hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oleg Kalnichevski (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HTTPCLIENT-1093) Digest authentication fails when connecting to IIS 7.5 with MD5-sess scheme
Date Wed, 18 May 2011 22:10:47 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1093?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13035782#comment-13035782
] 

Oleg Kalnichevski commented on HTTPCLIENT-1093:
-----------------------------------------------

I suspect this issue is a duplicate of HTTPCLIENT-1071. Do you get the same result executing
requests directly (without a proxy)?

Oleg 

> Digest authentication fails when connecting to IIS 7.5 with MD5-sess scheme
> ---------------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-1093
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1093
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 4.1.1
>         Environment: Windows Server 2008 R2 Standard Edition SP1 (64-bit Intel)
> Java Runtime Environment 1.6.0_24
> Localhost proxy on port 8888
>            Reporter: Jesse Docken
>
> I have the web server configured to authenticate on Digest using md5-sess over the local
AD.  I'm running Fiddler in the background, which creates a localhost proxy on port 8888.
 When I authenticate into the server using Firefox, it generates the response code properly
and can access the server.  However, when I attempt to connect with HttpClient it always receives
a 401 response from the server.  Upon investigation, it appears that Firefox generates the
response differently than HttpClient does.
> The following code creates the same response that Firefox generates and returns to the
server:
> public static void main (String args[]) throws Exception {
> 	MessageDigest md5 = MessageDigest.getInstance("md5");
> 	Charset utf8 = Charset.forName("UTF-8");
> 	byte[] HA2Input = "GET:/".getBytes(utf8);
> 	String nonce = "server-generated nonce";
> 	String cnonce = "random digits";
> 	String counter = "00000001";
> 	String qop = "auth";
> 	byte[] HA1Input = "user:realm:password".getBytes(utf8);
> 		
> 	byte[] HA1 = md5.digest(HA1Input);
> 	HA1 = md5.digest((ByteArrayToHex(HA1) + ":" + nonce + ":" + cnonce).getBytes(utf8));
> 	byte[] HA2 = md5.digest(HA2Input);
> 		
> 	byte[] ResponseInput = (ByteArrayToHex(HA1) + ":" + nonce + ":" + counter + ":" +
> 			cnonce + ":" + qop + ":" + ByteArrayToHex(HA2)).getBytes(utf8);
> 	
> 	byte[] Response = md5.digest(ResponseInput);
> 		
> 	System.out.println("Response: " + ByteArrayToHex(Response));
> }
> 	
> private static String ByteArrayToHex(byte[] bytes) {
> 	char[] hexArray = {'0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f'};
> 	char[] hexChars = new char[bytes.length * 2];
> 	int v;
> 	for ( int j = 0; j < bytes.length; j++ ) {
> 		v = bytes[j] & 0xFF;
> 		hexChars[j*2] = hexArray[v/16];
> 		hexChars[j*2 + 1] = hexArray[v%16];
> 	}
> 	return new String(hexChars);
> }
> Replacing the string constants with the proper values will generate the proper response
result.  When I use this code with the values that HttpClient generates, however, it fails.
 Is there a reason for this?
> Also, here is the original code I used to connect to the server via HttpClient:
> public static void main(String args[]) throws Exception {
> 	DefaultHttpClient httpclient = new DefaultHttpClient();
> 	HttpContext localContext = new BasicHttpContext();
> 	HttpHost target = new HttpHost("192.168.0.1", 80, "http");
> 	HttpHead httphead = new HttpHead("/"); 
> 	HttpHost proxy = new HttpHost("localhost", 8888);
> 	httpclient.getParams().setParameter(ConnRoutePNames.DEFAULT_PROXY, proxy);
> 	CredentialsProvider credsProvider = new BasicCredentialsProvider();
> 	credsProvider.setCredentials(AuthScope.ANY,
> 			new NTCredentials("user", "password", "workstation", ""));
> 	if (!new File(System.getenv("windir") + "\\krb5.ini").exists()) {
> 		List<String> authtypes = new ArrayList<String>();
> 		authtypes.add(AuthPolicy.NTLM);
> 		authtypes.add(AuthPolicy.DIGEST);
> 		authtypes.add(AuthPolicy.BASIC);
> 		httpclient.getParams().setParameter(AuthPNames.PROXY_AUTH_PREF,
> 				authtypes);
> 		httpclient.getParams().setParameter(AuthPNames.TARGET_AUTH_PREF,
> 				authtypes);
> 	}
> 	localContext.setAttribute(ClientContext.CREDS_PROVIDER, credsProvider);
> 	HttpResponse response = httpclient.execute(target, httphead, localContext);
> 	System.out.println("Response code: " + response.getStatusLine());   // Generates 401
> 	EntityUtils.consume(response.getEntity());
> 	HttpGet httpget = new HttpGet("/");
> 	response = httpclient.execute(target, httpget, localContext);
> 	System.out.println("Response code: " + response.getStatusLine());   // Generates 401
> }

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message