我目前正在使用 Java SASL API,并且我编写了一个小程序来使用 CRAM-MD5 模拟质询响应序列。但是,我不确定如何执行此操作,因为 SaslClient 和 SaslServer 只有方法 evaluateChallenge(...) 和 evaluateResponse(...)。我希望 SaslServer 有一个像 issueChallenge(...) 或类似的方法,但它没有。那么正确的方法是什么?
您可以在下面找到我的(不工作的)代码。
package mypackage;
import java.io.IOException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.AuthorizeCallback;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslClient;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
public class Main {
public static void main(String[] args) throws SaslException {
new Main().start();
}
private static class ClientHandler implements CallbackHandler {
@Override
public void handle(Callback[] cbs) throws IOException, UnsupportedCallbackException {
for (Callback cb : cbs) {
if (cb instanceof NameCallback) {
System.out.println("Client - NameCallback");
NameCallback nc = (NameCallback)cb;
nc.setName("username");
} else if (cb instanceof PasswordCallback) {
System.out.println("Client - PasswordCallback");
PasswordCallback pc = (PasswordCallback)cb;
pc.setPassword("password".toCharArray());
}
}
}
}
private static class ServerHandler implements CallbackHandler {
@Override
public void handle(Callback[] cbs) throws IOException, UnsupportedCallbackException {
for (Callback cb : cbs) {
if (cb instanceof AuthorizeCallback) {
System.out.println("Server - AuthorizeCallback");
AuthorizeCallback ac = (AuthorizeCallback)cb;
ac.setAuthorized(true);
} else if (cb instanceof NameCallback) {
System.out.println("Server - NameCallback");
NameCallback nc = (NameCallback)cb;
nc.setName("username");
} else if (cb instanceof PasswordCallback) {
System.out.println("Server - PasswordCallback");
PasswordCallback pc = (PasswordCallback)cb;
pc.setPassword("password".toCharArray());
}
}
}
}
private void start() throws SaslException {
byte[] challenge;
byte[] response;
ClientHandler clientHandler = new ClientHandler();
ServerHandler serverHandler = new ServerHandler();
SaslClient sc = Sasl.createSaslClient(new String[] { "CRAM-MD5" }, null, "my_server", "FQHN", null, clientHandler);
SaslServer ss = Sasl.createSaslServer("CRAM-MD5", "my_server", "FQHN", null, serverHandler);
// Challenge response sequence (not working)
challenge = ss.evaluateResponse(null);
response = sc.evaluateChallenge(challenge);
ss.evaluateResponse(response);
if (ss.isComplete()) {
System.out.println("Authentication successful.");
}
}
}
问候,弗雷德