public void testSuccessfulNegotiateWithRealmName()

in mr/src/itest/java/org/elasticsearch/hadoop/rest/commonshttp/auth/spnego/AbstractSpnegoNegotiatorTest.java [256:336]

• 67 lines of code
• 9 McCabe index (conditional complexity)

    public void testSuccessfulNegotiateWithRealmName() throws IOException, GSSException, InterruptedException {
        // Mechanisms
        final GSSManager gssManager = GSSManager.getInstance();
        final Oid spnegoOid = new Oid("1.3.6.1.5.5.2");

        // Configure logins
        Configuration configuration = new Configuration();
        SecurityUtil.setAuthenticationMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, configuration);
        UserGroupInformation.setConfiguration(configuration);

        // Login as Server
        UserGroupInformation server = UserGroupInformation.loginUserFromKeytabAndReturnUGI(withRealm(KerberosSuite.PRINCIPAL_SERVER), KEYTAB_FILE.getAbsolutePath());
        final GSSName gssServicePrincipalName = gssManager.createName(withRealm(KerberosSuite.PRINCIPAL_SERVER), GSSName.NT_USER_NAME);
        final GSSCredential gssServiceCredential = server.doAs(new PrivilegedExceptionAction<GSSCredential>() {
            @Override
            public GSSCredential run() throws Exception {
                return gssManager.createCredential(
                        gssServicePrincipalName,
                        GSSCredential.DEFAULT_LIFETIME,
                        spnegoOid,
                        GSSCredential.ACCEPT_ONLY
                );
            }
        });
        final GSSContext serverCtx = gssManager.createContext(gssServiceCredential);

        // Login as Client and Create negotiator
        UserGroupInformation client = UserGroupInformation.loginUserFromKeytabAndReturnUGI(withRealm(KerberosSuite.PRINCIPAL_CLIENT), KEYTAB_FILE.getAbsolutePath());
        final SpnegoNegotiator spnegoNegotiator = client.doAs(new PrivilegedExceptionAction<SpnegoNegotiator>() {
            @Override
            public SpnegoNegotiator run() throws Exception {
                return new SpnegoNegotiator(withRealm(KerberosSuite.PRINCIPAL_CLIENT), withRealm(KerberosSuite.PRINCIPAL_SERVER));
            }
        });

        byte[] token = new byte[0];
        boolean authenticated = false;

        for (int idx = 0; idx < 100; idx++) {
            if (!spnegoNegotiator.established()) {
                final byte[] sendToken = token;
                String baseToken = client.doAs(new PrivilegedExceptionAction<String>() {
                    @Override
                    public String run() throws Exception {
                        if (sendToken.length > 0) {
                            return spnegoNegotiator.send(Base64.encodeBase64String(sendToken));
                        } else {
                            return spnegoNegotiator.send();
                        }
                    }
                });
                token = Base64.decodeBase64(baseToken);
            }

            if (!spnegoNegotiator.established() && serverCtx.isEstablished()) {
                fail("Server is established, but client is not.");
            }

            if (!serverCtx.isEstablished()) {
                final byte[] currentToken = token;
                token = server.doAs(new PrivilegedExceptionAction<byte[]>() {
                    @Override
                    public byte[] run() throws Exception {
                        return serverCtx.acceptSecContext(currentToken, 0, currentToken.length);
                    }
                });
            }

            if (serverCtx.isEstablished() && spnegoNegotiator.established()) {
                authenticated = true;
                break;
            }
        }

        assertThat(authenticated, is(true));
        assertThat(serverCtx.isEstablished(), is(true));
        assertThat(spnegoNegotiator.established(), is(true));

        spnegoNegotiator.close();
        assertThat(spnegoNegotiator.established(), is(false));
    }