public override byte[] EvaluateChallenge(byte[] challenge) { if (challenge == null || challenge.Length == 0) { throw new ArgumentNullException("challenge"); } NameCallback nameCB = new NameCallback(AuthorizationId); PasswordCallback pwdCB = new PasswordCallback(); ISaslCallback[] callbacks = { nameCB, pwdCB }; Handler.Handle(callbacks); string username = nameCB.Text; string passwd = pwdCB.Text.PadRight(MinPwdLen, '\0'); byte[] secret = Encoding.UTF8.GetBytes(passwd); //using ( HMAC hmac = new HMACMD5(secret) ) using (MD5HMAC hmac = new MD5HMAC(secret)) { byte[] value = hmac.ComputeHash(challenge); string encoded = ToHex(value); SetComplete(); return(Encoding.UTF8.GetBytes(username + " " + encoded)); } }
public override byte[] EvaluateChallenge(byte[] challenge) { if ( challenge == null || challenge.Length == 0 ) throw new ArgumentNullException("challenge"); NameCallback nameCB = new NameCallback(AuthorizationId); PasswordCallback pwdCB = new PasswordCallback(); ISaslCallback[] callbacks = { nameCB, pwdCB }; Handler.Handle(callbacks); string username = nameCB.Text; //Encode the Hashed Password as Hex byte[] passwd = Encoding.UTF8.GetBytes(ToHex(pwdCB.HashedText)); string s = System.Text.UTF8Encoding.UTF8.GetString(challenge); using ( HMAC hmac = new HMACMD5(passwd) ) { byte[] value = hmac.ComputeHash(challenge); string encoded = ToHex(value); SetComplete(); return Encoding.UTF8.GetBytes(username + " " + encoded); } }
public override byte[] EvaluateChallenge(byte[] challenge) { if (challenge == null || challenge.Length == 0) { throw new ArgumentNullException("challenge"); } NameCallback nameCB = new NameCallback(AuthorizationId); PasswordCallback pwdCB = new PasswordCallback(); ISaslCallback[] callbacks = { nameCB, pwdCB }; Handler.Handle(callbacks); string username = nameCB.Text; //Encode the Hashed Password as Hex byte[] passwd = Encoding.UTF8.GetBytes(ToHex(pwdCB.HashedText)); string s = System.Text.UTF8Encoding.UTF8.GetString(challenge); using (HMAC hmac = new HMACMD5(passwd)) { byte[] value = hmac.ComputeHash(challenge); string encoded = ToHex(value); SetComplete(); return(Encoding.UTF8.GetBytes(username + " " + encoded)); } }
public override byte[] EvaluateChallenge(byte[] challenge) { if ( challenge == null || challenge.Length == 0 ) throw new ArgumentNullException("challenge"); NameCallback nameCB = new NameCallback(AuthorizationId); PasswordCallback pwdCB = new PasswordCallback(); ISaslCallback[] callbacks = { nameCB, pwdCB }; Handler.Handle(callbacks); string username = nameCB.Text; string passwd = pwdCB.Text.PadRight(MinPwdLen, '\0'); byte[] secret = Encoding.UTF8.GetBytes(passwd); //using ( HMAC hmac = new HMACMD5(secret) ) using ( MD5HMAC hmac = new MD5HMAC(secret) ) { byte[] value = hmac.ComputeHash(challenge); string encoded = ToHex(value); SetComplete(); return Encoding.UTF8.GetBytes(username + " " + encoded); } }
/// <exception cref="Javax.Security.Sasl.SaslException"/> public virtual byte[] EvaluateResponse(byte[] response) { if (completed) { throw new InvalidOperationException("PLAIN authentication has completed"); } if (response == null) { throw new ArgumentException("Received null response"); } try { string payload; try { payload = Runtime.GetStringForBytes(response, "UTF-8"); } catch (Exception e) { throw new ArgumentException("Received corrupt response", e); } // [ authz, authn, password ] string[] parts = payload.Split("\u0000", 3); if (parts.Length != 3) { throw new ArgumentException("Received corrupt response"); } if (parts[0].IsEmpty()) { // authz = authn parts[0] = parts[1]; } NameCallback nc = new NameCallback("SASL PLAIN"); nc.SetName(parts[1]); PasswordCallback pc = new PasswordCallback("SASL PLAIN", false); pc.SetPassword(parts[2].ToCharArray()); AuthorizeCallback ac = new AuthorizeCallback(parts[1], parts[0]); cbh.Handle(new Javax.Security.Auth.Callback.Callback[] { nc, pc, ac }); if (ac.IsAuthorized()) { authz = ac.GetAuthorizedID(); } } catch (Exception e) { throw new SaslException("PLAIN auth failed: " + e.Message); } finally { completed = true; } return(null); }
