You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by ro...@apache.org on 2018/01/24 17:40:07 UTC
[1/2] qpid-jms git commit: QPIDJMS-360: ensure any empty challenges
are passed through to the mechanism for processing
Repository: qpid-jms
Updated Branches:
refs/heads/master 4932b00bf -> bb5abafc1
QPIDJMS-360: ensure any empty challenges are passed through to the mechanism for processing
Project: http://git-wip-us.apache.org/repos/asf/qpid-jms/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-jms/commit/ba054166
Tree: http://git-wip-us.apache.org/repos/asf/qpid-jms/tree/ba054166
Diff: http://git-wip-us.apache.org/repos/asf/qpid-jms/diff/ba054166
Branch: refs/heads/master
Commit: ba0541660c43df5616cf98f02258272a278720f4
Parents: 4932b00
Author: Robbie Gemmell <ro...@apache.org>
Authored: Wed Jan 24 17:17:46 2018 +0000
Committer: Robbie Gemmell <ro...@apache.org>
Committed: Wed Jan 24 17:17:46 2018 +0000
----------------------------------------------------------------------
.../jms/provider/amqp/AmqpSaslAuthenticator.java | 2 +-
.../provider/amqp/AmqpSaslAuthenticatorTest.java | 16 ++++++++++++++++
2 files changed, 17 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/ba054166/qpid-jms-client/src/main/java/org/apache/qpid/jms/provider/amqp/AmqpSaslAuthenticator.java
----------------------------------------------------------------------
diff --git a/qpid-jms-client/src/main/java/org/apache/qpid/jms/provider/amqp/AmqpSaslAuthenticator.java b/qpid-jms-client/src/main/java/org/apache/qpid/jms/provider/amqp/AmqpSaslAuthenticator.java
index 25dc617..41dc259 100644
--- a/qpid-jms-client/src/main/java/org/apache/qpid/jms/provider/amqp/AmqpSaslAuthenticator.java
+++ b/qpid-jms-client/src/main/java/org/apache/qpid/jms/provider/amqp/AmqpSaslAuthenticator.java
@@ -88,7 +88,7 @@ public class AmqpSaslAuthenticator {
public void handleSaslChallenge(Sasl sasl, Transport transport) {
try {
- if (sasl.pending() != 0) {
+ if (sasl.pending() >= 0) {
byte[] challenge = new byte[sasl.pending()];
sasl.recv(challenge, 0, challenge.length);
byte[] response = mechanism.getChallengeResponse(challenge);
http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/ba054166/qpid-jms-client/src/test/java/org/apache/qpid/jms/provider/amqp/AmqpSaslAuthenticatorTest.java
----------------------------------------------------------------------
diff --git a/qpid-jms-client/src/test/java/org/apache/qpid/jms/provider/amqp/AmqpSaslAuthenticatorTest.java b/qpid-jms-client/src/test/java/org/apache/qpid/jms/provider/amqp/AmqpSaslAuthenticatorTest.java
index b492a59..8fd212b 100644
--- a/qpid-jms-client/src/test/java/org/apache/qpid/jms/provider/amqp/AmqpSaslAuthenticatorTest.java
+++ b/qpid-jms-client/src/test/java/org/apache/qpid/jms/provider/amqp/AmqpSaslAuthenticatorTest.java
@@ -171,6 +171,22 @@ public class AmqpSaslAuthenticatorTest {
assertTrue(authenticator.getFailureCause().getMessage().contains("SASL exchange not completed"));
}
+ @Test
+ public void testEmptyChallengeIsProcessedForResponse() throws Exception {
+ Mechanism mechanism = new TestSaslMechanism(INITIAL_RESPONSE,
+ EMPTY_BYTES, EMPTY_BYTES);
+ AmqpSaslAuthenticator authenticator = new AmqpSaslAuthenticator(mechanismName -> mechanism);
+
+ when(sasl.getState()).thenReturn(SaslState.PN_SASL_IDLE);
+ authenticator.handleSaslMechanisms(sasl, transport);
+ verifySaslMockReceived(sasl, INITIAL_RESPONSE);
+
+ when(sasl.getState()).thenReturn(SaslState.PN_SASL_STEP);
+ configureSaslMockToProduce(sasl, EMPTY_BYTES);
+ authenticator.handleSaslChallenge(sasl, transport);
+ verifySaslMockReceived(sasl, EMPTY_BYTES);
+ }
+
private void verifySaslMockReceived(final Sasl sasl, final byte[] response) {
verify(sasl).send(response, 0, response.length);
}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org
[2/2] qpid-jms git commit: QPIDJMS-361: request mutual auth for
GSSAPI/Kerberos SASL
Posted by ro...@apache.org.
