authenticateSASL performs all of the required requests to authenticate this connection. If any step fails, this function returns with an error. A nil error indicates successful authentication. In case of error, this function *does not* close the connection. That is the responsibility of the call
(ctx context.Context, conn *Conn)
| 307 | // In case of error, this function *does not* close the connection. That is the |
| 308 | // responsibility of the caller. |
| 309 | func (d *Dialer) authenticateSASL(ctx context.Context, conn *Conn) error { |
| 310 | if err := conn.saslHandshake(d.SASLMechanism.Name()); err != nil { |
| 311 | return fmt.Errorf("SASL handshake failed: %w", err) |
| 312 | } |
| 313 | |
| 314 | sess, state, err := d.SASLMechanism.Start(ctx) |
| 315 | if err != nil { |
| 316 | return fmt.Errorf("SASL authentication process could not be started: %w", err) |
| 317 | } |
| 318 | |
| 319 | for completed := false; !completed; { |
| 320 | challenge, err := conn.saslAuthenticate(state) |
| 321 | switch { |
| 322 | case err == nil: |
| 323 | case errors.Is(err, io.EOF): |
| 324 | // the broker may communicate a failed exchange by closing the |
| 325 | // connection (esp. in the case where we're passing opaque sasl |
| 326 | // data over the wire since there's no protocol info). |
| 327 | return SASLAuthenticationFailed |
| 328 | default: |
| 329 | return err |
| 330 | } |
| 331 | |
| 332 | completed, state, err = sess.Next(ctx, challenge) |
| 333 | if err != nil { |
| 334 | return fmt.Errorf("SASL authentication process has failed: %w", err) |
| 335 | } |
| 336 | } |
| 337 | |
| 338 | return nil |
| 339 | } |
| 340 | |
| 341 | func (d *Dialer) dialContext(ctx context.Context, network string, addr string) (net.Conn, error) { |
| 342 | address, err := lookupHost(ctx, addr, d.Resolver) |
no test coverage detected