Return-Path: X-Original-To: apmail-hc-commits-archive@www.apache.org Delivered-To: apmail-hc-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id B35B918F33 for ; Fri, 15 Jan 2016 16:37:52 +0000 (UTC) Received: (qmail 81259 invoked by uid 500); 15 Jan 2016 16:37:52 -0000 Delivered-To: apmail-hc-commits-archive@hc.apache.org Received: (qmail 81219 invoked by uid 500); 15 Jan 2016 16:37:52 -0000 Mailing-List: contact commits-help@hc.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "HttpComponents Project" Delivered-To: mailing list commits@hc.apache.org Received: (qmail 81210 invoked by uid 99); 15 Jan 2016 16:37:52 -0000 Received: from Unknown (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 15 Jan 2016 16:37:52 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id 289411A0115 for ; Fri, 15 Jan 2016 16:37:52 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.246 X-Spam-Level: * X-Spam-Status: No, score=1.246 tagged_above=-999 required=6.31 tests=[KAM_ASCII_DIVIDERS=0.8, KAM_LAZY_DOMAIN_SECURITY=1, RP_MATCHES_RCVD=-0.554] autolearn=disabled Received: from mx1-eu-west.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id G4mcT6Lhgkvr for ; Fri, 15 Jan 2016 16:37:50 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-eu-west.apache.org (ASF Mail Server at mx1-eu-west.apache.org) with ESMTP id B163A31AC4 for ; Fri, 15 Jan 2016 16:37:49 +0000 (UTC) Received: from svn01-us-west.apache.org (svn.apache.org [10.41.0.6]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id BC5B7E0239 for ; Fri, 15 Jan 2016 16:37:48 +0000 (UTC) Received: from svn01-us-west.apache.org (localhost [127.0.0.1]) by svn01-us-west.apache.org (ASF Mail Server at svn01-us-west.apache.org) with ESMTP id B74C23A0069 for ; Fri, 15 Jan 2016 16:37:48 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1724851 - in /httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth: GGSSchemeBase.java KerberosScheme.java SPNegoScheme.java Date: Fri, 15 Jan 2016 16:37:48 -0000 To: commits@hc.apache.org From: olegk@apache.org X-Mailer: svnmailer-1.0.9 Message-Id: <20160115163748.B74C23A0069@svn01-us-west.apache.org> Author: olegk Date: Fri Jan 15 16:37:48 2016 New Revision: 1724851 URL: http://svn.apache.org/viewvc?rev=1724851&view=rev Log: HTTPCLIENT-1712: SPNego schemes to take service scheme into account when generating auth token Contributed by Georg Romstorfer Modified: httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/GGSSchemeBase.java httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/KerberosScheme.java httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/SPNegoScheme.java Modified: httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/GGSSchemeBase.java URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/GGSSchemeBase.java?rev=1724851&r1=1724850&r2=1724851&view=diff ============================================================================== --- httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/GGSSchemeBase.java (original) +++ httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/GGSSchemeBase.java Fri Jan 15 16:37:48 2016 @@ -28,6 +28,7 @@ package org.apache.http.impl.auth; import java.net.UnknownHostException; import java.security.Principal; +import java.util.Locale; import org.apache.commons.codec.binary.Base64; import org.apache.commons.logging.Log; @@ -129,13 +130,14 @@ public abstract class GGSSchemeBase impl /** * @since 4.4 */ - protected byte[] generateGSSToken(final byte[] input, final Oid oid, final String authServer) throws GSSException { + protected byte[] generateGSSToken( + final byte[] input, final Oid oid, final String serviceName, final String authServer) throws GSSException { byte[] inputBuff = input; if (inputBuff == null) { inputBuff = new byte[0]; } final GSSManager manager = getManager(); - final GSSName serverName = manager.createName("HTTP@" + authServer, GSSName.NT_HOSTBASED_SERVICE); + final GSSName serverName = manager.createName(serviceName + "@" + authServer, GSSName.NT_HOSTBASED_SERVICE); final GSSContext gssContext = manager.createContext( serverName.canonicalize(oid), oid, gssCredential, GSSContext.DEFAULT_LIFETIME); @@ -147,7 +149,7 @@ public abstract class GGSSchemeBase impl /** * @since 4.4 */ - protected abstract byte[] generateToken(byte[] input, String authServer) throws GSSException; + protected abstract byte[] generateToken(byte[] input, String serviceName, String authServer) throws GSSException; @Override public boolean isChallengeComplete() { @@ -204,11 +206,12 @@ public abstract class GGSSchemeBase impl } else { authServer = hostname + ":" + host.getPort(); } + final String serviceName = host.getSchemeName().toUpperCase(Locale.ROOT); if (log.isDebugEnabled()) { log.debug("init " + authServer); } - token = generateToken(token, authServer); + token = generateToken(token, serviceName, authServer); state = State.TOKEN_GENERATED; } catch (final GSSException gsse) { state = State.FAILED; Modified: httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/KerberosScheme.java URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/KerberosScheme.java?rev=1724851&r1=1724850&r2=1724851&view=diff ============================================================================== --- httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/KerberosScheme.java (original) +++ httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/KerberosScheme.java Fri Jan 15 16:37:48 2016 @@ -62,8 +62,8 @@ public class KerberosScheme extends GGSS } @Override - protected byte[] generateToken(final byte[] input, final String authServer) throws GSSException { - return generateGSSToken(input, new Oid(KERBEROS_OID), authServer); + protected byte[] generateToken(final byte[] input, final String serviceName, final String authServer) throws GSSException { + return generateGSSToken(input, new Oid(KERBEROS_OID), serviceName, authServer); } @Override Modified: httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/SPNegoScheme.java URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/SPNegoScheme.java?rev=1724851&r1=1724850&r2=1724851&view=diff ============================================================================== --- httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/SPNegoScheme.java (original) +++ httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/SPNegoScheme.java Fri Jan 15 16:37:48 2016 @@ -63,8 +63,8 @@ public class SPNegoScheme extends GGSSch } @Override - protected byte[] generateToken(final byte[] input, final String authServer) throws GSSException { - return generateGSSToken(input, new Oid(SPNEGO_OID), authServer); + protected byte[] generateToken(final byte[] input, final String serviceName, final String authServer) throws GSSException { + return generateGSSToken(input, new Oid(SPNEGO_OID), serviceName, authServer); } @Override