QPIDJMS-361: request mutual auth for GSSAPI/Kerberos SASL
Project: http://git-wip-us.apache.org/repos/asf/qpid-jms/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-jms/commit/bb5abafc
Tree: http://git-wip-us.apache.org/repos/asf/qpid-jms/tree/bb5abafc
Diff: http://git-wip-us.apache.org/repos/asf/qpid-jms/diff/bb5abafc
Branch: refs/heads/master
Commit: bb5abafc145f32c60c90f5c8009ca2e2e55a2406
Parents: ba05416
Author: Robbie Gemmell <ro...@apache.org>
Authored: Wed Jan 24 17:32:41 2018 +0000
Committer: Robbie Gemmell <ro...@apache.org>
Committed: Wed Jan 24 17:32:41 2018 +0000
----------------------------------------------------------------------
.../apache/qpid/jms/sasl/GssapiMechanism.java | 6 +-
.../qpid/jms/test/testpeer/TestAmqpPeer.java | 75 ++++++++++++++++----
2 files changed, 66 insertions(+), 15 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/bb5abafc/qpid-jms-client/src/main/java/org/apache/qpid/jms/sasl/GssapiMechanism.java
----------------------------------------------------------------------
diff --git a/qpid-jms-client/src/main/java/org/apache/qpid/jms/sasl/GssapiMechanism.java b/qpid-jms-client/src/main/java/org/apache/qpid/jms/sasl/GssapiMechanism.java
index 86627fe..789421c 100644
--- a/qpid-jms-client/src/main/java/org/apache/qpid/jms/sasl/GssapiMechanism.java
+++ b/qpid-jms-client/src/main/java/org/apache/qpid/jms/sasl/GssapiMechanism.java
@@ -33,6 +33,7 @@ import java.io.IOException;
import java.security.Principal;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
+import java.util.HashMap;
import java.util.Map;
/**
@@ -84,7 +85,10 @@ public class GssapiMechanism extends AbstractMechanism {
@Override
public byte[] run() throws Exception {
- saslClient = Sasl.createSaslClient(new String[]{NAME}, null, protocol, serverName, null, null);
+ Map<String, String> props = new HashMap<>();
+ props.put("javax.security.sasl.server.authentication", "true");
+
+ saslClient = Sasl.createSaslClient(new String[]{NAME}, null, protocol, serverName, props, null);
if (saslClient.hasInitialResponse()) {
return saslClient.evaluateChallenge(new byte[0]);
}
http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/bb5abafc/qpid-jms-client/src/test/java/org/apache/qpid/jms/test/testpeer/TestAmqpPeer.java
----------------------------------------------------------------------
diff --git a/qpid-jms-client/src/test/java/org/apache/qpid/jms/test/testpeer/TestAmqpPeer.java b/qpid-jms-client/src/test/java/org/apache/qpid/jms/test/testpeer/TestAmqpPeer.java
index 6eccba2..3b4378d 100644
--- a/qpid-jms-client/src/test/java/org/apache/qpid/jms/test/testpeer/TestAmqpPeer.java
+++ b/qpid-jms-client/src/test/java/org/apache/qpid/jms/test/testpeer/TestAmqpPeer.java
@@ -583,7 +583,7 @@ public class TestAmqpPeer implements AutoCloseable
}
});
- final SaslChallengeFrame challengeFrame = new SaslChallengeFrame();
+ final SaslChallengeFrame challengeFrame1 = new SaslChallengeFrame();
SaslInitMatcher saslInitMatcher = new SaslInitMatcher()
.withMechanism(equalTo(GSSAPI))
@@ -601,19 +601,20 @@ public class TestAmqpPeer implements AutoCloseable
final Binary binary = (Binary) o;
// validate via sasl
try {
- byte[] token = Subject.doAs(serverSubject, new PrivilegedExceptionAction<byte[]>() {
+ byte[] challenge1data = Subject.doAs(serverSubject, new PrivilegedExceptionAction<byte[]>() {
@Override
public byte[] run() throws Exception {
- LOGGER.info("Evaluate Response.. size:" + binary.getLength());
+ LOGGER.info("Evaluate Initial Response.. size:" + binary.getLength());
return saslServer.evaluateResponse(binary.getArray());
}
});
- challengeFrame.setChallenge(new Binary(token));
+ LOGGER.info("Creating challenge 1.. size: " + challenge1data.length);
+ challengeFrame1.setChallenge(new Binary(challenge1data));
} catch (PrivilegedActionException e) {