/// <exception cref="System.IO.IOException"/> /// <exception cref="Javax.Security.Auth.Callback.UnsupportedCallbackException"/> public void Handle(Javax.Security.Auth.Callback.Callback[] callbacks) { NameCallback nc = null; PasswordCallback pc = null; RealmCallback rc = null; foreach (Javax.Security.Auth.Callback.Callback callback in callbacks) { if (callback is RealmChoiceCallback) { continue; } else { if (callback is NameCallback) { nc = (NameCallback)callback; } else { if (callback is PasswordCallback) { pc = (PasswordCallback)callback; } else { if (callback is RealmCallback) { rc = (RealmCallback)callback; } else { throw new UnsupportedCallbackException(callback, "Unrecognized SASL client callback" ); } } } } } if (nc != null) { nc.SetName(userName); } if (pc != null) { pc.SetPassword(password); } if (rc != null) { rc.SetText(rc.GetDefaultText()); } }
/// <exception cref="System.IO.IOException"/> /// <exception cref="Javax.Security.Auth.Callback.UnsupportedCallbackException"/> public void Handle(Javax.Security.Auth.Callback.Callback[] callbacks) { NameCallback nc = null; PasswordCallback pc = null; AuthorizeCallback ac = null; foreach (Javax.Security.Auth.Callback.Callback callback in callbacks) { if (callback is AuthorizeCallback) { ac = (AuthorizeCallback)callback; } else { if (callback is PasswordCallback) { pc = (PasswordCallback)callback; } else { if (callback is NameCallback) { nc = (NameCallback)callback; } else { if (callback is RealmCallback) { continue; } else { // realm is ignored throw new UnsupportedCallbackException(callback, "Unrecognized SASL DIGEST-MD5 Callback: " + callback); } } } } } if (pc != null) { pc.SetPassword(passwordFunction.Apply(nc.GetDefaultName())); } if (ac != null) { ac.SetAuthorized(true); ac.SetAuthorizedID(ac.GetAuthorizationID()); } }
/// <summary> /// Loads the keystore using the given /// {@code KeyStore.LoadStoreParameter}. /// /// <para> Note that if this KeyStore has already been loaded, it is /// reinitialized and loaded again from the given parameter. /// /// </para> /// </summary> /// <param name="param"> the {@code KeyStore.LoadStoreParameter} /// that specifies how to load the keystore, /// which may be {@code null} /// </param> /// <exception cref="IllegalArgumentException"> if the given /// {@code KeyStore.LoadStoreParameter} /// input is not recognized </exception> /// <exception cref="IOException"> if there is an I/O or format problem with the /// keystore data. If the error is due to an incorrect /// {@code ProtectionParameter} (e.g. wrong password) /// the <seealso cref="Throwable#getCause cause"/> of the /// {@code IOException} should be an /// {@code UnrecoverableKeyException} </exception> /// <exception cref="NoSuchAlgorithmException"> if the algorithm used to check /// the integrity of the keystore cannot be found </exception> /// <exception cref="CertificateException"> if any of the certificates in the /// keystore could not be loaded /// /// @since 1.5 </exception> //JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in .NET: //ORIGINAL LINE: public void engineLoad(KeyStore.LoadStoreParameter param) throws IOException, NoSuchAlgorithmException, java.security.cert.CertificateException public virtual void EngineLoad(KeyStore.LoadStoreParameter param) { if (param == null) { EngineLoad((InputStream)null, (char[])null); return; } if (param is KeyStore.SimpleLoadStoreParameter) { ProtectionParameter protection = param.ProtectionParameter; char[] password; if (protection is PasswordProtection) { password = ((PasswordProtection)protection).Password; } else if (protection is CallbackHandlerProtection) { CallbackHandler handler = ((CallbackHandlerProtection)protection).CallbackHandler; PasswordCallback callback = new PasswordCallback("Password: "******"Could not obtain password", e); } password = callback.Password; callback.clearPassword(); if (password == null) { throw new NoSuchAlgorithmException("No password provided"); } } else { throw new NoSuchAlgorithmException("ProtectionParameter must" + " be PasswordProtection or CallbackHandlerProtection"); } EngineLoad(null, password); return; } throw new UnsupportedOperationException(); }
