hc-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ol...@apache.org
Subject svn commit: r1692371 [2/3] - in /httpcomponents/httpclient/trunk: fluent-hc/src/main/java/org/apache/http/client/fluent/ httpclient-cache/src/main/java/org/apache/http/client/cache/ httpclient-cache/src/main/java/org/apache/http/impl/client/cache/ http...
Date Thu, 23 Jul 2015 10:00:47 GMT
Modified: httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/GGSSchemeBase.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/GGSSchemeBase.java?rev=1692371&r1=1692370&r2=1692371&view=diff
==============================================================================
--- httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/GGSSchemeBase.java
(original)
+++ httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/GGSSchemeBase.java
Thu Jul 23 10:00:46 2015
@@ -28,28 +28,25 @@ package org.apache.http.impl.auth;
 
 import java.net.InetAddress;
 import java.net.UnknownHostException;
+import java.security.Principal;
 
 import org.apache.commons.codec.binary.Base64;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-import org.apache.http.Header;
-import org.apache.http.HttpHeaders;
 import org.apache.http.HttpHost;
 import org.apache.http.HttpRequest;
 import org.apache.http.annotation.NotThreadSafe;
 import org.apache.http.auth.AuthChallenge;
+import org.apache.http.auth.AuthScheme;
+import org.apache.http.auth.AuthScope;
 import org.apache.http.auth.AuthenticationException;
-import org.apache.http.auth.ChallengeType;
 import org.apache.http.auth.Credentials;
+import org.apache.http.auth.CredentialsProvider;
 import org.apache.http.auth.InvalidCredentialsException;
 import org.apache.http.auth.KerberosCredentials;
 import org.apache.http.auth.MalformedChallengeException;
-import org.apache.http.client.protocol.HttpClientContext;
-import org.apache.http.conn.routing.HttpRoute;
-import org.apache.http.message.BufferedHeader;
 import org.apache.http.protocol.HttpContext;
 import org.apache.http.util.Args;
-import org.apache.http.util.CharArrayBuffer;
 import org.ietf.jgss.GSSContext;
 import org.ietf.jgss.GSSCredential;
 import org.ietf.jgss.GSSException;
@@ -61,7 +58,7 @@ import org.ietf.jgss.Oid;
  * @since 4.2
  */
 @NotThreadSafe
-public abstract class GGSSchemeBase extends NonStandardAuthScheme {
+public abstract class GGSSchemeBase implements AuthScheme {
 
     enum State {
         UNINITIATED,
@@ -77,8 +74,8 @@ public abstract class GGSSchemeBase exte
 
     /** Authentication process state */
     private State state;
-
-    /** base64 decoded challenge **/
+    private GSSCredential gssCredential;
+    private String challenge;
     private byte[] token;
 
     GGSSchemeBase(final boolean stripPort, final boolean useCanonicalHostname) {
@@ -93,19 +90,25 @@ public abstract class GGSSchemeBase exte
     }
 
     GGSSchemeBase() {
-        this(true,true);
+        this(true, true);
     }
 
+    @Override
+    public String getRealm() {
+        return null;
+    }
+
+    @Override
     public void processChallenge(
-            final ChallengeType challengeType,
-            final AuthChallenge authChallenge) throws MalformedChallengeException {
-        update(challengeType, authChallenge);
+            final AuthChallenge authChallenge,
+            final HttpContext context) throws MalformedChallengeException {
+        Args.notNull(authChallenge, "AuthChallenge");
+        if (authChallenge.getValue() == null) {
+            throw new MalformedChallengeException("Missing auth challenge");
+        }
+        this.challenge = authChallenge.getValue();
         if (state == State.UNINITIATED) {
-            final String challenge = getChallenge();
             token = Base64.decodeBase64(challenge.getBytes());
-            if (log.isDebugEnabled()) {
-                log.debug("Received token '" + token + "' from the auth server");
-            }
             state = State.CHALLENGE_RECEIVED;
         } else {
             log.debug("Authentication already attempted");
@@ -117,17 +120,10 @@ public abstract class GGSSchemeBase exte
         return GSSManager.getInstance();
     }
 
-    protected byte[] generateGSSToken(
-            final byte[] input, final Oid oid, final String authServer) throws GSSException
{
-        return generateGSSToken(input, oid, authServer, null);
-    }
-
     /**
      * @since 4.4
      */
-    protected byte[] generateGSSToken(
-            final byte[] input, final Oid oid, final String authServer,
-            final Credentials credentials) throws GSSException {
+    protected byte[] generateGSSToken(final byte[] input, final Oid oid, final String authServer)
throws GSSException {
         byte[] inputBuff = input;
         if (inputBuff == null) {
             inputBuff = new byte[0];
@@ -135,13 +131,6 @@ public abstract class GGSSchemeBase exte
         final GSSManager manager = getManager();
         final GSSName serverName = manager.createName("HTTP@" + authServer, GSSName.NT_HOSTBASED_SERVICE);
 
-        final GSSCredential gssCredential;
-        if (credentials instanceof KerberosCredentials) {
-            gssCredential = ((KerberosCredentials) credentials).getGSSCredential();
-        } else {
-            gssCredential = null;
-        }
-
         final GSSContext gssContext = manager.createContext(
                 serverName.canonicalize(oid), oid, gssCredential, GSSContext.DEFAULT_LIFETIME);
         gssContext.requestMutualAuth(true);
@@ -152,43 +141,52 @@ public abstract class GGSSchemeBase exte
     /**
      * @since 4.4
      */
-    protected abstract byte[] generateToken(
-            byte[] input, String authServer, Credentials credentials) throws GSSException;
+    protected abstract byte[] generateToken(byte[] input, String authServer) throws GSSException;
 
