httpclient5-testing/src/test/java/org/apache/hc/client5/testing/sync/TestClientAuthenticationFakeNTLM.java - httpcomponents-client - Git at Google

 /*
  * ====================================================================
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *   http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  * ====================================================================
  *
  * This software consists of voluntary contributions made by many
  * individuals on behalf of the Apache Software Foundation.  For more
  * information on the Apache Software Foundation, please see
  * <http://www.apache.org/>.
  *
  */
 package org.apache.hc.client5.testing.sync;

 import java.io.IOException;

 import org.apache.hc.client5.http.auth.CredentialsProvider;
 import org.apache.hc.client5.http.auth.NTCredentials;
 import org.apache.hc.client5.http.auth.StandardAuthScheme;
 import org.apache.hc.client5.http.classic.methods.HttpGet;
 import org.apache.hc.client5.http.impl.auth.CredentialsProviderBuilder;
 import org.apache.hc.client5.http.impl.classic.HttpClients;
 import org.apache.hc.client5.http.protocol.HttpClientContext;
 import org.apache.hc.core5.http.ClassicHttpRequest;
 import org.apache.hc.core5.http.ClassicHttpResponse;
 import org.apache.hc.core5.http.HttpException;
 import org.apache.hc.core5.http.HttpHeaders;
 import org.apache.hc.core5.http.HttpHost;
 import org.apache.hc.core5.http.HttpStatus;
 import org.apache.hc.core5.http.io.HttpRequestHandler;
 import org.apache.hc.core5.http.io.entity.EntityUtils;
 import org.apache.hc.core5.http.protocol.HttpContext;
 import org.junit.Assert;
 import org.junit.Test;

 /**
  * Unit tests for some of the NTLM auth functionality..
  */
 public class TestClientAuthenticationFakeNTLM extends LocalServerTestBase {

     static class NtlmResponseHandler implements HttpRequestHandler {

         @Override
         public void handle(
                 final ClassicHttpRequest request,
                 final ClassicHttpResponse response,
                 final HttpContext context) throws HttpException, IOException {
             response.setCode(HttpStatus.SC_UNAUTHORIZED);
             response.setHeader("Connection", "Keep-Alive");
             response.setHeader(HttpHeaders.WWW_AUTHENTICATE, StandardAuthScheme.NTLM);
         }
     }

     @Test
     public void testNTLMAuthenticationFailure() throws Exception {
         this.server.registerHandler("*", new NtlmResponseHandler());

         final HttpHost target = start();

         final CredentialsProvider credsProvider = CredentialsProviderBuilder.create()
                 .add(target, new NTCredentials("test", "test".toCharArray(), null, null))
                 .build();

         this.httpclient = HttpClients.custom()
                 .setDefaultCredentialsProvider(credsProvider)
                 .build();

         final HttpContext context = HttpClientContext.create();
         final HttpGet httpget = new HttpGet("/");

         final ClassicHttpResponse response = this.httpclient.execute(target, httpget, context);
         EntityUtils.consume(response.getEntity());
         Assert.assertEquals(HttpStatus.SC_UNAUTHORIZED,
                 response.getCode());
     }

     static class NtlmType2MessageResponseHandler implements HttpRequestHandler {

         private final String authenticateHeaderValue;

         public NtlmType2MessageResponseHandler(final String type2Message) {
             this.authenticateHeaderValue = StandardAuthScheme.NTLM + " " + type2Message;
         }

         @Override
         public void handle(
                 final ClassicHttpRequest request,
                 final ClassicHttpResponse response,
                 final HttpContext context) throws HttpException, IOException {
             response.setCode(HttpStatus.SC_UNAUTHORIZED);
             response.setHeader("Connection", "Keep-Alive");
             if (!request.containsHeader(HttpHeaders.AUTHORIZATION)) {
                 response.setHeader(HttpHeaders.WWW_AUTHENTICATE, StandardAuthScheme.NTLM);
             } else {
                 response.setHeader(HttpHeaders.WWW_AUTHENTICATE, authenticateHeaderValue);
             }
         }
     }

