Google Git
Sign in
apache / httpcomponents-client / 7b47b28d469808c99c89fcaacd78d44ae6b9ac6e / . / httpclient5-testing / src / test / java / org / apache / hc / client5 / testing / sync / TestSPNegoScheme.java
blob: 1a516b1a6f881d1ccd17fec36f1f53a106722098 [file] [log] [blame]
/*
* ====================================================================
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*
*/
package org.apache.hc.client5.testing.sync;
import java.io.IOException;
import java.security.Principal;
import org.apache.hc.client5.http.SystemDefaultDnsResolver;
import org.apache.hc.client5.http.auth.AuthScheme;
import org.apache.hc.client5.http.auth.AuthSchemeFactory;
import org.apache.hc.client5.http.auth.AuthScope;
import org.apache.hc.client5.http.auth.Credentials;
import org.apache.hc.client5.http.auth.CredentialsProvider;
import org.apache.hc.client5.http.auth.KerberosConfig;
import org.apache.hc.client5.http.auth.StandardAuthScheme;
import org.apache.hc.client5.http.classic.methods.HttpGet;
import org.apache.hc.client5.http.impl.auth.CredentialsProviderBuilder;
import org.apache.hc.client5.http.impl.auth.SPNegoScheme;
import org.apache.hc.client5.http.impl.classic.HttpClients;
import org.apache.hc.core5.http.ClassicHttpRequest;
import org.apache.hc.core5.http.ClassicHttpResponse;
import org.apache.hc.core5.http.HttpException;
import org.apache.hc.core5.http.HttpHost;
import org.apache.hc.core5.http.HttpStatus;
import org.apache.hc.core5.http.config.Registry;
import org.apache.hc.core5.http.config.RegistryBuilder;
import org.apache.hc.core5.http.io.HttpRequestHandler;
import org.apache.hc.core5.http.io.entity.EntityUtils;
import org.apache.hc.core5.http.io.entity.StringEntity;
import org.apache.hc.core5.http.message.BasicHeader;
import org.apache.hc.core5.http.protocol.HttpContext;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.junit.Assert;
import org.junit.Test;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;
/**
* Tests for {@link SPNegoScheme}.
*/
public class TestSPNegoScheme extends LocalServerTestBase {
/**
* This service will continue to ask for authentication.
*/
private static class PleaseNegotiateService implements HttpRequestHandler {
@Override
public void handle(
final ClassicHttpRequest request,
final ClassicHttpResponse response,
final HttpContext context) throws HttpException, IOException {
response.setCode(HttpStatus.SC_UNAUTHORIZED);
response.addHeader(new BasicHeader("WWW-Authenticate", StandardAuthScheme.SPNEGO + " blablabla"));
response.addHeader(new BasicHeader("Connection", "Keep-Alive"));
response.setEntity(new StringEntity("auth required "));
}
}
/**
* NegotatieScheme with a custom GSSManager that does not require any Jaas or
* Kerberos configuration.
*
*/
private static class NegotiateSchemeWithMockGssManager extends SPNegoScheme {
final GSSManager manager = Mockito.mock(GSSManager.class);
final GSSName name = Mockito.mock(GSSName.class);
final GSSContext context = Mockito.mock(GSSContext.class);
NegotiateSchemeWithMockGssManager() throws Exception {
super(KerberosConfig.DEFAULT, SystemDefaultDnsResolver.INSTANCE);
Mockito.when(context.initSecContext(
ArgumentMatchers.any(), ArgumentMatchers.anyInt(), ArgumentMatchers.anyInt()))
.thenReturn("12345678".getBytes());
Mockito.when(manager.createName(
ArgumentMatchers.anyString(), ArgumentMatchers.any()))
.thenReturn(name);
Mockito.when(manager.createContext(
ArgumentMatchers.any(), ArgumentMatchers.any(),
ArgumentMatchers.any(), ArgumentMatchers.anyInt()))
.thenReturn(context);
}
@Override
protected GSSManager getManager() {
return manager;
}
}
private static class UseJaasCredentials implements Credentials {
@Override
public char[] getPassword() {
return null;
}
@Override
public Principal getUserPrincipal() {
return null;
}
}
private static class NegotiateSchemeFactoryWithMockGssManager implements AuthSchemeFactory {
NegotiateSchemeWithMockGssManager scheme;
NegotiateSchemeFactoryWithMockGssManager() throws Exception {
scheme = new NegotiateSchemeWithMockGssManager();
}
@Override
public AuthScheme create(final HttpContext context) {
return scheme;
}
}
/**
* Tests that the client will stop connecting to the server if
* the server still keep asking for a valid ticket.
*/
@Test
public void testDontTryToAuthenticateEndlessly() throws Exception {
this.server.registerHandler("*", new PleaseNegotiateService());
final HttpHost target = start();
final AuthSchemeFactory nsf = new NegotiateSchemeFactoryWithMockGssManager();
final CredentialsProvider credentialsProvider = CredentialsProviderBuilder.create()
.add(new AuthScope(null, null, -1, null, null), new UseJaasCredentials())
.build();
final Registry<AuthSchemeFactory> authSchemeRegistry = RegistryBuilder.<AuthSchemeFactory>create()
.register(StandardAuthScheme.SPNEGO, nsf)
.build();
this.httpclient = HttpClients.custom()
.setDefaultAuthSchemeRegistry(authSchemeRegistry)
.setDefaultCredentialsProvider(credentialsProvider)
.build();
final String s = "/path";
final HttpGet httpget = new HttpGet(s);
final ClassicHttpResponse response = this.httpclient.execute(target, httpget);
EntityUtils.consume(response.getEntity());
Assert.assertEquals(HttpStatus.SC_UNAUTHORIZED, response.getCode());
}
/**
* Javadoc specifies that {@link GSSContext#initSecContext(byte[], int, int)} can return null
* if no token is generated. Client should be able to deal with this response.
*/
@Test
public void testNoTokenGeneratedError() throws Exception {
this.server.registerHandler("*", new PleaseNegotiateService());
final HttpHost target = start();
final AuthSchemeFactory nsf = new NegotiateSchemeFactoryWithMockGssManager();
final CredentialsProvider credentialsProvider = CredentialsProviderBuilder.create()
.add(new AuthScope(null, null, -1, null, null), new UseJaasCredentials())
.build();
final Registry<AuthSchemeFactory> authSchemeRegistry = RegistryBuilder.<AuthSchemeFactory>create()
.register(StandardAuthScheme.SPNEGO, nsf)
.build();
this.httpclient = HttpClients.custom()
.setDefaultAuthSchemeRegistry(authSchemeRegistry)
.setDefaultCredentialsProvider(credentialsProvider)
.build();
final String s = "/path";
final HttpGet httpget = new HttpGet(s);
final ClassicHttpResponse response = this.httpclient.execute(target, httpget);
EntityUtils.consume(response.getEntity());
Assert.assertEquals(HttpStatus.SC_UNAUTHORIZED, response.getCode());
}
}