private Object[] getUserPass() throws LoginException { NameCallback nameCB = new NameCallback("username"); PasswordCallback passwordCB = new PasswordCallback("password", false); try { callbackHandler.handle(new Callback[] {nameCB, passwordCB}); } catch (IOException | UnsupportedCallbackException e) { throw new LoginException(e.toString()); } String username = nameCB.getName(); char[] password = passwordCB.getPassword(); passwordCB.clearPassword(); return new Object[] {username, password}; }
private void getSaltedPasswordFromPasswordCallback(NameCallback nameCallback, ByteStringBuilder b) throws SaslException { final PasswordCallback passwordCallback = new PasswordCallback("User password", false); try { tryHandleCallbacks(nameCallback, passwordCallback); } catch (UnsupportedCallbackException e) { final Callback callback = e.getCallback(); if (callback == nameCallback) { throw log.saslCallbackHandlerDoesNotSupportUserName(getMechanismName(), e); } else if (callback == passwordCallback) { return; // PasswordCallback not supported } else { throw log.saslCallbackHandlerFailedForUnknownReason(getMechanismName(), e); } } salt = ScramUtil.generateSalt(16, getRandom()); algorithmSpec = new IteratedSaltedPasswordAlgorithmSpec(minimumIterationCount, salt); char[] passwordChars = passwordCallback.getPassword(); passwordCallback.clearPassword(); getSaltedPasswordFromPasswordChars(passwordChars, b); }
/** * Loads the keystore using the given <code>KeyStore.LoadStoreParameter</code>. * * <p>Note that if this KeyStore has already been loaded, it is reinitialized and loaded again * from the given parameter. * * @param param the <code>KeyStore.LoadStoreParameter</code> that specifies how to load the * keystore, which may be <code>null</code> * @exception IllegalArgumentException if the given <code>KeyStore.LoadStoreParameter</code> input * is not recognized * @exception IOException if there is an I/O or format problem with the keystore data. If the * error is due to an incorrect <code>ProtectionParameter</code> (e.g. wrong password) the * {@link Throwable#getCause cause} of the <code>IOException</code> should be an <code> * UnrecoverableKeyException</code> * @exception NoSuchAlgorithmException if the algorithm used to check the integrity of the * keystore cannot be found * @exception CertificateException if any of the certificates in the keystore could not be loaded * @since 1.5 */ public void engineLoad(KeyStore.LoadStoreParameter param) throws IOException, NoSuchAlgorithmException, CertificateException { if (param == null) { engineLoad((InputStream) null, (char[]) null); return; } if (param instanceof KeyStore.SimpleLoadStoreParameter) { ProtectionParameter protection = param.getProtectionParameter(); char[] password; if (protection instanceof PasswordProtection) { password = ((PasswordProtection) protection).getPassword(); } else if (protection instanceof CallbackHandlerProtection) { CallbackHandler handler = ((CallbackHandlerProtection) protection).getCallbackHandler(); PasswordCallback callback = new PasswordCallback("Password: "******"Could not obtain password", e); } password = callback.getPassword(); callback.clearPassword(); if (password == null) { throw new NoSuchAlgorithmException("No password provided"); } } else { throw new NoSuchAlgorithmException( "ProtectionParameter must" + " be PasswordProtection or CallbackHandlerProtection"); } engineLoad(null, password); return; } throw new UnsupportedOperationException(); }
@Override public boolean login() throws LoginException { NameCallback nameCallback = new NameCallback("Username"); PasswordCallback passwordCallback = new PasswordCallback("Password", false); Callback callbacks[] = new Callback[] {nameCallback, passwordCallback}; try { callbackHandler.handle(callbacks); } catch (java.io.IOException e) { throw new LoginException(e.toString()); } catch (UnsupportedCallbackException e) { throw new LoginException("Error: " + e.getCallback().toString()); } boolean success; ParticipantId id = null; String address = nameCallback.getName(); if (!address.contains(ParticipantId.DOMAIN_PREFIX)) { address = address + ParticipantId.DOMAIN_PREFIX + AccountStoreHolder.getDefaultDomain(); } try { id = ParticipantId.of(address); AccountData account = accountStore.getAccount(id); char[] password = passwordCallback.getPassword(); if (account == null) { // The user doesn't exist. Auth failed. success = false; } else if (!account.isHuman()) { // The account is owned by a robot. Auth failed. success = false; } else if (password == null) { // Null password provided by callback. We require a password (even an empty one). success = false; } else if (!account.asHuman().getPasswordDigest().verify(password)) { // The supplied password doesn't match. Auth failed. success = false; } else { success = true; } } catch (InvalidParticipantAddress e) { // The supplied user address is invalid. Auth failed. success = false; } catch (PersistenceException e) { LOG.severe("Failed to retreive account data for " + id, e); throw new LoginException( "An unexpected error occured while trying to retrieve account information!"); } // The password is zeroed before it gets GC'ed for memory security. passwordCallback.clearPassword(); if (success) { principal = new ParticipantPrincipal(id); status = Status.OK; return true; } else { return false; } }