diff options
| author | Martin Ritchie <ritchiem@apache.org> | 2008-06-06 16:46:48 +0000 |
|---|---|---|
| committer | Martin Ritchie <ritchiem@apache.org> | 2008-06-06 16:46:48 +0000 |
| commit | f7ca7ec96e7fb7926bc578aec3c4c5e7e1e3daad (patch) | |
| tree | 241459c4184d4f087b40e756f94be7dd2c8169e9 | |
| parent | 985e8c974e786b8aa03c48db159804c1a9e97ae2 (diff) | |
| download | qpid-python-f7ca7ec96e7fb7926bc578aec3c4c5e7e1e3daad.tar.gz | |
Merged revisions 663999-664020 via svnmerge from
https://svn.apache.org/repos/asf/incubator/qpid/branches/M2.x
........
r663999 | ritchiem | 2008-06-06 17:03:42 +0100 (Fri, 06 Jun 2008) | 1 line
QPID-1058 : Added new CramMD5HexSaslClient.cs and registered it in the Sasl Factory and the client CallbackHandler
........
r664001 | ritchiem | 2008-06-06 17:03:48 +0100 (Fri, 06 Jun 2008) | 1 line
QPID-1058 : Addition of a CRAM-MD5-HEX as discussed on the JIRA. An additional test is provided to ensure that the handle method correctly wraps a given Database password in hex.
........
r664020 | ritchiem | 2008-06-06 17:32:49 +0100 (Fri, 06 Jun 2008) | 2 lines
QPID-1058 : Removal of Console WriteLine as highlighted in code review by Robert Godfrey.
........
git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/branches/M2.1.x@664028 13f79535-47bb-0310-9956-ffa450edef68
12 files changed, 664 insertions, 5 deletions
diff --git a/dotnet/Qpid.Client/Client/Security/CallbackHandlerRegistry.cs b/dotnet/Qpid.Client/Client/Security/CallbackHandlerRegistry.cs index 85be927ff4..22f1c9d89b 100644 --- a/dotnet/Qpid.Client/Client/Security/CallbackHandlerRegistry.cs +++ b/dotnet/Qpid.Client/Client/Security/CallbackHandlerRegistry.cs @@ -96,6 +96,8 @@ namespace Apache.Qpid.Client.Security _mechanism2HandlerMap.Add(ExternalSaslClient.Mechanism, typeof(UsernamePasswordCallbackHandler));
if ( !_mechanism2HandlerMap.Contains(CramMD5SaslClient.Mechanism) )
_mechanism2HandlerMap.Add(CramMD5SaslClient.Mechanism, typeof(UsernamePasswordCallbackHandler));
+ if ( !_mechanism2HandlerMap.Contains(CramMD5HexSaslClient.Mechanism) )
+ _mechanism2HandlerMap.Add(CramMD5HexSaslClient.Mechanism, typeof(UsernamePasswordCallbackHandler));
if ( !_mechanism2HandlerMap.Contains(PlainSaslClient.Mechanism) )
_mechanism2HandlerMap.Add(PlainSaslClient.Mechanism, typeof(UsernamePasswordCallbackHandler));
diff --git a/dotnet/Qpid.Integration.Tests/Qpid.Integration.Tests.csproj b/dotnet/Qpid.Integration.Tests/Qpid.Integration.Tests.csproj new file mode 100644 index 0000000000..51d91f2bd3 --- /dev/null +++ b/dotnet/Qpid.Integration.Tests/Qpid.Integration.Tests.csproj @@ -0,0 +1,65 @@ +<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <PropertyGroup>
+ <ProjectGuid>{DE21CEBC-F38C-43EA-B576-38CA9738A00A}</ProjectGuid>
+ <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
+ <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
+ <OutputType>Library</OutputType>
+ <RootNamespace>Qpid.Integration.Tests</RootNamespace>
+ <AssemblyName>Qpid.Integration.Tests</AssemblyName>
+ </PropertyGroup>
+ <PropertyGroup Condition=" '$(Configuration)' == 'Debug' ">
+ <OutputPath>bin\Debug\</OutputPath>
+ <DebugSymbols>True</DebugSymbols>
+ <DebugType>Full</DebugType>
+ <Optimize>False</Optimize>
+ <CheckForOverflowUnderflow>True</CheckForOverflowUnderflow>
+ <DefineConstants>DEBUG;TRACE</DefineConstants>
+ </PropertyGroup>
+ <PropertyGroup Condition=" '$(Configuration)' == 'Release' ">
+ <OutputPath>bin\Release\</OutputPath>
+ <DebugSymbols>False</DebugSymbols>
+ <DebugType>None</DebugType>
+ <Optimize>True</Optimize>
+ <CheckForOverflowUnderflow>False</CheckForOverflowUnderflow>
+ <DefineConstants>TRACE</DefineConstants>
+ </PropertyGroup>
