@Test public void testAuthReplay() throws Exception { // This test covers the case where an attacker replays a challenge message sniffed from the // network, but doesn't know the actual secret. The server should close the connection as // soon as a message is sent after authentication is performed. This is emulated by removing // the client encryption handler after authentication. ctx = new AuthTestCtx(); ctx.createServer("secret"); ctx.createClient("secret"); assertNotNull(ctx.client.getChannel().pipeline() .remove(TransportCipher.ENCRYPTION_HANDLER_NAME)); try { ctx.client.sendRpcSync(JavaUtils.stringToBytes("Ping"), 5000); fail("Should have failed unencrypted RPC."); } catch (Exception e) { assertTrue(ctx.authRpcHandler.doDelegate); } }
void createServer(String secret, boolean enableAes) throws Exception { TransportServerBootstrap introspector = (channel, rpcHandler) -> { this.serverChannel = channel; if (rpcHandler instanceof AuthRpcHandler) { this.authRpcHandler = (AuthRpcHandler) rpcHandler; } return rpcHandler; }; SecretKeyHolder keyHolder = createKeyHolder(secret); TransportServerBootstrap auth = enableAes ? new AuthServerBootstrap(conf, keyHolder) : new SaslServerBootstrap(conf, keyHolder); this.server = ctx.createServer(Arrays.asList(auth, introspector)); }
@Test public void testAuthReplay() throws Exception { // This test covers the case where an attacker replays a challenge message sniffed from the // network, but doesn't know the actual secret. The server should close the connection as // soon as a message is sent after authentication is performed. This is emulated by removing // the client encryption handler after authentication. ctx = new AuthTestCtx(); ctx.createServer("secret"); ctx.createClient("secret"); assertNotNull(ctx.client.getChannel().pipeline() .remove(TransportCipher.ENCRYPTION_HANDLER_NAME)); try { ctx.client.sendRpcSync(JavaUtils.stringToBytes("Ping"), 5000); fail("Should have failed unencrypted RPC."); } catch (Exception e) { assertTrue(ctx.authRpcHandler.doDelegate); } }
void createServer(String secret) throws Exception { createServer(secret, true); }
void createServer(String secret) throws Exception { createServer(secret, true); }
void createClient(String secret) throws Exception { createClient(secret, true); }
void createClient(String secret) throws Exception { createClient(secret, true); }
void createServer(String secret, boolean enableAes) throws Exception { TransportServerBootstrap introspector = (channel, rpcHandler) -> { this.serverChannel = channel; if (rpcHandler instanceof AuthRpcHandler) { this.authRpcHandler = (AuthRpcHandler) rpcHandler; } return rpcHandler; }; SecretKeyHolder keyHolder = createKeyHolder(secret); TransportServerBootstrap auth = enableAes ? new AuthServerBootstrap(conf, keyHolder) : new SaslServerBootstrap(conf, keyHolder); this.server = ctx.createServer(Arrays.asList(auth, introspector)); }
@After public void cleanUp() throws Exception { if (ctx != null) { ctx.close(); } ctx = null; }
@Test public void testAuthFailure() throws Exception { ctx = new AuthTestCtx(); ctx.createServer("server"); try { ctx.createClient("client"); fail("Should have failed to create client."); } catch (Exception e) { assertFalse(ctx.authRpcHandler.doDelegate); assertFalse(ctx.serverChannel.isActive()); } }
@Test public void testSaslServerFallback() throws Exception { ctx = new AuthTestCtx(); ctx.createServer("secret", true); ctx.createClient("secret", false); ByteBuffer reply = ctx.client.sendRpcSync(JavaUtils.stringToBytes("Ping"), 5000); assertEquals("Pong", JavaUtils.bytesToString(reply)); }
@Test public void testNewAuth() throws Exception { ctx = new AuthTestCtx(); ctx.createServer("secret"); ctx.createClient("secret"); ByteBuffer reply = ctx.client.sendRpcSync(JavaUtils.stringToBytes("Ping"), 5000); assertEquals("Pong", JavaUtils.bytesToString(reply)); assertTrue(ctx.authRpcHandler.doDelegate); assertFalse(ctx.authRpcHandler.delegate instanceof SaslRpcHandler); }
@Test public void testAuthFailure() throws Exception { ctx = new AuthTestCtx(); ctx.createServer("server"); try { ctx.createClient("client"); fail("Should have failed to create client."); } catch (Exception e) { assertFalse(ctx.authRpcHandler.doDelegate); assertFalse(ctx.serverChannel.isActive()); } }
@Test public void testNewAuth() throws Exception { ctx = new AuthTestCtx(); ctx.createServer("secret"); ctx.createClient("secret"); ByteBuffer reply = ctx.client.sendRpcSync(JavaUtils.stringToBytes("Ping"), 5000); assertEquals("Pong", JavaUtils.bytesToString(reply)); assertTrue(ctx.authRpcHandler.doDelegate); assertFalse(ctx.authRpcHandler.delegate instanceof SaslRpcHandler); }
@After public void cleanUp() throws Exception { if (ctx != null) { ctx.close(); } ctx = null; }
@Test public void testSaslClientFallback() throws Exception { ctx = new AuthTestCtx(); ctx.createServer("secret", false); ctx.createClient("secret", true); ByteBuffer reply = ctx.client.sendRpcSync(JavaUtils.stringToBytes("Ping"), 5000); assertEquals("Pong", JavaUtils.bytesToString(reply)); }
@Test public void testSaslServerFallback() throws Exception { ctx = new AuthTestCtx(); ctx.createServer("secret", true); ctx.createClient("secret", false); ByteBuffer reply = ctx.client.sendRpcSync(JavaUtils.stringToBytes("Ping"), 5000); assertEquals("Pong", JavaUtils.bytesToString(reply)); }
@Test public void testSaslClientFallback() throws Exception { ctx = new AuthTestCtx(); ctx.createServer("secret", false); ctx.createClient("secret", true); ByteBuffer reply = ctx.client.sendRpcSync(JavaUtils.stringToBytes("Ping"), 5000); assertEquals("Pong", JavaUtils.bytesToString(reply)); }
void createClient(String secret, boolean enableAes) throws Exception { TransportConf clientConf = enableAes ? conf : new TransportConf("rpc", MapConfigProvider.EMPTY); List<TransportClientBootstrap> bootstraps = Arrays.asList( new AuthClientBootstrap(clientConf, appId, createKeyHolder(secret))); this.client = ctx.createClientFactory(bootstraps) .createClient(TestUtils.getLocalHost(), server.getPort()); }
void createClient(String secret, boolean enableAes) throws Exception { TransportConf clientConf = enableAes ? conf : new TransportConf("rpc", MapConfigProvider.EMPTY); List<TransportClientBootstrap> bootstraps = Arrays.asList( new AuthClientBootstrap(clientConf, appId, createKeyHolder(secret))); this.client = ctx.createClientFactory(bootstraps) .createClient(TestUtils.getLocalHost(), server.getPort()); }