Re: [PR] KAFKA-18064: SASL mechanisms that do support neihter integrity nor co… [kafka]

Thu, 21 Nov 2024 14:51:35 -0800 


gaurav-narula commented on code in PR #17901:
URL: https://github.com/apache/kafka/pull/17901#discussion_r1852989807


##########
clients/src/main/java/org/apache/kafka/common/security/oauthbearer/internals/OAuthBearerSaslClient.java:
##########
@@ -129,16 +129,12 @@ public boolean isComplete() {
 
     @Override
     public byte[] unwrap(byte[] incoming, int offset, int len) {
-        if (!isComplete())
-            throw new IllegalStateException("Authentication exchange has not 
completed");
-        return Arrays.copyOfRange(incoming, offset, offset + len);
+        throw new IllegalStateException("Mechanism does not support integrity 
nor confidentality");

Review Comment:
   Should we perhaps alter the message within `IllegalStateException` depending 
on whether the authentication is completed or not and add the name of the 
mechanism as well? Similar to how the JDK implementation does it for 
[PlainClient](https://github.com/openjdk/jdk21/blob/890adb6410dab4606a4f26a942aed02fb2f55387/src/java.security.sasl/share/classes/com/sun/security/sasl/PlainClient.java#L144)



##########
clients/src/main/java/org/apache/kafka/common/security/oauthbearer/internals/OAuthBearerSaslClient.java:
##########
@@ -129,16 +129,12 @@ public boolean isComplete() {
 
     @Override
     public byte[] unwrap(byte[] incoming, int offset, int len) {
-        if (!isComplete())
-            throw new IllegalStateException("Authentication exchange has not 
completed");
-        return Arrays.copyOfRange(incoming, offset, offset + len);
+        throw new IllegalStateException("Mechanism does not support integrity 
nor confidentality");
     }
 
     @Override
     public byte[] wrap(byte[] outgoing, int offset, int len) {
-        if (!isComplete())
-            throw new IllegalStateException("Authentication exchange has not 
completed");
-        return Arrays.copyOfRange(outgoing, offset, offset + len);
+        throw new IllegalStateException("Mechanism does not support integrity 
nor confidentality");

Review Comment:
   I think you missed the change in `OAuthBearerSaslServer`



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to