QPID-3415: Change 0-10 code path to utilise the CallbackHandlerRegistry to create the correct CallbackHandler. The sasl_mechs property/broker option is retained, but continues to be understood only by the 0-10 path.

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1172506 13f79535-47bb-0310-9956-ffa450edef68

6 files changed, 78 insertions, 252 deletions

diff --git a/java/common/src/main/java/org/apache/qpid/security/AMQPCallbackHandler.java b/java/common/src/main/java/org/apache/qpid/security/AMQPCallbackHandler.java
deleted file mode 100644
index a3dad9acdc..0000000000
--- a/java/common/src/main/java/org/apache/qpid/security/AMQPCallbackHandler.java
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
- *
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- * 
- *   http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.qpid.security;
-
-import javax.security.auth.callback.CallbackHandler;
-
-public interface AMQPCallbackHandler extends CallbackHandler
-{
-    void initialise(String username,String password);    
-}
diff --git a/java/common/src/main/java/org/apache/qpid/security/UsernamePasswordCallbackHandler.java b/java/common/src/main/java/org/apache/qpid/security/UsernamePasswordCallbackHandler.java
deleted file mode 100644
index 89a63abeab..0000000000
--- a/java/common/src/main/java/org/apache/qpid/security/UsernamePasswordCallbackHandler.java
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
- *
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- * 
- *   http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.qpid.security;
-
-import java.io.IOException;
-
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.NameCallback;
-import javax.security.auth.callback.PasswordCallback;
-import javax.security.auth.callback.UnsupportedCallbackException;
-
-public class UsernamePasswordCallbackHandler implements AMQPCallbackHandler
-{
-    private String _username;
-    private String _password;
-
-    public void initialise(String username,String password)
-    {
-        _username = username;
-        _password = password;
-    }
-
-    public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException
-    {
-        for (int i = 0; i < callbacks.length; i++)
-        {
-            Callback cb = callbacks[i];
-            if (cb instanceof NameCallback)
-            {
-                ((NameCallback)cb).setName(_username);
-            }
-            else if (cb instanceof PasswordCallback)
-            {
-                ((PasswordCallback)cb).setPassword((_password).toCharArray());
-            }
-            else
-            {
-                throw new UnsupportedCallbackException(cb);
-            }
-        }
-    }
-}
diff --git a/java/common/src/main/java/org/apache/qpid/transport/ClientDelegate.java b/java/common/src/main/java/org/apache/qpid/transport/ClientDelegate.java
index e421f06901..9bdad6b00e 100644
--- a/java/common/src/main/java/org/apache/qpid/transport/ClientDelegate.java
+++ b/java/common/src/main/java/org/apache/qpid/transport/ClientDelegate.java
@@ -20,28 +20,20 @@
  */
 package org.apache.qpid.transport;
 
-import org.ietf.jgss.GSSContext;
-import org.ietf.jgss.GSSException;
-import org.ietf.jgss.GSSManager;
-import org.ietf.jgss.GSSName;
-import org.ietf.jgss.Oid;
-
-import org.apache.qpid.security.UsernamePasswordCallbackHandler;
 import static org.apache.qpid.transport.Connection.State.OPEN;
 import static org.apache.qpid.transport.Connection.State.RESUMING;
-import org.apache.qpid.transport.util.Logger;
 
-import javax.security.sasl.Sasl;
-import javax.security.sasl.SaslClient;
-import javax.security.sasl.SaslException;
 import java.lang.management.ManagementFactory;
 import java.lang.management.RuntimeMXBean;
-import java.util.ArrayList;
-import java.util.Arrays;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
+import javax.security.sasl.SaslClient;
+import javax.security.sasl.SaslException;
+
+import org.apache.qpid.transport.util.Logger;
+
 
 /**
  * ClientDelegate
@@ -52,31 +44,13 @@ public class ClientDelegate extends ConnectionDelegate
 {
     private static final Logger log = Logger.get(ClientDelegate.class);
 
