Skip to content

Commit 19edcda

Browse files
author
michele
committed
VST auth
1 parent 6d01141 commit 19edcda

File tree

2 files changed

+201
-111
lines changed

2 files changed

+201
-111
lines changed

src/main/java/com/arangodb/internal/velocystream/VstCommunicationSync.java

Lines changed: 114 additions & 111 deletions
Original file line numberDiff line numberDiff line change
@@ -20,131 +20,134 @@
2020

2121
package com.arangodb.internal.velocystream;
2222

23-
import javax.net.ssl.SSLContext;
24-
25-
import org.slf4j.Logger;
26-
import org.slf4j.LoggerFactory;
27-
2823
import com.arangodb.ArangoDBException;
2924
import com.arangodb.internal.net.HostHandler;
3025
import com.arangodb.internal.velocystream.internal.AuthenticationRequest;
31-
import com.arangodb.internal.velocystream.internal.VstConnectionSync;
3226
import com.arangodb.internal.velocystream.internal.Message;
27+
import com.arangodb.internal.velocystream.internal.VstConnectionSync;
3328
import com.arangodb.util.ArangoSerialization;
3429
import com.arangodb.velocypack.exception.VPackParserException;
3530
import com.arangodb.velocystream.Request;
3631
import com.arangodb.velocystream.Response;
32+
import org.slf4j.Logger;
33+
import org.slf4j.LoggerFactory;
34+
35+
import javax.net.ssl.SSLContext;
3736

3837
/**
3938
* @author Mark Vollmary
4039
*
4140
*/
4241
public class VstCommunicationSync extends VstCommunication<Response, VstConnectionSync> {
4342

