Author: orudyy
Date: Thu Dec 24 16:42:21 2015
New Revision: 1721639
URL: http://svn.apache.org/viewvc?rev=1721639&view=rev
Log:
QPID-6917: Make Web Management Console SASL mechanisms plaggable and convert
existing SASL implementations into plaggable classes
Added:
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/sasl/
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/sasl/Authenticator.js
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/sasl/SaslClient.js
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/sasl/ShaSaslClient.js
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/sasl/UsernamePasswordProvider.js
- copied, changed from r1721438,
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/authorization/checkUser.js
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/sasl/cram-md5/
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/sasl/cram-md5-hex/
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/sasl/cram-md5-hex/SaslClient.js
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/sasl/cram-md5/SaslClient.js
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/sasl/plain/
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/sasl/plain/SaslClient.js
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/sasl/scram-sha-1/
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/sasl/scram-sha-1/SaslClient.js
- copied, changed from r1721438,
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/authorization/checkUser.js
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/sasl/scram-sha-256/
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/sasl/scram-sha-256/SaslClient.js
- copied, changed from r1721438,
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/authorization/checkUser.js
Removed:
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/authorization/sasl.js
Modified:
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/authorization/checkUser.js
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/login.html
Modified:
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/authorization/checkUser.js
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/authorization/checkUser.js?rev=1721639&r1=1721638&r2=1721639&view=diff
==============================================================================
---
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/authorization/checkUser.js
(original)
+++
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/authorization/checkUser.js
Thu Dec 24 16:42:21 2015
@@ -20,7 +20,7 @@
*/
define(["dojo/dom",
- "qpid/authorization/sasl",
+ "qpid/sasl/Authenticator",
"dijit/registry",
"dojox/html/entities",
"dojo/domReady!"], function(dom, sasl, registry, entities){
Added:
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/sasl/Authenticator.js
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/sasl/Authenticator.js?rev=1721639&view=auto
==============================================================================
---
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/sasl/Authenticator.js
(added)
+++
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/sasl/Authenticator.js
Thu Dec 24 16:42:21 2015
@@ -0,0 +1,199 @@
+/*
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+define(["dojo/_base/lang"], function (lang)
+{
+ var saslServiceUrl = "service/sasl";
+ var errorHandler = function errorHandler(error)
+ {
+ if (error.response)
+ {
+ if(error.response.status == 401)
+ {
+ alert("Authentication Failed");
+ }
+ else if(error.response.status == 403)
+ {
+ alert("Authorization Failed");
+ }
+ else
+ {
+ alert(error.message);
+ }
+ }
+ else
+ {
+ alert(error.message ? error.message : error);
+ }
+ }
+
+ var authenticate = function (management, saslClient, data,
authenticationSuccessCallback, authenticationFailureCallback)
+ {
+ var response = null;
+ try
+ {
+ response = saslClient.getResponse(data);
+ }
+ catch(e)
+ {
+ authenticationFailureCallback(e);
+ return;
+ }
+
+ if (saslClient.isComplete())
+ {
+ authenticationSuccessCallback();
+ }
+ else
+ {
+ management.submit({
+ url: saslServiceUrl,
+ data: response,
+ headers: {},
+ method: "POST"
+ }).then(function (challenge)
+ {
+ authenticate(management,
+ saslClient,
+ challenge,
+
authenticationSuccessCallback,
+
authenticationFailureCallback);
+ },
+ authenticationFailureCallback);
+ }
+ }
+
+ var loadSaslClients = function loadSaslClients(management,
availableMechanisms, saslClients, onLastLoaded)
+ {