// // Private Methods // /// <summary> /// Process the first challenge from the server /// and calculate a response /// </summary> /// <param name="challenge">The server issued challenge</param> /// <returns>Client response</returns> private byte[] OnInitialChallenge(byte[] challenge) { DigestChallenge dch = DigestChallenge.Parse(_encoding.GetString(challenge)); // validate input challenge if (dch.Nonce == null || dch.Nonce.Length == 0) { throw new SaslException("Nonce value missing in server challenge"); } if (dch.Algorithm != "md5-sess") { throw new SaslException("Invalid or missing algorithm value in server challenge"); } NameCallback nameCB = new NameCallback(AuthorizationId); PasswordCallback pwdCB = new PasswordCallback(); RealmCallback realmCB = new RealmCallback(dch.Realm); ISaslCallback[] callbacks = { nameCB, pwdCB, realmCB }; Handler.Handle(callbacks); DigestResponse response = new DigestResponse(); response.Username = nameCB.Text; response.Realm = realmCB.Text; response.Nonce = dch.Nonce; response.Cnonce = Cnonce; response.NonceCount = 1; response.Qop = DigestQop.Auth; // only auth supported for now response.DigestUri = Protocol.ToLower() + "/" + ServerName; response.MaxBuffer = dch.MaxBuffer; response.Charset = dch.Charset; response.Cipher = null; // not supported for now response.Authzid = AuthorizationId; response.AuthParam = dch.AuthParam; response.Response = CalculateResponse( nameCB.Text, realmCB.Text, pwdCB.Text, dch.Nonce, response.NonceCount, response.Qop, response.DigestUri ); return(_encoding.GetBytes(response.ToString())); }
public override byte[] EvaluateChallenge(byte[] challenge) { // ignore challenge NameCallback nameCB = new NameCallback(); PasswordCallback pwdCB = new PasswordCallback(); ISaslCallback[] callbacks = { nameCB, pwdCB }; Handler.Handle(callbacks); string username = nameCB.Text; string authid = AuthorizationId; string passwd = pwdCB.Text; string response = string.Format("{0}\0{1}\0{2}", authid, username, passwd); SetComplete(); return Encoding.UTF8.GetBytes(response); }
public override byte[] EvaluateChallenge(byte[] challenge) { // ignore challenge NameCallback nameCB = new NameCallback(); PasswordCallback pwdCB = new PasswordCallback(); ISaslCallback[] callbacks = { nameCB, pwdCB }; Handler.Handle(callbacks); string username = nameCB.Text; string authid = AuthorizationId; string passwd = pwdCB.Text; string response = string.Format("{0}\0{1}\0{2}", authid, username, passwd); SetComplete(); return(Encoding.UTF8.GetBytes(response)); }
public void handle(Callback [] callbacks) { for (int i = 0; i < callbacks.Length; i++) { if (callbacks [i] is NameCallback) { NameCallback nc = (NameCallback)callbacks [i]; nc.setName(_username); } else if (callbacks [i] is PasswordCallback) { PasswordCallback pc = (PasswordCallback)callbacks [i]; pc.setPassword(_password.ToCharArray()); } else { throw new UnsupportedCallbackException(callbacks [i], "Unrecognized Callback"); } } }
/// <summary> /// Calls PEM_read_bio_PrivateKey() /// </summary> /// <param name="bio"></param> /// <param name="passwd"></param> /// <returns></returns> public static CryptoKey FromPrivateKey(BIO bio, string passwd) { PasswordCallback callback = new PasswordCallback(passwd); return(FromPrivateKey(bio, callback.OnPassword, null)); }
public override void setPasswordCallback(PasswordCallback callback) { _engine.setPasswordCallback(callback); }
internal void setPasswordCallback(PasswordCallback callback) { _passwordCallback = callback; }
