authProvider.handleAuthentication(cnxn, null)) { LOG.error("Authentication failed for session 0x{}", Long.toHexString(cnxn.getSessionId()));
String clientId = getClientId(clientCert); Id authInfo = new Id(getScheme(), clientId); cnxn.addAuthInfo(authInfo);
private synchronized void initSSL(ChannelPipeline p) throws X509Exception, KeyManagementException, NoSuchAlgorithmException { String authProviderProp = System.getProperty(x509Util.getSslAuthProviderProperty()); SSLContext sslContext; if (authProviderProp == null) { sslContext = x509Util.getDefaultSSLContext(); } else { sslContext = SSLContext.getInstance("TLSv1"); X509AuthenticationProvider authProvider = (X509AuthenticationProvider)ProviderRegistry.getProvider( System.getProperty(x509Util.getSslAuthProviderProperty(), "x509")); if (authProvider == null) { LOG.error("Auth provider not found: {}", authProviderProp); throw new SSLContextException( "Could not create SSLContext with specified auth provider: " + authProviderProp); } sslContext.init(new X509KeyManager[] { authProvider.getKeyManager() }, new X509TrustManager[] { authProvider.getTrustManager() }, null); } SSLEngine sslEngine = sslContext.createSSLEngine(); sslEngine.setUseClientMode(false); sslEngine.setNeedClientAuth(true); p.addLast("ssl", new SslHandler(sslEngine)); LOG.info("SSL handler added for channel: {}", p.channel()); }
protected X509AuthenticationProvider createProvider(X509Certificate trustedCert) { return new X509AuthenticationProvider( new TestTrustManager(trustedCert), new TestKeyManager()); } }
@Test public void testTrustedAuth() { X509AuthenticationProvider provider = createProvider(clientCert); MockServerCnxn cnxn = new MockServerCnxn(); cnxn.clientChain = new X509Certificate[] { clientCert }; Assert.assertEquals(KeeperException.Code.OK, provider.handleAuthentication(cnxn, null)); }
@Test public void testUntrustedAuth() { X509AuthenticationProvider provider = createProvider(clientCert); MockServerCnxn cnxn = new MockServerCnxn(); cnxn.clientChain = new X509Certificate[] { unknownCert }; Assert.assertEquals(KeeperException.Code.AUTHFAILED, provider.handleAuthentication(cnxn, null)); }
@Test public void testSuperAuth() { X509AuthenticationProvider provider = createProvider(superCert); MockServerCnxn cnxn = new MockServerCnxn(); cnxn.clientChain = new X509Certificate[] { superCert }; Assert.assertEquals(KeeperException.Code.OK, provider.handleAuthentication(cnxn, null)); Assert.assertEquals("super", cnxn.getAuthInfo().get(0).getScheme()); }