+ var mechanisms = lang.clone(availableMechanisms);
+ var handleMechanisms = function handleMechanisms()
+ {
+ if (mechanisms.length == 0)
+ {
+ onLastLoaded(saslClients)
+ }
+ else
+ {
+ loadSaslClients(management, mechanisms, saslClients,
onLastLoaded);
+ }
+ }
+
+ var mechanism = mechanisms.shift();
+ if (mechanism)
+ {
+ var url = "qpid/sasl/" + encodeURIComponent(mechanism.toLowerCase())
+ "/SaslClient";
+ management.get({url:"js/" + url + ".js",
+ handleAs: "text",
+ headers: { "Content-Type": "text/plain"}})
+ .then(function(data)
+ {
+ require([url],
+ function(SaslClient)
+ {
+ try
+ {
+ var saslClient = new
SaslClient();
+
saslClient.initialized().then(function()
+ {
+
saslClients.push(saslClient);
+
handleMechanisms();
+ },
+
function(e)
+ {
+
errorHandler("Unexpected error on " +
+
"loading of mechanism " +
+
mechanism + ": ", e);
+
handleMechanisms();
+ }
+ );
+
+ }
+ catch(e)
+ {
+ errorHandler("Unexpected error
on loading of mechanism " + mechanism +
+ ": ", e);
+ handleMechanisms();
+ }
+ });
+ },
+ function(data)
+ {
+ if (data.response.status != 404 )
+ {
+ errorHandler("Unexpected error on loading
mechanism " + mechanism + ": ", data);
+ }
+ handleMechanisms();
+ }
+ );
+ }
+ else
+ {
+ handleMechanisms();
+ }
+ }
+
+ return {
+ authenticate: function(management,
authenticationSuccessCallback)
+ {
+ management.get({url: saslServiceUrl})
+ .then(function(data)
+ {
+ var saslClients = [];
+
loadSaslClients(management,
+
data.mechanisms,
+
saslClients,
+ function
(saslClients)
+ {
+
saslClients.sort(function(c1, c2)
+
{
+
return c2.getPriority() -
+
c1.getPriority();
+
});
+ if
(saslClients.length > 0)
+ {
+ var
saslClient = saslClients[0];
+
dojo.when(saslClient.getCredentials())
+
.then(function(data)
+
{
+
authenticate(management,
+
saslClient,
+
data,
+
authenticationSuccessCallback,
+
errorHandler);
+
},
+
errorHandler);
+ }
+ else
+ {
+
errorHandler("No SASL client available for " +
+
data.mechanisms);
+ }
+ });
+ },
+ errorHandler);
+ },
+ getUser: function(management,
authenticationSuccessCallback)
+ {
+ management.get({url: saslServiceUrl})
+
.then(authenticationSuccessCallback,
+ errorHandler);
+ }
+ };
+});
Added:
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/sasl/SaslClient.js
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/sasl/SaslClient.js?rev=1721639&view=auto
==============================================================================
---
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/sasl/SaslClient.js
(added)
+++
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/sasl/SaslClient.js
Thu Dec 24 16:42:21 2015
@@ -0,0 +1,105 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+define(["dojo/_base/lang"],
+ function(lang)
+ {
+ return lang.extend( function SaslClient()
+ {
+ // summary:
+ // The public interface to a
SaslClient.
+ // description:
+ // The public interface to a
SaslClient. All SaslClient in Qpid are
+ // instances of this class.
+ },
+ {
+ getMechanismName: function()
+ {
+ // summary:
+ // Returns
mechanism name.
+ // description:
+ // Returns
mechanism name for the implementation.
+ // returns: string
+ throw new
TypeError("abstract");
+ },
+ getResponse: function(challenge)
+ {
+ // summary:
+ // Generates
response for given challenge
+ // description:
+ // Handles given
challenge represented as
+ // JSON object and
generates response in
+ // JSON format.
+ // Method can be
called multiple times
+ // for different
challenges.
+ // Throws
exception on various errors or
+ // authentication
failures.
+ // returns: JSON objectSa
+ throw new
TypeError("abstract");
+ },
+ isComplete: function()
+ {
+ // summary:
+ // Returns true
when response for last challenge is generated.
+ // description:
+ // Returns true
when challenge handling is complete
+ // returns: boolean
+ throw new
TypeError("abstract");
+ },
+ getPriority: function()
+ {
+ // summary:
+ // Returns
SaslClient priority as integer
+ // description:
+ // Returns
SaslClient priority as integer.
+ // SaslClients
with highest priority is
+ // chosen from
multiple supported.
+ // returns: integer
+ throw new
TypeError("abstract");
+ },
+ toString: function()
+ {
+ // returns: string
+ // Returns
`[object SaslClient]`.
+ return "[object
SaslClient]";
+ },
+ initialized: function()
+ {
+ // summary:
+ // Finish
instance initialization.
+ // description:
+ // Method must be
called once before
+ // getResponse in
order to finish initialization.
