You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by ro...@apache.org on 2017/07/18 11:35:02 UTC
[1/2] qpid-proton-j git commit: PROTON-1486: Expose SaslOutcome
additional-data to users of the API
Repository: qpid-proton-j
Updated Branches:
refs/heads/master 39a5fa780 -> 9f7ec6b5d
PROTON-1486: Expose SaslOutcome additional-data to users of the API
Based on original work by rgodfrey <rg...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/qpid-proton-j/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-proton-j/commit/6789e558
Tree: http://git-wip-us.apache.org/repos/asf/qpid-proton-j/tree/6789e558
Diff: http://git-wip-us.apache.org/repos/asf/qpid-proton-j/diff/6789e558
Branch: refs/heads/master
Commit: 6789e558d92ed341d1655f59a8a4daddbf68dfb1
Parents: 39a5fa7
Author: Keith Wall <ke...@gmail.com>
Authored: Wed Jul 12 11:03:04 2017 +0100
Committer: Keith Wall <kw...@apache.org>
Committed: Thu Jul 13 15:21:56 2017 +0100
----------------------------------------------------------------------
.../org/apache/qpid/proton/engine/Sasl.java | 4 +-
.../qpid/proton/engine/impl/SaslImpl.java | 6 +
.../qpid/proton/systemtests/SaslTest.java | 189 ++++++++++++++++++-
3 files changed, 196 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/qpid-proton-j/blob/6789e558/proton-j/src/main/java/org/apache/qpid/proton/engine/Sasl.java
----------------------------------------------------------------------
diff --git a/proton-j/src/main/java/org/apache/qpid/proton/engine/Sasl.java b/proton-j/src/main/java/org/apache/qpid/proton/engine/Sasl.java
index 08929e8..e5ebabd 100644
--- a/proton-j/src/main/java/org/apache/qpid/proton/engine/Sasl.java
+++ b/proton-j/src/main/java/org/apache/qpid/proton/engine/Sasl.java
@@ -119,7 +119,7 @@ public interface Sasl
int pending();
/**
- * Read challenge/response data sent from the peer.
+ * Read challenge/response/additional data sent from the peer.
*
* Use pending to determine the size of the data.
*
@@ -131,7 +131,7 @@ public interface Sasl
int recv(byte[] bytes, int offset, int size);
/**
- * Send challenge or response data to the peer.
+ * Send challenge/response/additional data to the peer.
*
* @param bytes The challenge/response data.
* @param offset the point within the array at which the data starts at
http://git-wip-us.apache.org/repos/asf/qpid-proton-j/blob/6789e558/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/SaslImpl.java
----------------------------------------------------------------------
diff --git a/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/SaslImpl.java b/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/SaslImpl.java
index daeb141..ffa49ff 100644
--- a/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/SaslImpl.java
+++ b/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/SaslImpl.java
@@ -159,7 +159,12 @@ public class SaslImpl implements Sasl, SaslFrameBody.SaslFrameBodyHandler<Void>,
org.apache.qpid.proton.amqp.security.SaslOutcome outcome =
new org.apache.qpid.proton.amqp.security.SaslOutcome();
outcome.setCode(SaslCode.values()[_outcome.getCode()]);
+ if (_outcome == PN_SASL_OK)
+ {
+ outcome.setAdditionalData(getChallengeResponse());
+ }
writeFrame(outcome);
+ setChallengeResponse(null);
}
}
else if(_role == Role.CLIENT)
@@ -394,6 +399,7 @@ public class SaslImpl implements Sasl, SaslFrameBody.SaslFrameBodyHandler<Void>,
checkRole(Role.CLIENT);
for(SaslOutcome outcome : SaslOutcome.values())
{
+ setPending(saslOutcome.getAdditionalData() == null ? null : saslOutcome.getAdditionalData().asByteBuffer());
if(outcome.getCode() == saslOutcome.getCode().ordinal())
{
_outcome = outcome;
http://git-wip-us.apache.org/repos/asf/qpid-proton-j/blob/6789e558/proton-j/src/test/java/org/apache/qpid/proton/systemtests/SaslTest.java
----------------------------------------------------------------------
diff --git a/proton-j/src/test/java/org/apache/qpid/proton/systemtests/SaslTest.java b/proton-j/src/test/java/org/apache/qpid/proton/systemtests/SaslTest.java
index 2980565..93718a0 100644
--- a/proton-j/src/test/java/org/apache/qpid/proton/systemtests/SaslTest.java
+++ b/proton-j/src/test/java/org/apache/qpid/proton/systemtests/SaslTest.java
@@ -24,15 +24,23 @@ import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.fail;
+import java.nio.charset.StandardCharsets;
import java.util.logging.Logger;
