You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by as...@apache.org on 2015/06/11 22:24:19 UTC
[1/4] qpid-proton git commit: NO-JIRA: Code tidying
Repository: qpid-proton
Updated Branches:
refs/heads/master 8108bd760 -> 990b11e8a
NO-JIRA: Code tidying
Project: http://git-wip-us.apache.org/repos/asf/qpid-proton/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-proton/commit/7346d23d
Tree: http://git-wip-us.apache.org/repos/asf/qpid-proton/tree/7346d23d
Diff: http://git-wip-us.apache.org/repos/asf/qpid-proton/diff/7346d23d
Branch: refs/heads/master
Commit: 7346d23d7ffbbfa85673be738e0d93bc75a72a2b
Parents: 8108bd7
Author: Andrew Stitcher <as...@apache.org>
Authored: Thu Jun 11 12:14:42 2015 -0400
Committer: Andrew Stitcher <as...@apache.org>
Committed: Thu Jun 11 15:56:36 2015 -0400
----------------------------------------------------------------------
proton-c/src/sasl/cyrus_sasl.c | 63 +++++++++++++++++--------------------
1 file changed, 29 insertions(+), 34 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/7346d23d/proton-c/src/sasl/cyrus_sasl.c
----------------------------------------------------------------------
diff --git a/proton-c/src/sasl/cyrus_sasl.c b/proton-c/src/sasl/cyrus_sasl.c
index e280324..31703a8 100644
--- a/proton-c/src/sasl/cyrus_sasl.c
+++ b/proton-c/src/sasl/cyrus_sasl.c
@@ -101,25 +101,25 @@ static const sasl_callback_t pni_user_callbacks[] = {
};
bool pni_init_client(pn_transport_t* transport) {
- int result;
- pni_sasl_t *sasl = transport->sasl;
-
+ pni_sasl_t *sasl = transport->sasl;
+ int result;
+ sasl_conn_t *cyrus_conn = NULL;
+ do {
if (sasl->config_dir) {
- result = sasl_set_path(SASL_PATH_TYPE_CONFIG, sasl->config_dir);
- if (result!=SASL_OK) return false;
+ result = sasl_set_path(SASL_PATH_TYPE_CONFIG, sasl->config_dir);
+ if (result!=SASL_OK) break;
}
result = sasl_client_init(NULL);
- if (result!=SASL_OK) return false;
+ if (result!=SASL_OK) break;
const sasl_callback_t *callbacks = sasl->username ? sasl->password ? pni_user_password_callbacks : pni_user_callbacks : NULL;
- sasl_conn_t *cyrus_conn;
result = sasl_client_new(amqp_service,
sasl->remote_fqdn,
NULL, NULL,
callbacks, 0,
&cyrus_conn);
- if (result!=SASL_OK) return false;
+ if (result!=SASL_OK) break;
sasl->impl_context = cyrus_conn;
sasl_security_properties_t secprops = {0};
@@ -128,18 +128,19 @@ bool pni_init_client(pn_transport_t* transport) {
( transport->auth_required ? SASL_SEC_NOANONYMOUS : 0 ) ;
result = sasl_setprop(cyrus_conn, SASL_SEC_PROPS, &secprops);
- if (result!=SASL_OK) return false;
+ if (result!=SASL_OK) break;
sasl_ssf_t ssf = sasl->external_ssf;
result = sasl_setprop(cyrus_conn, SASL_SSF_EXTERNAL, &ssf);
- if (result!=SASL_OK) return false;
+ if (result!=SASL_OK) break;
const char *extid = sasl->external_auth;
if (extid) {
result = sasl_setprop(cyrus_conn, SASL_AUTH_EXTERNAL, extid);
- if (result!=SASL_OK) return false;
}
- return true;
+ } while (false);
+ cyrus_conn = (sasl_conn_t*) sasl->impl_context;
+ return pni_check_sasl_result(cyrus_conn, result, transport);
}
static int pni_wrap_client_start(pni_sasl_t *sasl, const char *mechs, const char **mechusing)
@@ -233,42 +234,43 @@ void pni_process_challenge(pn_transport_t *transport, const pn_bytes_t *recv)
}
}
-static int pni_wrap_server_new(pn_transport_t *transport)
+bool pni_init_server(pn_transport_t* transport)
{
- pni_sasl_t *sasl = transport->sasl;
- int result;
-
+ pni_sasl_t *sasl = transport->sasl;
+ int result;
+ sasl_conn_t *cyrus_conn = NULL;
+ do {
if (sasl->config_dir) {
result = sasl_set_path(SASL_PATH_TYPE_CONFIG, sasl->config_dir);
- if (result!=SASL_OK) return result;
+ if (result!=SASL_OK) break;
}
result = sasl_server_init(NULL, sasl->config_name);
- if (result!=SASL_OK) return result;
+ if (result!=SASL_OK) break;
- sasl_conn_t *cyrus_conn;
result = sasl_server_new(amqp_service, NULL, NULL, NULL, NULL, NULL, 0, &cyrus_conn);
