in kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/RemoteKadminImpl.java [276:324]
private void doSaslHandshake() throws Exception {
Subject.doAs(subject, (PrivilegedExceptionAction<Object>) () -> {
boolean success = false;
try {
Map<String, String> saslProps = new HashMap<>();
saslProps.put(Sasl.QOP, "auth-conf");
saslProps.put(Sasl.SERVER_AUTH, "true");
try {
String protocol = innerClient.getSetting().getAdminConfig().getProtocol();
String serverName = innerClient.getSetting().getAdminConfig().getServerName();
saslClient = Sasl.createSaslClient(new String[]{MECHANISM}, null,
protocol, serverName, saslProps, null);
this.saslClientWrapper = SaslWrapper.create(saslClient);
} catch (SaslException e) {
throw new KrbException("Fail to create SASL client. " + e);
}
if (saslClient == null) {
throw new KrbException("Unable to find client implementation for: GSSAPI");
}
byte[] response;
try {
response = saslClient.hasInitialResponse()
? saslClient.evaluateChallenge(EMPTY_BYTES) : EMPTY_BYTES;
} catch (SaslException e) {
throw new KrbException("Sasl client evaluate challenge failed." + e);
}
sendSaslMessage(response);
ByteBuffer message = transport.receiveMessage();
while (!saslClient.isComplete()) {
int ssComplete = message.getInt();
if (ssComplete == NegotiationStatus.SUCCESS.getValue()) {
LOG.info("Sasl Server completed");
}
sendSaslMessage(SaslUtils.evaluateChallenge(saslClient, message));
if (!saslClient.isComplete()) {
message = transport.receiveMessage();
}
}
success = true;
} finally {
if (!success) {
transport.release();
}
}
return null;
});
}