-    private static final String KRB5_OID_STR = "1.2.840.113554.1.2.2";
-    protected static final Oid KRB5_OID;
 
-    static
-    {
-        Oid oid;
-        try
-        {
-            oid = new Oid(KRB5_OID_STR);
-        }
-        catch (GSSException ignore)
-        {
-            oid = null;
-        }
 
-        KRB5_OID = oid;
-    }
-
-    private List<String> clientMechs;
-    private ConnectionSettings conSettings;
+    protected final ConnectionSettings _conSettings;
 
     public ClientDelegate(ConnectionSettings settings)
     {
-        this.conSettings = settings;
-        this.clientMechs = Arrays.asList(settings.getSaslMechs().split(" "));
+        this._conSettings = settings;
     }
 
     public void init(Connection conn, ProtocolHeader hdr)
@@ -92,9 +66,9 @@ public class ClientDelegate extends ConnectionDelegate
     {
         Map<String,Object> clientProperties = new HashMap<String,Object>();
 
-        if(this.conSettings.getClientProperties() != null)
+        if(this._conSettings.getClientProperties() != null)
         {
-            clientProperties.putAll(this.conSettings.getClientProperties());
+            clientProperties.putAll(_conSettings.getClientProperties());
         }
 
         clientProperties.put("qpid.session_flow", 1);
@@ -109,41 +83,12 @@ public class ClientDelegate extends ConnectionDelegate
                 (clientProperties, null, null, conn.getLocale());
             return;
         }
-
-        List<String> choosenMechs = new ArrayList<String>();
-        for (String mech:clientMechs)
-        {
-            if (brokerMechs.contains(mech))
-            {
-                choosenMechs.add(mech);
-            }
-        }
-
-        if (choosenMechs.size() == 0)
-        {
-            conn.exception(new ConnectionException("The following SASL mechanisms " +
-                    clientMechs.toString()  +
-                    " specified by the client are not supported by the broker"));
-            return;
-        }
-
-        String[] mechs = new String[choosenMechs.size()];
-        choosenMechs.toArray(mechs);
-
         conn.setServerProperties(start.getServerProperties());
 
         try
         {
-            Map<String,Object> saslProps = new HashMap<String,Object>();
-            if (conSettings.isUseSASLEncryption())
-            {
-                saslProps.put(Sasl.QOP, "auth-conf");
-            }
-            UsernamePasswordCallbackHandler handler =
-                new UsernamePasswordCallbackHandler();
-            handler.initialise(conSettings.getUsername(), conSettings.getPassword());
-            SaslClient sc = Sasl.createSaslClient
-                (mechs, null, conSettings.getSaslProtocol(), conSettings.getSaslServerName(), saslProps, handler);
+            final SaslClient sc = createSaslClient(brokerMechs);
+
             conn.setSaslClient(sc);
 
             byte[] response = sc.hasInitialResponse() ?
@@ -152,12 +97,22 @@ public class ClientDelegate extends ConnectionDelegate
                 (clientProperties, sc.getMechanismName(), response,
                  conn.getLocale());
         }
+        catch (ConnectionException ce)
+        {
+            conn.exception(ce);
+        }
         catch (SaslException e)
         {
             conn.exception(e);
         }
     }
 
+
+    protected SaslClient createSaslClient(List<Object> brokerMechs) throws ConnectionException, SaslException
+    {
+        throw new UnsupportedOperationException();
+    }
+
     @Override
     public void connectionSecure(Connection conn, ConnectionSecure secure)
     {
@@ -176,7 +131,7 @@ public class ClientDelegate extends ConnectionDelegate
     @Override
     public void connectionTune(Connection conn, ConnectionTune tune)
     {
-        int hb_interval = calculateHeartbeatInterval(conSettings.getHeartbeatInterval(),
+        int hb_interval = calculateHeartbeatInterval(_conSettings.getHeartbeatInterval(),
                                                      tune.getHeartbeatMin(),
                                                      tune.getHeartbeatMax()
                                                      );
@@ -191,29 +146,12 @@ public class ClientDelegate extends ConnectionDelegate
         //(or that forced by protocol limitations [0xFFFF])
         conn.setChannelMax(channelMax == 0 ? Connection.MAX_CHANNEL_MAX : channelMax);
 