+ //
dojo/promise/Promise is returned
+ // returns: promise
+ throw new
TypeError("abstract");
+ },
+ getCredentials: function()
+ {
+ // summary:
+ // Returns
initial credentials
+ // to start
authentication
+ // description:
+ // Provides
initial credentials as Promise or
+ // JSON object to
start authentication process
+ // returns: promise
+ throw new
TypeError("abstract");
+ }
+ });
+ });
Added:
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/sasl/ShaSaslClient.js
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/sasl/ShaSaslClient.js?rev=1721639&view=auto
==============================================================================
---
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/sasl/ShaSaslClient.js
(added)
+++
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/sasl/ShaSaslClient.js
Thu Dec 24 16:42:21 2015
@@ -0,0 +1,251 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+define(["dojo/_base/declare",
+ "dojo/_base/lang",
+ "dojox/encoding/base64",
+ "dojo/json",
+ "dojo/request/script",
+ "dojox/uuid/generateRandomUuid",
+ "dojo/Deferred",
+ "qpid/sasl/SaslClient",
+ "qpid/sasl/UsernamePasswordProvider"],
+ function(declare, lang, base64, json, script, uuid, Deferred,
SaslClient, UsernamePasswordProvider)
+ {
+
+ var toBase64 = function toBase64( input )
+ {
+ var result = [];
+ for(var i = 0; i < input.length; i++)
+ {
+ result[i] = input.charCodeAt(i);
+ }
+ return base64.encode( result )
+ };
+
+ var fromBase64 = function fromBase64( input )
+ {
+ var decoded = base64.decode( input );
+ var result = "";
+ for(var i = 0; i < decoded.length; i++)
+ {
+ result+= String.fromCharCode(decoded[i]);
+ }
+ return result;
+ };
+
+ var xor = function xor(lhs, rhs)
+ {
+ var words = [];
+ for(var i = 0; i < lhs.words.length; i++)
+ {
+ words.push(lhs.words[i]^rhs.words[i]);
+ }
+ return CryptoJS.lib.WordArray.create(words);
+ };
+
+ var hasNonAscii = function hasNonAscii(name)
+ {
+ for(var i = 0; i < name.length; i++)
+ {
+ if(name.charCodeAt(i) > 127)
+ {
+ return true;
+ }
+ }
+ return false;
+ };
+
+ var generateSaltedPassword = function generateSaltedPassword(digest,
salt, password, iterationCount)
+ {
+ var hmac = CryptoJS.algo.HMAC.create(CryptoJS.algo[digest],
password);
+ hmac.update(salt);
+ hmac.update(CryptoJS.enc.Hex.parse("00000001"));
+ var result = hmac.finalize();
+ var previous = null;
+ for(var i = 1 ;i < iterationCount; i++)
+ {
+ hmac = CryptoJS.algo.HMAC.create(CryptoJS.algo[digest],
password);
+ hmac.update( previous != null ? previous : result );
+ previous = hmac.finalize();
+ result = xor(result, previous);
+ }
+ return result;
+ };
+
+ var scriptLoadError = function scriptLoadError(error)
+ {
+ var message = "Cannot load script due to " + json.stringify(error);
+ console.error(message);
+ throw {message: message};
+ };
+
+ // hidden context scope variables
+ var shaName = null;
+ var digest = null;
+ var hmac = null;
+ var gs2_header= "n,,";
+ var deferred = new Deferred();
+ return declare("qpid.sasl.ShaSaslClient",
+ [SaslClient],
+ {
+ _state: "initial",
+ "-chains-": {
+ constructor: "manual" //
disable auto-constructor invocation
+ },
+
constructor:function(mechanism)
+ {
+ this._mechanism =
mechanism;
+ shaName =
mechanism.substring(6).replace('-','').toLowerCase();
+ digest =
shaName.toUpperCase();
+ hmac = "Hmac" + digest;
+
+ // loading crypto-js
functionality based on mechanism
+
script.get("js/crypto-js/hmac-" + shaName + ".js").then(
+ function()
+ {
+
script.get("js/crypto-js/enc-base64-min.js").then(
+ function()
+ {
+
deferred.resolve("initialized");
+ },
+ function(error)
+ {
+
deferred.reject("initialization failure: " + error);
+
scriptLoadError(error);
+ }
+ );
+ },
+ function(error)
+ {
+
deferred.reject("error");
+ scriptLoadError(error);
+ }
+ );
+ },
+ initialized: function() { return
deferred.promise; },
