public static void main(String[] args) throws Exception {
if (args.length == 0) {
namesfile = null;
auto = true;
} else {
int i = 0;
if (args[i].equals("-m")) {
i++;
auto = false;
}
if (args.length > i) {
namesfile = args[i++];
if (args.length > i) {
proxyfile = args[i];
}
} else {
namesfile = null;
}
}
CallbackHandler clntCbh = null;
final CallbackHandler srvCbh = new PropertiesFileCallbackHandler(null, namesfile, proxyfile);
Subject clntSubj = doLogin("client");
Subject srvSubj = doLogin("server");
final HashMap clntprops = new HashMap();
final HashMap srvprops = new HashMap();
clntprops.put(Sasl.QOP, "auth");
srvprops.put(Sasl.QOP, "auth,auth-int,auth-conf");
final SaslClient clnt =
(SaslClient)
Subject.doAs(
clntSubj,
new PrivilegedExceptionAction() {
public Object run() throws Exception {
return Sasl.createSaslClient(
new String[] {MECH}, null, PROTOCOL, SERVER_FQDN, clntprops, null);
}
});
if (verbose) {
System.out.println(clntSubj);
System.out.println(srvSubj);
}
final SaslServer srv =
(SaslServer)
Subject.doAs(
srvSubj,
new PrivilegedExceptionAction() {
public Object run() throws Exception {
return Sasl.createSaslServer(MECH, PROTOCOL, SERVER_FQDN, srvprops, srvCbh);
}
});
if (clnt == null) {
throw new IllegalStateException("Unable to find client impl for " + MECH);
}
if (srv == null) {
throw new IllegalStateException("Unable to find server impl for " + MECH);
}
byte[] response;
byte[] challenge;
response =
(byte[])
Subject.doAs(
clntSubj,
new PrivilegedExceptionAction() {
public Object run() throws Exception {
return (clnt.hasInitialResponse() ? clnt.evaluateChallenge(EMPTY) : EMPTY);
}
});
while (!clnt.isComplete() || !srv.isComplete()) {
final byte[] responseCopy = response;
challenge =
(byte[])
Subject.doAs(
srvSubj,
new PrivilegedExceptionAction() {
public Object run() throws Exception {
return srv.evaluateResponse(responseCopy);
}
});
if (challenge != null) {
final byte[] challengeCopy = challenge;
response =
(byte[])
Subject.doAs(
clntSubj,
new PrivilegedExceptionAction() {
public Object run() throws Exception {
return clnt.evaluateChallenge(challengeCopy);
}
});
}
}
if (clnt.isComplete() && srv.isComplete()) {
if (verbose) {
System.out.println("SUCCESS");
System.out.println("authzid is " + srv.getAuthorizationID());
}
} else {
throw new IllegalStateException(
"FAILURE: mismatched state:"
+ " client complete? "
+ clnt.isComplete()
+ " server complete? "
+ srv.isComplete());
}
if (verbose) {
System.out.println(clnt.getNegotiatedProperty(Sasl.QOP));
}
// Now try to use security layer
byte[] clntBuf = new byte[] {0, 1, 2, 3};
try {
byte[] wrapped = clnt.wrap(clntBuf, 0, clntBuf.length);
throw new Exception("clnt wrap should not be allowed w/no security layer");
} catch (IllegalStateException e) {
// expected
}
byte[] srvBuf = new byte[] {10, 11, 12, 13};
try {
byte[] wrapped = srv.wrap(srvBuf, 0, srvBuf.length);
throw new Exception("srv wrap should not be allowed w/no security layer");
} catch (IllegalStateException e) {
// expected
}
try {
byte[] unwrapped = clnt.unwrap(clntBuf, 0, clntBuf.length);
throw new Exception("clnt wrap should not be allowed w/no security layer");
} catch (IllegalStateException e) {
// expected
}
try {
byte[] unwrapped = srv.unwrap(srvBuf, 0, srvBuf.length);
throw new Exception("srv wrap should not be allowed w/no security layer");
} catch (IllegalStateException e) {
// expected
}
}
/**
* When writing octets to the resulting stream, if a security layer has been negotiated, each
* piece of data written (by a single invocation of <code>write()</code>) will be encapsulated as
* a SASL buffer, as defined in RFC 2222, and then written to the underlying <i>dest</i> output
* stream.
*/
public void write(byte[] b, int off, int len) throws IOException {
if (b == null) {
throw new NullPointerException("b");
}
if ((off < 0)
|| (off > b.length)
|| (len < 0)
|| ((off + len) > b.length)
|| ((off + len) < 0)) {
throw new IndexOutOfBoundsException(
"off="
+ String.valueOf(off)
+ ", len="
+ String.valueOf(len)
+ ", b.length="
+ String.valueOf(b.length));
}
if (len == 0) {
return;
}
if (DEBUG && debuglevel > 8) debug(TRACE, "==> write()");
int chunckSize, length, chunck = 1;
byte[] output = null, result;
if (DEBUG && debuglevel > 6)
debug(TRACE, "About to wrap " + String.valueOf(len) + " byte(s)...");
while (len > 0) {
chunckSize = (len > maxRawSendSize ? maxRawSendSize : len);
if (DEBUG && debuglevel > 6)
debug(
TRACE,
"Outgoing buffer (before security) (hex): " + Util.dumpString(b, off, chunckSize));
if (DEBUG && debuglevel > 6)
debug(
TRACE,
"Outgoing buffer (before security) (str): \"" + new String(b, off, chunckSize) + "\"");
if (client != null) output = client.wrap(b, off, chunckSize);
else output = server.wrap(b, off, chunckSize);
if (DEBUG && debuglevel > 6)
debug(TRACE, "Outgoing buffer (after security) (hex): " + Util.dumpString(output));
if (DEBUG && debuglevel > 6)
debug(TRACE, "Outgoing buffer (after security) (str): \"" + new String(output) + "\"");
length = output.length;
result = new byte[length + 4];
result[0] = (byte) (length >>> 24);
result[1] = (byte) (length >>> 16);
result[2] = (byte) (length >>> 8);
result[3] = (byte) length;
System.arraycopy(output, 0, result, 4, length);
dest.write(result);
off += chunckSize;
len -= chunckSize;
if (DEBUG && debuglevel > 6) debug(TRACE, "Wrapped chunck #" + String.valueOf(chunck));
chunck++;
}
dest.flush();
if (DEBUG && debuglevel > 8) debug(TRACE, "<== write()");
}