     @Test
     public void testNTLMv1Type2Message() throws Exception {
         this.server.registerHandler("*", new NtlmType2MessageResponseHandler("TlRMTVNTUAACAA" +
                 "AADAAMADgAAAAzggLiASNFZ4mrze8AAAAAAAAAAAAAAAAAAAAABgBwFwAAAA9T" +
                 "AGUAcgB2AGUAcgA="));
         final HttpHost target = start();

         final CredentialsProvider credsProvider = CredentialsProviderBuilder.create()
                 .add(target, new NTCredentials("test", "test".toCharArray(), null, null))
                 .build();

         this.httpclient = HttpClients.custom()
                 .setDefaultCredentialsProvider(credsProvider)
                 .build();

         final HttpContext context = HttpClientContext.create();
         final HttpGet httpget = new HttpGet("/");

         final ClassicHttpResponse response = this.httpclient.execute(target, httpget, context);
         EntityUtils.consume(response.getEntity());
         Assert.assertEquals(HttpStatus.SC_UNAUTHORIZED,
                 response.getCode());
     }

     @Test
     public void testNTLMv2Type2Message() throws Exception {
         this.server.registerHandler("*", new NtlmType2MessageResponseHandler("TlRMTVNTUAACAA" +
                 "AADAAMADgAAAAzgoriASNFZ4mrze8AAAAAAAAAACQAJABEAAAABgBwFwAAAA9T" +
                 "AGUAcgB2AGUAcgACAAwARABvAG0AYQBpAG4AAQAMAFMAZQByAHYAZQByAAAAAAA="));
         final HttpHost target = start();

         final CredentialsProvider credsProvider = CredentialsProviderBuilder.create()
                 .add(target, new NTCredentials("test", "test".toCharArray(), null, null))
                 .build();

         this.httpclient = HttpClients.custom()
                 .setDefaultCredentialsProvider(credsProvider)
                 .build();

         final HttpContext context = HttpClientContext.create();
         final HttpGet httpget = new HttpGet("/");

         final ClassicHttpResponse response = this.httpclient.execute(target, httpget, context);
         EntityUtils.consume(response.getEntity());
         Assert.assertEquals(HttpStatus.SC_UNAUTHORIZED,
                 response.getCode());
     }

     static class NtlmType2MessageOnlyResponseHandler implements HttpRequestHandler {

         private final String authenticateHeaderValue;

         public NtlmType2MessageOnlyResponseHandler(final String type2Message) {
             this.authenticateHeaderValue = StandardAuthScheme.NTLM + " " + type2Message;
         }

         @Override
         public void handle(
                 final ClassicHttpRequest request,
                 final ClassicHttpResponse response,
                 final HttpContext context) throws HttpException, IOException {
             response.setCode(HttpStatus.SC_UNAUTHORIZED);
             response.setHeader("Connection", "Keep-Alive");
             response.setHeader(HttpHeaders.WWW_AUTHENTICATE, authenticateHeaderValue);
         }
     }

     @Test
     public void testNTLMType2MessageOnlyAuthenticationFailure() throws Exception {
         this.server.registerHandler("*", new NtlmType2MessageOnlyResponseHandler("TlRMTVNTUAACAA" +
                 "AADAAMADgAAAAzggLiASNFZ4mrze8AAAAAAAAAAAAAAAAAAAAABgBwFwAAAA9T" +
                 "AGUAcgB2AGUAcgA="));

         final HttpHost target = start();

         final HttpClientContext context = HttpClientContext.create();
         context.setCredentialsProvider(CredentialsProviderBuilder.create()
                 .add(target, new NTCredentials("test", "test".toCharArray(), null, null))
                 .build());
         final HttpGet httpget = new HttpGet("/");

         final ClassicHttpResponse response = this.httpclient.execute(target, httpget, context);
         EntityUtils.consume(response.getEntity());
         Assert.assertEquals(HttpStatus.SC_UNAUTHORIZED,
                 response.getCode());
     }

     @Test
     public void testNTLMType2NonUnicodeMessageOnlyAuthenticationFailure() throws Exception {
         this.server.registerHandler("*", new NtlmType2MessageOnlyResponseHandler("TlRMTVNTUAACAA" +
                 "AABgAGADgAAAAyggLiASNFZ4mrze8AAAAAAAAAAAAAAAAAAAAABgBwFwAAAA9T" +
                 "ZXJ2ZXI="));

         final HttpHost target = start();

         final HttpClientContext context = HttpClientContext.create();
         context.setCredentialsProvider(CredentialsProviderBuilder.create()
                 .add(target, new NTCredentials("test", "test".toCharArray(), null, null))
                 .build());
         final HttpGet httpget = new HttpGet("/");

         final ClassicHttpResponse response = this.httpclient.execute(target, httpget, context);
         EntityUtils.consume(response.getEntity());
         Assert.assertEquals(HttpStatus.SC_UNAUTHORIZED,
                 response.getCode());
     }

