             });
     System.err.println("saslServer = " + saslServer);
     System.err.println("saslServer.isComplete() = " + saslServer.isComplete());
     // IllegalStateException is expected here
     saslServer.getAuthorizationID();
     System.err.println("No IllegalStateException");
   } catch (IllegalStateException se) {
     System.out.println(se);
   }
   try {
     SaslServer saslServer =
         Sasl.createSaslServer(
             "NTLM",
             "ldap",
             "abc",
             null,
             new CallbackHandler() {
               @Override
               public void handle(Callback[] callbacks)
                   throws IOException, UnsupportedCallbackException {}
             });
     System.err.println("saslServer = " + saslServer);
     System.err.println("saslServer.isComplete() = " + saslServer.isComplete());
     // IllegalStateException is expected here
     saslServer.wrap(new byte[0], 0, 0);
     System.err.println("No IllegalStateException");
   } catch (IllegalStateException se) {
     System.out.println(se);
   }
 }
  /**
   * When writing octets to the resulting stream, if a security layer has been negotiated, each
   * piece of data written (by a single invocation of <code>write()</code>) will be encapsulated as
   * a SASL buffer, as defined in RFC 2222, and then written to the underlying <i>dest</i> output
   * stream.
   */
  public void write(byte[] b, int off, int len) throws IOException {
    if (b == null) {
      throw new NullPointerException("b");
    }
    if ((off < 0)
        || (off > b.length)
        || (len < 0)
        || ((off + len) > b.length)
        || ((off + len) < 0)) {
      throw new IndexOutOfBoundsException(
          "off="
              + String.valueOf(off)
              + ", len="
              + String.valueOf(len)
              + ", b.length="
              + String.valueOf(b.length));
    }
    if (len == 0) {
      return;
    }
    if (DEBUG && debuglevel > 8) debug(TRACE, "==> write()");

    int chunckSize, length, chunck = 1;
    byte[] output = null, result;
    if (DEBUG && debuglevel > 6)
      debug(TRACE, "About to wrap " + String.valueOf(len) + " byte(s)...");
    while (len > 0) {
      chunckSize = (len > maxRawSendSize ? maxRawSendSize : len);

      if (DEBUG && debuglevel > 6)
        debug(
            TRACE,
            "Outgoing buffer (before security) (hex): " + Util.dumpString(b, off, chunckSize));
      if (DEBUG && debuglevel > 6)
        debug(
            TRACE,
            "Outgoing buffer (before security) (str): \"" + new String(b, off, chunckSize) + "\"");

      if (client != null) output = client.wrap(b, off, chunckSize);
      else output = server.wrap(b, off, chunckSize);

      if (DEBUG && debuglevel > 6)
        debug(TRACE, "Outgoing buffer (after security) (hex): " + Util.dumpString(output));
      if (DEBUG && debuglevel > 6)
        debug(TRACE, "Outgoing buffer (after security) (str): \"" + new String(output) + "\"");

      length = output.length;
      result = new byte[length + 4];
      result[0] = (byte) (length >>> 24);
      result[1] = (byte) (length >>> 16);
      result[2] = (byte) (length >>> 8);
      result[3] = (byte) length;
      System.arraycopy(output, 0, result, 4, length);

      dest.write(result);

      off += chunckSize;
      len -= chunckSize;
      if (DEBUG && debuglevel > 6) debug(TRACE, "Wrapped chunck #" + String.valueOf(chunck));
      chunck++;
    }

    dest.flush();
    if (DEBUG && debuglevel > 8) debug(TRACE, "<== write()");
  }
  public static void main(String[] args) throws Exception {
    if (args.length == 0) {
      namesfile = null;
      auto = true;
    } else {
      int i = 0;
      if (args[i].equals("-m")) {
        i++;
        auto = false;
      }
      if (args.length > i) {
        namesfile = args[i++];
        if (args.length > i) {
          proxyfile = args[i];
        }
      } else {
        namesfile = null;
      }
    }

    CallbackHandler clntCbh = null;
    final CallbackHandler srvCbh = new PropertiesFileCallbackHandler(null, namesfile, proxyfile);

