| /* |
| * ==================================================================== |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, |
| * software distributed under the License is distributed on an |
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| * KIND, either express or implied. See the License for the |
| * specific language governing permissions and limitations |
| * under the License. |
| * ==================================================================== |
| * |
| * This software consists of voluntary contributions made by many |
| * individuals on behalf of the Apache Software Foundation. For more |
| * information on the Apache Software Foundation, please see |
| * <http://www.apache.org/>. |
| * |
| */ |
| package org.apache.hc.client5.testing.sync; |
| |
| import java.io.IOException; |
| import java.security.Principal; |
| |
| import org.apache.hc.client5.http.auth.AuthScheme; |
| import org.apache.hc.client5.http.auth.AuthSchemeProvider; |
| import org.apache.hc.client5.http.auth.AuthScope; |
| import org.apache.hc.client5.http.auth.Credentials; |
| import org.apache.hc.client5.http.config.AuthSchemes; |
| import org.apache.hc.client5.http.impl.auth.SPNegoScheme; |
| import org.apache.hc.client5.http.impl.sync.BasicCredentialsProvider; |
| import org.apache.hc.client5.http.impl.sync.HttpClients; |
| import org.apache.hc.client5.http.sync.methods.HttpGet; |
| import org.apache.hc.core5.http.ClassicHttpRequest; |
| import org.apache.hc.core5.http.ClassicHttpResponse; |
| import org.apache.hc.core5.http.HttpException; |
| import org.apache.hc.core5.http.HttpHost; |
| import org.apache.hc.core5.http.HttpStatus; |
| import org.apache.hc.core5.http.config.Registry; |
| import org.apache.hc.core5.http.config.RegistryBuilder; |
| import org.apache.hc.core5.http.io.HttpRequestHandler; |
| import org.apache.hc.core5.http.io.entity.EntityUtils; |
| import org.apache.hc.core5.http.io.entity.StringEntity; |
| import org.apache.hc.core5.http.message.BasicHeader; |
| import org.apache.hc.core5.http.protocol.HttpContext; |
| import org.ietf.jgss.GSSContext; |
| import org.ietf.jgss.GSSCredential; |
| import org.ietf.jgss.GSSManager; |
| import org.ietf.jgss.GSSName; |
| import org.ietf.jgss.Oid; |
| import org.junit.Assert; |
| import org.junit.Test; |
| import org.mockito.ArgumentMatchers; |
| import org.mockito.Mockito; |
| |
| /** |
| * Tests for {@link SPNegoScheme}. |
| */ |
| public class TestSPNegoScheme extends LocalServerTestBase { |
| |
| /** |
| * This service will continue to ask for authentication. |
| */ |
| private static class PleaseNegotiateService implements HttpRequestHandler { |
| |
| @Override |
| public void handle( |
| final ClassicHttpRequest request, |
| final ClassicHttpResponse response, |
| final HttpContext context) throws HttpException, IOException { |
| response.setCode(HttpStatus.SC_UNAUTHORIZED); |
| response.addHeader(new BasicHeader("WWW-Authenticate", "Negotiate blablabla")); |
| response.addHeader(new BasicHeader("Connection", "Keep-Alive")); |
| response.setEntity(new StringEntity("auth required ")); |
| } |
| } |
| |
| /** |
| * NegotatieScheme with a custom GSSManager that does not require any Jaas or |
| * Kerberos configuration. |
| * |
| */ |
| private static class NegotiateSchemeWithMockGssManager extends SPNegoScheme { |
| |
| GSSManager manager = Mockito.mock(GSSManager.class); |
| GSSName name = Mockito.mock(GSSName.class); |
| GSSContext context = Mockito.mock(GSSContext.class); |
| |
| NegotiateSchemeWithMockGssManager() throws Exception { |
| super(true); |
| Mockito.when(context.initSecContext( |
| ArgumentMatchers.<byte[]>any(), ArgumentMatchers.anyInt(), ArgumentMatchers.anyInt())) |