     @Override
-    public boolean isComplete() {
+    public boolean isChallengeComplete() {
         return this.state == State.TOKEN_GENERATED || this.state == State.FAILED;
     }
 
     @Override
-    public Header authenticate(
-            final Credentials credentials,
+    public boolean isResponseReady(
+            final HttpHost host,
+            final CredentialsProvider credentialsProvider,
+            final HttpContext context) throws AuthenticationException {
+
+        Args.notNull(host, "Auth host");
+        Args.notNull(credentialsProvider, "CredentialsProvider");
+
+        final Credentials credentials = credentialsProvider.getCredentials(new AuthScope(host,
null, getName()));
+        if (credentials instanceof KerberosCredentials) {
+            this.gssCredential = ((KerberosCredentials) credentials).getGSSCredential();
+        } else {
+            this.gssCredential = null;
+        }
+        return true;
+    }
+
+    @Override
+    public Principal getPrinciple() {
+        return null;
+    }
+
+    @Override
+    public String generateAuthResponse(
+            final HttpHost host,
             final HttpRequest request,
             final HttpContext context) throws AuthenticationException {
+        Args.notNull(host, "HTTP host");
         Args.notNull(request, "HTTP request");
         switch (state) {
         case UNINITIATED:
-            throw new AuthenticationException(getSchemeName() + " authentication has not
been initiated");
+            throw new AuthenticationException(getName() + " authentication has not been initiated");
         case FAILED:
-            throw new AuthenticationException(getSchemeName() + " authentication has failed");
+            throw new AuthenticationException(getName() + " authentication has failed");
         case CHALLENGE_RECEIVED:
             try {
-                final HttpRoute route = (HttpRoute) context.getAttribute(HttpClientContext.HTTP_ROUTE);
-                if (route == null) {
-                    throw new AuthenticationException("Connection route is not available");
-                }
-                HttpHost host;
-                if (isProxy()) {
-                    host = route.getProxyHost();
-                    if (host == null) {
-                        host = route.getTargetHost();
-                    }
-                } else {
-                    host = route.getTargetHost();
-                }
                 final String authServer;
                 String hostname = host.getHostName();
-
                 if (this.useCanonicalHostname){
                     try {
                          //TODO: uncomment this statement and delete the resolveCanonicalHostname,
@@ -208,7 +206,7 @@ public abstract class GGSSchemeBase exte
                 if (log.isDebugEnabled()) {
                     log.debug("init " + authServer);
                 }
-                token = generateToken(token, authServer, credentials);
+                token = generateToken(token, authServer);
                 state = State.TOKEN_GENERATED;
             } catch (final GSSException gsse) {
                 state = State.FAILED;
@@ -233,15 +231,7 @@ public abstract class GGSSchemeBase exte
             if (log.isDebugEnabled()) {
                 log.debug("Sending response '" + tokenstr + "' back to the auth server");
             }
-            final CharArrayBuffer buffer = new CharArrayBuffer(32);
-            if (isProxy()) {
-                buffer.append(HttpHeaders.PROXY_AUTHORIZATION);
-            } else {
-                buffer.append(HttpHeaders.AUTHORIZATION);
-            }
-            buffer.append(": Negotiate ");
-            buffer.append(tokenstr);
-            return new BufferedHeader(buffer);
+            return "Negotiate " + tokenstr;
         default:
             throw new IllegalStateException("Illegal state: " + state);
         }
@@ -256,4 +246,9 @@ public abstract class GGSSchemeBase exte
         return canonicalServer;
     }
 
+    @Override
+    public String toString() {
+        return "[" + this.state + " " + challenge + ']';
+    }
+
 }

Modified: httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/HttpAuthenticator.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/HttpAuthenticator.java?rev=1692371&r1=1692370&r2=1692371&view=diff
==============================================================================
--- httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/HttpAuthenticator.java
(original)
+++ httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/HttpAuthenticator.java
Thu Jul 23 10:00:46 2015
@@ -47,20 +47,18 @@ import org.apache.http.HttpResponse;
 import org.apache.http.HttpStatus;
 import org.apache.http.ParseException;
 import org.apache.http.auth.AuthChallenge;
-import org.apache.http.auth.AuthOption;
 import org.apache.http.auth.AuthProtocolState;
 import org.apache.http.auth.AuthScheme;
-import org.apache.http.auth.AuthScope;
 import org.apache.http.auth.AuthState;
 import org.apache.http.auth.AuthenticationException;
 import org.apache.http.auth.ChallengeType;
-import org.apache.http.auth.Credentials;
 import org.apache.http.auth.CredentialsProvider;
 import org.apache.http.auth.MalformedChallengeException;
 import org.apache.http.client.AuthCache;
 import org.apache.http.client.AuthenticationStrategy;
 import org.apache.http.client.config.AuthSchemes;
 import org.apache.http.client.protocol.HttpClientContext;
+import org.apache.http.message.BasicHeader;
 import org.apache.http.message.ParserCursor;
 import org.apache.http.protocol.HttpContext;
 import org.apache.http.util.Asserts;
@@ -195,12 +193,12 @@ public class HttpAuthenticator {
             case UNCHALLENGED:
                 final AuthScheme authScheme = authState.getAuthScheme();
                 if (authScheme != null) {
-                    final String id = authScheme.getSchemeName();
+                    final String id = authScheme.getName();
                     final AuthChallenge challenge = challengeMap.get(id.toLowerCase(Locale.ROOT));
                     if (challenge != null) {
                         this.log.debug("Authorization challenge processed");
                         try {
-                            authScheme.processChallenge(challengeType, challenge);
+                            authScheme.processChallenge(challenge, context);
                         } catch (MalformedChallengeException ex) {
                             if (this.log.isWarnEnabled()) {
                                 this.log.warn(ex.getMessage());
@@ -209,7 +207,7 @@ public class HttpAuthenticator {
                             authState.reset();
                             return false;
                         }
-                        if (authScheme.isComplete()) {
+                        if (authScheme.isChallengeComplete()) {
                             this.log.debug("Authentication failed");
                             clearCache(host, clientContext);
                             authState.reset();
@@ -233,22 +231,16 @@ public class HttpAuthenticator {
             return false;
         }
 