+ getMechanismName: function() { return
this._mechanism;},
+ isComplete: function() { return
this._state == "completed";},
+ getResponse: function(data)
+ {
+ if
(deferred.promise.isResolved())
+ {
+ return
this._getResponse(data);
+ }
+ else
+ {
+ throw {message: "Not
initialized"};
+ }
+ },
+ _getResponse: function(data)
+ {
+ if (this._state ==
"initial")
+ {
+
if(!hasNonAscii(data.username))
+ {
+ var user =
data.username;
+ user =
user.replace(/=/g, "=3D");
+ user =
user.replace(/,/g, "=2C");
+ this._password =
data.password;
+ this._username =
user;
+ this._clientNonce =
uuid();
+
this._clientFirstMessageBare = "n=" + this._username +
+
",r=" + this._clientNonce;
+ var response =
toBase64(gs2_header + this._clientFirstMessageBare);
+ this._state =
"initiated";
+ return {
+
mechanism: this.getMechanismName(),
+ response:
response
+ };
+ }
+ else
+ {
+ this._state = "error";
+ throw {message:
"Username '" + challenge.username +
+ "' is
invalid"};
+ }
+ }
+ else if (this._state ==
"initiated")
+ {
+ var serverFirstMessage
= fromBase64(data.challenge);
+ var id = data.id;
+ var parts =
serverFirstMessage.split(",");
+ var nonce =
parts[0].substring(2);
+ if (!nonce.substr(0,
this._clientNonce.length) == this._clientNonce)
+ {
+ this._state =
"error";
+ throw {message:
"Authentication error - server nonce does " +
+ "not
start with client nonce"};
+ }
+ else
+ {
+ var salt =
CryptoJS.enc.Base64.parse(parts[1].substring(2));
+ var iterationCount
= parts[2].substring(2);
+ var saltedPassword
= generateSaltedPassword(digest, salt,
+
this._password, iterationCount);
+ var
clientFinalMessageWithoutProof = "c=" +
+
toBase64(gs2_header) + ",r=" + nonce;
+ var authMessage =
this._clientFirstMessageBare + "," +
+
serverFirstMessage + "," + clientFinalMessageWithoutProof;
+ var clientKey =
CryptoJS[hmac]("Client Key", saltedPassword);
+ var storedKey =
CryptoJS[digest](clientKey);
+ var
clientSignature = CryptoJS[hmac](authMessage, storedKey);
+ var clientProof =
xor(clientKey, clientSignature);
+ var serverKey =
CryptoJS[hmac]("Server Key", saltedPassword);
+
this._serverSignature = CryptoJS[hmac](authMessage, serverKey);
+ var response =
toBase64(clientFinalMessageWithoutProof +
+ ",p=" +
clientProof.toString(CryptoJS.enc.Base64));
+ this._state =
"generated";
+ return {
+ id: id,
+ response:
response
+ };
+ }
+ }
+ else if (this._state ==
"generated")
+ {
+ var serverFinalMessage
= fromBase64(data.challenge);
+ if
(this._serverSignature.toString(CryptoJS.enc.Base64) ==
+
serverFinalMessage.substring(2))
+ {
+ this._state =
"completed";
+ return null;
+ }
+ else
+ {
+ this._state ==
"error";
+ throw {message:
"Server signature does not match"};
+ }
+ }
+ else
+ {
+ throw {message:
"Unexpected state '" + this._state +
+ ".
Cannot handle challenge!"};
+ }
+ },
+ toString: function() { return
"[SaslClient" + this.getMechanismName() + "]";},
+ getCredentials: function()
+ {
+ return
UsernamePasswordProvider.get();
+ }
+ }
+ );
+
+ }
+);
\ No newline at end of file
Copied:
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/sasl/UsernamePasswordProvider.js
(from r1721438,
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/authorization/checkUser.js)
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/sasl/UsernamePasswordProvider.js?p2=qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/sasl/UsernamePasswordProvider.js&p1=qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/authorization/checkUser.js&r1=1721438&r2=1721639&rev=1721639&view=diff
==============================================================================
---
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/authorization/checkUser.js
(original)
+++
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/sasl/UsernamePasswordProvider.js
Thu Dec 24 16:42:21 2015
@@ -18,28 +18,18 @@
* under the License.