| .thenReturn("12345678".getBytes()); |
| Mockito.when(manager.createName( |
| ArgumentMatchers.anyString(), ArgumentMatchers.<Oid>any())) |
| .thenReturn(name); |
| Mockito.when(manager.createContext( |
| ArgumentMatchers.<GSSName>any(), ArgumentMatchers.<Oid>any(), |
| ArgumentMatchers.<GSSCredential>any(), ArgumentMatchers.anyInt())) |
| .thenReturn(context); |
| } |
| |
| @Override |
| protected GSSManager getManager() { |
| return manager; |
| } |
| |
| } |
| |
| private static class UseJaasCredentials implements Credentials { |
| |
| @Override |
| public char[] getPassword() { |
| return null; |
| } |
| |
| @Override |
| public Principal getUserPrincipal() { |
| return null; |
| } |
| |
| } |
| |
| private static class NegotiateSchemeProviderWithMockGssManager implements AuthSchemeProvider { |
| |
| NegotiateSchemeWithMockGssManager scheme; |
| |
| NegotiateSchemeProviderWithMockGssManager() throws Exception { |
| scheme = new NegotiateSchemeWithMockGssManager(); |
| } |
| |
| @Override |
| public AuthScheme create(final HttpContext context) { |
| return scheme; |
| } |
| |
| } |
| |
| /** |
| * Tests that the client will stop connecting to the server if |
| * the server still keep asking for a valid ticket. |
| */ |
| @Test |
| public void testDontTryToAuthenticateEndlessly() throws Exception { |
| this.serverBootstrap.registerHandler("*", new PleaseNegotiateService()); |
| final HttpHost target = start(); |
| |
| final AuthSchemeProvider nsf = new NegotiateSchemeProviderWithMockGssManager(); |
| final BasicCredentialsProvider credentialsProvider = new BasicCredentialsProvider(); |
| final Credentials use_jaas_creds = new UseJaasCredentials(); |
| credentialsProvider.setCredentials(new AuthScope(null, -1, null), use_jaas_creds); |
| |
| final Registry<AuthSchemeProvider> authSchemeRegistry = RegistryBuilder.<AuthSchemeProvider>create() |
| .register(AuthSchemes.SPNEGO, nsf) |
| .build(); |
| this.httpclient = HttpClients.custom() |
| .setDefaultAuthSchemeRegistry(authSchemeRegistry) |
| .setDefaultCredentialsProvider(credentialsProvider) |
| .build(); |
| |
| final String s = "/path"; |
| final HttpGet httpget = new HttpGet(s); |
| final ClassicHttpResponse response = this.httpclient.execute(target, httpget); |
| EntityUtils.consume(response.getEntity()); |
| |
| Assert.assertEquals(HttpStatus.SC_UNAUTHORIZED, response.getCode()); |
| } |
| |
| /** |
| * Javadoc specifies that {@link GSSContext#initSecContext(byte[], int, int)} can return null |
| * if no token is generated. Client should be able to deal with this response. |
| */ |
| @Test |
| public void testNoTokenGeneratedError() throws Exception { |
| this.serverBootstrap.registerHandler("*", new PleaseNegotiateService()); |
| final HttpHost target = start(); |
| |
| final AuthSchemeProvider nsf = new NegotiateSchemeProviderWithMockGssManager(); |
| |
| final BasicCredentialsProvider credentialsProvider = new BasicCredentialsProvider(); |
| final Credentials use_jaas_creds = new UseJaasCredentials(); |
| credentialsProvider.setCredentials(new AuthScope(null, -1, null), use_jaas_creds); |
| |
| final Registry<AuthSchemeProvider> authSchemeRegistry = RegistryBuilder.<AuthSchemeProvider>create() |
| .register(AuthSchemes.SPNEGO, nsf) |
| .build(); |
| this.httpclient = HttpClients.custom() |
| .setDefaultAuthSchemeRegistry(authSchemeRegistry) |
| .setDefaultCredentialsProvider(credentialsProvider) |
| .build(); |
| |
| final String s = "/path"; |
| final HttpGet httpget = new HttpGet(s); |
| final ClassicHttpResponse response = this.httpclient.execute(target, httpget); |
| EntityUtils.consume(response.getEntity()); |
| |
| Assert.assertEquals(HttpStatus.SC_UNAUTHORIZED, response.getCode()); |
| } |
| |
| } |