-        final Queue<AuthOption> authOptions = new LinkedList<>();
+        final Queue<AuthScheme> authOptions = new LinkedList<>();
         for (AuthScheme authScheme: preferredSchemes) {
             try {
-                final String id = authScheme.getSchemeName();
+                final String id = authScheme.getName();
                 final AuthChallenge challenge = challengeMap.get(id.toLowerCase(Locale.ROOT));
-                authScheme.processChallenge(challengeType, challenge);
-                final AuthScope authScope = new AuthScope(
-                        host.getHostName(),
-                        host.getPort(),
-                        authScheme.getRealm(),
-                        authScheme.getSchemeName());
-                final Credentials credentials = credsProvider.getCredentials(authScope);
-                if (credentials != null) {
-                    authOptions.add(new AuthOption(authScheme, credentials));
+                authScheme.processChallenge(challenge, context);
+                if (authScheme.isResponseReady(host, credsProvider, context)) {
+                    authOptions.add(authScheme);
                 }
-            } catch (MalformedChallengeException ex) {
+            } catch (AuthenticationException | MalformedChallengeException ex) {
                 if (this.log.isWarnEnabled()) {
                     this.log.warn(ex.getMessage());
                 }
@@ -267,11 +259,12 @@ public class HttpAuthenticator {
     }
 
     public void addAuthResponse(
+            final HttpHost host,
+            final ChallengeType challengeType,
             final HttpRequest request,
             final AuthState authState,
             final HttpContext context) throws HttpException, IOException {
         AuthScheme authScheme = authState.getAuthScheme();
-        Credentials creds = authState.getCredentials();
         switch (authState.getState()) {
         case FAILURE:
             return;
@@ -285,19 +278,20 @@ public class HttpAuthenticator {
             Asserts.notNull(authScheme, "AuthScheme");
             break;
         case CHALLENGED:
-            final Queue<AuthOption> authOptions = authState.getAuthOptions();
+            final Queue<AuthScheme> authOptions = authState.getAuthOptions();
             if (authOptions != null) {
                 while (!authOptions.isEmpty()) {
-                    final AuthOption authOption = authOptions.remove();
-                    authScheme = authOption.getAuthScheme();
-                    creds = authOption.getCredentials();
-                    authState.update(authScheme, creds);
+                    authScheme = authOptions.remove();
+                    authState.update(authScheme);
                     if (this.log.isDebugEnabled()) {
                         this.log.debug("Generating response to an authentication challenge
using "
-                                + authScheme.getSchemeName() + " scheme");
+                                + authScheme.getName() + " scheme");
                     }
                     try {
-                        final Header header = doAuth(authScheme, creds, request, context);
+                        final String authResponse = authScheme.generateAuthResponse(host,
request, context);
+                        final Header header = new BasicHeader(
+                                challengeType == ChallengeType.TARGET ? HttpHeaders.AUTHORIZATION
: HttpHeaders.PROXY_AUTHORIZATION,
+                                authResponse);
                         request.addHeader(header);
                         break;
                     } catch (final AuthenticationException ex) {
@@ -314,7 +308,10 @@ public class HttpAuthenticator {
         }
         if (authScheme != null) {
             try {
-                final Header header = doAuth(authScheme, creds, request, context);
+                final String authResponse = authScheme.generateAuthResponse(host, request,
context);
+                final Header header = new BasicHeader(
+                        challengeType == ChallengeType.TARGET ? HttpHeaders.AUTHORIZATION
: HttpHeaders.PROXY_AUTHORIZATION,
+                        authResponse);
                 request.addHeader(header);
             } catch (final AuthenticationException ex) {
                 if (this.log.isErrorEnabled()) {
@@ -325,7 +322,7 @@ public class HttpAuthenticator {
     }
 
     private boolean isCachable(final AuthScheme authScheme) {
-        final String schemeName = authScheme.getSchemeName();
+        final String schemeName = authScheme.getName();
         return schemeName.equalsIgnoreCase(AuthSchemes.BASIC) ||
                 schemeName.equalsIgnoreCase(AuthSchemes.DIGEST);
     }
@@ -335,7 +332,7 @@ public class HttpAuthenticator {
             final AuthCache authCache = clientContext.getAuthCache();
             if (authCache != null) {
                 if (this.log.isDebugEnabled()) {
-                    this.log.debug("Caching '" + authScheme.getSchemeName() + "' auth scheme
for " + host);
+                    this.log.debug("Caching '" + authScheme.getName() + "' auth scheme for
" + host);
                 }
                 authCache.put(host, authScheme);
             }
@@ -353,12 +350,4 @@ public class HttpAuthenticator {
         }
     }
 
-    private Header doAuth(
-            final AuthScheme authScheme,
-            final Credentials creds,
-            final HttpRequest request,
-            final HttpContext context) throws AuthenticationException {
-        return authScheme.authenticate(creds, request, context);
-    }
-
 }