+ <Import Project="$(MSBuildBinPath)\Microsoft.CSharp.Targets" />
+ <ItemGroup>
+ <Reference Include="System" />
+ <Reference Include="System.Xml" />
+ </ItemGroup>
+ <ItemGroup>
+ <Compile Include="framework\Circuit.cs" />
+ <Compile Include="framework\FrameworkBaseCase.cs" />
+ <Compile Include="framework\Publisher.cs" />
+ <Compile Include="framework\Receiver.cs" />
+ <Compile Include="framework\TestClientDetails.cs" />
+ <Compile Include="framework\TestModel.cs" />
+ <Compile Include="interactive\SendReceiveTest.cs" />
+ <Compile Include="interop\InteropClientTestCase.cs" />
+ <Compile Include="interop\TestCases\TestCase1DummyRun.cs" />
+ <Compile Include="interop\TestCases\TestCase3BasicPubSub.cs" />
+ <Compile Include="testcases\BaseMessagingTestFixture.cs" />
+ <Compile Include="testcases\ChannelQueueTest.cs" />
+ <Compile Include="testcases\CommitRollbackTest.cs" />
+ <Compile Include="testcases\ConnectionTest.cs" />
+ <Compile Include="testcases\DurableSubscriptionTest.cs" />
+ <Compile Include="testcases\HeadersExchangeTest.cs" />
+ <Compile Include="testcases\MandatoryMessageTest.cs" />
+ <Compile Include="testcases\ProducerMultiConsumerTest.cs" />
+ <Compile Include="testcases\SslConnectionTest.cs" />
+ <Compile Include="testcases\SustainedTest.cs" />
+ </ItemGroup>
+ <ItemGroup>
+ <Compile Include="framework\Assertion.cs" />
+ </ItemGroup>
+ <ItemGroup>
+ <Compile Include="interactive\FailoverTest.cs" />
+ </ItemGroup>
+ <ItemGroup>
+ <Compile Include="interop\TestClient.cs" />
+ </ItemGroup>
+ <ItemGroup>
+ <Compile Include="interop\TestCases\TestCase2BasicP2P.cs" />
+ </ItemGroup>
+</Project>
\ No newline at end of file diff --git a/dotnet/Qpid.NET.sln b/dotnet/Qpid.NET.sln index 8b174db90f..c5157ed4e5 100644 --- a/dotnet/Qpid.NET.sln +++ b/dotnet/Qpid.NET.sln @@ -1,4 +1,4 @@ -Microsoft Visual Studio Solution File, Format Version 9.00
+Microsoft Visual Studio Solution File, Format Version 9.00
# Visual Studio 2005
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Qpid.Messaging", "Qpid.Messaging\Qpid.Messaging.csproj", "{6688F826-C58E-4C1B-AA1F-22AFAB4B7D07}"
EndProject
@@ -26,6 +26,8 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "TopicListener", "TopicListe EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "TestClient", "TestClient\TestClient.csproj", "{9A112DF2-146F-4CF4-919B-9D3BE7D088E9}"
EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Qpid.Integration.Tests", "Qpid.Integration.Tests\Qpid.Integration.Tests.csproj", "{DE21CEBC-F38C-43EA-B576-38CA9738A00A}"
+EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
@@ -80,6 +82,14 @@ Global {9A112DF2-146F-4CF4-919B-9D3BE7D088E9}.Debug|Any CPU.Build.0 = Debug|Any CPU
{9A112DF2-146F-4CF4-919B-9D3BE7D088E9}.Release|Any CPU.ActiveCfg = Release|Any CPU
{9A112DF2-146F-4CF4-919B-9D3BE7D088E9}.Release|Any CPU.Build.0 = Release|Any CPU
+ {666C2D04-C9DC-4D43-B4DF-0989225EABC3}.Debug|Any CPU.Build.0 = Debug|Any CPU
+ {666C2D04-C9DC-4D43-B4DF-0989225EABC3}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+ {666C2D04-C9DC-4D43-B4DF-0989225EABC3}.Release|Any CPU.Build.0 = Release|Any CPU
+ {666C2D04-C9DC-4D43-B4DF-0989225EABC3}.Release|Any CPU.ActiveCfg = Release|Any CPU
+ {DE21CEBC-F38C-43EA-B576-38CA9738A00A}.Debug|Any CPU.Build.0 = Debug|Any CPU
+ {DE21CEBC-F38C-43EA-B576-38CA9738A00A}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+ {DE21CEBC-F38C-43EA-B576-38CA9738A00A}.Release|Any CPU.Build.0 = Release|Any CPU
+ {DE21CEBC-F38C-43EA-B576-38CA9738A00A}.Release|Any CPU.ActiveCfg = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
diff --git a/dotnet/Qpid.Sasl/Callbacks.cs b/dotnet/Qpid.Sasl/Callbacks.cs index 90e36beeb8..a5913eb61e 100644 --- a/dotnet/Qpid.Sasl/Callbacks.cs +++ b/dotnet/Qpid.Sasl/Callbacks.cs @@ -21,6 +21,8 @@ using System;