 }
	/*
	* ====================================================================
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	* ====================================================================
	*
	* This software consists of voluntary contributions made by many
	* individuals on behalf of the Apache Software Foundation. For more
	* information on the Apache Software Foundation, please see
	* <http://www.apache.org/>.
	*
	*/
	package org.apache.hc.client5.testing.sync;

	import java.io.IOException;

	import org.apache.hc.client5.http.auth.CredentialsProvider;
	import org.apache.hc.client5.http.auth.NTCredentials;
	import org.apache.hc.client5.http.auth.StandardAuthScheme;
	import org.apache.hc.client5.http.classic.methods.HttpGet;
	import org.apache.hc.client5.http.impl.auth.CredentialsProviderBuilder;
	import org.apache.hc.client5.http.impl.classic.HttpClients;
	import org.apache.hc.client5.http.protocol.HttpClientContext;
	import org.apache.hc.core5.http.ClassicHttpRequest;
	import org.apache.hc.core5.http.ClassicHttpResponse;
	import org.apache.hc.core5.http.HttpException;
	import org.apache.hc.core5.http.HttpHeaders;
	import org.apache.hc.core5.http.HttpHost;
	import org.apache.hc.core5.http.HttpStatus;
	import org.apache.hc.core5.http.io.HttpRequestHandler;
	import org.apache.hc.core5.http.io.entity.EntityUtils;
	import org.apache.hc.core5.http.protocol.HttpContext;
	import org.junit.Assert;
	import org.junit.Test;

	/**
	* Unit tests for some of the NTLM auth functionality..
	*/
	public class TestClientAuthenticationFakeNTLM extends LocalServerTestBase {

	static class NtlmResponseHandler implements HttpRequestHandler {

	@Override
	public void handle(
	final ClassicHttpRequest request,
	final ClassicHttpResponse response,
	final HttpContext context) throws HttpException, IOException {
	response.setCode(HttpStatus.SC_UNAUTHORIZED);
	response.setHeader("Connection", "Keep-Alive");
	response.setHeader(HttpHeaders.WWW_AUTHENTICATE, StandardAuthScheme.NTLM);
	}
	}

	@Test
	public void testNTLMAuthenticationFailure() throws Exception {
	this.server.registerHandler("*", new NtlmResponseHandler());

	final HttpHost target = start();

	final CredentialsProvider credsProvider = CredentialsProviderBuilder.create()
	.add(target, new NTCredentials("test", "test".toCharArray(), null, null))
	.build();

	this.httpclient = HttpClients.custom()
	.setDefaultCredentialsProvider(credsProvider)
	.build();

	final HttpContext context = HttpClientContext.create();
	final HttpGet httpget = new HttpGet("/");

	final ClassicHttpResponse response = this.httpclient.execute(target, httpget, context);
	EntityUtils.consume(response.getEntity());
	Assert.assertEquals(HttpStatus.SC_UNAUTHORIZED,
	response.getCode());
	}

	static class NtlmType2MessageResponseHandler implements HttpRequestHandler {

	private final String authenticateHeaderValue;

	public NtlmType2MessageResponseHandler(final String type2Message) {
	this.authenticateHeaderValue = StandardAuthScheme.NTLM + " " + type2Message;
	}

	@Override
	public void handle(
	final ClassicHttpRequest request,
	final ClassicHttpResponse response,
	final HttpContext context) throws HttpException, IOException {
	response.setCode(HttpStatus.SC_UNAUTHORIZED);
	response.setHeader("Connection", "Keep-Alive");
	if (!request.containsHeader(HttpHeaders.AUTHORIZATION)) {
	response.setHeader(HttpHeaders.WWW_AUTHENTICATE, StandardAuthScheme.NTLM);
	} else {
	response.setHeader(HttpHeaders.WWW_AUTHENTICATE, authenticateHeaderValue);
	}
	}
	}