Modified: httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/KerberosScheme.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/KerberosScheme.java?rev=1692371&r1=1692370&r2=1692371&view=diff
==============================================================================
--- httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/KerberosScheme.java
(original)
+++ httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/KerberosScheme.java
Thu Jul 23 10:00:46 2015
@@ -27,7 +27,6 @@
 package org.apache.http.impl.auth;
 
 import org.apache.http.annotation.NotThreadSafe;
-import org.apache.http.auth.Credentials;
 import org.ietf.jgss.GSSException;
 import org.ietf.jgss.Oid;
 
@@ -57,13 +56,13 @@ public class KerberosScheme extends GGSS
     }
 
     @Override
-    public String getSchemeName() {
+    public String getName() {
         return "Kerberos";
     }
 
     @Override
-    protected byte[] generateToken(final byte[] input, final String authServer, final Credentials
credentials) throws GSSException {
-        return generateGSSToken(input, new Oid(KERBEROS_OID), authServer, credentials);
+    protected byte[] generateToken(final byte[] input, final String authServer) throws GSSException
{
+        return generateGSSToken(input, new Oid(KERBEROS_OID), authServer);
     }
 
     @Override

Modified: httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/NTLMEngineImpl.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/NTLMEngineImpl.java?rev=1692371&r1=1692370&r2=1692371&view=diff
==============================================================================
--- httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/NTLMEngineImpl.java
(original)
+++ httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/NTLMEngineImpl.java
Thu Jul 23 10:00:46 2015
@@ -1574,7 +1574,7 @@ final class NTLMEngineImpl implements NT
                 i++;
             }
 
-            // Very important: update the digest with the ipad buffer
+            // Very important: processChallenge the digest with the ipad buffer
             md5.reset();
             md5.update(ipad);
 

Modified: httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/NTLMScheme.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/NTLMScheme.java?rev=1692371&r1=1692370&r2=1692371&view=diff
==============================================================================
--- httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/NTLMScheme.java
(original)
+++ httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/NTLMScheme.java
Thu Jul 23 10:00:46 2015
@@ -26,21 +26,21 @@
  */
 package org.apache.http.impl.auth;
 
-import org.apache.http.Header;
-import org.apache.http.HttpHeaders;
+import java.security.Principal;
+
+import org.apache.http.HttpHost;
 import org.apache.http.HttpRequest;
 import org.apache.http.annotation.NotThreadSafe;
 import org.apache.http.auth.AuthChallenge;
+import org.apache.http.auth.AuthScheme;
+import org.apache.http.auth.AuthScope;
 import org.apache.http.auth.AuthenticationException;
-import org.apache.http.auth.ChallengeType;
 import org.apache.http.auth.Credentials;
-import org.apache.http.auth.InvalidCredentialsException;
+import org.apache.http.auth.CredentialsProvider;
 import org.apache.http.auth.MalformedChallengeException;
 import org.apache.http.auth.NTCredentials;
-import org.apache.http.message.BufferedHeader;
 import org.apache.http.protocol.HttpContext;
 import org.apache.http.util.Args;
-import org.apache.http.util.CharArrayBuffer;
 
 /**
  * NTLM is a proprietary authentication scheme developed by Microsoft
@@ -49,7 +49,7 @@ import org.apache.http.util.CharArrayBuf
  * @since 4.0
  */
 @NotThreadSafe
-public class NTLMScheme extends NonStandardAuthScheme {
+public class NTLMScheme implements AuthScheme {
 
     enum State {
         UNINITIATED,
@@ -63,6 +63,8 @@ public class NTLMScheme extends NonStand
     private final NTLMEngine engine;
 
     private State state;
+    private String challenge;
+    private NTCredentials credentials;
 
     public NTLMScheme(final NTLMEngine engine) {
         super();
@@ -79,7 +81,7 @@ public class NTLMScheme extends NonStand
     }
 
     @Override
-    public String getSchemeName() {
+    public String getName() {
         return "ntlm";
     }
 
@@ -89,12 +91,20 @@ public class NTLMScheme extends NonStand
     }
 
     @Override
+    public String getRealm() {
+        return null;
+    }
+
+    @Override
     public void processChallenge(
-            final ChallengeType challengeType, final AuthChallenge authChallenge) throws
MalformedChallengeException {
-        Args.notNull(challengeType, "ChallengeType");
+            final AuthChallenge authChallenge,
+            final HttpContext context) throws MalformedChallengeException {
         Args.notNull(authChallenge, "AuthChallenge");
-        final String value = authChallenge.getValue();
-        if (value == null || value.isEmpty()) {
+        if (authChallenge.getValue() == null) {
+            throw new MalformedChallengeException("Missing auth challenge");
+        }
+        this.challenge = authChallenge.getValue();
+        if (this.challenge == null || this.challenge.isEmpty()) {
             if (this.state == State.UNINITIATED) {
                 this.state = State.CHALLENGE_RECEIVED;
             } else {
@@ -111,51 +121,66 @@ public class NTLMScheme extends NonStand
     }
 