using System.Text;
+using System.Globalization;
+using System.Security.Cryptography;
namespace Apache.Qpid.Sasl
{
@@ -87,6 +89,37 @@ namespace Apache.Qpid.Sasl : base("password:", "", "")
{
}
+
+ public byte[] HashedText
+ {
+ get
+ {
+ string _text = this.Text;
+ System.Security.Cryptography.MD5CryptoServiceProvider x = new System.Security.Cryptography.MD5CryptoServiceProvider();
+ byte[] bs = x.ComputeHash(Encoding.UTF8.GetBytes(_text));
+ return bs;
+ }
+
+ }
+ } // class PasswordCallback
+
+ public class HashedPasswordCallback : TextSaslCallback
+ {
+ public HashedPasswordCallback()
+ : base("password:", "", "")
+ {
+ }
+
+ public byte[] HashedText
+ {
+ get {
+ string _text = this.Text;
+ System.Security.Cryptography.MD5CryptoServiceProvider x = new System.Security.Cryptography.MD5CryptoServiceProvider();
+ _text = _text.PadRight(16, '\0');
+ byte[] bs = x.ComputeHash(Encoding.UTF8.GetBytes(_text));
+ return bs;
+ }
+ }
} // class PasswordCallback
public class RealmCallback : TextSaslCallback
diff --git a/dotnet/Qpid.Sasl/DefaultClientFactory.cs b/dotnet/Qpid.Sasl/DefaultClientFactory.cs index d552aa80c0..a38e5d50c7 100644 --- a/dotnet/Qpid.Sasl/DefaultClientFactory.cs +++ b/dotnet/Qpid.Sasl/DefaultClientFactory.cs @@ -31,6 +31,7 @@ namespace Apache.Qpid.Sasl private static readonly string[] SUPPORTED = new string[] {
DigestSaslClient.Mechanism,
CramMD5SaslClient.Mechanism,
+ CramMD5HexSaslClient.Mechanism,
PlainSaslClient.Mechanism,
AnonymousSaslClient.Mechanism,
ExternalSaslClient.Mechanism,
@@ -50,6 +51,7 @@ namespace Apache.Qpid.Sasl props.Contains(SaslProperties.PolicyPassCredentials) )
{
vetoed.Add(CramMD5SaslClient.Mechanism);
+ vetoed.Add(CramMD5HexSaslClient.Mechanism);
vetoed.Add(PlainSaslClient.Mechanism);
vetoed.Add(AnonymousSaslClient.Mechanism);
vetoed.Add(ExternalSaslClient.Mechanism);
@@ -81,6 +83,8 @@ namespace Apache.Qpid.Sasl return new DigestSaslClient(authorizationId, serverName, protocol, props, handler);
if ( mechs.Contains(CramMD5SaslClient.Mechanism) )
return new CramMD5SaslClient(authorizationId, props, handler);
+ if ( mechs.Contains(CramMD5HexSaslClient.Mechanism) )
+ return new CramMD5HexSaslClient(authorizationId, props, handler);
if ( mechs.Contains(PlainSaslClient.Mechanism) )
return new PlainSaslClient(authorizationId, props, handler);
if ( mechs.Contains(AnonymousSaslClient.Mechanism) )
diff --git a/dotnet/Qpid.Sasl/Mechanisms/CramMD5HexSaslClient.cs b/dotnet/Qpid.Sasl/Mechanisms/CramMD5HexSaslClient.cs new file mode 100644 index 0000000000..018bb65173 --- /dev/null +++ b/dotnet/Qpid.Sasl/Mechanisms/CramMD5HexSaslClient.cs @@ -0,0 +1,93 @@ +/*
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+using System;
+using System.Collections;
+using System.Security.Cryptography;
+using System.Text;
+
+namespace Apache.Qpid.Sasl.Mechanisms
+{
+ /// <summary>
+ /// Implements the CRAM-MD5 authentication mechanism as outlined
+ /// in RFC 2195
+ /// </summary>
+ public class CramMD5HexSaslClient : SaslClient
+ {
+ public const string Mechanism = "CRAM-MD5-HEX";
+ private const int MinPwdLen = 16;
+
+ public CramMD5HexSaslClient(
+ string authorizationId,
+ IDictionary properties,
+ ISaslCallbackHandler handler)
+ : base(authorizationId, null, null, properties, handler)
+ {
+ }
+
+ #region ISaslClient Implementation
+ //
+ // ISaslClient Implementation
+ //
+
+ public override string MechanismName
+ {
+ get { return Mechanism; }
+ }
+
+ public override bool HasInitialResponse
+ {
+ get { return false; }
+ }
+
+
+ public override byte[] EvaluateChallenge(byte[] challenge)
+ {