*
*/
+define(["dijit/registry",
+ "dojo/domReady!"],
+ function (registry)
+ {
+ return {
+ get: function()
+ {
+ return {
+ username:
registry.byId("username").value,
+ password:
registry.byId("password").value
+ };
+ }
+ };
-define(["dojo/dom",
- "qpid/authorization/sasl",
- "dijit/registry",
- "dojox/html/entities",
- "dojo/domReady!"], function(dom, sasl, registry, entities){
-
-var updateUI = function updateUI(data)
-{
- if(data.user)
- {
- var userName = entities.encode(String(data.user));
- var controlButton = registry.byId("authenticatedUserControls");
- if (controlButton)
- {
- controlButton.set("label", userName);
- }
- dom.byId("authenticatedUser").innerHTML = userName;
- dom.byId("login").style.display = "inline";
- }
-};
-
-return {getUserAndUpdateUI: function(management){sasl.getUser(management,
updateUI);}}
-
-});
+ });
\ No newline at end of file
Added:
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/sasl/cram-md5-hex/SaslClient.js
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/sasl/cram-md5-hex/SaslClient.js?rev=1721639&view=auto
==============================================================================
---
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/sasl/cram-md5-hex/SaslClient.js
(added)
+++
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/sasl/cram-md5-hex/SaslClient.js
Thu Dec 24 16:42:21 2015
@@ -0,0 +1,40 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+define(["dojo/_base/declare",
+ "dojo/_base/lang",
+ "dojox/encoding/base64",
+ "dojox/encoding/digests/_base",
+ "dojox/encoding/digests/MD5",
+ "qpid/sasl/cram-md5/SaslClient" ],
+ function(declare, lang, base64, digestsBase, MD5, SaslClientCramMD5)
+ {
+ return declare("qpid.sasl.SaslClientCramMD5Hex",
[SaslClientCramMD5],{
+ getMechanismName: function() {return "CRAM-MD5-HEX";},
+ getPriority: function() {return 2;},
+ _initial: function(data)
+ {
+ var hashedPassword =
MD5(data.password, digestsBase.outputTypes.Hex);
+ this._password = hashedPassword;
+ this._username = data.username;
+ },
+ toString: function() { return
"[SaslClientCramMD5Hex]";}
+ });
+ }
+);
\ No newline at end of file
Added:
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/sasl/cram-md5/SaslClient.js
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/sasl/cram-md5/SaslClient.js?rev=1721639&view=auto
==============================================================================
---
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/sasl/cram-md5/SaslClient.js
(added)
+++
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/sasl/cram-md5/SaslClient.js
Thu Dec 24 16:42:21 2015
@@ -0,0 +1,117 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+define(["dojo/_base/declare",
+ "dojo/_base/lang",
+ "dojox/encoding/base64",
+ "dojox/encoding/digests/_base",
+ "dojox/encoding/digests/MD5",
+ "dojo/Deferred",
+ "qpid/sasl/SaslClient",
+ "qpid/sasl/UsernamePasswordProvider"],
+ function(declare, lang, base64, digestsBase, MD5, Deferred, SaslClient,
UsernamePasswordProvider)
+ {
+ var deferred = new Deferred();
+ deferred.resolve("initialized");
+ return declare("qpid.sasl.SaslClientCramMD5",
+ [SaslClient],
+ {
+ _state: "initial",
+ initialized: function() { return
deferred.promise;},
+ getMechanismName: function() {return
"CRAM-MD5";},
+ isComplete: function() {return
this._state == "completed";},
+ getPriority: function() {return 3;},
+ getResponse: function(data)
+ {
+ if (this._state ==
"initial")
+ {
+ this._initial(data);
+ this._state =
"initiated";
+ return {
+ mechanism:
this.getMechanismName()
+ };
+ }
+ else if (this._state ==
"initiated")
+ {
+ var challengeBytes =
base64.decode(data.challenge);
+ var wa=[];
+ var bitLength =
challengeBytes.length*8;
+ for(var i=0;
i<bitLength; i+=8)
+ {
+ wa[i>>5] |=
(challengeBytes[i/8] & 0xFF)<<(i%32);
+ }
+ var challengeStr =
digestsBase.wordToString(wa)
+
.substring(0,challengeBytes.length);
+
+ var digest =
this._username + " " +
+
MD5._hmac(challengeStr, this._password,
+
digestsBase.outputTypes.Hex);
+ var id = data.id;
+
+ var response =
base64.encode(this._encodeUTF8( digest ));
+ this._state =
"generated";
+ return {
+ id: id,
+ response:
response
+ };
+ }
+ else if (this._state ==
"generated")
+ {
+ this._state =
"completed";
+ return null;
+ }
+ else
+ {
+ throw {message:
"Unexpected state '" + this._state +
+ ".