+import org.junit.Test;
+
import org.apache.qpid.proton.Proton;
import org.apache.qpid.proton.engine.Sasl;
-import org.junit.Test;
+import org.apache.qpid.proton.engine.Sasl.SaslOutcome;
public class SaslTest extends EngineTestBase
{
private static final Logger LOGGER = Logger.getLogger(SaslTest.class.getName());
+ private static final String TESTMECH1 = "TESTMECH1";
+ private static final String TESTMECH2 = "TESTMECH2";
+ private static final byte[] CHALLENGE_BYTES = "challenge-bytes".getBytes(StandardCharsets.UTF_8);
+ private static final byte[] RESPONSE_BYTES = "response-bytes".getBytes(StandardCharsets.UTF_8);
+ private static final byte[] ADDITIONAL_DATA_BYTES = "additional-data-bytes".getBytes(StandardCharsets.UTF_8);
@Test
public void testSaslHostnamePropagationAndRetrieval() throws Exception
@@ -97,4 +105,183 @@ public class SaslTest extends EngineTestBase
assertEquals(hostname, serverSasl.getHostname());
}
+ /** 5.3.2 SASL Negotiation. */
+ @Test
+ public void testSaslNegotiation() throws Exception
+ {
+ getClient().transport = Proton.transport();
+ getServer().transport = Proton.transport();
+
+ Sasl clientSasl = getClient().transport.sasl();
+ clientSasl.client();
+ assertEquals("Unexpected SASL outcome at client", SaslOutcome.PN_SASL_NONE, clientSasl.getOutcome());
+
+ Sasl serverSasl = getServer().transport.sasl();
+ serverSasl.server();
+ serverSasl.setMechanisms(TESTMECH1, TESTMECH2);
+ assertEquals("Server should not yet know the remote's chosen mechanism.",
+ 0,
+ serverSasl.getRemoteMechanisms().length);
+
+ pumpClientToServer();
+ pumpServerToClient();
+
+ assertArrayEquals("Client should now know the server's mechanisms.",
+ new String[]{TESTMECH1, TESTMECH2},
+ clientSasl.getRemoteMechanisms());
+ assertEquals("Unexpected SASL outcome at client", SaslOutcome.PN_SASL_NONE, clientSasl.getOutcome());
+ clientSasl.setMechanisms(TESTMECH1);
+
+ pumpClientToServer();
+
+ assertArrayEquals("Server should now know the client's chosen mechanism.",
+ new String[]{TESTMECH1},
+ serverSasl.getRemoteMechanisms());
+
+ serverSasl.send(CHALLENGE_BYTES, 0, CHALLENGE_BYTES.length);
+
+ pumpServerToClient();
+
+ byte[] clientReceivedChallengeBytes = new byte[clientSasl.pending()];
+ clientSasl.recv(clientReceivedChallengeBytes, 0, clientReceivedChallengeBytes.length);
+
+ assertEquals("Unexpected SASL outcome at client", SaslOutcome.PN_SASL_NONE, clientSasl.getOutcome());
+ assertArrayEquals("Client should now know the server's challenge",
+ CHALLENGE_BYTES,
+ clientReceivedChallengeBytes);
+
+ clientSasl.send(RESPONSE_BYTES, 0, RESPONSE_BYTES.length);
+
+ pumpClientToServer();
+
+ byte[] serverReceivedResponseBytes = new byte[serverSasl.pending()];
+ serverSasl.recv(serverReceivedResponseBytes, 0, serverReceivedResponseBytes.length);
+
+ assertArrayEquals("Server should now know the client's response",
+ RESPONSE_BYTES,
+ serverReceivedResponseBytes);
+
+ serverSasl.done(SaslOutcome.PN_SASL_OK);
+ pumpServerToClient();
+
+ assertEquals("Unexpected SASL outcome at client", SaslOutcome.PN_SASL_OK, clientSasl.getOutcome());
+ }
+
+ /** 5.3.2 SASL Negotiation. ...challenge/response step can occur zero or more times*/
+ @Test
+ public void testOptionalChallengeResponseStepOmitted() throws Exception
+ {
+ getClient().transport = Proton.transport();
+ getServer().transport = Proton.transport();
+
+ Sasl clientSasl = getClient().transport.sasl();
+ clientSasl.client();
+ assertEquals("Unexpected SASL outcome at client", SaslOutcome.PN_SASL_NONE, clientSasl.getOutcome());
+
+ Sasl serverSasl = getServer().transport.sasl();
+ serverSasl.server();
+ serverSasl.setMechanisms(TESTMECH1);
+ assertEquals("Server should not yet know the remote's chosen mechanism.",
+ 0,
+ serverSasl.getRemoteMechanisms().length);
+
+ pumpClientToServer();
+ pumpServerToClient();
+
+ assertEquals("Unexpected SASL outcome at client", SaslOutcome.PN_SASL_NONE, clientSasl.getOutcome());
+ clientSasl.setMechanisms(TESTMECH1);
+
+ pumpClientToServer();
+
+ serverSasl.done(SaslOutcome.PN_SASL_OK);
+ pumpServerToClient();
+
+ assertEquals("Unexpected SASL outcome at client", SaslOutcome.PN_SASL_OK, clientSasl.getOutcome());
+ }
+
+ /**
+ * 5.3.3.5 The additional-data field carries additional data on successful authentication outcome as specified
+ * by the SASL specification [RFC4422].