+ if ( challenge == null || challenge.Length == 0 )
+ throw new ArgumentNullException("challenge");
+
+
+ NameCallback nameCB = new NameCallback(AuthorizationId);
+ PasswordCallback pwdCB = new PasswordCallback();
+ ISaslCallback[] callbacks = { nameCB, pwdCB };
+ Handler.Handle(callbacks);
+
+ string username = nameCB.Text;
+
+ //Encode the Hashed Password as Hex
+ byte[] passwd = Encoding.UTF8.GetBytes(ToHex(pwdCB.HashedText));
+
+ string s = System.Text.UTF8Encoding.UTF8.GetString(challenge);
+
+ using ( HMAC hmac = new HMACMD5(passwd) )
+ {
+ byte[] value = hmac.ComputeHash(challenge);
+ string encoded = ToHex(value);
+ SetComplete();
+ return Encoding.UTF8.GetBytes(username + " " + encoded);
+ }
+ }
+
+ #endregion // ISaslClient Implementation
+
+ } // class CramMD5HashedSaslClient
+
+} // namespace Apache.Qpid.Sasl.Mechanisms
diff --git a/dotnet/Qpid.Sasl/Qpid.Sasl.csproj b/dotnet/Qpid.Sasl/Qpid.Sasl.csproj index 891d710379..6efbd5e272 100644 --- a/dotnet/Qpid.Sasl/Qpid.Sasl.csproj +++ b/dotnet/Qpid.Sasl/Qpid.Sasl.csproj @@ -38,6 +38,7 @@ <Compile Include="Configuration\SaslConfiguration.cs" />
<Compile Include="Configuration\SaslConfigurationSectionHandler.cs" />
<Compile Include="MD5HMAC.cs" />
+ <Compile Include="Mechanisms\CramMD5HexSaslClient.cs" />
<Compile Include="Mechanisms\ExternalSaslClient.cs" />
<Compile Include="SaslException.cs" />
<Compile Include="Mechanisms\AnonymousSaslClient.cs" />
@@ -61,4 +62,4 @@ <Target Name="AfterBuild">
</Target>
-->
-</Project>
+</Project>
\ No newline at end of file diff --git a/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/Base64MD5PasswordFilePrincipalDatabase.java b/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/Base64MD5PasswordFilePrincipalDatabase.java index 348bccb4e9..ec4ce8cb85 100644 --- a/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/Base64MD5PasswordFilePrincipalDatabase.java +++ b/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/Base64MD5PasswordFilePrincipalDatabase.java @@ -24,6 +24,7 @@ import org.apache.log4j.Logger; import org.apache.qpid.server.security.auth.sasl.AuthenticationProviderInitialiser; import org.apache.qpid.server.security.auth.sasl.UsernamePrincipal; import org.apache.qpid.server.security.auth.sasl.crammd5.CRAMMD5HashedInitialiser; +import org.apache.qpid.server.security.auth.sasl.crammd5.CRAMMD5HexInitialiser; import org.apache.qpid.server.security.access.management.AMQUserManagementMBean; import org.apache.commons.codec.binary.Base64; import org.apache.commons.codec.EncoderException; @@ -81,6 +82,11 @@ public class Base64MD5PasswordFilePrincipalDatabase implements PrincipalDatabase cram.initialise(this); _saslServers.put(cram.getMechanismName(), cram); + //Add the Hex initialiser + CRAMMD5HexInitialiser cramHex = new CRAMMD5HexInitialiser(); + cramHex.initialise(this); + _saslServers.put(cramHex.getMechanismName(), cramHex); + //fixme The PDs should setup a PD Mangement MBean // try // { @@ -284,7 +290,6 @@ public class Base64MD5PasswordFilePrincipalDatabase implements PrincipalDatabase return true; } - public Map<String, AuthenticationProviderInitialiser> getMechanisms() { return _saslServers; @@ -325,7 +330,6 @@ public class Base64MD5PasswordFilePrincipalDatabase implements PrincipalDatabase } } - private void loadPasswordFile() throws IOException { try @@ -553,7 +557,6 @@ public class Base64MD5PasswordFilePrincipalDatabase implements PrincipalDatabase _encodedPassword = null; } - byte[] getEncodePassword() throws EncoderException, UnsupportedEncodingException, NoSuchAlgorithmException { if (_encodedPassword == null) diff --git a/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/crammd5/CRAMMD5HexInitialiser.java