Github user gemmellr commented on a diff in the pull request:
https://github.com/apache/qpid-jms/pull/10#discussion_r128809457
--- Diff:
qpid-jms-client/src/test/java/org/apache/qpid/jms/test/testpeer/TestAmqpPeer.java
---
@@ -495,6 +512,169 @@ public void run()
}
}
+ public void expectGSSAPIFail(Symbol mech) throws Exception {
+ SaslMechanismsFrame saslMechanismsFrame = new
SaslMechanismsFrame().setSaslServerMechanisms(mech);
+
+ addHandler(new HeaderHandlerImpl(AmqpHeader.SASL_HEADER,
AmqpHeader.SASL_HEADER,
+ new FrameSender(
+ this, FrameType.SASL, 0,
+ saslMechanismsFrame, null)));
+
+ addHandler(new SaslInitMatcher().withMechanism(equalTo(mech)));
+
+ }
+
+ public void expectGSSAPI(Symbol mech, String serviceName) throws
Exception {
+
+ SaslMechanismsFrame saslMechanismsFrame = new
SaslMechanismsFrame().setSaslServerMechanisms(mech);
+
+ addHandler(new HeaderHandlerImpl(AmqpHeader.SASL_HEADER,
AmqpHeader.SASL_HEADER,
+ new FrameSender(
+ this, FrameType.SASL, 0,
+ saslMechanismsFrame, null)));
+
+ // setup server gss context
+ LoginContext loginContext = new LoginContext("", null, null,
+ kerb5InlineConfig(serviceName, false));
+ loginContext.login();
+ final Subject serverSubject =loginContext.getSubject();
+
+ LOGGER.info("saslServer subject:" +
serverSubject.getPrivateCredentials());
+
+ Map<String, ?> config = new HashMap();
+ final CallbackHandler handler = new CallbackHandler() {
+ @Override
+ public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
+ LOGGER.info("Here with: " + Arrays.asList(callbacks));
+ for (Callback callback :callbacks) {
+ if (callback instanceof AuthorizeCallback) {
+ AuthorizeCallback authorizeCallback =
(AuthorizeCallback) callback;
+
authorizeCallback.setAuthorized(authorizeCallback.getAuthenticationID().equals(authorizeCallback.getAuthorizationID()));
+ }
+ }
+ }
+ };
+ final SaslServer saslServer = Subject.doAs(serverSubject, new
PrivilegedExceptionAction<SaslServer>() {
+ @Override
+ public SaslServer run() throws Exception {
+ return Sasl.createSaslServer(mech.toString(), null, null,
config, handler);
+ }
+ });
+
+ final SaslChallengeFrame challengeFrame = new SaslChallengeFrame();
+
+ SaslInitMatcher saslInitMatcher = new SaslInitMatcher()
+ .withMechanism(equalTo(mech))
+ .withInitialResponse(new BaseMatcher<Binary>() {
+
+ @Override
+ public void describeTo(Description description) {}
+
+ @Override
+ public boolean matches(Object o) {
+ if (o == null) {
+ LOGGER.error("Got null initial response!");
+ return false;
+ }
+ final Binary binary = (Binary) o;
+ // validate via sasl
+ byte[] token = null;
+ try {
+ token = Subject.doAs(serverSubject, new
PrivilegedExceptionAction<byte[]>() {
+ @Override
+ public byte[] run() throws Exception {
+ LOGGER.info("Evaluate Response..
size:" + binary.getLength());
+ return
saslServer.evaluateResponse(binary.getArray());
+ }
+ });
+ } catch (PrivilegedActionException e) {
+ e.printStackTrace();
+ }
+ LOGGER.info("Complete:" + saslServer.isComplete());
+
+ if (token != null) {
+ // fling it back in on complete
+ challengeFrame.setChallenge(new Binary(token));
+ }
+ return true;
+ }
+ }).onCompletion(new AmqpPeerRunnable() {
+ @Override
+ public void run() {
+ TestAmqpPeer.this.sendFrame(
+ FrameType.SASL, 0,
+ challengeFrame,
+ null,
+ false, 0);
+ }
+ });
+
+ AtomicBoolean response = new AtomicBoolean(false);
+ SaslResponseMatcher challengeMatcher = new
SaslResponseMatcher().withResponse(new BaseMatcher<Binary>() {
+
+ @Override
+ public void describeTo(Description description) {}
+
+ @Override
+ public boolean matches(Object o) {
+ final Binary binary = (Binary) o;
+ if (!saslServer.isComplete()) {
+ // validate via sasl
+ byte[] token = null;
+ try {
+ token = Subject.doAs(serverSubject, new
PrivilegedExceptionAction<byte[]>() {
+ @Override
+ public byte[] run() throws Exception {
+ LOGGER.info("Evaluate challenge response..
size:" + binary.getLength());
+ return
saslServer.evaluateResponse(binary.getArray());
+ }
+ });
+ } catch (PrivilegedActionException e) {
+ e.printStackTrace();
+ }
+ LOGGER.info("Complete:" + saslServer.isComplete());
+ if (token != null) {
+ // fling it back
+ challengeFrame.setChallenge(new Binary(token));
+ response.set(true);
+ }
+ return true;
+ }
+
+ return false;
+ }
+ }).onCompletion(new AmqpPeerRunnable() {
+ @Override
+ public void run() {
+ if (response.get()) {
+ TestAmqpPeer.this.sendFrame(
+ FrameType.SASL, 0,
+ challengeFrame,
+ null,
+ false, 0);
+ }
+
+ if (saslServer.isComplete()) {
--- End diff --
if it goes on its own it suggests the other bit can be removed or theres an
'else' missing, which doesnt make sense either as there should likely always be
an outcome. I also missed earlier that it is sending a successfull auth
outcome..the server being complete doesnt necessarily mean it succeeded, and
the previous bit allows for it to fail, so it still seems something is off here
to me.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
