@Test
public void testRfc3163Example() throws Exception {
// This test uses the example from page 10 in RFC 3163
// (https://tools.ietf.org/html/rfc3163#section-5)
mockRandom(new byte[] {18, 56, -105, 88, 121, -121, 71, -104});
KeyStore emptyTrustStore = KeyStore.getInstance(KeyStore.getDefaultType());
emptyTrustStore.load(null, null);
final SaslServer saslServer =
createSaslServer(
SaslMechanismInformation.Names.IEC_ISO_9798_U_RSA_SHA1_ENC,
"",
getX509KeyManager(serverKeyStore, KEYSTORE_PASSWORD),
getX509TrustManager(emptyTrustStore));
assertNotNull(saslServer);
assertFalse(saslServer.isComplete());
byte[] tokenBA1 = saslServer.evaluateResponse(new byte[0]);
byte[] expectedTokenBA1 = CodePointIterator.ofString("MAoECBI4l1h5h0eY").base64Decode().drain();
assertArrayEquals(expectedTokenBA1, tokenBA1);
assertFalse(saslServer.isComplete());
byte[] tokenAB =
CodePointIterator.ofString(
"MIIBAgQIIxh5I0h5RYegD4INc2FzbC1yLXVzLmNvbaFPFk1odHRwOi8vY2VydHMtci11cy5jb20vY2VydD9paD1odmNOQVFFRkJRQURnWUVBZ2hBR2hZVFJna0ZqJnNuPUVQOXVFbFkzS0RlZ2pscjCBkzANBgkqhkiG9w0BAQUFAAOBgQCkuC2GgtYcxGG1NEzLA4bh5lqJGOZySACMmc+mDrV7A7KAgbpO2OuZpMCl7zvNt/L3OjQZatiX8d1XbuQ40l+g2TJzJt06o7ogomxdDwqlA/3zp2WMohlI0MotHmfDSWEDZmEYDEA3/eGgkWyi1v1lEVdFuYmrTr8E4wE9hxdQrA==")
.base64Decode()
.drain();
try {
saslServer.evaluateResponse(tokenAB);
fail("Expected SaslException not thrown");
} catch (SaslException expected) {
// The example specifies the client's certificate using a fake URL
// (http://certs-r-us.com/cert?ih=hvcNAQEFBQADgYEAghAGhYTRgkFj&sn=EP9uElY3KDegjlr)
// so we can actually make use of it.
assertTrue(expected.getCause().getMessage().contains("certificate"));
}
assertFalse(saslServer.isComplete());
}
