Github user gtully commented on a diff in the pull request:
https://github.com/apache/qpid-jms/pull/10#discussion_r128803960
--- Diff:
qpid-jms-client/src/test/java/org/apache/qpid/jms/test/testpeer/TestAmqpPeer.java
---
@@ -495,6 +512,169 @@ public void run()
}
}
+ public void expectGSSAPIFail(Symbol mech) throws Exception {
+ SaslMechanismsFrame saslMechanismsFrame = new
SaslMechanismsFrame().setSaslServerMechanisms(mech);
+
+ addHandler(new HeaderHandlerImpl(AmqpHeader.SASL_HEADER,
AmqpHeader.SASL_HEADER,
+ new FrameSender(
+ this, FrameType.SASL, 0,
+ saslMechanismsFrame, null)));
+
+ addHandler(new SaslInitMatcher().withMechanism(equalTo(mech)));
+
+ }
+
+ public void expectGSSAPI(Symbol mech, String serviceName) throws
Exception {
+
+ SaslMechanismsFrame saslMechanismsFrame = new
SaslMechanismsFrame().setSaslServerMechanisms(mech);
+
+ addHandler(new HeaderHandlerImpl(AmqpHeader.SASL_HEADER,
AmqpHeader.SASL_HEADER,
+ new FrameSender(
+ this, FrameType.SASL, 0,
+ saslMechanismsFrame, null)));
+
+ // setup server gss context
+ LoginContext loginContext = new LoginContext("", null, null,
+ kerb5InlineConfig(serviceName, false));
+ loginContext.login();
+ final Subject serverSubject =loginContext.getSubject();
+
+ LOGGER.info("saslServer subject:" +
serverSubject.getPrivateCredentials());
+
+ Map<String, ?> config = new HashMap();
+ final CallbackHandler handler = new CallbackHandler() {
+ @Override
+ public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
+ LOGGER.info("Here with: " + Arrays.asList(callbacks));
+ for (Callback callback :callbacks) {
+ if (callback instanceof AuthorizeCallback) {
+ AuthorizeCallback authorizeCallback =
(AuthorizeCallback) callback;
+
authorizeCallback.setAuthorized(authorizeCallback.getAuthenticationID().equals(authorizeCallback.getAuthorizationID()));
+ }
+ }
+ }
+ };
+ final SaslServer saslServer = Subject.doAs(serverSubject, new
PrivilegedExceptionAction<SaslServer>() {
+ @Override
+ public SaslServer run() throws Exception {
+ return Sasl.createSaslServer(mech.toString(), null, null,
config, handler);
+ }
+ });
+
+ final SaslChallengeFrame challengeFrame = new SaslChallengeFrame();
+
+ SaslInitMatcher saslInitMatcher = new SaslInitMatcher()
+ .withMechanism(equalTo(mech))
+ .withInitialResponse(new BaseMatcher<Binary>() {
+
+ @Override
+ public void describeTo(Description description) {}
+
+ @Override
+ public boolean matches(Object o) {
+ if (o == null) {
+ LOGGER.error("Got null initial response!");
+ return false;
+ }
+ final Binary binary = (Binary) o;
+ // validate via sasl
+ byte[] token = null;
+ try {
+ token = Subject.doAs(serverSubject, new
PrivilegedExceptionAction<byte[]>() {
+ @Override
+ public byte[] run() throws Exception {
+ LOGGER.info("Evaluate Response..
size:" + binary.getLength());
+ return
saslServer.evaluateResponse(binary.getArray());
+ }
+ });
+ } catch (PrivilegedActionException e) {
+ e.printStackTrace();
+ }
+ LOGGER.info("Complete:" + saslServer.isComplete());
+
+ if (token != null) {
+ // fling it back in on complete
+ challengeFrame.setChallenge(new Binary(token));
+ }
+ return true;
+ }
+ }).onCompletion(new AmqpPeerRunnable() {
+ @Override
+ public void run() {
+ TestAmqpPeer.this.sendFrame(
+ FrameType.SASL, 0,
+ challengeFrame,
+ null,
+ false, 0);
+ }
+ });
+
+ AtomicBoolean response = new AtomicBoolean(false);
+ SaslResponseMatcher challengeMatcher = new
SaslResponseMatcher().withResponse(new BaseMatcher<Binary>() {
+
+ @Override
+ public void describeTo(Description description) {}
+
+ @Override
+ public boolean matches(Object o) {
+ final Binary binary = (Binary) o;
+ if (!saslServer.isComplete()) {
+ // validate via sasl
+ byte[] token = null;
+ try {
+ token = Subject.doAs(serverSubject, new
PrivilegedExceptionAction<byte[]>() {
+ @Override
+ public byte[] run() throws Exception {
+ LOGGER.info("Evaluate challenge response..
size:" + binary.getLength());
+ return
saslServer.evaluateResponse(binary.getArray());
+ }
+ });
+ } catch (PrivilegedActionException e) {
+ e.printStackTrace();
+ }
+ LOGGER.info("Complete:" + saslServer.isComplete());
+ if (token != null) {
+ // fling it back
+ challengeFrame.setChallenge(new Binary(token));
+ response.set(true);
+ }
+ return true;
+ }
+
+ return false;
+ }
+ }).onCompletion(new AmqpPeerRunnable() {
+ @Override
+ public void run() {
+ if (response.get()) {
+ TestAmqpPeer.this.sendFrame(
+ FrameType.SASL, 0,
+ challengeFrame,
+ null,
+ false, 0);
+ }
+
+ if (saslServer.isComplete()) {
--- End diff --
the response is gated on a boolean, I think it is ok, the outcome goes on
its own.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
