HBASE-24263 TestDelegationToken is broken (#1587)
This commit is contained in:
parent
8774614a8c
commit
e96ad0ac1e
|
@ -89,23 +89,17 @@ public abstract class AbstractHBaseSaslRpcClient {
|
|||
}
|
||||
|
||||
/**
|
||||
* Computes the initial response a client sends to a server to begin the SASL
|
||||
* challenge/response handshake. If the client's SASL mechanism does not require
|
||||
* that an initial response is sent to begin the handshake, this method will return
|
||||
* a null byte array, indicating no initial response needs to be sent by this client.
|
||||
*
|
||||
* It is unclear as to whether all SASL implementations will return a non-empty initial
|
||||
* response, so this implementation is written such that this is allowed. All known
|
||||
* SASL mechanism implementations in the JDK provide non-empty initial responses.
|
||||
*
|
||||
* @return The client's initial response to send the server (which may be empty), or null
|
||||
* if this implementation does not require an initial response to be sent.
|
||||
* Computes the initial response a client sends to a server to begin the SASL challenge/response
|
||||
* handshake. If the client's SASL mechanism does not have an initial response, an empty token
|
||||
* will be returned without querying the evaluateChallenge method, as an authentication processing
|
||||
* must be started by client.
|
||||
* @return The client's initial response to send the server (which may be empty).
|
||||
*/
|
||||
public byte[] getInitialResponse() throws SaslException {
|
||||
if (saslClient.hasInitialResponse()) {
|
||||
return saslClient.evaluateChallenge(EMPTY_TOKEN);
|
||||
}
|
||||
return null;
|
||||
return EMPTY_TOKEN;
|
||||
}
|
||||
|
||||
public boolean isComplete() {
|
||||
|
|
|
@ -119,21 +119,19 @@ public class NettyHBaseSaslRpcClientHandler extends SimpleChannelInboundHandler<
|
|||
return saslRpcClient.getInitialResponse();
|
||||
}
|
||||
});
|
||||
if (initialResponse != null) {
|
||||
writeResponse(ctx, initialResponse);
|
||||
} else {
|
||||
LOG.trace("SASL initialResponse was null, not sending response to server.");
|
||||
}
|
||||
assert initialResponse != null;
|
||||
writeResponse(ctx, initialResponse);
|
||||
// HBASE-23881 We do not want to check if the SaslClient thinks the handshake is
|
||||
// complete as, at this point, we've not heard a back from the server with it's reply
|
||||
// to our first challenge response. We should wait for at least one reply
|
||||
// from the server before calling negotiation complete.
|
||||
//
|
||||
// Each SASL mechanism has its own handshake. Some mechanisms calculate a single client buffer
|
||||
// to be sent to the server while others have multiple exchanges to negotiate authentication. GSSAPI(Kerberos)
|
||||
// and DIGEST-MD5 both are examples of mechanisms which have multiple steps. Mechanisms which have multiple steps
|
||||
// will not return true on `SaslClient#isComplete()` until the handshake has fully completed. Mechanisms which
|
||||
// only send a single buffer may return true on `isComplete()` after that initial response is calculated.
|
||||
// to be sent to the server while others have multiple exchanges to negotiate authentication.
|
||||
// GSSAPI(Kerberos) and DIGEST-MD5 both are examples of mechanisms which have multiple steps.
|
||||
// Mechanisms which have multiple steps will not return true on `SaslClient#isComplete()`
|
||||
// until the handshake has fully completed. Mechanisms which only send a single buffer may
|
||||
// return true on `isComplete()` after that initial response is calculated.
|
||||
} catch (Exception e) {
|
||||
// the exception thrown by handlerAdded will not be passed to the exceptionCaught below
|
||||
// because netty will remove a handler if handlerAdded throws an exception.
|
||||
|
|
Loading…
Reference in New Issue