-        conn.connectionOpen(conSettings.getVhost(), null, Option.INSIST);
+        conn.connectionOpen(_conSettings.getVhost(), null, Option.INSIST);
     }
 
     @Override
     public void connectionOpenOk(Connection conn, ConnectionOpenOk ok)
     {
-        SaslClient sc = conn.getSaslClient();
-        if (sc != null)
-        {
-            if (sc.getMechanismName().equals("GSSAPI"))
-            {
-                String id = getKerberosUser();
-                if (id != null)
-                {
-                    conn.setUserID(id);
-                }
-            }
-            else if (sc.getMechanismName().equals("EXTERNAL"))
-            {
-                conn.setUserID(conn.getSecurityLayer().getUserID());
-            }
-        }
-        
         if (conn.isConnectionResuming())
         {
             conn.setState(RESUMING);
@@ -283,35 +221,7 @@ public class ClientDelegate extends ConnectionDelegate
 
     }
 
-    private String getKerberosUser()
-    {
-        log.debug("Obtaining userID from kerberos");
-        String service = conSettings.getSaslProtocol() + "@" + conSettings.getSaslServerName();
-        GSSManager manager = GSSManager.getInstance();
-
-        try
-        {
-            GSSName acceptorName = manager.createName(service,
-                GSSName.NT_HOSTBASED_SERVICE, KRB5_OID);
-
-            GSSContext secCtx = manager.createContext(acceptorName,
-                                                      KRB5_OID,
-                                                      null,
-                                                      GSSContext.INDEFINITE_LIFETIME);
 
-            secCtx.initSecContext(new byte[0], 0, 1);
 
-            if (secCtx.getSrcName() != null)
-            {
-                return secCtx.getSrcName().toString();
-            }
 
-        }
-        catch (GSSException e)
-        {
-            log.warn("Unable to retrieve userID from Kerberos due to error",e);
-        }
-
-        return null;
-    }
 }
diff --git a/java/common/src/main/java/org/apache/qpid/transport/Connection.java b/java/common/src/main/java/org/apache/qpid/transport/Connection.java
index 469b007ab3..347bf8e649 100644
--- a/java/common/src/main/java/org/apache/qpid/transport/Connection.java
+++ b/java/common/src/main/java/org/apache/qpid/transport/Connection.java
@@ -239,7 +239,6 @@ public class Connection extends ConnectionInvoker
             conSettings = settings;
             state = OPENING;
             userID = settings.getUsername();
-            delegate = new ClientDelegate(settings);
 
             securityLayer = SecurityLayerFactory.newInstance(getConnectionSettings());
 
diff --git a/java/common/src/main/java/org/apache/qpid/transport/ConnectionSettings.java b/java/common/src/main/java/org/apache/qpid/transport/ConnectionSettings.java
index 2074c77a5b..37a8e594c0 100644
--- a/java/common/src/main/java/org/apache/qpid/transport/ConnectionSettings.java
+++ b/java/common/src/main/java/org/apache/qpid/transport/ConnectionSettings.java
@@ -58,7 +58,7 @@ public class ConnectionSettings
     boolean verifyHostname;
     