44-
private static final Logger LOGGER = LoggerFactory.getLogger(VstCommunicationSync.class);
45-
46-
public static class Builder {
47-
48-
private final HostHandler hostHandler;
49-
private Integer timeout;
50-
private Long connectionTtl;
51-
private String user;
52-
private String password;
53-
private Boolean useSsl;
54-
private SSLContext sslContext;
55-
private Integer chunksize;
56-
private Integer maxConnections;
57-
58-
public Builder(final HostHandler hostHandler) {
59-
super();
60-
this.hostHandler = hostHandler;
61-
}
62-
63-
public Builder(final Builder builder) {
64-
this(builder.hostHandler);
65-
timeout(builder.timeout).user(builder.user).password(builder.password).useSsl(builder.useSsl)
66-
.sslContext(builder.sslContext).chunksize(builder.chunksize).maxConnections(builder.maxConnections);
67-
}
68-
69-
public Builder timeout(final Integer timeout) {
70-
this.timeout = timeout;
71-
return this;
72-
}
73-
74-
public Builder user(final String user) {
75-
this.user = user;
76-
return this;
77-
}
78-
79-
public Builder password(final String password) {
80-
this.password = password;
81-
return this;
82-
}
83-
84-
public Builder useSsl(final Boolean useSsl) {
85-
this.useSsl = useSsl;
86-
return this;
87-
}
88-
89-
public Builder sslContext(final SSLContext sslContext) {
90-
this.sslContext = sslContext;
91-
return this;
92-
}
93-
94-
public Builder chunksize(final Integer chunksize) {
95-
this.chunksize = chunksize;
96-
return this;
97-
}
98-
99-
public Builder maxConnections(final Integer maxConnections) {
100-
this.maxConnections = maxConnections;
101-
return this;
102-
}
103-
104-
public Builder connectionTtl(final Long connectionTtl) {
105-
this.connectionTtl = connectionTtl;
106-
return this;
107-
}
108-
109-
public VstCommunication<Response, VstConnectionSync> build(final ArangoSerialization util) {
110-
return new VstCommunicationSync(hostHandler, timeout, user, password, useSsl, sslContext, util, chunksize,
111-
maxConnections, connectionTtl);
112-
}
113-
114-
}
115-
116-
protected VstCommunicationSync(final HostHandler hostHandler, final Integer timeout, final String user,
117-
final String password, final Boolean useSsl, final SSLContext sslContext, final ArangoSerialization util,
118-
final Integer chunksize, final Integer maxConnections, final Long ttl) {
119-
super(timeout, user, password, useSsl, sslContext, util, chunksize, hostHandler);
120-
}
121-
122-
@Override
123-
protected Response execute(final Request request, final VstConnectionSync connection) throws ArangoDBException {
124-
try {
125-
final Message requestMessage = createMessage(request);
126-
final Message responseMessage = send(requestMessage, connection);
127-
final Response response = createResponse(responseMessage);
128-
checkError(response);
129-
return response;
130-
} catch (final VPackParserException e) {
131-
throw new ArangoDBException(e);
132-
}
133-
}
134-
135-
private Message send(final Message message, final VstConnectionSync connection) throws ArangoDBException {
136-
if (LOGGER.isDebugEnabled()) {
137-
LOGGER.debug(String.format("Send Message (id=%s, head=%s, body=%s)", message.getId(), message.getHead(),
138-
message.getBody() != null ? message.getBody() : "{}"));
139-
}
140-
return connection.write(message, buildChunks(message));
141-
}
142-
143-
@Override
144-
protected void authenticate(final VstConnectionSync connection) {
145-
final Response response = execute(
146-
new AuthenticationRequest(user, password != null ? password : "", ENCRYPTION_PLAIN), connection);
147-
checkError(response);
148-
}
43+
private static final Logger LOGGER = LoggerFactory.getLogger(VstCommunicationSync.class);
44+
45+
protected VstCommunicationSync(final HostHandler hostHandler, final Integer timeout, final String user,
46+
final String password, final Boolean useSsl, final SSLContext sslContext, final ArangoSerialization util,
47+
final Integer chunksize, final Integer maxConnections, final Long ttl) {
48+
super(timeout, user, password, useSsl, sslContext, util, chunksize, hostHandler);
49+
}
50+
51+
@Override
52+
protected Response execute(final Request request, final VstConnectionSync connection) throws ArangoDBException {