     @Override
-    public Header authenticate(
-            final Credentials credentials,
+    public boolean isResponseReady(
+            final HttpHost host,
+            final CredentialsProvider credentialsProvider,
+            final HttpContext context) throws AuthenticationException {
+
+        Args.notNull(host, "Auth host");
+        Args.notNull(credentialsProvider, "CredentialsProvider");
+
+        final Credentials credentials = credentialsProvider.getCredentials(new AuthScope(host,
null, getName()));
+        if (credentials instanceof NTCredentials) {
+            this.credentials = (NTCredentials) credentials;
+            return true;
+        } else {
+            return false;
+        }
+    }
+
+    @Override
+    public Principal getPrinciple() {
+        return this.credentials != null ? this.credentials.getUserPrincipal() : null;
+    }
+
+    @Override
+    public String generateAuthResponse(
+            final HttpHost host,
             final HttpRequest request,
             final HttpContext context) throws AuthenticationException {
-        final NTCredentials ntcredentials;
-        try {
-            ntcredentials = (NTCredentials) credentials;
-        } catch (final ClassCastException e) {
-            throw new InvalidCredentialsException(
-             "Credentials cannot be used for NTLM authentication: "
-              + credentials.getClass().getName());
+        if (this.credentials == null) {
+            throw new AuthenticationException("NT credentials not available");
         }
         final String response;
         if (this.state == State.FAILED) {
             throw new AuthenticationException("NTLM authentication failed");
         } else if (this.state == State.CHALLENGE_RECEIVED) {
             response = this.engine.generateType1Msg(
-                    ntcredentials.getNetbiosDomain(),
-                    ntcredentials.getWorkstation());
+                    this.credentials.getNetbiosDomain(),
+                    this.credentials.getWorkstation());
             this.state = State.MSG_TYPE1_GENERATED;
         } else if (this.state == State.MSG_TYPE2_RECEVIED) {
             response = this.engine.generateType3Msg(
-                    ntcredentials.getUserName(),
-                    ntcredentials.getPassword(),
-                    ntcredentials.getNetbiosDomain(),
-                    ntcredentials.getWorkstation(),
-                    getChallenge());
+                    this.credentials.getUserName(),
+                    this.credentials.getPassword(),
+                    this.credentials.getNetbiosDomain(),
+                    this.credentials.getWorkstation(),
+                    this.challenge);
             this.state = State.MSG_TYPE3_GENERATED;
         } else {
             throw new AuthenticationException("Unexpected state: " + this.state);
         }
-        final CharArrayBuffer buffer = new CharArrayBuffer(32);
-        if (isProxy()) {
-            buffer.append(HttpHeaders.PROXY_AUTHORIZATION);
-        } else {
-            buffer.append(HttpHeaders.AUTHORIZATION);
-        }
-        buffer.append(": NTLM ");
-        buffer.append(response);
-        return new BufferedHeader(buffer);
+        return "NTLM " + response;
     }
 
     @Override
-    public boolean isComplete() {
+    public boolean isChallengeComplete() {
         return this.state == State.MSG_TYPE3_GENERATED || this.state == State.FAILED;
     }
 
+    @Override
+    public String toString() {
+        return "[" + this.state + " " + challenge + ']';
+    }
+
 }

Modified: httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/SPNegoScheme.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/SPNegoScheme.java?rev=1692371&r1=1692370&r2=1692371&view=diff
==============================================================================
--- httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/SPNegoScheme.java
(original)
+++ httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/SPNegoScheme.java
Thu Jul 23 10:00:46 2015
@@ -27,7 +27,6 @@
 package org.apache.http.impl.auth;
 
 import org.apache.http.annotation.NotThreadSafe;
-import org.apache.http.auth.Credentials;
 import org.ietf.jgss.GSSException;
 import org.ietf.jgss.Oid;
 
@@ -58,13 +57,13 @@ public class SPNegoScheme extends GGSSch
     }
 
     @Override
-    public String getSchemeName() {
+    public String getName() {
         return "Negotiate";
     }
 
     @Override
-    protected byte[] generateToken(final byte[] input, final String authServer, final Credentials
credentials) throws GSSException {
-        return generateGSSToken(input, new Oid(SPNEGO_OID), authServer, credentials);
+    protected byte[] generateToken(final byte[] input, final String authServer) throws GSSException
{
+        return generateGSSToken(input, new Oid(SPNEGO_OID), authServer);
     }
 
     @Override

Modified: httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/client/DefaultUserTokenHandler.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/client/DefaultUserTokenHandler.java?rev=1692371&r1=1692370&r2=1692371&view=diff
==============================================================================
--- httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/client/DefaultUserTokenHandler.java
(original)
+++ httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/client/DefaultUserTokenHandler.java
Thu Jul 23 10:00:46 2015
@@ -34,7 +34,6 @@ import org.apache.http.HttpConnection;
 import org.apache.http.annotation.Immutable;
 import org.apache.http.auth.AuthScheme;
 import org.apache.http.auth.AuthState;
-import org.apache.http.auth.Credentials;
 import org.apache.http.client.UserTokenHandler;
 import org.apache.http.client.protocol.HttpClientContext;
 import org.apache.http.conn.ManagedHttpClientConnection;
@@ -90,11 +89,8 @@ public class DefaultUserTokenHandler imp
 
     private static Principal getAuthPrincipal(final AuthState authState) {
         final AuthScheme scheme = authState.getAuthScheme();
-        if (scheme != null && scheme.isComplete() && scheme.isConnectionBased())
{
-            final Credentials creds = authState.getCredentials();
-            if (creds != null) {
-                return creds.getUserPrincipal();
-            }
+        if (scheme != null && scheme.isConnectionBased()) {
+            return scheme.getPrinciple();
         }
         return null;
     }

Modified: httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/client/ProxyClient.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/client/ProxyClient.java?rev=1692371&r1=1692370&r2=1692371&view=diff
==============================================================================
--- httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/client/ProxyClient.java
(original)
+++ httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/client/ProxyClient.java
Thu Jul 23 10:00:46 2015
@@ -177,7 +177,7 @@ public class ProxyClient {
                 conn.bind(socket);
             }
 
-            this.authenticator.addAuthResponse(connect, this.proxyAuthState, context);
+            this.authenticator.addAuthResponse(proxy, ChallengeType.PROXY, connect, this.proxyAuthState,
context);
 
             response = this.requestExec.execute(connect, conn, context);
 