     // SASL props
-    String saslMechs = System.getProperty("qpid.sasl_mechs", "PLAIN");
+    String saslMechs = System.getProperty("qpid.sasl_mechs", null);
     String saslProtocol = System.getProperty("qpid.sasl_protocol", "AMQP");
     String saslServerName = System.getProperty("qpid.sasl_server_name", "localhost");
     boolean useSASLEncryption;
diff --git a/java/common/src/test/java/org/apache/qpid/transport/ConnectionTest.java b/java/common/src/test/java/org/apache/qpid/transport/ConnectionTest.java
index 3cd7dea2b6..49f6a08007 100644
--- a/java/common/src/test/java/org/apache/qpid/transport/ConnectionTest.java
+++ b/java/common/src/test/java/org/apache/qpid/transport/ConnectionTest.java
@@ -20,30 +20,27 @@
  */
 package org.apache.qpid.transport;
 
-import org.apache.qpid.test.utils.QpidTestCase;
-import org.apache.qpid.transport.network.ConnectionBinding;
-import org.apache.qpid.transport.network.io.IoAcceptor;
-import org.apache.qpid.transport.util.Logger;
-import org.apache.qpid.transport.util.Waiter;
+import static org.apache.qpid.transport.Option.EXPECTED;
+import static org.apache.qpid.transport.Option.NONE;
+import static org.apache.qpid.transport.Option.SYNC;
 
+import java.io.IOException;
 import java.util.ArrayList;
-import java.util.List;
 import java.util.Collections;
+import java.util.List;
 import java.util.concurrent.CountDownLatch;
 import java.util.concurrent.TimeUnit;
-import java.io.IOException;
 
-import static org.apache.qpid.transport.Option.*;
+import org.apache.qpid.test.utils.QpidTestCase;
+import org.apache.qpid.transport.network.ConnectionBinding;
+import org.apache.qpid.transport.network.io.IoAcceptor;
+import org.apache.qpid.transport.util.Waiter;
 
 /**
  * ConnectionTest
  */
-
 public class ConnectionTest extends QpidTestCase implements SessionListener
 {
-
-    private static final Logger log = Logger.get(ConnectionTest.class);
-
     private int port;
     private volatile boolean queue = false;
     private List<MessageTransfer> messages = new ArrayList<MessageTransfer>();
@@ -156,7 +153,8 @@ public class ConnectionTest extends QpidTestCase implements SessionListener
 
     private Connection connect(final CountDownLatch closed)
     {
-        Connection conn = new Connection();
+        final Connection conn = new Connection();
+        conn.setConnectionDelegate(new ClientDelegate(new ConnectionSettings()));
         conn.addConnectionListener(new ConnectionListener()
         {
             public void opened(Connection conn) {}
@@ -180,9 +178,9 @@ public class ConnectionTest extends QpidTestCase implements SessionListener
     {
         // Force os.name to be windows to exercise code in IoReceiver
         // that looks for the value of os.name
-        System.setProperty("os.name","windows");
+        setTestSystemProperty("os.name","windows");
 
-        // Start server as 0-9 to froce a ProtocolVersionException
+        // Start server as 0-9 to force a ProtocolVersionException
         startServer(new ProtocolHeader(1, 0, 9));
         
         CountDownLatch closed = new CountDownLatch(1);
@@ -217,7 +215,7 @@ public class ConnectionTest extends QpidTestCase implements SessionListener
                 conn.send(protocolHeader);
                 List<Object> utf8 = new ArrayList<Object>();
                 utf8.add("utf8");
-                conn.connectionStart(null, Collections.EMPTY_LIST, utf8);
+                conn.connectionStart(null, Collections.emptyList(), utf8);
             }
 
             @Override
@@ -268,40 +266,7 @@ public class ConnectionTest extends QpidTestCase implements SessionListener
         }
     }
 
-    class FailoverConnectionListener implements ConnectionListener
-    {
-        public void opened(Connection conn) {}
-
-        public void exception(Connection conn, ConnectionException e)
-        {
-            throw e;
-        }
 