- if (result!=SASL_OK) return result;
+ if (result!=SASL_OK) break;
sasl->impl_context = cyrus_conn;
sasl_security_properties_t secprops = {0};
secprops.security_flags =
- SASL_SEC_NOPLAINTEXT |
- ( transport->auth_required ? SASL_SEC_NOANONYMOUS : 0 ) ;
+ SASL_SEC_NOPLAINTEXT |
+ ( transport->auth_required ? SASL_SEC_NOANONYMOUS : 0 ) ;
result = sasl_setprop(cyrus_conn, SASL_SEC_PROPS, &secprops);
- if (result!=SASL_OK) return result;
+ if (result!=SASL_OK) break;
sasl_ssf_t ssf = sasl->external_ssf;
result = sasl_setprop(cyrus_conn, SASL_SSF_EXTERNAL, &ssf);
- if (result!=SASL_OK) return result;
+ if (result!=SASL_OK) break;
const char *extid = sasl->external_auth;
if (extid) {
- result = sasl_setprop(cyrus_conn, SASL_AUTH_EXTERNAL, extid);
- if (result!=SASL_OK) return result;
+ result = sasl_setprop(cyrus_conn, SASL_AUTH_EXTERNAL, extid);
}
- return result;
+ } while (false);
+ cyrus_conn = (sasl_conn_t*) sasl->impl_context;
+ return pni_check_sasl_result(cyrus_conn, result, transport);
}
static int pni_wrap_server_start(pni_sasl_t *sasl, const char *mech_selected, const pn_bytes_t *in)
@@ -327,13 +329,6 @@ static void pni_process_server_result(pn_transport_t *transport, int result)
}
}
-bool pni_init_server(pn_transport_t* transport)
-{
- int r = pni_wrap_server_new(transport);
- sasl_conn_t *cyrus_conn = (sasl_conn_t*)transport->sasl->impl_context;
- return pni_check_sasl_result(cyrus_conn, r, transport);
-}
-
void pni_process_init(pn_transport_t *transport, const char *mechanism, const pn_bytes_t *recv)
{
pni_sasl_t *sasl = transport->sasl;
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org
[2/4] qpid-proton git commit: PROTON-334: Add capability to detect
extended SASL support
Posted by as...@apache.org.
PROTON-334: Add capability to detect extended SASL support
Project: http://git-wip-us.apache.org/repos/asf/qpid-proton/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-proton/commit/d7df5760
Tree: http://git-wip-us.apache.org/repos/asf/qpid-proton/tree/d7df5760
Diff: http://git-wip-us.apache.org/repos/asf/qpid-proton/diff/d7df5760
Branch: refs/heads/master
Commit: d7df5760f979a2e0503b272638067493fd5b9e7b
Parents: 7346d23
Author: Andrew Stitcher <as...@apache.org>
Authored: Thu Jun 11 13:53:04 2015 -0400
Committer: Andrew Stitcher <as...@apache.org>
Committed: Thu Jun 11 16:19:54 2015 -0400
----------------------------------------------------------------------
proton-c/bindings/python/proton/__init__.py | 4 ++++
proton-c/include/proton/sasl.h | 13 +++++++++++++
proton-c/src/sasl/cyrus_sasl.c | 5 +++++
proton-c/src/sasl/none_sasl.c | 5 +++++
proton-j/src/main/resources/csasl.py | 3 +++
5 files changed, 30 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/d7df5760/proton-c/bindings/python/proton/__init__.py
----------------------------------------------------------------------
diff --git a/proton-c/bindings/python/proton/__init__.py b/proton-c/bindings/python/proton/__init__.py
index e3cd9e3..9432bd8 100644
--- a/proton-c/bindings/python/proton/__init__.py
+++ b/proton-c/bindings/python/proton/__init__.py
@@ -3368,6 +3368,10 @@ class SASL(Wrapper):
PERM = PN_SASL_PERM
TEMP = PN_SASL_TEMP
+ @staticmethod
+ def extended():
+ return pn_sasl_extended()
+
def __init__(self, transport):
Wrapper.__init__(self, transport._impl, pn_transport_attachments)
self._sasl = pn_sasl(transport._impl)
http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/d7df5760/proton-c/include/proton/sasl.h
----------------------------------------------------------------------
diff --git a/proton-c/include/proton/sasl.h b/proton-c/include/proton/sasl.h
index b2a8a27..60ee7d5 100644
--- a/proton-c/include/proton/sasl.h
+++ b/proton-c/include/proton/sasl.h
@@ -68,6 +68,19 @@ typedef enum {
*/
PN_EXTERN pn_sasl_t *pn_sasl(pn_transport_t *transport);
+/** Do we support extended SASL negotiation
+ *
+ * Do we support extended SASL negotiation?