Modified: httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/execchain/MainClientExec.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/execchain/MainClientExec.java?rev=1692371&r1=1692370&r2=1692371&view=diff
==============================================================================
--- httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/execchain/MainClientExec.java
(original)
+++ httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/execchain/MainClientExec.java
Thu Jul 23 10:00:46 2015
@@ -248,13 +248,15 @@ public class MainClientExec implements C
                     if (this.log.isDebugEnabled()) {
                         this.log.debug("Target auth state: " + targetAuthState.getState());
                     }
-                    this.authenticator.addAuthResponse(request, targetAuthState, context);
+                    this.authenticator.addAuthResponse(
+                            route.getTargetHost(), ChallengeType.TARGET, request, targetAuthState,
context);
                 }
                 if (!request.containsHeader(HttpHeaders.PROXY_AUTHORIZATION) && !route.isTunnelled())
{
                     if (this.log.isDebugEnabled()) {
                         this.log.debug("Proxy auth state: " + proxyAuthState.getState());
                     }
-                    this.authenticator.addAuthResponse(request, proxyAuthState, context);
+                    this.authenticator.addAuthResponse(
+                            route.getProxyHost(), ChallengeType.PROXY, request, proxyAuthState,
context);
                 }
 
                 response = requestExecutor.execute(request, managedConn, context);
@@ -423,7 +425,7 @@ public class MainClientExec implements C
      * The connection must be established to the (last) proxy.
      * A CONNECT request for tunnelling through the proxy will
      * be created and sent, the response received and checked.
-     * This method does <i>not</i> update the connection with
+     * This method does <i>not</i> processChallenge the connection with
      * information about the tunnel, that is left to the caller.
      */
     private boolean createTunnelToTarget(
@@ -455,7 +457,7 @@ public class MainClientExec implements C
             }
 
             connect.removeHeaders(HttpHeaders.PROXY_AUTHORIZATION);
-            this.authenticator.addAuthResponse(connect, proxyAuthState, context);
+            this.authenticator.addAuthResponse(proxy, ChallengeType.PROXY, connect, proxyAuthState,
context);
 
             response = this.requestExecutor.execute(connect, managedConn, context);
 

Modified: httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/execchain/ProtocolExec.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/execchain/ProtocolExec.java?rev=1692371&r1=1692370&r2=1692371&view=diff
==============================================================================
--- httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/execchain/ProtocolExec.java
(original)
+++ httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/execchain/ProtocolExec.java
Thu Jul 23 10:00:46 2015
@@ -57,7 +57,7 @@ import org.apache.http.util.Args;
  * Request executor in the request execution chain that is responsible
  * for implementation of HTTP specification requirements.
  * Internally this executor relies on a {@link HttpProcessor} to populate
- * requisite HTTP request headers, process HTTP response headers and update
+ * requisite HTTP request headers, process HTTP response headers and processChallenge
  * session state in {@link HttpClientContext}.
  * <p>
  * Further responsibilities such as communication with the opposite

Modified: httpcomponents/httpclient/trunk/httpclient/src/test/java/org/apache/http/client/protocol/TestRequestAuthCache.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/httpclient/src/test/java/org/apache/http/client/protocol/TestRequestAuthCache.java?rev=1692371&r1=1692370&r2=1692371&view=diff
==============================================================================
--- httpcomponents/httpclient/trunk/httpclient/src/test/java/org/apache/http/client/protocol/TestRequestAuthCache.java
(original)
+++ httpcomponents/httpclient/trunk/httpclient/src/test/java/org/apache/http/client/protocol/TestRequestAuthCache.java
Thu Jul 23 10:00:46 2015
@@ -113,9 +113,7 @@ public class TestRequestAuthCache {
         final HttpRequestInterceptor interceptor = new RequestAuthCache();
         interceptor.process(request, context);
         Assert.assertNotNull(this.targetState.getAuthScheme());
-        Assert.assertSame(this.creds1, this.targetState.getCredentials());
         Assert.assertNotNull(this.proxyState.getAuthScheme());
-        Assert.assertSame(this.creds2, this.proxyState.getCredentials());
     }
 
     @Test
@@ -138,9 +136,7 @@ public class TestRequestAuthCache {
         final HttpRequestInterceptor interceptor = new RequestAuthCache();
         interceptor.process(request, context);
         Assert.assertNull(this.targetState.getAuthScheme());
-        Assert.assertNull(this.targetState.getCredentials());
         Assert.assertNull(this.proxyState.getAuthScheme());
-        Assert.assertNull(this.proxyState.getCredentials());
     }
 
     @Test
@@ -158,9 +154,7 @@ public class TestRequestAuthCache {
         final HttpRequestInterceptor interceptor = new RequestAuthCache();
         interceptor.process(request, context);
         Assert.assertNull(this.targetState.getAuthScheme());
-        Assert.assertNull(this.targetState.getCredentials());
         Assert.assertNull(this.proxyState.getAuthScheme());
-        Assert.assertNull(this.proxyState.getCredentials());
     }
 
