Introduce our own notion of a SASL mechanism and use that. JDKSaslConfig acts as a bridge to the JDK impl if you want to use that.

Author: Simon MacMullen

src/com/rabbitmq/client/ConnectionFactory.java

@@ -89,7 +89,7 @@ public class ConnectionFactory implements Cloneable {
     private int connectionTimeout                 = DEFAULT_CONNECTION_TIMEOUT;
     private Map<String, Object> _clientProperties = AMQConnection.defaultClientProperties();
     private SocketFactory factory                 = SocketFactory.getDefault();
-    private SaslConfig saslConfig                 = new DefaultSaslConfig(this);
+    private SaslConfig saslConfig                 = DefaultSaslConfig.PLAIN;
 
     /**
      * Instantiate a ConnectionFactory with a default set of parameters.

src/com/rabbitmq/client/DefaultSaslConfig.java

@@ -16,56 +16,40 @@
 
 package com.rabbitmq.client;
 
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.sasl.Sasl;
-import javax.security.sasl.SaslClient;
-import javax.security.sasl.SaslException;
+import com.rabbitmq.client.impl.ExternalMechanism;
+import com.rabbitmq.client.impl.PlainMechanism;
+
 import java.util.Arrays;
 import java.util.HashSet;
-import java.util.List;
 import java.util.Set;
 
 /**
- * Default implementation of SaslConfig that uses the standard Java
- * algorithm for selecting a sasl client.
- * @see com.rabbitmq.client.ConnectionFactory
+ * Default SASL configuration. Uses one of our built-in mechanisms.
  */
 public class DefaultSaslConfig implements SaslConfig {
-    public static final String[] DEFAULT_PREFERRED_MECHANISMS = new String[]{"PLAIN"};
+    private final String mechanism;
 
-    private final ConnectionFactory factory;
-    private final List<String> mechanisms;
-    private final CallbackHandler callbackHandler;
+    public static final DefaultSaslConfig PLAIN = new DefaultSaslConfig("PLAIN");
+    public static final DefaultSaslConfig EXTERNAL = new DefaultSaslConfig("EXTERNAL");
 
     /**
-     * Create a DefaultSaslConfig which only wants to use PLAIN.
+     * Create a DefaultSaslConfig with an explicit mechanism to use.
      *
-     * @param factory - the ConnectionFactory to use to obtain username, password and host
+     * @param mechanism - a SASL mechanism to use
      */
-    public DefaultSaslConfig(ConnectionFactory factory) {
-        this(factory, DEFAULT_PREFERRED_MECHANISMS);
+    private DefaultSaslConfig(String mechanism) {
+        this.mechanism = mechanism;
     }
 
-    /**
-     * Create a DefaultSaslConfig with a list of mechanisms to use.
-     *
-     * @param factory - the ConnectionFactory to use to obtain username, password and host
-     * @param mechanisms - a list of SASL mechanisms to use (in descending order of preference)
-     */
-    public DefaultSaslConfig(ConnectionFactory factory, String[] mechanisms) {
-        this.factory = factory;
-        callbackHandler = new UsernamePasswordCallbackHandler(factory);
-        this.mechanisms = Arrays.asList(mechanisms);
-    }
-
-    public SaslClient getSaslClient(String[] serverMechanisms) throws SaslException {
+    public SaslMechanism getSaslMechanism(String[] serverMechanisms) {
         Set<String> server = new HashSet<String>(Arrays.asList(serverMechanisms));
 
-        for (String mechanism: mechanisms) {
-            if (server.contains(mechanism)) {
-                SaslClient saslClient = Sasl.createSaslClient(new String[]{mechanism},
-                         null, "AMQP", factory.getHost(), null, callbackHandler);
-                if (saslClient != null) return saslClient;
+        if (server.contains(mechanism)) {
+            if (mechanism.equals("PLAIN")) {
+                return new PlainMechanism();
+            }
+            else if (mechanism.equals("EXTERNAL")) {
+                return new ExternalMechanism();
             }
         }
         return null;

