public SecurityIdentity getLocalIdentity(final int id) {
if (id == 0) {
final SaslAuthenticationFactory authenticationFactory = this.authenticationFactory;
return authenticationFactory == null
? null
: authenticationFactory.getSecurityDomain().getAnonymousSecurityIdentity();
} else if (id == 1) {
return getLocalIdentity();
}
final Auth auth = authMap.get(id);
return auth != null
? (SecurityIdentity)
auth.getSaslServer().getNegotiatedProperty(WildFlySasl.SECURITY_IDENTITY)
: null;
}
@BeforeClass
public static void create() throws Exception {
final WildFlyElytronProvider provider = new WildFlyElytronProvider();
Security.addProvider(provider);
providerName = provider.getName();
endpoint = Endpoint.builder().setEndpointName("test").build();
NetworkServerProvider networkServerProvider =
endpoint.getConnectionProviderInterface("remote", NetworkServerProvider.class);
final SecurityDomain.Builder domainBuilder = SecurityDomain.builder();
final SimpleMapBackedSecurityRealm mainRealm = new SimpleMapBackedSecurityRealm();
domainBuilder.addRealm("mainRealm", mainRealm).build();
domainBuilder.setDefaultRealmName("mainRealm");
domainBuilder.setPermissionMapper((permissionMappable, roles) -> PermissionVerifier.ALL);
final PasswordFactory passwordFactory = PasswordFactory.getInstance("clear");
mainRealm.setPasswordMap(
"bob", passwordFactory.generatePassword(new ClearPasswordSpec("pass".toCharArray())));
final SaslServerFactory saslServerFactory =
new ServiceLoaderSaslServerFactory(RemoteChannelCloseTest.class.getClassLoader());
final SaslAuthenticationFactory.Builder builder = SaslAuthenticationFactory.builder();
builder.setSecurityDomain(domainBuilder.build());
builder.setFactory(saslServerFactory);
builder.addMechanism(
SaslMechanismInformation.Names.SCRAM_SHA_256, MechanismConfiguration.EMPTY);
final SaslAuthenticationFactory saslAuthenticationFactory = builder.build();
streamServer =
networkServerProvider.createServer(
new InetSocketAddress("localhost", 30123), OptionMap.EMPTY, saslAuthenticationFactory);
}
ConnectionImpl(
final EndpointImpl endpoint,
final ConnectionHandlerFactory connectionHandlerFactory,
final ConnectionProviderContext connectionProviderContext,
final URI peerUri,
final Principal principal,
final UnaryOperator<SaslClientFactory> saslClientFactoryOperator,
final SaslAuthenticationFactory authenticationFactory,
final AuthenticationConfiguration authenticationConfiguration) {
super(endpoint.getExecutor(), true);
this.endpoint = endpoint;
this.peerUri = peerUri;
this.principal = principal;
this.authenticationConfiguration = authenticationConfiguration;
this.connectionHandler =
connectionHandlerFactory.createInstance(
endpoint.new LocalConnectionContext(connectionProviderContext, this));
this.authenticationFactory = authenticationFactory;
this.peerIdentityContext =
new ConnectionPeerIdentityContext(
this, authenticationFactory == null ? null : authenticationFactory.getMechanismNames());
}
public void receiveAuthRequest(
final int id, final String mechName, final byte[] initialResponse) {
log.tracef("Received authentication request for ID %08x, mech %s", id, mechName);
if (id == 0 || id == 1) {
// ignore
return;
}
getExecutor()
.execute(
() -> {
final SaslServer saslServer;
final IntIndexHashMap<Auth> authMap = this.authMap;
try {
saslServer =
authenticationFactory.createMechanism(
mechName, f -> new ServerNameSaslServerFactory(f, endpoint.getName()));
} catch (SaslException e) {
log.trace("Authentication failed at mechanism creation", e);
try {
Auth oldAuth = authMap.put(new Auth(id, new RejectingSaslServer()));
if (oldAuth != null) oldAuth.dispose();
connectionHandler.sendAuthReject(id);
} catch (IOException e1) {
log.trace("Failed to send auth reject", e1);
}
return;
}
// clear out any old auth
final Auth auth = new Auth(id, saslServer);
Auth oldAuth = authMap.put(auth);
if (oldAuth != null) oldAuth.dispose();
final byte[] challenge;
try {
challenge = saslServer.evaluateResponse(initialResponse);
} catch (SaslException e) {
log.trace("Authentication failed at response evaluation", e);
try {
connectionHandler.sendAuthReject(id);
} catch (IOException e1) {
authMap.remove(auth);
auth.dispose();
log.trace("Failed to send auth reject", e1);
}
return;
}
if (saslServer.isComplete()) {
try {
connectionHandler.sendAuthSuccess(id, challenge);
} catch (IOException e) {
authMap.remove(auth);
auth.dispose();
log.trace("Failed to send auth success", e);
}
return;
} else {
try {
connectionHandler.sendAuthChallenge(id, challenge);
} catch (IOException e) {
authMap.remove(auth);
auth.dispose();
log.trace("Failed to send auth challenge", e);
}
return;
}
});
}