     @Test
@@ -180,36 +174,7 @@ public class TestRequestAuthCache {
         final HttpRequestInterceptor interceptor = new RequestAuthCache();
         interceptor.process(request, context);
         Assert.assertNull(this.targetState.getAuthScheme());
-        Assert.assertNull(this.targetState.getCredentials());
         Assert.assertNull(this.proxyState.getAuthScheme());
-        Assert.assertNull(this.proxyState.getCredentials());
-    }
-
-    @Test
-    public void testNoMatchingCredentials() throws Exception {
-        final HttpRequest request = new BasicHttpRequest("GET", "/");
-
-        this.credProvider.clear();
-
-        final HttpClientContext context = HttpClientContext.create();
-        context.setAttribute(HttpClientContext.CREDS_PROVIDER, this.credProvider);
-        context.setAttribute(HttpCoreContext.HTTP_TARGET_HOST, this.target);
-        context.setAttribute(HttpClientContext.HTTP_ROUTE, new HttpRoute(this.target, null,
this.proxy, false));
-        context.setAttribute(HttpClientContext.TARGET_AUTH_STATE, this.targetState);
-        context.setAttribute(HttpClientContext.PROXY_AUTH_STATE, this.proxyState);
-
-        final AuthCache authCache = new BasicAuthCache();
-        authCache.put(this.target, this.authscheme1);
-        authCache.put(this.proxy, this.authscheme2);
-
-        context.setAttribute(HttpClientContext.AUTH_CACHE, authCache);
-
-        final HttpRequestInterceptor interceptor = new RequestAuthCache();
-        interceptor.process(request, context);
-        Assert.assertNull(this.targetState.getAuthScheme());
-        Assert.assertNull(this.targetState.getCredentials());
-        Assert.assertNull(this.proxyState.getAuthScheme());
-        Assert.assertNull(this.proxyState.getCredentials());
     }
 
     @Test
@@ -230,16 +195,14 @@ public class TestRequestAuthCache {
         context.setAttribute(HttpClientContext.AUTH_CACHE, authCache);
 
         this.targetState.setState(AuthProtocolState.CHALLENGED);
-        this.targetState.update(new BasicScheme(), new UsernamePasswordCredentials("user3",
"secret3"));
+        this.targetState.update(new BasicScheme());
         this.proxyState.setState(AuthProtocolState.CHALLENGED);
-        this.proxyState.update(new BasicScheme(), new UsernamePasswordCredentials("user4",
"secret4"));
+        this.proxyState.update(new BasicScheme());
 
         final HttpRequestInterceptor interceptor = new RequestAuthCache();
         interceptor.process(request, context);
         Assert.assertNotSame(this.authscheme1, this.targetState.getAuthScheme());
-        Assert.assertNotSame(this.creds1, this.targetState.getCredentials());
         Assert.assertNotSame(this.authscheme2, this.proxyState.getAuthScheme());
-        Assert.assertNotSame(this.creds2, this.proxyState.getCredentials());
     }
 
 }

Modified: httpcomponents/httpclient/trunk/httpclient/src/test/java/org/apache/http/impl/auth/TestBasicScheme.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/httpclient/src/test/java/org/apache/http/impl/auth/TestBasicScheme.java?rev=1692371&r1=1692370&r2=1692371&view=diff
==============================================================================
--- httpcomponents/httpclient/trunk/httpclient/src/test/java/org/apache/http/impl/auth/TestBasicScheme.java
(original)
+++ httpcomponents/httpclient/trunk/httpclient/src/test/java/org/apache/http/impl/auth/TestBasicScheme.java
Thu Jul 23 10:00:46 2015
@@ -34,17 +34,15 @@ import java.util.List;
 
 import org.apache.commons.codec.binary.Base64;
 import org.apache.http.Consts;
-import org.apache.http.Header;
-import org.apache.http.HttpHeaders;
+import org.apache.http.HttpHost;
 import org.apache.http.HttpRequest;
 import org.apache.http.auth.AuthChallenge;
 import org.apache.http.auth.AuthScheme;
-import org.apache.http.auth.ChallengeType;
+import org.apache.http.auth.AuthScope;
 import org.apache.http.auth.UsernamePasswordCredentials;
+import org.apache.http.impl.client.BasicCredentialsProvider;
 import org.apache.http.message.BasicHttpRequest;
 import org.apache.http.message.ParserCursor;
-import org.apache.http.protocol.BasicHttpContext;
-import org.apache.http.protocol.HttpContext;
 import org.apache.http.util.CharArrayBuffer;
 import org.apache.http.util.EncodingUtils;
 import org.junit.Assert;
@@ -69,7 +67,7 @@ public class TestBasicScheme {
         final String challenge = "Basic";
         final AuthChallenge authChallenge = parse(challenge);
         final AuthScheme authscheme = new BasicScheme();
-        authscheme.processChallenge(ChallengeType.TARGET, authChallenge);
+        authscheme.processChallenge(authChallenge, null);
         Assert.assertNull(authscheme.getRealm());
     }
 
@@ -81,56 +79,66 @@ public class TestBasicScheme {
             buffer.append((char)germanChar);
         }
 
+        final HttpHost host  = new HttpHost("somehost", 80);
+        final AuthScope authScope = new AuthScope(host, "some realm", null);
         final UsernamePasswordCredentials creds = new UsernamePasswordCredentials("dh", buffer.toString());
+        final BasicCredentialsProvider credentialsProvider = new BasicCredentialsProvider();
+        credentialsProvider.setCredentials(authScope, creds);
         final BasicScheme authscheme = new BasicScheme(Consts.ISO_8859_1);
 
+        Assert.assertTrue(authscheme.isResponseReady(host, credentialsProvider, null));
         final HttpRequest request = new BasicHttpRequest("GET", "/");
-        final HttpContext context = new BasicHttpContext();
-        final Header header = authscheme.authenticate(creds, request, context);
-        Assert.assertEquals("Basic ZGg65C32Lfw=", header.getValue());
+        final String authResponse = authscheme.generateAuthResponse(host, request, null);
+        Assert.assertEquals("Basic ZGg65C32Lfw=", authResponse);
     }
 
