You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by or...@apache.org on 2017/11/21 17:19:01 UTC
qpid-broker-j git commit: QPID-8046: [Broker-J] Allow SASL mechanisms
PLAIN and XOAUTH2 to not require initial response
Repository: qpid-broker-j
Updated Branches:
refs/heads/master c3a3f3a93 -> 4eb2ea6df
QPID-8046: [Broker-J] Allow SASL mechanisms PLAIN and XOAUTH2 to not require initial response
Project: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/commit/4eb2ea6d
Tree: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/tree/4eb2ea6d
Diff: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/diff/4eb2ea6d
Branch: refs/heads/master
Commit: 4eb2ea6dfdea353b115efa5389a0a060c052d777
Parents: c3a3f3a
Author: Alex Rudyy <or...@apache.org>
Authored: Tue Nov 21 15:00:50 2017 +0000
Committer: Alex Rudyy <or...@apache.org>
Committed: Tue Nov 21 17:09:24 2017 +0000
----------------------------------------------------------------------
.../auth/sasl/oauth2/OAuth2Negotiator.java | 26 +++++++++++++-----
.../auth/sasl/plain/PlainNegotiator.java | 28 +++++++++++++++-----
.../auth/sasl/oauth2/OAuth2NegotiatorTest.java | 15 ++++++++++-
.../auth/sasl/plain/PlainNegotiatorTest.java | 21 +++++++++++++++
4 files changed, 77 insertions(+), 13 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/4eb2ea6d/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/oauth2/OAuth2Negotiator.java
----------------------------------------------------------------------
diff --git a/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/oauth2/OAuth2Negotiator.java b/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/oauth2/OAuth2Negotiator.java
index 955136c..db2f262 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/oauth2/OAuth2Negotiator.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/oauth2/OAuth2Negotiator.java
@@ -31,12 +31,18 @@ import org.apache.qpid.server.security.auth.sasl.SaslNegotiator;
public class OAuth2Negotiator implements SaslNegotiator
{
+ enum State
+ {
+ INITIAL,
+ CHALLENGE_SENT,
+ COMPLETE
+ }
public static final String MECHANISM = "XOAUTH2";
private static final String BEARER_PREFIX = "Bearer ";
private final NamedAddressSpace _addressSpace;
private OAuth2AuthenticationProvider<?> _authenticationProvider;
- private volatile boolean _isComplete;
+ private volatile State _state = State.INITIAL;
public OAuth2Negotiator(OAuth2AuthenticationProvider<?> authenticationProvider,
final NamedAddressSpace addressSpace)
@@ -48,16 +54,24 @@ public class OAuth2Negotiator implements SaslNegotiator
@Override
public AuthenticationResult handleResponse(final byte[] response)
{
- if (_isComplete)
+ if (_state == State.COMPLETE)
{
return new AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR,
- new IllegalStateException(
- "Multiple Authentications not permitted."));
+ new IllegalStateException("Multiple Authentications not permitted."));
}
- else
+ else if (_state == State.INITIAL && (response == null || response.length == 0))
+ {
+ _state = State.CHALLENGE_SENT;
+ return new AuthenticationResult(new byte[0], AuthenticationResult.AuthenticationStatus.CONTINUE);
+ }
+
+ _state = State.COMPLETE;
+ if (response == null || response.length == 0)
{
- _isComplete = true;
+ return new AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR,
+ new IllegalArgumentException("Invalid OAuth2 client response."));
}
+
Map<String, String> responsePairs = splitResponse(response);
String auth = responsePairs.get("auth");
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/4eb2ea6d/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/plain/PlainNegotiator.java
----------------------------------------------------------------------
diff --git a/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/plain/PlainNegotiator.java b/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/plain/PlainNegotiator.java
index 065080f..e56f8ca 100644
--- a/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/plain/PlainNegotiator.java
+++ b/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/plain/PlainNegotiator.java
@@ -29,11 +29,18 @@ import org.apache.qpid.server.security.auth.sasl.SaslNegotiator;
public class PlainNegotiator implements SaslNegotiator
{
+ enum State
+ {
+ INITIAL,
+ CHALLENGE_SENT,
+ COMPLETE
+ }
+
public static final String MECHANISM = "PLAIN";
private static final String UTF8 = StandardCharsets.UTF_8.name();
private UsernamePasswordAuthenticationProvider _usernamePasswordAuthenticationProvider;
- private volatile boolean _isComplete;
+ private volatile State _state = State.INITIAL;
private volatile String _username;
public PlainNegotiator(final UsernamePasswordAuthenticationProvider usernamePasswordAuthenticationProvider)
@@ -44,16 +51,25 @@ public class PlainNegotiator implements SaslNegotiator
@Override
public AuthenticationResult handleResponse(final byte[] response)
{
- if (_isComplete)
+ if (_state == State.COMPLETE)
{
return new AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR,
- new IllegalStateException(
- "Multiple Authentications not permitted."));
+ new IllegalStateException("Multiple Authentications not permitted."));