+ */
+ @Test
+ public void testOutcomeAdditionalData() throws Exception
+ {
+ getClient().transport = Proton.transport();
+ getServer().transport = Proton.transport();
+
+ Sasl clientSasl = getClient().transport.sasl();
+ clientSasl.client();
+ assertEquals("Unexpected SASL outcome at client", SaslOutcome.PN_SASL_NONE, clientSasl.getOutcome());
+
+ Sasl serverSasl = getServer().transport.sasl();
+ serverSasl.server();
+ serverSasl.setMechanisms(TESTMECH1);
+
+ pumpClientToServer();
+ pumpServerToClient();
+
+ assertEquals("Unexpected SASL outcome at client", SaslOutcome.PN_SASL_NONE, clientSasl.getOutcome());
+ clientSasl.setMechanisms(TESTMECH1);
+
+ pumpClientToServer();
+
+ serverSasl.send(CHALLENGE_BYTES, 0, CHALLENGE_BYTES.length);
+
+ pumpServerToClient();
+
+ byte[] clientReceivedChallengeBytes = new byte[clientSasl.pending()];
+ clientSasl.recv(clientReceivedChallengeBytes, 0, clientReceivedChallengeBytes.length);
+
+ assertEquals("Unexpected SASL outcome at client", SaslOutcome.PN_SASL_NONE, clientSasl.getOutcome());
+ clientSasl.send(RESPONSE_BYTES, 0, RESPONSE_BYTES.length);
+
+ pumpClientToServer();
+
+ byte[] serverReceivedResponseBytes = new byte[serverSasl.pending()];
+ serverSasl.recv(serverReceivedResponseBytes, 0, serverReceivedResponseBytes.length);
+
+ serverSasl.send(ADDITIONAL_DATA_BYTES, 0, ADDITIONAL_DATA_BYTES.length);
+ serverSasl.done(SaslOutcome.PN_SASL_OK);
+ pumpServerToClient();
+
+ byte[] clientReceivedAdditionalDataBytes = new byte[clientSasl.pending()];
+ clientSasl.recv(clientReceivedAdditionalDataBytes, 0, clientReceivedAdditionalDataBytes.length);
+
+ assertEquals("Unexpected SASL outcome at client", SaslOutcome.PN_SASL_OK, clientSasl.getOutcome());
+ assertArrayEquals("Client should now know the serrver's additional-data",
+ ADDITIONAL_DATA_BYTES,
+ clientReceivedAdditionalDataBytes);
+ }
+
+ /**
+ * 5.3.3.6 Connection authentication failed due to an unspecified problem with the supplied credentials.
+ */
+ @Test
+ public void testAuthenticationFails() throws Exception
+ {
+ getClient().transport = Proton.transport();
+ getServer().transport = Proton.transport();
+
+ Sasl clientSasl = getClient().transport.sasl();
+ clientSasl.client();
+ assertEquals("Unexpected SASL outcome at client", SaslOutcome.PN_SASL_NONE, clientSasl.getOutcome());
+
+ Sasl serverSasl = getServer().transport.sasl();
+ serverSasl.server();
+ serverSasl.setMechanisms(TESTMECH1);
+
+ pumpClientToServer();
+ pumpServerToClient();
+
+ assertEquals("Unexpected SASL outcome at client", SaslOutcome.PN_SASL_NONE, clientSasl.getOutcome());
+ clientSasl.setMechanisms(TESTMECH1);
+
+ pumpClientToServer();
+
+ serverSasl.done(SaslOutcome.PN_SASL_AUTH);
+ pumpServerToClient();
+ assertEquals("Unexpected SASL outcome at client", SaslOutcome.PN_SASL_AUTH, clientSasl.getOutcome());
+
+ }
+
}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org
[2/2] qpid-proton-j git commit: PROTON-1486: merge changes by Keith
and Rob. This closes #9
Posted by ro...@apache.org.
PROTON-1486: merge changes by Keith and Rob. This closes #9
Project: http://git-wip-us.apache.org/repos/asf/qpid-proton-j/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-proton-j/commit/9f7ec6b5
Tree: http://git-wip-us.apache.org/repos/asf/qpid-proton-j/tree/9f7ec6b5
Diff: http://git-wip-us.apache.org/repos/asf/qpid-proton-j/diff/9f7ec6b5
Branch: refs/heads/master
Commit: 9f7ec6b5d018f82d60cae45ce52c59cfc82afd1a
Parents: 39a5fa7 6789e55
Author: Robert Gemmell <ro...@apache.org>
Authored: Tue Jul 18 12:25:18 2017 +0100
Committer: Robert Gemmell <ro...@apache.org>
Committed: Tue Jul 18 12:25:18 2017 +0100
----------------------------------------------------------------------
.../org/apache/qpid/proton/engine/Sasl.java | 4 +-
.../qpid/proton/engine/impl/SaslImpl.java | 6 +
.../qpid/proton/systemtests/SaslTest.java | 189 ++++++++++++++++++-
3 files changed, 196 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org