53+
try {
54+
final Message requestMessage = createMessage(request);
55+
final Message responseMessage = send(requestMessage, connection);
56+
final Response response = createResponse(responseMessage);
57+
checkError(response);
58+
return response;
59+
} catch (final VPackParserException e) {
60+
throw new ArangoDBException(e);
61+
}
62+
}
63+
64+
private Message send(final Message message, final VstConnectionSync connection) throws ArangoDBException {
65+
if (LOGGER.isDebugEnabled()) {
66+
LOGGER.debug(String.format("Send Message (id=%s, head=%s, body=%s)", message.getId(), message.getHead(),
67+
message.getBody() != null ? message.getBody() : "{}"));
68+
}
69+
return connection.write(message, buildChunks(message));
70+
}
71+
72+
@Override
73+
protected void authenticate(final VstConnectionSync connection) {
74+
String token = "Negotiate YIICyAYGKwYBBQUCoIICvDCCArigDTALBgkqhkiG9xIBAgKiggKlBIICoWCCAp0GCSqGSIb3EgECAgEAboICjDCCAoigAwIBBaEDAgEOogcDBQAgAAAAo4IBkWGCAY0wggGJoAMCAQWhGhsYQlJVRUNLTElOVVguQVJBTkdPREIuQklaoiswKaADAgEBoSIwIBsESFRUUBsYYnJ1ZWNrbGludXguYXJhbmdvZGIuYml6o4IBNzCCATOgAwIBEqEDAgEBooIBJQSCASF4bHwiBfl70XzaMPPeOQRzY63S5PLwslzzxZArabFKF8s67531vAGmyMcjTPNvClIwew63bCMN4xtjJx+7G2oo+AnlQ+rNMBO5eKHJDsVbFo44P3tiz4Z8lGvK/gJuwCaA/25BaNachJT6RlhkS+x/ZsglKU6y0Okbiz42viSyC3mFpJx5gmcK2xMS6CAp6498JXlevR9F3EqQ67xlWIjWKntqPWK+gj4jU85AXD9ylJpOUm9/Wu82sUIUgT3+kg1x26DvD/5SkzqHLRTJvTRMaSglpqoUMcvSKhK0LRBzcqIxneo1egbg74Jvq/Pu/yZJUfkfBrXHuqQTecT2b8kboSuOp+FYc1J0Uw3xRpZu5peLBSfvIvmkj29uNzlalJQ/pIHdMIHaoAMCARKigdIEgc9/TWh3OUUKFBaXABytmHD8rNvUyBbZRYf8UuXsdi1coZUJRGBT0D53hMLLb1XoveJbci9S5L1xzpWbK3YDmMwH0EMwxSgNGPdZfblEXY9/XeKMA54tNJLnZxyWO0hdwNdN839uJd7hISamV6JxBSZjuKYbxW5sahgeBdJZvFxWxp0PFnSAnfX5yQwFn8AGSB0jHRFkgwNwTwfpIoFNsInd3lZXzSABVHqdcpGXD4uixd6yErtNjFjdQvPpo9m0lzypkwDImxA2Dvd1Tb3OF7k=";
75+
// Request request = new Request(null,null,null);
76+
// request.putHeaderParam("Authorization", token);
77+
// request.setType(1000);
78+
AuthenticationRequest request = new AuthenticationRequest(user, password != null ? password : "", ENCRYPTION_PLAIN);
79+
final Response response = execute(request, connection);
80+
checkError(response);
81+
}
82+
83+
public static class Builder {
84+
85+
private final HostHandler hostHandler;
86+
private Integer timeout;
87+
private Long connectionTtl;
88+
private String user;
89+
private String password;
90+
private Boolean useSsl;
91+
private SSLContext sslContext;
92+
private Integer chunksize;
93+
private Integer maxConnections;
94+
95+
public Builder(final HostHandler hostHandler) {
96+
super();
97+
this.hostHandler = hostHandler;
98+
}
99+
100+
public Builder(final Builder builder) {
101+
this(builder.hostHandler);
102+
timeout(builder.timeout).user(builder.user).password(builder.password).useSsl(builder.useSsl)
103+
.sslContext(builder.sslContext).chunksize(builder.chunksize).maxConnections(builder.maxConnections);
104+
}
105+
106+
public Builder timeout(final Integer timeout) {
107+
this.timeout = timeout;
108+
return this;
109+
}
110+
111+
public Builder user(final String user) {
112+
this.user = user;
113+
return this;
114+
}
115+
116+
public Builder password(final String password) {
117+
this.password = password;
118+
return this;
119+
}
120+
121+
public Builder useSsl(final Boolean useSsl) {
122+
this.useSsl = useSsl;
123+
return this;
124+
}
125+
126+
public Builder sslContext(final SSLContext sslContext) {
127+
this.sslContext = sslContext;
128+
return this;
129+
}
130+
131+
public Builder chunksize(final Integer chunksize) {
132+
this.chunksize = chunksize;
133+
return this;
134+
}
135+
136+
public Builder maxConnections(final Integer maxConnections) {
137+
this.maxConnections = maxConnections;
138+
return this;
139+
}
140+
141+
public Builder connectionTtl(final Long connectionTtl) {
142+
this.connectionTtl = connectionTtl;
143+
return this;
144+
}
145+
146+
public VstCommunication<Response, VstConnectionSync> build(final ArangoSerialization util) {
147+
return new VstCommunicationSync(hostHandler, timeout, user, password, useSsl, sslContext, util, chunksize,
148+
maxConnections, connectionTtl);
149+
}
150+
151+
}
149152