+ * All implementations of Proton support ANONYMOUS and EXTERNAL on both
+ * client and server sides and PLAIN on the client side.
+ *
+ * Extended SASL implememtations use an external library (Cyrus SASL)
+ * to support other mechanisms beyond these basic ones.
+ *
+ * @return true if we support extended SASL negotiation, false if we only support basic negotiation.
+ */
+PN_EXTERN bool pn_sasl_extended(void);
+
/** Set the outcome of SASL negotiation
*
* Used by the server to set the result of the negotiation process.
http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/d7df5760/proton-c/src/sasl/cyrus_sasl.c
----------------------------------------------------------------------
diff --git a/proton-c/src/sasl/cyrus_sasl.c b/proton-c/src/sasl/cyrus_sasl.c
index 31703a8..b42ffa5 100644
--- a/proton-c/src/sasl/cyrus_sasl.c
+++ b/proton-c/src/sasl/cyrus_sasl.c
@@ -380,3 +380,8 @@ void pni_sasl_impl_free(pn_transport_t *transport)
sasl_server_done();
}
}
+
+bool pn_sasl_extended(void)
+{
+ return true;
+}
http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/d7df5760/proton-c/src/sasl/none_sasl.c
----------------------------------------------------------------------
diff --git a/proton-c/src/sasl/none_sasl.c b/proton-c/src/sasl/none_sasl.c
index 4a2dc13..be27871 100644
--- a/proton-c/src/sasl/none_sasl.c
+++ b/proton-c/src/sasl/none_sasl.c
@@ -171,3 +171,8 @@ void pni_process_challenge(pn_transport_t *transport, const pn_bytes_t *recv)
void pni_process_response(pn_transport_t *transport, const pn_bytes_t *recv)
{
}
+
+bool pn_sasl_extended(void)
+{
+ return false;
+}
http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/d7df5760/proton-j/src/main/resources/csasl.py
----------------------------------------------------------------------
diff --git a/proton-j/src/main/resources/csasl.py b/proton-j/src/main/resources/csasl.py
index ea5e489..32f8039 100644
--- a/proton-j/src/main/resources/csasl.py
+++ b/proton-j/src/main/resources/csasl.py
@@ -30,6 +30,9 @@ PN_SASL_SYS=2
PN_SASL_PERM=3
PN_SASL_TEMP=4
+def pn_sasl_extended():
+ return False
+
def pn_sasl(tp):
sasl = tp.impl.sasl()
if tp.server:
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org
[3/4] qpid-proton git commit: NO-JIRA: Add in SASL pieces to Travis
CI build
Posted by as...@apache.org.
NO-JIRA: Add in SASL pieces to Travis CI build
Project: http://git-wip-us.apache.org/repos/asf/qpid-proton/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-proton/commit/e55fe323
Tree: http://git-wip-us.apache.org/repos/asf/qpid-proton/tree/e55fe323
Diff: http://git-wip-us.apache.org/repos/asf/qpid-proton/diff/e55fe323
Branch: refs/heads/master
Commit: e55fe323e08f4ac3a8f51d055cae7eb460b96018
Parents: d7df576
Author: Andrew Stitcher <as...@apache.org>
Authored: Wed Jun 3 16:47:51 2015 -0400
Committer: Andrew Stitcher <as...@apache.org>
Committed: Thu Jun 11 16:20:28 2015 -0400
----------------------------------------------------------------------
.travis.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/e55fe323/.travis.yml
----------------------------------------------------------------------
diff --git a/.travis.yml b/.travis.yml
index 8d12bc4..7493ca2 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,6 +1,6 @@
language: c
install:
- sudo apt-get update -qq
- - sudo apt-get install -y -qq bash cmake libssl-dev maven ruby python php5 openjdk-7-jdk swig uuid-dev valgrind
+ - sudo apt-get install -y -qq bash cmake libssl-dev maven ruby python php5 openjdk-7-jdk swig uuid-dev valgrind libsasl2-dev sasl2-bin
script:
- bin/jenkins-proton-c-build.sh
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org
[4/4] qpid-proton git commit: PROTON-909: Tests for Cyrus SASL mechs
Posted by as...@apache.org.