b/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/crammd5/CRAMMD5HexInitialiser.java new file mode 100644 index 0000000000..b3099897ad --- /dev/null +++ b/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/crammd5/CRAMMD5HexInitialiser.java @@ -0,0 +1,139 @@ +/* + * + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.qpid.server.security.auth.sasl.crammd5; + +import org.apache.qpid.server.security.auth.database.PrincipalDatabase; +import org.apache.qpid.server.security.auth.sasl.UsernamePasswordInitialiser; +import org.apache.qpid.server.security.auth.sasl.AuthenticationProviderInitialiser; + +import javax.security.sasl.SaslServerFactory; +import javax.security.auth.callback.PasswordCallback; +import javax.security.auth.login.AccountNotFoundException; +import java.util.Map; +import java.util.List; +import java.security.Principal; +import java.io.IOException; + +public class CRAMMD5HexInitialiser extends UsernamePasswordInitialiser +{ + public String getMechanismName() + { + return CRAMMD5HexSaslServer.MECHANISM; + } + + public Class<? extends SaslServerFactory> getServerFactoryClassForJCARegistration() + { + return CRAMMD5HexServerFactory.class; + } + + public Map<String, ?> getProperties() + { + return null; + } + + public void initialise(PrincipalDatabase db) + { + super.initialise(new HexifyPrincipalDatabase(db)); + + } + + private class HexifyPrincipalDatabase implements PrincipalDatabase + { + private PrincipalDatabase _realPricipalDatabase; + + HexifyPrincipalDatabase(PrincipalDatabase db) + { + _realPricipalDatabase = db; + } + + private char[] toHex(char[] password) + { + StringBuilder sb = new StringBuilder(); + for (char c : password) + { + //toHexString does not prepend 0 so we have to + if (((byte) c > -1) && (byte) c < 10) + { + sb.append(0); + } + + sb.append(Integer.toHexString(c & 0xFF)); + } + + //Extract the hex string as char[] + char[] hex = new char[sb.length()]; + + sb.getChars(0, sb.length(), hex, 0); + + return hex; + } + + public void setPassword(Principal principal, PasswordCallback callback) throws IOException, AccountNotFoundException + { + //Let the read DB set the password + _realPricipalDatabase.setPassword(principal, callback); + + //Retrieve the setpassword + char[] plainPassword = callback.getPassword(); + + char[] hexPassword = toHex(plainPassword); + + callback.setPassword(hexPassword); + } + + // Simply delegate to the real PrincipalDB + public boolean verifyPassword(String principal, char[] password) throws AccountNotFoundException + { + return _realPricipalDatabase.verifyPassword(principal, password); + } + + public boolean updatePassword(Principal principal, char[] password) throws AccountNotFoundException + { + return _realPricipalDatabase.updatePassword(principal, password); + } + + public boolean createPrincipal(Principal principal, char[] password) + { + return _realPricipalDatabase.createPrincipal(principal, password); + } + + public boolean deletePrincipal(Principal principal) throws AccountNotFoundException + { + return _realPricipalDatabase.deletePrincipal(principal); + } + + public Principal getUser(String username) + { + return _realPricipalDatabase.getUser(username); + } + + public Map<String, AuthenticationProviderInitialiser> getMechanisms() + { + return _realPricipalDatabase.getMechanisms(); + } + + public List<Principal> getUsers() + { + return _realPricipalDatabase.getUsers(); + } + } + +} diff --git a/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/crammd5/CRAMMD5HexSaslServer.java b/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/crammd5/CRAMMD5HexSaslServer.java new file mode 100644 index 0000000000..192ff74bff --- /dev/null +++ b/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/crammd5/CRAMMD5HexSaslServer.java @@ -0,0 +1,105 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + * + */ +package org.apache.qpid.server.security.auth.sasl.crammd5; + +import javax.security.sasl.SaslServer; +import javax.security.sasl.SaslException; +import javax.security.sasl.Sasl; +import javax.security.sasl.SaslServerFactory; +import javax.security.auth.callback.CallbackHandler; +import java.util.Enumeration; +import java.util.Map; + +public class CRAMMD5HexSaslServer implements SaslServer +{ + public static final String MECHANISM = "CRAM-MD5-HEX"; + + private SaslServer _realServer; + + public CRAMMD5HexSaslServer(String mechanism, String protocol, String serverName, Map<String, ?> props, + CallbackHandler cbh) throws SaslException + { + Enumeration factories = Sasl.getSaslServerFactories(); + + while (factories.hasMoreElements()) + { + SaslServerFactory factory = (SaslServerFactory) factories.nextElement(); + + if (factory instanceof CRAMMD5HexServerFactory) + { + continue; + } + + String[] mechs = factory.getMechanismNames(props); + + for (String mech : mechs) + { + if (mech.equals("CRAM-MD5")) + { + _realServer = factory.createSaslServer("CRAM-MD5", protocol, serverName, props, cbh); + return; + } + } + } + + throw new RuntimeException("No default SaslServer found for mechanism:" + "CRAM-MD5"); + } + + public String getMechanismName() + { + return MECHANISM; + } + + public byte[] evaluateResponse(byte[] response) throws SaslException + { + return _realServer.evaluateResponse(response); + } + + public boolean isComplete() + { + return _realServer.isComplete(); + } + + public String getAuthorizationID() + { + return _realServer.getAuthorizationID(); + } + + public byte[] unwrap(byte[] incoming, int offset, int len) throws SaslException + { + return _realServer.unwrap(incoming, offset, len); + } + + public byte[] wrap(byte[] outgoing, int offset, int len) throws SaslException + { + return _realServer.wrap(outgoing, offset, len); + } + + public Object getNegotiatedProperty(String propName) + { + return _realServer.getNegotiatedProperty(propName); + } + + public void dispose() throws SaslException + { + _realServer.dispose(); + } +} diff --git a/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/crammd5/CRAMMD5HexServerFactory.java b/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/crammd5/CRAMMD5HexServerFactory.java new file mode 100644 index 0000000000..ce0e19abf9 --- /dev/null +++ b/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/crammd5/CRAMMD5HexServerFactory.java @@ -0,0 +1,61 @@ +/* + * + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.qpid.server.security.auth.sasl.crammd5; + +import java.util.Map; + +import javax.security.auth.callback.CallbackHandler; +import javax.security.sasl.Sasl; +import javax.security.sasl.SaslException; +import javax.security.sasl.SaslServer; +import javax.security.sasl.SaslServerFactory; + +public class CRAMMD5HexServerFactory implements SaslServerFactory +{ + public SaslServer createSaslServer(String mechanism, String protocol, String serverName, Map<String, ?> props, + CallbackHandler cbh) throws SaslException + { + if (mechanism.equals(CRAMMD5HexSaslServer.MECHANISM)) + { + return new CRAMMD5HexSaslServer(mechanism, protocol, serverName, props, cbh); + } + else + { + return null; + } + } + + public String[] getMechanismNames(Map props) + { + if (props != null) + { + if (props.containsKey(Sasl.POLICY_NOPLAINTEXT) || + props.containsKey(Sasl.POLICY_NODICTIONARY) || + props.containsKey(Sasl.POLICY_NOACTIVE)) + { + // returned array must be non null according to interface documentation + return new String[0]; + } + } + + return new