public CommandResult authenticate() {
SaslClient saslClient = createSaslClient();
try {
byte[] response =
(saslClient.hasInitialResponse() ? saslClient.evaluateChallenge(new byte[0]) : null);
CommandResult res = sendSaslStart(response);
res.throwOnError();
int conversationId = (Integer) res.get("conversationId");
while (!(Boolean) res.get("done")) {
response = saslClient.evaluateChallenge((byte[]) res.get("payload"));
if (response == null) {
throw new MongoException("SASL protocol error: no client response to challenge");
}
res = sendSaslContinue(conversationId, response);
res.throwOnError();
}
return res;
} catch (IOException e) {
throw new MongoException.Network("IOException authenticating the connection", e);
} finally {
try {
saslClient.dispose();
} catch (SaslException e) {
// ignore
}
}
}
private void saslDispose(final SaslClient saslClient) {
if (saslClient != null) {
try {
saslClient.dispose();
} catch (SaslException e) {
client.trace("Failure disposing of SaslClient", e);
}
}
}
@After
public void dispose() throws Exception {
if (client != null) client.dispose();
if (server != null) server.dispose();
if (testKdc != null) testKdc.stopAll();
}
private void doAuth() {
SaslClient saslClient = null;
try {
saslClient =
Sasl.createSaslClient(
authInfo.getMechanisms(),
null,
"memcached",
memcachedTCPSession.getRemoteSocketAddress().toString(),
null,
this.authInfo.getCallbackHandler());
final AtomicBoolean done = new AtomicBoolean(false);
byte[] response =
saslClient.hasInitialResponse() ? saslClient.evaluateChallenge(EMPTY_BYTES) : EMPTY_BYTES;
CountDownLatch latch = new CountDownLatch(1);
Command command =
this.commandFactory.createAuthStartCommand(
saslClient.getMechanismName(), latch, response);
if (!this.memcachedTCPSession.isClosed()) this.memcachedTCPSession.write(command);
else {
log.error("Authentication fail,because the connection has been closed");
throw new RuntimeException("Authentication fai,connection has been close");
}
while (!done.get()) {
try {
latch.await();
} catch (InterruptedException e) {
Thread.currentThread().interrupt();
done.set(true);
}
ResponseStatus responseStatus = ((BaseBinaryCommand) command).getResponseStatus();
switch (responseStatus) {
case NO_ERROR:
done.set(true);
log.info(
"Authentication to "
+ this.memcachedTCPSession.getRemoteSocketAddress()
+ " successfully");
break;
case AUTH_REQUIRED:
log.error(
"Authentication failed to " + this.memcachedTCPSession.getRemoteSocketAddress());
log.warn(
"Reopen connection to "
+ this.memcachedTCPSession.getRemoteSocketAddress()
+ ",beacause auth fail");
this.memcachedTCPSession.setAuthFailed(true);
// It it is not first time,try to sleep 1 second
if (!this.authInfo.isFirstTime()) {
Thread.sleep(1000);
}
this.memcachedTCPSession.close();
done.set(true);
break;
case FUTHER_AUTH_REQUIRED:
String result = (String) command.getResult();
response = saslClient.evaluateChallenge(ByteUtils.getBytes(result));
latch = new CountDownLatch(1);
command =
commandFactory.createAuthStepCommand(
saslClient.getMechanismName(), latch, response);
if (!this.memcachedTCPSession.isClosed()) this.memcachedTCPSession.write(command);
else {
log.error("Authentication fail,because the connection has been closed");
throw new RuntimeException("Authentication fai,connection has been close");
}
break;
default:
done.set(true);
log.error(
"Authentication failed to "
+ this.memcachedTCPSession.getRemoteSocketAddress()
+ ",response status="
+ responseStatus);
break;
}
}
} catch (Exception e) {
log.error("Create saslClient error", e);
} finally {
if (saslClient != null) {
try {
saslClient.dispose();
} catch (SaslException e) {
log.error("Dispose saslClient error", e);
}
}
}
}