PROTON-909: Tests for Cyrus SASL mechs
Project: http://git-wip-us.apache.org/repos/asf/qpid-proton/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-proton/commit/990b11e8
Tree: http://git-wip-us.apache.org/repos/asf/qpid-proton/tree/990b11e8
Diff: http://git-wip-us.apache.org/repos/asf/qpid-proton/diff/990b11e8
Branch: refs/heads/master
Commit: 990b11e8a3e3b7a63c891b42e22ea3d180278e55
Parents: e55fe32
Author: Andrew Stitcher <as...@apache.org>
Authored: Tue Jun 2 03:26:44 2015 -0400
Committer: Andrew Stitcher <as...@apache.org>
Committed: Thu Jun 11 16:20:28 2015 -0400
----------------------------------------------------------------------
proton-j/src/main/resources/csasl.py | 16 ++
tests/python/proton_tests/sasl.py | 248 +++++++++++++++++++++++++++++-
2 files changed, 258 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/990b11e8/proton-j/src/main/resources/csasl.py
----------------------------------------------------------------------
diff --git a/proton-j/src/main/resources/csasl.py b/proton-j/src/main/resources/csasl.py
index 32f8039..b36b104 100644
--- a/proton-j/src/main/resources/csasl.py
+++ b/proton-j/src/main/resources/csasl.py
@@ -62,6 +62,22 @@ SASL_OUTCOMES_J2P = {
def pn_transport_require_auth(transport, require):
transport.impl.sasl().allowSkip(not require)
+# TODO: Placeholders
+def pn_transport_is_authenticated(transport):
+ raise Skipped('Not supported in Proton-J')
+
+def pn_transport_is_encrypted(transport):
+ raise Skipped('Not supported in Proton-J')
+
+def pn_transport_get_user(transport):
+ raise Skipped('Not supported in Proton-J')
+
+def pn_connection_set_user(connection, user):
+ pass
+
+def pn_connection_set_password(connection, password):
+ pass
+
def pn_sasl_allowed_mechs(sasl, mechs):
sasl.setMechanisms(*mechs.split())
http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/990b11e8/tests/python/proton_tests/sasl.py
----------------------------------------------------------------------
diff --git a/tests/python/proton_tests/sasl.py b/tests/python/proton_tests/sasl.py
index 68fb6e3..91b3e69 100644
--- a/tests/python/proton_tests/sasl.py
+++ b/tests/python/proton_tests/sasl.py
@@ -18,9 +18,69 @@
#
import sys, os, common
+from string import Template
+import subprocess
+
from proton import *
from common import pump, Skipped
+from cproton import *
+
+def _sslCertpath(file):
+ """ Return the full path to the certificate,keyfile, etc.