     @Test
     public void testBasicAuthentication() throws Exception {
-        final UsernamePasswordCredentials creds = new UsernamePasswordCredentials("testuser",
"testpass");
-
         final AuthChallenge authChallenge = parse("Basic realm=\"test\"");
 
         final BasicScheme authscheme = new BasicScheme();
-        authscheme.processChallenge(ChallengeType.TARGET, authChallenge);
+        authscheme.processChallenge(authChallenge, null);
+
+        final HttpHost host  = new HttpHost("somehost", 80);
+        final AuthScope authScope = new AuthScope(host, "test", null);
+        final UsernamePasswordCredentials creds = new UsernamePasswordCredentials("testuser",
"testpass");
+        final BasicCredentialsProvider credentialsProvider = new BasicCredentialsProvider();
+        credentialsProvider.setCredentials(authScope, creds);
 
         final HttpRequest request = new BasicHttpRequest("GET", "/");
-        final HttpContext context = new BasicHttpContext();
-        final Header authResponse = authscheme.authenticate(creds, request, context);
+        Assert.assertTrue(authscheme.isResponseReady(host, credentialsProvider, null));
+        final String authResponse = authscheme.generateAuthResponse(host, request, null);
 
         final String expected = "Basic " + EncodingUtils.getAsciiString(
             Base64.encodeBase64(EncodingUtils.getAsciiBytes("testuser:testpass")));
-        Assert.assertEquals(HttpHeaders.AUTHORIZATION, authResponse.getName());
-        Assert.assertEquals(expected, authResponse.getValue());
+        Assert.assertEquals(expected, authResponse);
         Assert.assertEquals("test", authscheme.getRealm());
-        Assert.assertTrue(authscheme.isComplete());
+        Assert.assertTrue(authscheme.isChallengeComplete());
         Assert.assertFalse(authscheme.isConnectionBased());
     }
 
     @Test
     public void testBasicProxyAuthentication() throws Exception {
-        final UsernamePasswordCredentials creds = new UsernamePasswordCredentials("testuser",
"testpass");
-
         final AuthChallenge authChallenge = parse("Basic realm=\"test\"");
 
         final BasicScheme authscheme = new BasicScheme();
-        authscheme.processChallenge(ChallengeType.PROXY, authChallenge);
+        authscheme.processChallenge(authChallenge, null);
+
+        final HttpHost host  = new HttpHost("somehost", 80);
+        final AuthScope authScope = new AuthScope(host, "test", null);
+        final UsernamePasswordCredentials creds = new UsernamePasswordCredentials("testuser",
"testpass");
+        final BasicCredentialsProvider credentialsProvider = new BasicCredentialsProvider();
+        credentialsProvider.setCredentials(authScope, creds);
 
         final HttpRequest request = new BasicHttpRequest("GET", "/");
-        final HttpContext context = new BasicHttpContext();
-        final Header authResponse = authscheme.authenticate(creds, request, context);
+        Assert.assertTrue(authscheme.isResponseReady(host, credentialsProvider, null));
+        final String authResponse = authscheme.generateAuthResponse(host, request, null);
 
         final String expected = "Basic " + EncodingUtils.getAsciiString(
             Base64.encodeBase64(EncodingUtils.getAsciiBytes("testuser:testpass")));
-        Assert.assertEquals(HttpHeaders.PROXY_AUTHORIZATION, authResponse.getName());
-        Assert.assertEquals(expected, authResponse.getValue());
+        Assert.assertEquals(expected, authResponse);
         Assert.assertEquals("test", authscheme.getRealm());
-        Assert.assertTrue(authscheme.isComplete());
+        Assert.assertTrue(authscheme.isChallengeComplete());
         Assert.assertFalse(authscheme.isConnectionBased());
     }
 
@@ -139,7 +147,7 @@ public class TestBasicScheme {
         final AuthChallenge authChallenge = parse("Basic realm=\"test\"");
 
         final BasicScheme basicScheme = new BasicScheme();
-        basicScheme.processChallenge(ChallengeType.PROXY, authChallenge);
+        basicScheme.processChallenge(authChallenge, null);
 
         final ByteArrayOutputStream buffer = new ByteArrayOutputStream();
         final ObjectOutputStream out = new ObjectOutputStream(buffer);
@@ -149,10 +157,9 @@ public class TestBasicScheme {
         final ObjectInputStream in = new ObjectInputStream(new ByteArrayInputStream(raw));
         final BasicScheme authScheme = (BasicScheme) in.readObject();
 
-        Assert.assertEquals(basicScheme.getSchemeName(), authScheme.getSchemeName());
+        Assert.assertEquals(basicScheme.getName(), authScheme.getName());
         Assert.assertEquals(basicScheme.getRealm(), authScheme.getRealm());
-        Assert.assertEquals(basicScheme.isComplete(), authScheme.isComplete());
-        Assert.assertEquals(true, basicScheme.isProxy());
+        Assert.assertEquals(basicScheme.isChallengeComplete(), authScheme.isChallengeComplete());
     }
 
     @Test
@@ -167,10 +174,9 @@ public class TestBasicScheme {
         final ObjectInputStream in = new ObjectInputStream(new ByteArrayInputStream(raw));
         final BasicScheme authScheme = (BasicScheme) in.readObject();
 
-        Assert.assertEquals(basicScheme.getSchemeName(), authScheme.getSchemeName());
+        Assert.assertEquals(basicScheme.getName(), authScheme.getName());
         Assert.assertEquals(basicScheme.getRealm(), authScheme.getRealm());
-        Assert.assertEquals(basicScheme.isComplete(), authScheme.isComplete());
-        Assert.assertEquals(false, basicScheme.isProxy());
+        Assert.assertEquals(basicScheme.isChallengeComplete(), authScheme.isChallengeComplete());
     }
 
 }



Mime
View raw message