150153
}

src/test/java/com/arangodb/KerberosVST.java

Lines changed: 87 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,87 @@
1+
package com.arangodb;/*
2+
* DISCLAIMER
3+
*
4+
* Copyright 2016 ArangoDB GmbH, Cologne, Germany
5+
*
6+
* Licensed under the Apache License, Version 2.0 (the "License");
7+
* you may not use this file except in compliance with the License.
8+
* You may obtain a copy of the License at
9+
*
10+
* http://www.apache.org/licenses/LICENSE-2.0
11+
*
12+
* Unless required by applicable law or agreed to in writing, software
13+
* distributed under the License is distributed on an "AS IS" BASIS,
14+
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15+
* See the License for the specific language governing permissions and
16+
* limitations under the License.
17+
*
18+
* Copyright holder is ArangoDB GmbH, Cologne, Germany
19+
*/
20+
21+
22+
import org.apache.commons.codec.binary.Base64;
23+
import org.ietf.jgss.*;
24+
25+
/**
26+
* @author Michele Rastelli
27+
*/
28+
public class KerberosVST {
29+
30+
public static void main(String[] args) throws InterruptedException, GSSException {
31+
java.util.logging.Logger.getLogger("org.apache.http.headers").setLevel(java.util.logging.Level.FINEST);
32+
System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog");
33+
System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.http.headers", "debug");
34+
// System.setProperty("java.security.auth.login.config", "/home/michele/arango/arangodb-java-driver/src/test/resources/login_keytab.conf");
35+
System.setProperty("java.security.auth.login.config", "/home/michele/arango/arangodb-java-driver/src/test/resources/login_cache.conf");
36+
System.setProperty("java.security.krb5.conf", "/etc/krb5.conf");
37+
System.setProperty("sun.security.krb5.debug", "true");
38+
System.setProperty("sun.security.jgss.debug", "true");
39+
System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
40+
System.setProperty("sun.security.jgss.native", "true");
41+
42+
String tokenstr = client();
43+
44+
ArangoDB arangoDB = new ArangoDB.Builder().useProtocol(Protocol.VST).build();
45+
46+
while (true) {
47+
System.out.println(arangoDB.getVersion().getVersion());
48+
Thread.sleep(60000);
49+
}
50+
}
51+
52+
static String client() throws GSSException {
53+
// TODO: handle
54+
// - boolean stripPort
55+
// - boolean useCanonicalHostname
56+
Oid SPNEGO_OID = new Oid("1.3.6.1.5.5.2");
57+
String challenge = "";
58+
byte[] token = Base64.decodeBase64(challenge.getBytes());
59+
String authServer = "bruecklinux.arangodb.biz";
60+
byte[] t = generateGSSToken(token, SPNEGO_OID, authServer);
61+
String tokenstr = new String(new Base64(0).encode(t));
62+
System.out.println(tokenstr);
63+
return tokenstr;
64+
}
65+
66+
static protected byte[] generateGSSToken(final byte[] input, final Oid oid, final String authServer) throws GSSException {
67+
final GSSManager manager = GSSManager.getInstance();
68+
final GSSName serverName = manager.createName("HTTP@" + authServer, GSSName.NT_HOSTBASED_SERVICE);
69+
70+
final GSSContext gssContext = createGSSContext(manager, oid, serverName, null);
71+
return input != null
72+
? gssContext.initSecContext(input, 0, input.length)
73+
: gssContext.initSecContext(new byte[]{}, 0, 0);
74+
}
75+
76+
static GSSContext createGSSContext(
77+
final GSSManager manager,
78+
final Oid oid,
79+
final GSSName serverName,
80+
final GSSCredential gssCredential) throws GSSException {
81+
final GSSContext gssContext = manager.createContext(serverName.canonicalize(oid), oid, gssCredential,
82+
GSSContext.DEFAULT_LIFETIME);
83+
gssContext.requestMutualAuth(true);
84+
return gssContext;
85+
}
86+
87+
}

0 commit comments

Comments
 (0)