src/com/rabbitmq/client/JDKSaslConfig.java

@@ -0,0 +1,130 @@
+//  The contents of this file are subject to the Mozilla Public License
+//  Version 1.1 (the "License"); you may not use this file except in
+//  compliance with the License. You may obtain a copy of the License
+//  at http://www.mozilla.org/MPL/
+//
+//  Software distributed under the License is distributed on an "AS IS"
+//  basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+//  the License for the specific language governing rights and
+//  limitations under the License.
+//
+//  The Original Code is RabbitMQ.
+//
+//  The Initial Developer of the Original Code is VMware, Inc.
+//  Copyright (c) 2007-2011 VMware, Inc.  All rights reserved.
+//
+
+package com.rabbitmq.client;
+
+import com.rabbitmq.client.impl.LongString;
+import com.rabbitmq.client.impl.LongStringHelper;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.sasl.Sasl;
+import javax.security.sasl.SaslClient;
+import javax.security.sasl.SaslException;
+import java.io.IOException;
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+/**
+ * Implementation of SaslConfig that uses the JDK SASL implementation. This is
+ * not the default since it does not work on Java 1.4, Android or IBM's JDK.
+ * @see com.rabbitmq.client.ConnectionFactory
+ */
+public class JDKSaslConfig implements SaslConfig {
+    public static final String[] DEFAULT_PREFERRED_MECHANISMS = new String[]{"PLAIN"};
+
+    private final ConnectionFactory factory;
+    private final List<String> mechanisms;
+    private final CallbackHandler callbackHandler;
+
+    /**
+     * Create a JDKSaslConfig which only wants to use PLAIN.
+     *
+     * @param factory - the ConnectionFactory to use to obtain username, password and host
+     */
+    public JDKSaslConfig(ConnectionFactory factory) {
+        this(factory, DEFAULT_PREFERRED_MECHANISMS);
+    }
+
+    /**
+     * Create a JDKSaslConfig with a list of mechanisms to use.
+     *
+     * @param factory - the ConnectionFactory to use to obtain username, password and host
+     * @param mechanisms - a list of SASL mechanisms to use (in descending order of preference)
+     */
+    public JDKSaslConfig(ConnectionFactory factory, String[] mechanisms) {
+        this.factory = factory;
+        callbackHandler = new UsernamePasswordCallbackHandler(factory);
+        this.mechanisms = Arrays.asList(mechanisms);
+    }
+
+    public SaslMechanism getSaslMechanism(String[] serverMechanisms) {
+        Set<String> server = new HashSet<String>(Arrays.asList(serverMechanisms));
+
+        for (String mechanism: mechanisms) {
+            if (server.contains(mechanism)) {
+                try {
+                    SaslClient saslClient = Sasl.createSaslClient(new String[]{mechanism},
+                             null, "AMQP", factory.getHost(), null, callbackHandler);
+                    if (saslClient != null) return new JDKSaslMechanism(saslClient);
+                } catch (SaslException e) {
+                    throw new RuntimeException(e);
+                }
+            }
+        }
+        return null;
+    }
+
+    private class JDKSaslMechanism implements SaslMechanism {
+        private SaslClient client;
+
+        public JDKSaslMechanism(SaslClient client) {
+            this.client = client;
+        }
+
+        public String getName() {
+            return client.getMechanismName();
+        }
+
+        public LongString handleChallenge(LongString challenge, ConnectionFactory factory) {
+            try {
+                return LongStringHelper.asLongString(client.evaluateChallenge(challenge.getBytes()));
+            } catch (SaslException e) {
+                throw new RuntimeException(e);
+            }
+        }
+    }
+
+    private class UsernamePasswordCallbackHandler implements CallbackHandler {
+        private ConnectionFactory factory;
+        public UsernamePasswordCallbackHandler(ConnectionFactory factory) {
+            this.factory = factory;
+        }
+
+        public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
+            for (Callback callback: callbacks) {
+                if (callback instanceof NameCallback) {
+                    NameCallback nc = (NameCallback)callback;
+                    nc.setName(factory.getUsername());
+
+                } else if (callback instanceof PasswordCallback) {
+                    PasswordCallback pc = (PasswordCallback)callback;
+                    pc.setPassword(factory.getPassword().toCharArray());
+
+                } else {
+                    throw new UnsupportedCallbackException
+                            (callback, "Unrecognized Callback");
+                }
+            }
+        }
+    }
+
+}

src/com/rabbitmq/client/SaslConfig.java

@@ -16,14 +16,11 @@
 
 package com.rabbitmq.client;
 