+ """
+ return os.path.join(os.path.dirname(__file__),
+ "ssl_db/%s" % file)
+
+def _cyrusSetup(conf_dir):
+ """Write out simple SASL config
+ """
+ t = Template("""sasldb_path: ${db}
+mech_list: EXTERNAL DIGEST-MD5 SCRAM-SHA-1 CRAM-MD5 PLAIN ANONYMOUS
+""")
+ subprocess.call(args=['rm','-rf',conf_dir])
+ os.mkdir(conf_dir)
+ db = os.path.abspath(os.path.join(conf_dir,'proton.sasldb'))
+ conf = os.path.abspath(os.path.join(conf_dir,'proton.conf'))
+ f = open(conf, 'w')
+ f.write(t.substitute(db=db))
+ f.close()
+
+ cmd = Template("echo password | saslpasswd2 -c -p -f ${db} -u proton user").substitute(db=db)
+ subprocess.call(args=cmd, shell=True)
+
+def _testSaslMech(self, mech, clientUser='user@proton', authUser='user@proton', encrypted=False, authenticated=True):
+ self.s1.allowed_mechs(mech)
+ self.c1.open()
+
+ pump(self.t1, self.t2, 1024)
+
+ if encrypted:
+ assert self.t2.encrypted == encrypted
+ assert self.t1.encrypted == encrypted
+ assert self.t2.authenticated == authenticated
+ assert self.t1.authenticated == authenticated
+ if authenticated:
+ # Server
+ assert self.t2.user == authUser
+ assert self.s2.user == authUser
+ assert self.s2.mech == mech.strip()
+ assert self.s2.outcome == SASL.OK
+ # Client
+ assert self.t1.user == clientUser
+ assert self.s1.user == clientUser
+ assert self.s1.mech == mech.strip()
+ assert self.s1.outcome == SASL.OK
+ else:
+ # Server
+ assert self.t2.user == None
+ assert self.s2.user == None
+ assert self.s2.outcome != SASL.OK
+ # Client
+ assert self.t1.user == clientUser
+ assert self.s1.user == clientUser
+ assert self.s1.outcome != SASL.OK
+
class Test(common.Test):
pass
@@ -32,6 +92,13 @@ class SaslTest(Test):
self.t2 = Transport(Transport.SERVER)
self.s2 = SASL(self.t2)
+ if not SASL.extended():
+ return
+
+ _cyrusSetup('sasl_conf')
+ self.s2.config_name('proton')
+ self.s2.config_path(os.path.abspath('sasl_conf'))
+
def pump(self):
pump(self.t1, self.t2, 1024)
@@ -215,11 +282,11 @@ class SaslTest(Test):
self.t2.require_auth(False)
self.pump()
assert self.s2.outcome == None
- self.t2.condition == None
- self.t2.authenticated == False
+ assert self.t2.condition == None
+ assert self.t2.authenticated == False
assert self.s1.outcome == None
- self.t1.condition == None
- self.t1.authenticated == False
+ assert self.t1.condition == None
+ assert self.t1.authenticated == False
def testSaslSkippedFail(self):
"""Verify that the server (with SASL) correctly handles a client without SASL"""
@@ -227,6 +294,175 @@ class SaslTest(Test):
self.t2.require_auth(True)
self.pump()
assert self.s2.outcome == None
- self.t2.condition != None
+ assert self.t2.condition != None
assert self.s1.outcome == None
- self.t1.condition != None
+ assert self.t1.condition != None
+
+ def testMechNotFound(self):
+ if "java" in sys.platform:
+ raise Skipped("Proton-J does not support checking authentication state")
+ self.c1 = Connection()
+ self.c1.open()
+ self.t1.bind(self.c1)
+ self.s1.allowed_mechs('IMPOSSIBLE')
+
+ self.pump()
+
+ assert self.t2.authenticated == False
+ assert self.t1.authenticated == False
+ assert self.s1.outcome != SASL.OK
+ assert self.s2.outcome != SASL.OK
+
+class CyrusSASLTest(Test):
+ def setup(self):
+ self.t1 = Transport()
+ self.s1 = SASL(self.t1)
+ self.t2 = Transport(Transport.SERVER)
+ self.s2 = SASL(self.t2)
+
+ self.c1 = Connection()
+ self.c1.user = 'user@proton'
+ self.c1.password = 'password'
+ self.c1.hostname = 'localhost'
+
+ if not SASL.extended():
+ return
+
+ _cyrusSetup('sasl_conf')
+ self.s2.config_name('proton')
+ self.s2.config_path(os.path.abspath('sasl_conf'))
+
+ def testMechANON(self):
+ self.t1.bind(self.c1)
+ _testSaslMech(self, 'ANONYMOUS', authUser='anonymous')
+
+ def testMechCRAMMD5(self):
+ if not SASL.extended():
+ raise Skipped('Extended SASL not supported')
+
+ self.t1.bind(self.c1)
+ _testSaslMech(self, 'CRAM-MD5')
+
+ def testMechDIGESTMD5(self):
+ if not SASL.extended():
+ raise Skipped('Extended SASL not supported')
+
+ self.t1.bind(self.c1)
+ _testSaslMech(self, 'DIGEST-MD5')
+
+# SCRAM not supported before Cyrus SASL 2.1.26
+# so not universal and hance need a test for support
+# to keep it in tests.
+# def testMechSCRAMSHA1(self):
+# if not SASL.extended():
+# raise Skipped('Extended SASL not supported')
+#
+# self.t1.bind(self.c1)
+# _testSaslMech(self, 'SCRAM-SHA-1')
+
+def _sslConnection(domain, transport, connection):
+ transport.bind(connection)
+ ssl = SSL(transport, domain, None )
+ return connection
+
+class SSLSASLTest(Test):
+ def setup(self):
+ if not common.isSSLPresent():
+ raise Skipped("No SSL libraries found.")