-        public void closed(Connection conn)
-        {
-            queue = true;
-            conn.connect("localhost", port, null, "guest", "guest");
-            conn.resume();
-        }
-    }
-
-    class TestSessionListener implements SessionListener
-    {
-        public void opened(Session s) {}
-        public void resumed(Session s) {}
-        public void exception(Session s, SessionException e) {}
-        public void message(Session s, MessageTransfer xfr)
-        {
-            synchronized (incoming)
-            {
-                incoming.add(xfr);
-                incoming.notifyAll();
-            }
-
-            s.processed(xfr);
-        }
-        public void closed(Session s) {}
-    }
 
     public void testResumeNonemptyReplayBuffer() throws Exception
     {
@@ -309,6 +274,7 @@ public class ConnectionTest extends QpidTestCase implements SessionListener
 
         Connection conn = new Connection();
         conn.addConnectionListener(new FailoverConnectionListener());
+        conn.setConnectionDelegate(new ClientDelegate(new ConnectionSettings()));
         conn.connect("localhost", port, null, "guest", "guest");
         Session ssn = conn.createSession(1);
         ssn.setSessionListener(new TestSessionListener());
@@ -363,6 +329,7 @@ public class ConnectionTest extends QpidTestCase implements SessionListener
         startServer();
 
         Connection conn = new Connection();
+        conn.setConnectionDelegate(new ClientDelegate(new ConnectionSettings()));
         conn.addConnectionListener(new FailoverConnectionListener());
         conn.connect("localhost", port, null, "guest", "guest");
         Session ssn = conn.createSession(1);
@@ -385,6 +352,7 @@ public class ConnectionTest extends QpidTestCase implements SessionListener
         startServer();
 
         Connection conn = new Connection();
+        conn.setConnectionDelegate(new ClientDelegate(new ConnectionSettings()));
         conn.connect("localhost", port, null, "guest", "guest");
         Session ssn = conn.createSession();
         ssn.sessionFlush(EXPECTED);
@@ -398,6 +366,7 @@ public class ConnectionTest extends QpidTestCase implements SessionListener
     {
         startServer();
         Connection conn = new Connection();
+        conn.setConnectionDelegate(new ClientDelegate(new ConnectionSettings()));
         conn.connect("localhost", port, null, "guest", "guest");
         conn.connectionHeartbeat();
         conn.close();
@@ -408,6 +377,7 @@ public class ConnectionTest extends QpidTestCase implements SessionListener
         startServer();
 
         Connection conn = new Connection();
+        conn.setConnectionDelegate(new ClientDelegate(new ConnectionSettings()));
         conn.connect("localhost", port, null, "guest", "guest");
         Session ssn = conn.createSession();
         send(ssn, "EXCP 0");
@@ -427,6 +397,7 @@ public class ConnectionTest extends QpidTestCase implements SessionListener
         startServer();
 
         Connection conn = new Connection();
+        conn.setConnectionDelegate(new ClientDelegate(new ConnectionSettings()));
         conn.connect("localhost", port, null, "guest", "guest");
         Session ssn = conn.createSession();
         send(ssn, "EXCP 0", true);
@@ -441,4 +412,38 @@ public class ConnectionTest extends QpidTestCase implements SessionListener
         }
     }
 
+    class FailoverConnectionListener implements ConnectionListener
+    {
+        public void opened(Connection conn) {}
+
+        public void exception(Connection conn, ConnectionException e)
+        {
+            throw e;
+        }
+
+        public void closed(Connection conn)
+        {
+            queue = true;
+            conn.connect("localhost", port, null, "guest", "guest");
+            conn.resume();
+        }
+    }
+
+    class TestSessionListener implements SessionListener
+    {
+        public void opened(Session s) {}
+        public void resumed(Session s) {}
+        public void exception(Session s, SessionException e) {}
+        public void message(Session s, MessageTransfer xfr)
+        {
+            synchronized (incoming)
+            {
+                incoming.add(xfr);
+                incoming.notifyAll();
+            }
+
+            s.processed(xfr);
+        }
+        public void closed(Session s) {}
+    }
 }