+ }
+ else if (_state == State.INITIAL && (response == null || response.length == 0))
+ {
+ _state = State.CHALLENGE_SENT;
+ return new AuthenticationResult(new byte[0], AuthenticationResult.AuthenticationStatus.CONTINUE);
}
- else
+
+ _state = State.COMPLETE;
+ if (response == null || response.length == 0)
{
- _isComplete = true;
+ return new AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR,
+ new IllegalArgumentException(
+ "Invalid PLAIN encoding, authzid null terminator not found"));
}
+
int authzidNullPosition = findNullPosition(response, 0);
if (authzidNullPosition < 0)
{
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/4eb2ea6d/broker-core/src/test/java/org/apache/qpid/server/security/auth/sasl/oauth2/OAuth2NegotiatorTest.java
----------------------------------------------------------------------
diff --git a/broker-core/src/test/java/org/apache/qpid/server/security/auth/sasl/oauth2/OAuth2NegotiatorTest.java b/broker-core/src/test/java/org/apache/qpid/server/security/auth/sasl/oauth2/OAuth2NegotiatorTest.java
index 4dea6c4..d1e1d2a 100644
--- a/broker-core/src/test/java/org/apache/qpid/server/security/auth/sasl/oauth2/OAuth2NegotiatorTest.java
+++ b/broker-core/src/test/java/org/apache/qpid/server/security/auth/sasl/oauth2/OAuth2NegotiatorTest.java
@@ -21,6 +21,7 @@
package org.apache.qpid.server.security.auth.sasl.oauth2;
+import static org.junit.Assert.assertArrayEquals;
import static org.mockito.Matchers.any;
import static org.mockito.Matchers.eq;
import static org.mockito.Mockito.mock;
@@ -29,7 +30,6 @@ import static org.mockito.Mockito.when;
import org.apache.qpid.server.security.auth.AuthenticationResult;
import org.apache.qpid.server.security.auth.manager.oauth2.OAuth2AuthenticationProvider;
-
import org.apache.qpid.test.utils.QpidTestCase;
public class OAuth2NegotiatorTest extends QpidTestCase
@@ -94,4 +94,17 @@ public class OAuth2NegotiatorTest extends QpidTestCase
secondResult.getStatus());
}
+ public void testHandleNoInitialResponse() throws Exception
+ {
+ final AuthenticationResult result = _negotiator.handleResponse(new byte[0]);
+ assertEquals("Unexpected authentication status", AuthenticationResult.AuthenticationStatus.CONTINUE, result.getStatus());
+ assertArrayEquals("Unexpected authentication challenge", new byte[0], result.getChallenge());
+ }
+
+ public void testHandleNoInitialResponseNull() throws Exception
+ {
+ final AuthenticationResult result = _negotiator.handleResponse(null);
+ assertEquals("Unexpected authentication status", AuthenticationResult.AuthenticationStatus.CONTINUE, result.getStatus());
+ assertArrayEquals("Unexpected authentication challenge", new byte[0], result.getChallenge());
+ }
}
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/4eb2ea6d/broker-core/src/test/java/org/apache/qpid/server/security/auth/sasl/plain/PlainNegotiatorTest.java
----------------------------------------------------------------------
diff --git a/broker-core/src/test/java/org/apache/qpid/server/security/auth/sasl/plain/PlainNegotiatorTest.java b/broker-core/src/test/java/org/apache/qpid/server/security/auth/sasl/plain/PlainNegotiatorTest.java
index 78229b6..5162073 100644
--- a/broker-core/src/test/java/org/apache/qpid/server/security/auth/sasl/plain/PlainNegotiatorTest.java
+++ b/broker-core/src/test/java/org/apache/qpid/server/security/auth/sasl/plain/PlainNegotiatorTest.java
@@ -20,6 +20,7 @@
package org.apache.qpid.server.security.auth.sasl.plain;
+import static org.junit.Assert.assertArrayEquals;
import static org.mockito.Matchers.eq;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.verify;
@@ -72,4 +73,24 @@ public class PlainNegotiatorTest extends QpidTestCase
final AuthenticationResult secondResult = _negotiator.handleResponse(VALID_RESPONSE.getBytes());
assertEquals("Unexpected second authentication result", AuthenticationResult.AuthenticationStatus.ERROR, secondResult.getStatus());
}
+
+ public void testHandleNoInitialResponse() throws Exception
+ {
+ final AuthenticationResult result = _negotiator.handleResponse(new byte[0]);
+ assertEquals("Unexpected authentication status", AuthenticationResult.AuthenticationStatus.CONTINUE, result.getStatus());
+ assertArrayEquals("Unexpected authentication challenge", new byte[0], result.getChallenge());
+
+ final AuthenticationResult firstResult = _negotiator.handleResponse(VALID_RESPONSE.getBytes());
+ assertEquals("Unexpected first authentication result", _expectedResult, firstResult);
+ }
+
+ public void testHandleNoInitialResponseNull() throws Exception
+ {
+ final AuthenticationResult result = _negotiator.handleResponse(null);
+ assertEquals("Unexpected authentication status", AuthenticationResult.AuthenticationStatus.CONTINUE, result.getStatus());
+ assertArrayEquals("Unexpected authentication challenge", new byte[0], result.getChallenge());
+
+ final AuthenticationResult firstResult = _negotiator.handleResponse(VALID_RESPONSE.getBytes());
+ assertEquals("Unexpected first authentication result", _expectedResult, firstResult);
+ }
}
\ No newline at end of file
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org