String[]{CRAMMD5HexSaslServer.MECHANISM}; + } +} diff --git a/java/broker/src/test/java/org/apache/qpid/server/securiity/auth/sasl/CRAMMD5HexInitialiserTest.java b/java/broker/src/test/java/org/apache/qpid/server/securiity/auth/sasl/CRAMMD5HexInitialiserTest.java new file mode 100644 index 0000000000..0d92b21d74 --- /dev/null +++ b/java/broker/src/test/java/org/apache/qpid/server/securiity/auth/sasl/CRAMMD5HexInitialiserTest.java @@ -0,0 +1,143 @@ +/* + * + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.qpid.server.securiity.auth.sasl; + +import junit.framework.TestCase; +import org.apache.qpid.server.security.auth.database.PropertiesPrincipalDatabase; +import org.apache.qpid.server.security.auth.sasl.crammd5.CRAMMD5HexInitialiser; + +import javax.security.auth.callback.Callback; +import javax.security.auth.callback.NameCallback; +import javax.security.auth.callback.PasswordCallback; +import javax.security.auth.callback.UnsupportedCallbackException; +import java.io.IOException; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.util.Properties; + +/** + * These tests ensure that the Hex wrapping that the initialiser performs does actually operate when the handle method is called. + */ +public class CRAMMD5HexInitialiserTest extends TestCase +{ + + public void testHex() + { + + //Create User details for testing + String user = "testUser"; + String password = "testPassword"; + + perform(user, password); + } + + public void testHashedHex() + { + + //Create User details for testing + String user = "testUser"; + String password = "testPassword"; + + //Create a hashed password that we then attempt to put through the call back mechanism. + try + { + password = new String(MessageDigest.getInstance("MD5").digest(password.getBytes())); + } + catch (NoSuchAlgorithmException e) + { + fail(e.getMessage()); + } + + perform(user, password); + } + + public void perform(String user, String password) + { + CRAMMD5HexInitialiser initialiser = new CRAMMD5HexInitialiser(); + + //Use properties to create a PrincipalDatabase + Properties users = new Properties(); + users.put(user, password); + + PropertiesPrincipalDatabase db = new PropertiesPrincipalDatabase(users); + + initialiser.initialise(db); + + //setup the callbacks + PasswordCallback passwordCallback = new PasswordCallback("password:", false); + NameCallback usernameCallback = new NameCallback("user:", user); + + Callback[] callbacks = new Callback[]{usernameCallback, passwordCallback}; + + //Check the + try + { + assertNull("The password was not null before the handle call.", passwordCallback.getPassword()); + initialiser.getCallbackHandler().handle(callbacks); + } + catch (IOException e) + { + fail(e.getMessage()); + } + catch (UnsupportedCallbackException e) + { + fail(e.getMessage()); + } + + //Hex the password we initialised with and compare it with the passwordCallback + assertArrayEquals(toHex(password.toCharArray()), passwordCallback.getPassword()); + + } + + private void assertArrayEquals(char[] expected, char[] actual) + { + assertEquals("Arrays are not the same length", expected.length, actual.length); + + for (int index = 0; index < expected.length; index++) + { + assertEquals("Characters are not equal", expected[index], actual[index]); + } + } + + private char[] toHex(char[] password) + { + StringBuilder sb = new StringBuilder(); + for (char c : password) + { + //toHexString does not prepend 0 so we have to + if (((byte) c > -1) && (byte) c < 10) + { + sb.append(0); + } + + sb.append(Integer.toHexString(c & 0xFF)); + } + + //Extract the hex string as char[] + char[] hex = new char[sb.length()]; + + sb.getChars(0, sb.length(), hex, 0); + + return hex; + } + + +} |