[jira] [Commented] (QPIDJMS-294) The SCRAM-SHA-* SASL mechanisms should verify the server final message if it is sent in the additional-data field of sasl-outcome

Thu, 13 Jul 2017 08:59:16 -0700 

    [ 
https://issues.apache.org/jira/browse/QPIDJMS-294?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16085906#comment-16085906
 ] 

ASF GitHub Bot commented on QPIDJMS-294:
----------------------------------------

Github user tabish121 commented on a diff in the pull request:

    https://github.com/apache/qpid-jms/pull/9#discussion_r127257449
  
    --- Diff: 
qpid-jms-client/src/test/java/org/apache/qpid/jms/sasl/AbstractScramSHAMechanismTestBase.java
 ---
    @@ -137,4 +139,25 @@ public void testServerSignatureDiffer() throws 
Exception {
                 // PASS
             }
         }
    +
    +    @Test
    +    public void testIncompleteExchange() throws Exception {
    +        Mechanism mechanism = getConfiguredMechanism();
    +
    +        byte[] clientInitialResponse = mechanism.getInitialResponse();
    +        assertArrayEquals(expectedClientInitialResponse, 
clientInitialResponse);
    +
    +        byte[] clientFinalMessage = 
mechanism.getChallengeResponse(serverFirstMessage);
    +        assertArrayEquals(expectedClientFinalMessage, clientFinalMessage);
    +
    +        try {
    +            mechanism.verifyComplete();
    +            fail("Exception not thrown");
    +        }
    +        catch (SaslException e)
    --- End diff --
    
    Please fix your code formatting to match the rest of the client code.


> The SCRAM-SHA-* SASL mechanisms should verify the server final message if it 
> is sent in the additional-data field of sasl-outcome
> ---------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: QPIDJMS-294
>                 URL: https://issues.apache.org/jira/browse/QPIDJMS-294
>             Project: Qpid JMS
>          Issue Type: Bug
>            Reporter: Rob Godfrey
>
> Currently the client will only verify the server final message if it is sent 
> as an extra challenge in the sasl exchange.
> The client should also verify if the server final message is sent as 
> additional-data on the sasl outcome (which is really the way this should 
> always be sent).
> In order to do this PROTON-1486 will need fixing



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to