internal void initialize() { if(_initialized) { return; } const string prefix = "IceSSL."; Ice.Properties properties = communicator().getProperties(); // // Check for a default directory. We look in this directory for // files mentioned in the configuration. // _defaultDir = properties.getProperty(prefix + "DefaultDir"); string certStoreLocation = properties.getPropertyWithDefault(prefix + "CertStoreLocation", "CurrentUser"); StoreLocation storeLocation; if(certStoreLocation == "CurrentUser") { storeLocation = StoreLocation.CurrentUser; } else if(certStoreLocation == "LocalMachine") { storeLocation = StoreLocation.LocalMachine; } else { _logger.warning("Invalid IceSSL.CertStoreLocation value `" + certStoreLocation + "' adjusted to `CurrentUser'"); storeLocation = StoreLocation.CurrentUser; } _useMachineContext = certStoreLocation == "LocalMachine"; #if !UNITY X509KeyStorageFlags keyStorageFlags; if(_useMachineContext) { keyStorageFlags = X509KeyStorageFlags.MachineKeySet; } else { keyStorageFlags = X509KeyStorageFlags.UserKeySet; } string keySet = properties.getProperty(prefix + "KeySet"); // Deprecated property if(keySet.Length > 0) { if(keySet.Equals("DefaultKeySet")) { keyStorageFlags = X509KeyStorageFlags.DefaultKeySet; } else if(keySet.Equals("UserKeySet")) { keyStorageFlags = X509KeyStorageFlags.UserKeySet; } else if(keySet.Equals("MachineKeySet")) { keyStorageFlags = X509KeyStorageFlags.MachineKeySet; } else { _logger.warning("Invalid IceSSL.KeySet value `" + keySet + "' adjusted to `DefaultKeySet'"); keyStorageFlags = X509KeyStorageFlags.DefaultKeySet; } } if(properties.getPropertyAsIntWithDefault(prefix + "PersistKeySet", 0) > 0) // Deprecated property { keyStorageFlags |= X509KeyStorageFlags.PersistKeySet; } // // Process IceSSL.ImportCert.* properties. // Dictionary<string, string> certs = properties.getPropertiesForPrefix(prefix + "ImportCert."); foreach(KeyValuePair<string, string> entry in certs) { string name = entry.Key; string val = entry.Value; if(val.Length > 0) { importCertificate(name, val, keyStorageFlags); } } #endif // // Protocols selects which protocols to enable, by default we only enable TLS1.0 // TLS1.1 and TLS1.2 to avoid security issues with SSLv3 // _protocols = parseProtocols( properties.getPropertyAsListWithDefault(prefix + "Protocols", #if UNITY new string[]{"TLS1_0"})); #else _tls12Support ? new string[]{"TLS1_0", "TLS1_1", "TLS1_2"} : new string[]{"TLS1_0", "TLS1_1"})); #endif // // CheckCertName determines whether we compare the name in a peer's // certificate against its hostname. // _checkCertName = properties.getPropertyAsIntWithDefault(prefix + "CheckCertName", 0) > 0; // // VerifyDepthMax establishes the maximum length of a peer's certificate // chain, including the peer's certificate. A value of 0 means there is // no maximum. // _verifyDepthMax = properties.getPropertyAsIntWithDefault(prefix + "VerifyDepthMax", 3); // // CheckCRL determines whether the certificate revocation list is checked, and how strictly. // _checkCRL = properties.getPropertyAsIntWithDefault(prefix + "CheckCRL", 0); #if !UNITY // // Check for a certificate verifier. // string certVerifierClass = properties.getProperty(prefix + "CertVerifier"); if(certVerifierClass.Length > 0) { if(_verifier != null) { Ice.PluginInitializationException e = new Ice.PluginInitializationException(); e.reason = "IceSSL: certificate verifier already installed"; throw e; } Type cls = _facade.findType(certVerifierClass); if(cls == null) { Ice.PluginInitializationException e = new Ice.PluginInitializationException(); e.reason = "IceSSL: unable to load certificate verifier class " + certVerifierClass; throw e; } try { _verifier = (CertificateVerifier)IceInternal.AssemblyUtil.createInstance(cls); } catch(Exception ex) { Ice.PluginInitializationException e = new Ice.PluginInitializationException(ex); e.reason = "IceSSL: unable to instantiate certificate verifier class " + certVerifierClass; throw e; } if(_verifier == null) { Ice.PluginInitializationException e = new Ice.PluginInitializationException(); e.reason = "IceSSL: unable to instantiate certificate verifier class " + certVerifierClass; throw e; } } // // Check for a password callback. // string passwordCallbackClass = properties.getProperty(prefix + "PasswordCallback"); if(passwordCallbackClass.Length > 0) { if(_passwordCallback != null) { Ice.PluginInitializationException e = new Ice.PluginInitializationException(); e.reason = "IceSSL: password callback already installed"; throw e; } Type cls = _facade.findType(passwordCallbackClass); if(cls == null) { Ice.PluginInitializationException e = new Ice.PluginInitializationException(); e.reason = "IceSSL: unable to load password callback class " + passwordCallbackClass; throw e; } try { _passwordCallback = (PasswordCallback)IceInternal.AssemblyUtil.createInstance(cls); } catch(Exception ex) { Ice.PluginInitializationException e = new Ice.PluginInitializationException(ex); e.reason = "IceSSL: unable to load password callback class " + passwordCallbackClass; throw e; } if(_passwordCallback == null) { Ice.PluginInitializationException e = new Ice.PluginInitializationException(); e.reason = "IceSSL: unable to load password callback class " + passwordCallbackClass; throw e; } } // // If the user hasn't supplied a certificate collection, we need to examine // the property settings. // if(_certs == null) { // // If IceSSL.CertFile is defined, load a certificate from a file and // add it to the collection. // // TODO: tracing? _certs = new X509Certificate2Collection(); string certFile = properties.getProperty(prefix + "CertFile"); string passwordStr = properties.getProperty(prefix + "Password"); string findCert = properties.getProperty(prefix + "FindCert"); const string findPrefix = prefix + "FindCert."; Dictionary<string, string> findCertProps = properties.getPropertiesForPrefix(findPrefix); if(certFile.Length > 0) { if(!checkPath(ref certFile)) { Ice.PluginInitializationException e = new Ice.PluginInitializationException(); e.reason = "IceSSL: certificate file not found: " + certFile; throw e; } SecureString password = null; if(passwordStr.Length > 0) { password = createSecureString(passwordStr); } else if(_passwordCallback != null) { password = _passwordCallback.getPassword(certFile); } try { X509Certificate2 cert; X509KeyStorageFlags importFlags; if(_useMachineContext) { importFlags = X509KeyStorageFlags.MachineKeySet; } else { importFlags = X509KeyStorageFlags.UserKeySet; } if(password != null) { cert = new X509Certificate2(certFile, password, importFlags); } else { cert = new X509Certificate2(certFile, "", importFlags); } _certs.Add(cert); } catch(CryptographicException ex) { Ice.PluginInitializationException e = new Ice.PluginInitializationException(ex); e.reason = "IceSSL: error while attempting to load certificate from " + certFile; throw e; } } else if(findCert.Length > 0) { string certStore = properties.getPropertyWithDefault("IceSSL.CertStore", "My"); _certs.AddRange(findCertificates("IceSSL.FindCert", storeLocation, certStore, findCert)); if(_certs.Count == 0) { throw new Ice.PluginInitializationException("IceSSL: no certificates found"); } } else if(findCertProps.Count > 0) { // // If IceSSL.FindCert.* properties are defined, add the selected certificates // to the collection. // foreach(KeyValuePair<string, string> entry in findCertProps) { string name = entry.Key; string val = entry.Value; if(val.Length > 0) { string storeSpec = name.Substring(findPrefix.Length); StoreLocation storeLoc = 0; StoreName storeName = 0; string sname = null; parseStore(name, storeSpec, ref storeLoc, ref storeName, ref sname); if(sname == null) { sname = storeName.ToString(); } X509Certificate2Collection coll = findCertificates(name, storeLoc, sname, val); _certs.AddRange(coll); } } if(_certs.Count == 0) { Ice.PluginInitializationException e = new Ice.PluginInitializationException(); e.reason = "IceSSL: no certificates found"; throw e; } } } if(_caCerts == null) { string certAuthFile = properties.getProperty(prefix + "CAs"); if(certAuthFile.Length == 0) { certAuthFile = properties.getProperty(prefix + "CertAuthFile"); } if(certAuthFile.Length > 0 || properties.getPropertyAsInt(prefix + "UsePlatformCAs") <= 0) { _caCerts = new X509Certificate2Collection(); } if(certAuthFile.Length > 0) { if(!checkPath(ref certAuthFile)) { Ice.PluginInitializationException e = new Ice.PluginInitializationException(); e.reason = "IceSSL: CA certificate file not found: " + certAuthFile; throw e; } try { using(System.IO.FileStream fs = System.IO.File.OpenRead(certAuthFile)) { byte[] data = new