    Subject clntSubj = doLogin("client");
    Subject srvSubj = doLogin("server");
    final HashMap clntprops = new HashMap();
    final HashMap srvprops = new HashMap();

    clntprops.put(Sasl.QOP, "auth");
    srvprops.put(Sasl.QOP, "auth,auth-int,auth-conf");

    final SaslClient clnt =
        (SaslClient)
            Subject.doAs(
                clntSubj,
                new PrivilegedExceptionAction() {
                  public Object run() throws Exception {
                    return Sasl.createSaslClient(
                        new String[] {MECH}, null, PROTOCOL, SERVER_FQDN, clntprops, null);
                  }
                });

    if (verbose) {
      System.out.println(clntSubj);
      System.out.println(srvSubj);
    }
    final SaslServer srv =
        (SaslServer)
            Subject.doAs(
                srvSubj,
                new PrivilegedExceptionAction() {
                  public Object run() throws Exception {
                    return Sasl.createSaslServer(MECH, PROTOCOL, SERVER_FQDN, srvprops, srvCbh);
                  }
                });

    if (clnt == null) {
      throw new IllegalStateException("Unable to find client impl for " + MECH);
    }
    if (srv == null) {
      throw new IllegalStateException("Unable to find server impl for " + MECH);
    }

    byte[] response;
    byte[] challenge;

    response =
        (byte[])
            Subject.doAs(
                clntSubj,
                new PrivilegedExceptionAction() {
                  public Object run() throws Exception {
                    return (clnt.hasInitialResponse() ? clnt.evaluateChallenge(EMPTY) : EMPTY);
                  }
                });

    while (!clnt.isComplete() || !srv.isComplete()) {
      final byte[] responseCopy = response;
      challenge =
          (byte[])
              Subject.doAs(
                  srvSubj,
                  new PrivilegedExceptionAction() {
                    public Object run() throws Exception {
                      return srv.evaluateResponse(responseCopy);
                    }
                  });

      if (challenge != null) {
        final byte[] challengeCopy = challenge;
        response =
            (byte[])
                Subject.doAs(
                    clntSubj,
                    new PrivilegedExceptionAction() {
                      public Object run() throws Exception {
                        return clnt.evaluateChallenge(challengeCopy);
                      }
                    });
      }
    }

    if (clnt.isComplete() && srv.isComplete()) {
      if (verbose) {
        System.out.println("SUCCESS");
        System.out.println("authzid is " + srv.getAuthorizationID());
      }
    } else {
      throw new IllegalStateException(
          "FAILURE: mismatched state:"
              + " client complete? "
              + clnt.isComplete()
              + " server complete? "
              + srv.isComplete());
    }

    if (verbose) {
      System.out.println(clnt.getNegotiatedProperty(Sasl.QOP));
    }

    // Now try to use security layer

    byte[] clntBuf = new byte[] {0, 1, 2, 3};
    try {
      byte[] wrapped = clnt.wrap(clntBuf, 0, clntBuf.length);
      throw new Exception("clnt wrap should not be allowed w/no security layer");
    } catch (IllegalStateException e) {
      // expected
    }

    byte[] srvBuf = new byte[] {10, 11, 12, 13};
    try {
      byte[] wrapped = srv.wrap(srvBuf, 0, srvBuf.length);
      throw new Exception("srv wrap should not be allowed w/no security layer");
    } catch (IllegalStateException e) {
      // expected
    }

    try {
      byte[] unwrapped = clnt.unwrap(clntBuf, 0, clntBuf.length);
      throw new Exception("clnt wrap should not be allowed w/no security layer");
    } catch (IllegalStateException e) {
      // expected
    }

    try {
      byte[] unwrapped = srv.unwrap(srvBuf, 0, srvBuf.length);
      throw new Exception("srv wrap should not be allowed w/no security layer");
    } catch (IllegalStateException e) {
      // expected
    }
  }
 @Override
 public byte[] wrap(byte[] outgoing, int offset, int len) throws SaslException {
   return server.wrap(outgoing, offset, len);
 }