hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jesse Docken (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HTTPCLIENT-1093) Digest authentication fails when connecting to IIS 7.5 with MD5-sess scheme
Date Wed, 18 May 2011 20:38:47 GMT
Digest authentication fails when connecting to IIS 7.5 with MD5-sess scheme
---------------------------------------------------------------------------

                 Key: HTTPCLIENT-1093
                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1093
             Project: HttpComponents HttpClient
          Issue Type: Bug
          Components: HttpClient
    Affects Versions: 4.1.1
         Environment: Windows Server 2008 R2 Standard Edition SP1 (64-bit Intel)
Java Runtime Environment 1.6.0_24
Localhost proxy on port 8888
            Reporter: Jesse Docken


I have the web server configured to authenticate on Digest using md5-sess over the local AD.
 I'm running Fiddler in the background, which creates a localhost proxy on port 8888.  When
I authenticate into the server using Firefox, it generates the response code properly and
can access the server.  However, when I attempt to connect with HttpClient it always receives
a 401 response from the server.  Upon investigation, it appears that Firefox generates the
response differently than HttpClient does.

The following code creates the same response that Firefox generates and returns to the server:

public static void main (String args[]) throws Exception {
	MessageDigest md5 = MessageDigest.getInstance("md5");
	Charset utf8 = Charset.forName("UTF-8");
	byte[] HA2Input = "GET:/".getBytes(utf8);
	String nonce = "server-generated nonce";
	String cnonce = "random digits";
	String counter = "00000001";
	String qop = "auth";
	byte[] HA1Input = "user:realm:password".getBytes(utf8);
		
	byte[] HA1 = md5.digest(HA1Input);
	HA1 = md5.digest((ByteArrayToHex(HA1) + ":" + nonce + ":" + cnonce).getBytes(utf8));
	byte[] HA2 = md5.digest(HA2Input);
		
	byte[] ResponseInput = (ByteArrayToHex(HA1) + ":" + nonce + ":" + counter + ":" +
			cnonce + ":" + qop + ":" + ByteArrayToHex(HA2)).getBytes(utf8);
	
	byte[] Response = md5.digest(ResponseInput);
		
	System.out.println("Response: " + ByteArrayToHex(Response));
}
	
private static String ByteArrayToHex(byte[] bytes) {
	char[] hexArray = {'0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f'};
	char[] hexChars = new char[bytes.length * 2];
	int v;
	for ( int j = 0; j < bytes.length; j++ ) {
		v = bytes[j] & 0xFF;
		hexChars[j*2] = hexArray[v/16];
		hexChars[j*2 + 1] = hexArray[v%16];
	}
	return new String(hexChars);
}

Replacing the string constants with the proper values will generate the proper response result.
 When I use this code with the values that HttpClient generates, however, it fails.  Is there
a reason for this?

Also, here is the original code I used to connect to the server via HttpClient:
public static void main(String args[]) throws Exception {
	DefaultHttpClient httpclient = new DefaultHttpClient();
	HttpContext localContext = new BasicHttpContext();
	HttpHost target = new HttpHost("192.168.0.1", 80, "http");
	HttpHead httphead = new HttpHead("/"); 
	HttpHost proxy = new HttpHost("localhost", 8888);
	httpclient.getParams().setParameter(ConnRoutePNames.DEFAULT_PROXY, proxy);
	CredentialsProvider credsProvider = new BasicCredentialsProvider();
	credsProvider.setCredentials(AuthScope.ANY,
			new NTCredentials("user", "password", "workstation", ""));
	if (!new File(System.getenv("windir") + "\\krb5.ini").exists()) {
		List<String> authtypes = new ArrayList<String>();
		authtypes.add(AuthPolicy.NTLM);
		authtypes.add(AuthPolicy.DIGEST);
		authtypes.add(AuthPolicy.BASIC);
		httpclient.getParams().setParameter(AuthPNames.PROXY_AUTH_PREF,
				authtypes);
		httpclient.getParams().setParameter(AuthPNames.TARGET_AUTH_PREF,
				authtypes);
	}
	localContext.setAttribute(ClientContext.CREDS_PROVIDER, credsProvider);
	HttpResponse response = httpclient.execute(target, httphead, localContext);
	System.out.println("Response code: " + response.getStatusLine());   // Generates 401
	EntityUtils.consume(response.getEntity());
	HttpGet httpget = new HttpGet("/");
	response = httpclient.execute(target, httpget, localContext);
	System.out.println("Response code: " + response.getStatusLine());   // Generates 401
}

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message