byte[fs.Length]; fs.Read(data, 0, data.Length); string strbuf = ""; try { strbuf = System.Text.Encoding.UTF8.GetString(data); } catch(Exception) { // Ignore } if(strbuf.Length == data.Length) { int size, startpos, endpos = 0; bool first = true; while(true) { startpos = strbuf.IndexOf("-----BEGIN CERTIFICATE-----", endpos); if(startpos != -1) { endpos = strbuf.IndexOf("-----END CERTIFICATE-----", startpos); size = endpos - startpos + "-----END CERTIFICATE-----".Length; } else if(first) { startpos = 0; endpos = strbuf.Length; size = strbuf.Length; } else { break; } byte[] cert = new byte[size]; System.Buffer.BlockCopy(data, startpos, cert, 0, size); _caCerts.Import(cert); first = false; } } else { _caCerts.Import(data); } } } catch(Exception ex) { Ice.PluginInitializationException e = new Ice.PluginInitializationException(ex); e.reason = "IceSSL: error while attempting to load CA certificate from " + certAuthFile; throw e; } } } #endif _initialized = true; }
/// <summary> /// Establish the password callback object. This must be /// done before the plug-in is initialized. /// </summary> /// <param name="callback">The password callback.</param> public abstract void setPasswordCallback(PasswordCallback callback);
public override void setPasswordCallback(PasswordCallback callback) { instance_.setPasswordCallback(callback); }
/// <exception cref="Javax.Security.Auth.Callback.UnsupportedCallbackException"/> public virtual void Handle(Javax.Security.Auth.Callback.Callback[] callbacks) { NameCallback nc = null; PasswordCallback pc = null; RealmCallback rc = null; foreach (Javax.Security.Auth.Callback.Callback callback in callbacks) { if (callback is RealmChoiceCallback) { continue; } else { if (callback is NameCallback) { nc = (NameCallback)callback; } else { if (callback is PasswordCallback) { pc = (PasswordCallback)callback; } else { if (callback is RealmCallback) { rc = (RealmCallback)callback; } else { throw new UnsupportedCallbackException(callback, "Unrecognized SASL client callback" ); } } } } } if (nc != null) { if (Log.IsDebugEnabled()) { Log.Debug("SASL client callback: setting username: "******"SASL client callback: setting userPassword"); } pc.SetPassword(userPassword); } if (rc != null) { if (Log.IsDebugEnabled()) { Log.Debug("SASL client callback: setting realm: " + rc.GetDefaultText()); } rc.SetText(rc.GetDefaultText()); } }
internal void initialize() { if(_initialized) { return; } const string prefix = "IceSSL."; Ice.Properties properties = communicator().getProperties(); // // Check for a default directory. We look in this directory for // files mentioned in the configuration. // _defaultDir = properties.getProperty(prefix + "DefaultDir"); // // Process IceSSL.ImportCert.* properties. // Dictionary<string, string> certs = properties.getPropertiesForPrefix(prefix + "ImportCert."); foreach(KeyValuePair<string, string> entry in certs) { string name = entry.Key; string val = entry.Value; if(val.Length > 0) { importCertificate(name, val); } } // // Select protocols. // _protocols = parseProtocols(prefix + "Protocols"); // // CheckCertName determines whether we compare the name in a peer's // certificate against its hostname. // _checkCertName = properties.getPropertyAsIntWithDefault(prefix + "CheckCertName", 0) > 0; // // VerifyDepthMax establishes the maximum length of a peer's certificate // chain, including the peer's certificate. A value of 0 means there is // no maximum. // _verifyDepthMax = properties.getPropertyAsIntWithDefault(prefix + "VerifyDepthMax", 2); // // CheckCRL determines whether the certificate revocation list is checked, and how strictly. // _checkCRL = properties.getPropertyAsIntWithDefault(prefix + "CheckCRL", 0); // // Check for a certificate verifier. // string certVerifierClass = properties.getProperty(prefix + "CertVerifier"); if(certVerifierClass.Length > 0) { if(_verifier != null) { Ice.PluginInitializationException e = new Ice.PluginInitializationException(); e.reason = "IceSSL: certificate verifier already installed"; throw e; } Type cls = _facade.findType(certVerifierClass); if(cls == null) { Ice.PluginInitializationException e = new Ice.PluginInitializationException(); e.reason = "IceSSL: unable to load certificate verifier class " + certVerifierClass; throw e; } try { _verifier = (CertificateVerifier)IceInternal.AssemblyUtil.createInstance(cls); } catch(Exception ex) { Ice.PluginInitializationException e = new Ice.PluginInitializationException(ex); e.reason = "IceSSL: unable to instantiate certificate verifier class " + certVerifierClass; throw e; } if(_verifier == null) { Ice.PluginInitializationException e = new Ice.PluginInitializationException(); e.reason = "IceSSL: unable to instantiate certificate verifier class " + certVerifierClass; throw e; } } // // Check for a password callback. // string passwordCallbackClass = properties.getProperty(prefix + "PasswordCallback"); if(passwordCallbackClass.Length > 0) { if(_passwordCallback != null) { Ice.PluginInitializationException e = new Ice.PluginInitializationException(); e.reason = "IceSSL: password callback already installed"; throw e; } Type cls = _facade.findType(passwordCallbackClass); if(cls == null) { Ice.PluginInitializationException e = new Ice.PluginInitializationException(); e.reason = "IceSSL: unable to load password callback class " + passwordCallbackClass; throw e; } try { _passwordCallback = (PasswordCallback)IceInternal.AssemblyUtil.createInstance(cls); } catch(Exception ex) { Ice.PluginInitializationException e = new Ice.PluginInitializationException(ex); e.reason = "IceSSL: unable to load password callback class " + passwordCallbackClass; throw e; } if(_passwordCallback == null) { Ice.PluginInitializationException e = new Ice.PluginInitializationException(); e.reason = "IceSSL: unable to load password callback class " + passwordCallbackClass; throw e; } } // // If the user hasn't supplied a certificate collection, we need to examine // the property settings. // if(_certs == null) { // // If IceSSL.CertFile is defined, load a certificate from a file and // add it to the collection. // // TODO: tracing? _certs = new X509Certificate2Collection(); string certFile = properties.getProperty(prefix + "CertFile"); string passwordStr = properties.getProperty(prefix + "Password"); if(certFile.Length > 0) { if(!checkPath(ref certFile)) { Ice.PluginInitializationException e = new Ice.PluginInitializationException(); e.reason = "IceSSL: certificate file not found: " + certFile; throw e; } SecureString password = null; if(passwordStr.Length > 0) { password = createSecureString(passwordStr); } else if(_passwordCallback != null) { password = _passwordCallback.getPassword(certFile); } try { X509Certificate2 cert; if(password != null) { cert = new X509Certificate2(certFile, password); } else { cert = new X509Certificate2(certFile); } _certs.Add(cert); } catch(CryptographicException ex) { Ice.PluginInitializationException e = new Ice.PluginInitializationException(ex); e.reason = "IceSSL: error while attempting to load certificate from " + certFile; throw e; } } // // If IceSSL.FindCert.* properties are defined, add the selected certificates // to the collection. // // TODO: tracing? const string findPrefix = prefix + "FindCert."; Dictionary<string, string> certProps = properties.getPropertiesForPrefix(findPrefix); if(certProps.Count > 0) { foreach(KeyValuePair<string, string> entry in certProps) { string name = entry.Key; string val = entry.Value; if(val.Length > 0) { string storeSpec = name.Substring(findPrefix.Length); X509Certificate2Collection coll = findCertificates(name, storeSpec, val); _certs.AddRange(coll); } } if(_certs.Count == 0) { Ice.PluginInitializationException e = new Ice.PluginInitializationException(); e.reason = "IceSSL: no certificates found"; throw e; } } } _initialized = true; }