- e.printStackTrace();
- throw new RuntimeException("failed to eval response", e);
+ LOGGER.error("Unexpected error during processing initial response", e);
+ throw new RuntimeException("Failed to eval initial response", e);
}
LOGGER.info("Complete:" + saslServer.isComplete());
@@ -622,17 +623,62 @@ public class TestAmqpPeer implements AutoCloseable
}).onCompletion(new AmqpPeerRunnable() {
@Override
public void run() {
- LOGGER.info("Send challenge..");
+ LOGGER.info("Send challenge 1..");
TestAmqpPeer.this.sendFrame(
FrameType.SASL, 0,
- challengeFrame,
+ challengeFrame1,
null,
false, 0);
}
});
AtomicBoolean succeeded = new AtomicBoolean(false);
- SaslResponseMatcher responseMatcher = new SaslResponseMatcher().withResponse(new BaseMatcher<Binary>() {
+
+ final SaslChallengeFrame challengeFrame2 = new SaslChallengeFrame();
+
+ SaslResponseMatcher responseMatcher1 = new SaslResponseMatcher().withResponse(new BaseMatcher<Binary>() {
+ @Override
+ public void describeTo(Description description) {}
+
+ @Override
+ public boolean matches(Object o) {
+ final Binary responseBinary1 = (Binary) o;
+ // validate via sasl
+
+ byte[] challenge2data = null;
+ try {
+ challenge2data = Subject.doAs(serverSubject, new PrivilegedExceptionAction<byte[]>() {
+ @Override
+ public byte[] run() throws Exception {
+ LOGGER.info("Evaluate challenge response 1.. size:" + responseBinary1.getLength());
+ return saslServer.evaluateResponse(responseBinary1.getArray());
+ }
+ });
+ } catch (PrivilegedActionException e) {
+ LOGGER.error("Unexpected error during processing challenge response 1", e);
+ throw new RuntimeException("failed to evaluate challenge response 1", e);
+ }
+
+ LOGGER.info("Creating challenge 2.. size: " + challenge2data.length);
+ challengeFrame2.setChallenge(new Binary(challenge2data));
+
+ LOGGER.info("Complete:" + saslServer.isComplete());
+
+ return true;
+ }
+ }).onCompletion(new AmqpPeerRunnable() {
+ @Override
+ public void run() {
+ LOGGER.info("Send challenge 2..");
+ TestAmqpPeer.this.sendFrame(
+ FrameType.SASL, 0,
+ challengeFrame2,
+ null,
+ false, 0);
+ }
+ });
+
+ SaslResponseMatcher responseMatcher2 = new SaslResponseMatcher().withResponse(new BaseMatcher<Binary>() {
@Override
public void describeTo(Description description) {}
@@ -646,13 +692,13 @@ public class TestAmqpPeer implements AutoCloseable
additionalData = Subject.doAs(serverSubject, new PrivilegedExceptionAction<byte[]>() {
@Override
public byte[] run() throws Exception {
- LOGGER.info("Evaluate response.. size:" + binary.getLength());
+ LOGGER.info("Evaluate challenge response 2.. size:" + binary.getLength());
return saslServer.evaluateResponse(binary.getArray());
}
});
} catch (PrivilegedActionException e) {
- e.printStackTrace();
- throw new RuntimeException("failed to evaluate challenge response", e);
+ LOGGER.error("Unexpected error during processing challenge response 2", e);
+ throw new RuntimeException("failed to evaluate challenge response 2", e);
}
boolean complete = saslServer.isComplete();
@@ -662,7 +708,7 @@ public class TestAmqpPeer implements AutoCloseable
LOGGER.info("Authorized ID: " + saslServer.getAuthorizationID());
}
- LOGGER.info("Complete:" + complete + ", expectedAuthID:" + expectedAuthId +", additionalData:" + additionalData);
+ LOGGER.info("Complete:" + complete + ", expectedAuthID:" + expectedAuthId +", additionalData:" + Arrays.toString(additionalData));
if(complete && expectedAuthId && additionalData == null) {
succeeded.set(true);
@@ -695,7 +741,8 @@ public class TestAmqpPeer implements AutoCloseable
});
addHandler(saslInitMatcher);
- addHandler(responseMatcher);
+ addHandler(responseMatcher1);
+ addHandler(responseMatcher2);
addHandler(new HeaderHandlerImpl(AmqpHeader.HEADER, AmqpHeader.HEADER));
}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org