+
+ self.server_domain = SSLDomain(SSLDomain.MODE_SERVER)
+ self.client_domain = SSLDomain(SSLDomain.MODE_CLIENT)
+
+ self.t1 = Transport()
+ self.s1 = SASL(self.t1)
+ self.t2 = Transport(Transport.SERVER)
+ self.s2 = SASL(self.t2)
+
+ self.c1 = Connection()
+
+ if not SASL.extended():
+ return
+
+ _cyrusSetup('sasl_conf')
+ self.s2.config_name('proton')
+ self.s2.config_path(os.path.abspath('sasl_conf'))
+
+ def testSSLPlainSimple(self):
+ if "java" in sys.platform:
+ raise Skipped("Proton-J does not support SSL with SASL")
+ if not SASL.extended():
+ raise Skipped("Simple SASL server does not support PLAIN")
+
+ clientUser = 'user@proton'
+ mech = 'PLAIN'
+
+ self.c1.user = clientUser
+ self.c1.password = 'password'
+ self.c1.hostname = 'localhost'
+
+ ssl1 = _sslConnection(self.client_domain, self.t1, self.c1)
+ ssl2 = _sslConnection(self.server_domain, self.t2, Connection())
+
+ _testSaslMech(self, mech, encrypted=True)
+
+ def testSSLPlainSimpleFail(self):
+ if "java" in sys.platform:
+ raise Skipped("Proton-J does not support SSL with SASL")
+ if not SASL.extended():
+ raise Skipped("Simple SASL server does not support PLAIN")
+
+ clientUser = 'usr@proton'
+ mech = 'PLAIN'
+
+ self.c1.user = clientUser
+ self.c1.password = 'password'
+ self.c1.hostname = 'localhost'
+
+ ssl1 = _sslConnection(self.client_domain, self.t1, self.c1)
+ ssl2 = _sslConnection(self.server_domain, self.t2, Connection())
+
+ _testSaslMech(self, mech, clientUser='usr@proton', encrypted=True, authenticated=False)
+
+ def testSSLExternalSimple(self):
+ if "java" in sys.platform:
+ raise Skipped("Proton-J does not support SSL with SASL")
+
+ extUser = 'O=Client,CN=127.0.0.1'
+ mech = 'EXTERNAL'
+
+ self.server_domain.set_credentials(_sslCertpath("server-certificate.pem"),
+ _sslCertpath("server-private-key.pem"),
+ "server-password")
+ self.server_domain.set_trusted_ca_db(_sslCertpath("ca-certificate.pem"))
+ self.server_domain.set_peer_authentication(SSLDomain.VERIFY_PEER,
+ _sslCertpath("ca-certificate.pem") )
+ self.client_domain.set_credentials(_sslCertpath("client-certificate.pem"),
+ _sslCertpath("client-private-key.pem"),
+ "client-password")
+ self.client_domain.set_trusted_ca_db(_sslCertpath("ca-certificate.pem"))
+ self.client_domain.set_peer_authentication(SSLDomain.VERIFY_PEER)
+
+ ssl1 = _sslConnection(self.client_domain, self.t1, self.c1)
+ ssl2 = _sslConnection(self.server_domain, self.t2, Connection())
+
+ _testSaslMech(self, mech, clientUser=None, authUser=extUser, encrypted=True)
+
+ def testSSLExternalSimpleFail(self):
+ if "java" in sys.platform:
+ raise Skipped("Proton-J does not support SSL with SASL")
+
+ mech = 'EXTERNAL'
+
+ self.server_domain.set_credentials(_sslCertpath("server-certificate.pem"),
+ _sslCertpath("server-private-key.pem"),
+ "server-password")
+ self.server_domain.set_trusted_ca_db(_sslCertpath("ca-certificate.pem"))
+ self.server_domain.set_peer_authentication(SSLDomain.VERIFY_PEER,
+ _sslCertpath("ca-certificate.pem") )
+ self.client_domain.set_trusted_ca_db(_sslCertpath("ca-certificate.pem"))
+ self.client_domain.set_peer_authentication(SSLDomain.VERIFY_PEER)
+
+ ssl1 = _sslConnection(self.client_domain, self.t1, self.c1)
+ ssl2 = _sslConnection(self.server_domain, self.t2, Connection())
+
+ _testSaslMech(self, mech, clientUser=None, authUser=None, encrypted=None, authenticated=False)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org