Cannot handle challenge!"};
+ }
+ },
+ toString: function() { return
"[SaslClientCramMD5]";},
+ getCredentials: function()
+ {
+ return
UsernamePasswordProvider.get();
+ },
+ _initial : function(data)
+ {
+ this._password =
data.password;
+ this._username =
data.username;
+ },
+ _encodeUTF8: function (str)
+ {
+ var byteArray = [];
+ for (var i = 0; i <
str.length; i++)
+ {
+ if
(str.charCodeAt(i) <= 0x7F)
+ {
+
byteArray.push(str.charCodeAt(i));
+ }
+ else
+ {
+ var h =
encodeURIComponent(str.charAt(i)).substr(1).split('%');
+ for (var j = 0;
j < h.length; j++)
+ {
+
byteArray.push(parseInt(h[j], 16));
+ }
+ }
+ }
+ return byteArray;
+ }
+ });
+ }
+);
\ No newline at end of file
Added:
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/sasl/plain/SaslClient.js
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/sasl/plain/SaslClient.js?rev=1721639&view=auto
==============================================================================
---
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/sasl/plain/SaslClient.js
(added)
+++
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/sasl/plain/SaslClient.js
Thu Dec 24 16:42:21 2015
@@ -0,0 +1,88 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+define(["dojo/_base/declare",
+ "dojo/_base/lang",
+ "dojox/encoding/base64",
+ "dojo/Deferred",
+ "qpid/sasl/SaslClient",
+ "qpid/sasl/UsernamePasswordProvider"],
+ function(declare, lang, base64, Deferred, SaslClient,
UsernamePasswordProvider)
+ {
+ var deferred = new Deferred();
+ deferred.resolve("initialized");
+ return declare("qpid.sasl.SaslClientPlain", [SaslClient], {
+ _state: "initial",
+ getMechanismName: function() {return "PLAIN";},
+ initialized: function() { return deferred.promise; },
+ isComplete: function() {return this._state ==
"completed";},
+ getPriority: function() {return 1;},
+ getResponse: function(challenge)
+ {
+ if (this._state == "initial")
+ {
+ var responseArray =
[0].concat(this._encodeUTF8(challenge.username))
+
.concat([0])
+
.concat(this._encodeUTF8(challenge.password));
+ var plainResponse =
base64.encode(responseArray);
+ this._state = "generated"
+ return {
+ mechanism:
this.getMechanismName(),
+ response:
plainResponse
+ };
+ }
+ else if (this._state == "generated")
+ {
+ this._state = "completed";
+ return null;
+ }
+ else
+ {
+ throw {message: "Unexpected state
'" + this._state +
+ ". Cannot handle
challenge!"};
+ }
+ },
+ toString: function() { return "[SaslClientPlain]";},
+ getCredentials: function()
+ {
+ return UsernamePasswordProvider.get();
+ },
+ _encodeUTF8: function (str)
+ {
+ var byteArray = [];
+ for (var i = 0; i < str.length; i++)
+ {
+ if (str.charCodeAt(i) <= 0x7F)
+ {
+
byteArray.push(str.charCodeAt(i));
+ }
+ else
+ {
+ var h =
encodeURIComponent(str.charAt(i)).substr(1).split('%');
+ for (var j = 0; j < h.length;
j++)
+ {
+
byteArray.push(parseInt(h[j], 16));
+ }
+ }
+ }
+ return byteArray;
+ }
+ });
+ }
+);
\ No newline at end of file
Copied:
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/sasl/scram-sha-1/SaslClient.js
(from r1721438,
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/authorization/checkUser.js)
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/sasl/scram-sha-1/SaslClient.js?p2=qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/sasl/scram-sha-1/SaslClient.js&p1=qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/authorization/checkUser.js&r1=1721438&r2=1721639&rev=1721639&view=diff
==============================================================================
---
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/authorization/checkUser.js
(original)
+++
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/sasl/scram-sha-1/SaslClient.js
Thu Dec 24 16:42:21 2015
@@ -1,5 +1,4 @@
/*
- *
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
@@ -16,30 +15,23 @@
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
- *
*/
-define(["dojo/dom",
- "qpid/authorization/sasl",
- "dijit/registry",
- "dojox/html/entities",
- "dojo/domReady!"], function(dom, sasl, registry, entities){