/// <exception cref="Org.Apache.Hadoop.Security.Token.SecretManager.InvalidToken"/> /// <exception cref="Javax.Security.Auth.Callback.UnsupportedCallbackException"/> /// <exception cref="Org.Apache.Hadoop.Ipc.StandbyException"/> /// <exception cref="Org.Apache.Hadoop.Ipc.RetriableException"/> /// <exception cref="System.IO.IOException"/> public virtual void Handle(Javax.Security.Auth.Callback.Callback[] callbacks) { NameCallback nc = null; PasswordCallback pc = null; AuthorizeCallback ac = null; foreach (Javax.Security.Auth.Callback.Callback callback in callbacks) { if (callback is AuthorizeCallback) { ac = (AuthorizeCallback)callback; } else { if (callback is NameCallback) { nc = (NameCallback)callback; } else { if (callback is PasswordCallback) { pc = (PasswordCallback)callback; } else { if (callback is RealmCallback) { continue; } else { // realm is ignored throw new UnsupportedCallbackException(callback, "Unrecognized SASL DIGEST-MD5 Callback" ); } } } } } if (pc != null) { TokenIdentifier tokenIdentifier = GetIdentifier(nc.GetDefaultName(), secretManager ); char[] password = GetPassword(tokenIdentifier); UserGroupInformation user = null; user = tokenIdentifier.GetUser(); // may throw exception connection.attemptingUser = user; if (Log.IsDebugEnabled()) { Log.Debug("SASL server DIGEST-MD5 callback: setting password " + "for client: " + tokenIdentifier.GetUser()); } pc.SetPassword(password); } if (ac != null) { string authid = ac.GetAuthenticationID(); string authzid = ac.GetAuthorizationID(); if (authid.Equals(authzid)) { ac.SetAuthorized(true); } else { ac.SetAuthorized(false); } if (ac.IsAuthorized()) { if (Log.IsDebugEnabled()) { string username = GetIdentifier(authzid, secretManager).GetUser().GetUserName(); Log.Debug("SASL server DIGEST-MD5 callback: setting " + "canonicalized client ID: " + username); } ac.SetAuthorizedID(authzid); } } }
/// <summary> /// Calls PEM_read_bio_PUBKEY() /// </summary> /// <param name="bio"></param> /// <param name="password"></param> /// <returns></returns> public static CryptoKey FromPublicKey(BIO bio, string password) { var callback = new PasswordCallback(password); return(FromPublicKey(bio, callback.OnPassword, null)); }
/// <summary> /// Calls PEM_write_bio_PKCS8PrivateKey /// </summary> /// <param name="bp"></param> /// <param name="cipher"></param> /// <param name="password"></param> public void WritePrivateKey(BIO bp, Cipher cipher, string password) { PasswordCallback callback = new PasswordCallback(password); WritePrivateKey(bp, cipher, callback.OnPassword, null); }
/// <summary> /// Establish the password callback object. This must be /// done before the plug-in is initialized. /// </summary> /// <param name="callback">The password callback.</param> abstract public void setPasswordCallback(PasswordCallback callback);
// // Private Methods // /// <summary> /// Process the first challenge from the server /// and calculate a response /// </summary> /// <param name="challenge">The server issued challenge</param> /// <returns>Client response</returns> private byte[] OnInitialChallenge(byte[] challenge) { DigestChallenge dch = DigestChallenge.Parse(_encoding.GetString(challenge)); // validate input challenge if ( dch.Nonce == null || dch.Nonce.Length == 0 ) throw new SaslException("Nonce value missing in server challenge"); if ( dch.Algorithm != "md5-sess" ) throw new SaslException("Invalid or missing algorithm value in server challenge"); NameCallback nameCB = new NameCallback(AuthorizationId); PasswordCallback pwdCB = new PasswordCallback(); RealmCallback realmCB = new RealmCallback(dch.Realm); ISaslCallback[] callbacks = { nameCB, pwdCB, realmCB }; Handler.Handle(callbacks); DigestResponse response = new DigestResponse(); response.Username = nameCB.Text; response.Realm = realmCB.Text; response.Nonce = dch.Nonce; response.Cnonce = Cnonce; response.NonceCount = 1; response.Qop = DigestQop.Auth; // only auth supported for now response.DigestUri = Protocol.ToLower() + "/" + ServerName; response.MaxBuffer = dch.MaxBuffer; response.Charset = dch.Charset; response.Cipher = null; // not supported for now response.Authzid = AuthorizationId; response.AuthParam = dch.AuthParam; response.Response = CalculateResponse( nameCB.Text, realmCB.Text, pwdCB.Text, dch.Nonce, response.NonceCount, response.Qop, response.DigestUri ); return _encoding.GetBytes(response.ToString()); }