-import javax.security.sasl.SaslClient;
-import javax.security.sasl.SaslException;
-
 /**
  * This interface represents a hook to allow you to control how exactly
  * a sasl client is selected during authentication.
  * @see com.rabbitmq.client.ConnectionFactory
  */
 public interface SaslConfig {
-    SaslClient getSaslClient(String[] mechanisms) throws SaslException;
+    SaslMechanism getSaslMechanism(String[] mechanisms);
 }

src/com/rabbitmq/client/SaslMechanism.java

@@ -0,0 +1,42 @@
+//  The contents of this file are subject to the Mozilla Public License
+//  Version 1.1 (the "License"); you may not use this file except in
+//  compliance with the License. You may obtain a copy of the License
+//  at http://www.mozilla.org/MPL/
+//
+//  Software distributed under the License is distributed on an "AS IS"
+//  basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+//  the License for the specific language governing rights and
+//  limitations under the License.
+//
+//  The Original Code is RabbitMQ.
+//
+//  The Initial Developer of the Original Code is VMware, Inc.
+//  Copyright (c) 2007-2011 VMware, Inc.  All rights reserved.
+//
+
+package com.rabbitmq.client;
+
+import com.rabbitmq.client.impl.LongString;
+
+import java.io.IOException;
+
+/**
+ * Our own view of a SASL authentication mechanism, introduced to remove a
+ * dependency on javax.security.sasl.
+ */
+public interface SaslMechanism {
+    /**
+     * The name of this mechanism (e.g. PLAIN)
+     * @return
+     */
+    String getName();
+
+    /**
+     * Handle one round of challenge-response
+     * @param challenge the challenge this round, or null on first round.
+     * @param factory for reference to e.g. username and password.
+     * @return response
+     * @throws IOException
+     */
+    LongString handleChallenge(LongString challenge, ConnectionFactory factory);
+}

src/com/rabbitmq/client/UsernamePasswordCallbackHandler.java

@@ -34,12 +34,11 @@
 import com.rabbitmq.client.MissedHeartbeatException;
 import com.rabbitmq.client.PossibleAuthenticationFailureException;
 import com.rabbitmq.client.ProtocolVersionMismatchException;
+import com.rabbitmq.client.SaslMechanism;
 import com.rabbitmq.client.ShutdownSignalException;
 import com.rabbitmq.utility.BlockingCell;
 import com.rabbitmq.utility.Utility;
 
-import javax.security.sasl.SaslClient;
-
 /**
  * Concrete class representing and managing an AMQP connection to a broker.
  * <p>
@@ -267,20 +266,20 @@ public void start()
         }
 
         String[] mechanisms = connStart.getMechanisms().toString().split(" ");
-        SaslClient sc = _factory.getSaslConfig().getSaslClient(mechanisms);
-        if (sc == null) {
+        SaslMechanism sm = _factory.getSaslConfig().getSaslMechanism(mechanisms);
+        if (sm == null) {
             throw new IOException("No compatible authentication mechanism found - " +
                     "server offered [" + connStart.getMechanisms() + "]");
         }
 
         LongString challenge = null;
-        LongString response = LongStringHelper.asLongString(
-                sc.hasInitialResponse() ? sc.evaluateChallenge(new byte[0]) : null);
+        LongString response = sm.handleChallenge(LongStringHelper.asLongString(""), _factory);
+
         AMQP.Connection.Tune connTune = null;
         do {
             Method method = (challenge == null)
                 ? new AMQImpl.Connection.StartOk(_clientProperties,
-                                                 sc.getMechanismName(),
+                                                 sm.getName(),
                                                  response, "en_US")
                 : new AMQImpl.Connection.SecureOk(response);
 
@@ -290,20 +289,13 @@ public void start()
                     connTune = (AMQP.Connection.Tune) serverResponse;
                 } else {
                     challenge = ((AMQP.Connection.Secure) serverResponse).getChallenge();
-                    response = LongStringHelper.asLongString(sc.evaluateChallenge(challenge.getBytes()));
+                    response = sm.handleChallenge(challenge, _factory);
                 }
             } catch (ShutdownSignalException e) {
                 throw new PossibleAuthenticationFailureException(e);
             }
         } while (connTune == null);
 
-        sc.dispose();
-
-        if (!sc.isComplete()) {
-            throw new RuntimeException(sc.getMechanismName() +
-                    " did not complete, server thought it did");
-        }
-
         int channelMax =
             negotiatedMaxValue(_factory.getRequestedChannelMax(),
                                connTune.getChannelMax());