-
-var updateUI = function updateUI(data)
-{
- if(data.user)
- {
- var userName = entities.encode(String(data.user));
- var controlButton = registry.byId("authenticatedUserControls");
- if (controlButton)
- {
- controlButton.set("label", userName);
- }
- dom.byId("authenticatedUser").innerHTML = userName;
- dom.byId("login").style.display = "inline";
- }
-};
-
-return {getUserAndUpdateUI: function(management){sasl.getUser(management,
updateUI);}}
-
-});
+define(["dojo/_base/declare",
+ "qpid/sasl/ShaSaslClient" ],
+ function(declare, ShaSaslClient)
+ {
+ return declare("qpid.sasl.SaslClientScramSha1", [ShaSaslClient],
+ {
+ constructor: function()
+ {
+ this.inherited(arguments,
["SCRAM-SHA-1"]);
+ },
+ getPriority: function()
+ {
+ return 4;
+ },
+ toString: function() { return
"[SaslClientScramSha1]";}
+ });
+ }
+);
\ No newline at end of file
Copied:
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/sasl/scram-sha-256/SaslClient.js
(from r1721438,
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/authorization/checkUser.js)
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/sasl/scram-sha-256/SaslClient.js?p2=qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/sasl/scram-sha-256/SaslClient.js&p1=qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/authorization/checkUser.js&r1=1721438&r2=1721639&rev=1721639&view=diff
==============================================================================
---
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/authorization/checkUser.js
(original)
+++
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/sasl/scram-sha-256/SaslClient.js
Thu Dec 24 16:42:21 2015
@@ -1,5 +1,4 @@
/*
- *
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
@@ -16,30 +15,23 @@
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
- *
*/
-define(["dojo/dom",
- "qpid/authorization/sasl",
- "dijit/registry",
- "dojox/html/entities",
- "dojo/domReady!"], function(dom, sasl, registry, entities){
-
-var updateUI = function updateUI(data)
-{
- if(data.user)
- {
- var userName = entities.encode(String(data.user));
- var controlButton = registry.byId("authenticatedUserControls");
- if (controlButton)
- {
- controlButton.set("label", userName);
- }
- dom.byId("authenticatedUser").innerHTML = userName;
- dom.byId("login").style.display = "inline";
- }
-};
-
-return {getUserAndUpdateUI: function(management){sasl.getUser(management,
updateUI);}}
-
-});
+define(["dojo/_base/declare",
+ "qpid/sasl/ShaSaslClient" ],
+ function(declare, ShaSaslClient)
+ {
+ return declare("qpid.sasl.SaslClientScramSha256", [ShaSaslClient],
+ {
+ constructor: function()
+ {
+ this.inherited(arguments,
["SCRAM-SHA-256"]);
+ },
+ getPriority: function()
+ {
+ return 10;
+ },
+ toString: function() { return
"[SaslClientScramSha256]";}
+ });
+ }
+);
\ No newline at end of file
Modified:
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/login.html
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/login.html?rev=1721639&r1=1721638&r2=1721639&view=diff
==============================================================================
---
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/login.html
(original)
+++
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/login.html
Thu Dec 24 16:42:21 2015
@@ -81,7 +81,7 @@
<script type="dojo/on" data-dojo-event="submit"
data-dojo-args="e">
e.preventDefault()
if(this.validate()){
-
require(["qpid/authorization/sasl","qpid/management/Management"],
function(sasl, Management){
+
require(["qpid/sasl/Authenticator","qpid/management/Management"],
function(sasl, Management){
var management = new Management();
var redirectIfAuthenticated = function
redirectIfAuthenticated(){
sasl.getUser(management, function(data){
@@ -91,7 +91,7 @@
});
};
- sasl.authenticate(management,
dijit.byId("username").value, dijit.byId("password").value,
redirectIfAuthenticated);
+ sasl.authenticate(management,
redirectIfAuthenticated);
});
}
return false;
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