	@Test
	public void testNTLMv1Type2Message() throws Exception {
	this.server.registerHandler("*", new NtlmType2MessageResponseHandler("TlRMTVNTUAACAA" +
	"AADAAMADgAAAAzggLiASNFZ4mrze8AAAAAAAAAAAAAAAAAAAAABgBwFwAAAA9T" +
	"AGUAcgB2AGUAcgA="));
	final HttpHost target = start();

	final CredentialsProvider credsProvider = CredentialsProviderBuilder.create()
	.add(target, new NTCredentials("test", "test".toCharArray(), null, null))
	.build();

	this.httpclient = HttpClients.custom()
	.setDefaultCredentialsProvider(credsProvider)
	.build();

	final HttpContext context = HttpClientContext.create();
	final HttpGet httpget = new HttpGet("/");

	final ClassicHttpResponse response = this.httpclient.execute(target, httpget, context);
	EntityUtils.consume(response.getEntity());
	Assert.assertEquals(HttpStatus.SC_UNAUTHORIZED,
	response.getCode());
	}

	@Test
	public void testNTLMv2Type2Message() throws Exception {
	this.server.registerHandler("*", new NtlmType2MessageResponseHandler("TlRMTVNTUAACAA" +
	"AADAAMADgAAAAzgoriASNFZ4mrze8AAAAAAAAAACQAJABEAAAABgBwFwAAAA9T" +
	"AGUAcgB2AGUAcgACAAwARABvAG0AYQBpAG4AAQAMAFMAZQByAHYAZQByAAAAAAA="));
	final HttpHost target = start();

	final CredentialsProvider credsProvider = CredentialsProviderBuilder.create()
	.add(target, new NTCredentials("test", "test".toCharArray(), null, null))
	.build();

	this.httpclient = HttpClients.custom()
	.setDefaultCredentialsProvider(credsProvider)
	.build();

	final HttpContext context = HttpClientContext.create();
	final HttpGet httpget = new HttpGet("/");

	final ClassicHttpResponse response = this.httpclient.execute(target, httpget, context);
	EntityUtils.consume(response.getEntity());
	Assert.assertEquals(HttpStatus.SC_UNAUTHORIZED,
	response.getCode());
	}

	static class NtlmType2MessageOnlyResponseHandler implements HttpRequestHandler {

	private final String authenticateHeaderValue;

	public NtlmType2MessageOnlyResponseHandler(final String type2Message) {
	this.authenticateHeaderValue = StandardAuthScheme.NTLM + " " + type2Message;
	}

	@Override
	public void handle(
	final ClassicHttpRequest request,
	final ClassicHttpResponse response,
	final HttpContext context) throws HttpException, IOException {
	response.setCode(HttpStatus.SC_UNAUTHORIZED);
	response.setHeader("Connection", "Keep-Alive");
	response.setHeader(HttpHeaders.WWW_AUTHENTICATE, authenticateHeaderValue);
	}
	}

	@Test
	public void testNTLMType2MessageOnlyAuthenticationFailure() throws Exception {
	this.server.registerHandler("*", new NtlmType2MessageOnlyResponseHandler("TlRMTVNTUAACAA" +
	"AADAAMADgAAAAzggLiASNFZ4mrze8AAAAAAAAAAAAAAAAAAAAABgBwFwAAAA9T" +
	"AGUAcgB2AGUAcgA="));

	final HttpHost target = start();

	final HttpClientContext context = HttpClientContext.create();
	context.setCredentialsProvider(CredentialsProviderBuilder.create()
	.add(target, new NTCredentials("test", "test".toCharArray(), null, null))
	.build());
	final HttpGet httpget = new HttpGet("/");

	final ClassicHttpResponse response = this.httpclient.execute(target, httpget, context);
	EntityUtils.consume(response.getEntity());
	Assert.assertEquals(HttpStatus.SC_UNAUTHORIZED,
	response.getCode());
	}

	@Test
	public void testNTLMType2NonUnicodeMessageOnlyAuthenticationFailure() throws Exception {
	this.server.registerHandler("*", new NtlmType2MessageOnlyResponseHandler("TlRMTVNTUAACAA" +
	"AABgAGADgAAAAyggLiASNFZ4mrze8AAAAAAAAAAAAAAAAAAAAABgBwFwAAAA9T" +
	"ZXJ2ZXI="));

	final HttpHost target = start();

	final HttpClientContext context = HttpClientContext.create();
	context.setCredentialsProvider(CredentialsProviderBuilder.create()
	.add(target, new NTCredentials("test", "test".toCharArray(), null, null))
	.build());
	final HttpGet httpget = new HttpGet("/");

	final ClassicHttpResponse response = this.httpclient.execute(target, httpget, context);
	EntityUtils.consume(response.getEntity());
	Assert.assertEquals(HttpStatus.SC_UNAUTHORIZED,
	response.getCode());
	}

	}