open-coap · szysas · Aug 22, 2023 · Aug 18, 2023
diff --git a/kotlin-mbedtls-netty/src/main/kotlin/org/opencoap/ssl/netty/DtlsChannelHandler.kt b/kotlin-mbedtls-netty/src/main/kotlin/org/opencoap/ssl/netty/DtlsChannelHandler.kt
@@ -21,6 +21,7 @@ import io.netty.channel.ChannelHandlerContext
 import io.netty.channel.ChannelPromise
 import io.netty.channel.socket.DatagramPacket
 import org.opencoap.ssl.SslConfig
+import org.opencoap.ssl.SslException
 import org.opencoap.ssl.transport.ByteBufferPacket
 import org.opencoap.ssl.transport.DtlsServer
 import org.opencoap.ssl.transport.DtlsSessionLifecycleCallbacks
@@ -90,8 +91,14 @@ class DtlsChannelHandler @JvmOverloads constructor(
         when (msg) {
             is DatagramPacket -> write(msg, promise, ctx)
             is SessionAuthenticationContext -> {
-                dtlsServer.putSessionAuthenticationContext(msg.adr, msg.key, msg.value)
-                promise.setSuccess()
+                msg.map.forEach { (key, value) ->
+                    if (!dtlsServer.putSessionAuthenticationContext(msg.adr, key, value)) {
+                        promise.setFailure(SslException("Session does not exists"))
+                    }
+                }
+                if (!promise.isDone) {
+                    promise.setSuccess()
+                }
             }
 
             else -> ctx.write(msg, promise)

diff --git a/kotlin-mbedtls-netty/src/main/kotlin/org/opencoap/ssl/netty/SessionAuthenticationContext.kt b/kotlin-mbedtls-netty/src/main/kotlin/org/opencoap/ssl/netty/SessionAuthenticationContext.kt
@@ -18,4 +18,4 @@ package org.opencoap.ssl.netty
 
 import java.net.InetSocketAddress
 
-data class SessionAuthenticationContext(val adr: InetSocketAddress, val key: String, val value: String?)
+data class SessionAuthenticationContext(val adr: InetSocketAddress, val map: Map<String, String?>)
diff --git a/kotlin-mbedtls-netty/src/test/kotlin/org/opencoap/ssl/netty/NettyTest.kt b/kotlin-mbedtls-netty/src/test/kotlin/org/opencoap/ssl/netty/NettyTest.kt
@@ -35,6 +35,7 @@ import org.opencoap.ssl.EmptyCidSupplier
 import org.opencoap.ssl.PskAuth
 import org.opencoap.ssl.RandomCidSupplier
 import org.opencoap.ssl.SslConfig
+import org.opencoap.ssl.SslException
 import org.opencoap.ssl.netty.NettyHelpers.createBootstrap
 import org.opencoap.ssl.transport.DtlsServer
 import org.opencoap.ssl.transport.HashMapSessionStore
@@ -180,7 +181,7 @@ class NettyTest {
         assertEquals("ECHO:hi", client.receive(5.seconds).await())
 
         // when
-        srvChannel.writeAndFlush(SessionAuthenticationContext(client.localAddress(), "AUTH", "007:")).get()
+        srvChannel.writeAndFlush(SessionAuthenticationContext(client.localAddress(), mapOf("AUTH" to "007:"))).get()
 
         // then
         assertTrue(client.send("hi").await())
@@ -189,6 +190,13 @@ class NettyTest {
         client.close()
     }
 
+    @Test
+    fun `should fail to forward authentication context for non existing client`() {
+        assertThatThrownBy {
+            srvChannel.writeAndFlush(SessionAuthenticationContext(localAddress(1), mapOf("AUTH" to "007:"))).get()
+        }.hasRootCause(SslException("Session does not exists"))
+    }
+
     @Test
     fun `server should load session from store`() {
         sessionStore.write("059876266f7c5734fd352c5a3b7b3be2".decodeHex(), SessionWithContext(StoredSessionPair.srvSession, mapOf(), Instant.ofEpochSecond(123456789)))