1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27 package org.apache.http.impl.client.integration;
28
29 import java.io.IOException;
30
31 import org.apache.http.HttpException;
32 import org.apache.http.HttpHeaders;
33 import org.apache.http.HttpHost;
34 import org.apache.http.HttpRequest;
35 import org.apache.http.HttpResponse;
36 import org.apache.http.HttpStatus;
37 import org.apache.http.HttpVersion;
38 import org.apache.http.auth.AuthScope;
39 import org.apache.http.auth.NTCredentials;
40 import org.apache.http.client.methods.HttpGet;
41 import org.apache.http.client.protocol.HttpClientContext;
42 import org.apache.http.impl.client.BasicCredentialsProvider;
43 import org.apache.http.impl.client.HttpClients;
44 import org.apache.http.localserver.LocalServerTestBase;
45 import org.apache.http.message.BasicStatusLine;
46 import org.apache.http.protocol.HttpContext;
47 import org.apache.http.protocol.HttpRequestHandler;
48 import org.apache.http.util.EntityUtils;
49 import org.junit.Assert;
50 import org.junit.Test;
51
52
53
54
55 public class TestClientAuthenticationFakeNTLM extends LocalServerTestBase {
56
57 static class NtlmResponseHandler implements HttpRequestHandler {
58
59 @Override
60 public void handle(
61 final HttpRequest request,
62 final HttpResponse response,
63 final HttpContext context) throws HttpException, IOException {
64 response.setStatusLine(new BasicStatusLine(
65 HttpVersion.HTTP_1_1,
66 HttpStatus.SC_UNAUTHORIZED,
67 "Authentication Required"));
68 response.setHeader("Connection", "Keep-Alive");
69 response.setHeader(HttpHeaders.WWW_AUTHENTICATE, "NTLM");
70 }
71 }
72
73 @Test
74 public void testNTLMAuthenticationFailure() throws Exception {
75 this.serverBootstrap.registerHandler("*", new NtlmResponseHandler());
76
77 final HttpHost target = start();
78
79 final BasicCredentialsProvider credsProvider = new BasicCredentialsProvider();
80 credsProvider.setCredentials(AuthScope.ANY,
81 new NTCredentials("test", "test", null, null));
82
83 this.httpclient = HttpClients.custom()
84 .setDefaultCredentialsProvider(credsProvider)
85 .build();
86
87 final HttpContext context = HttpClientContext.create();
88 final HttpGet httpget = new HttpGet("/");
89
90 final HttpResponse response = this.httpclient.execute(target, httpget, context);
91 EntityUtils.consume(response.getEntity());
92 Assert.assertEquals(HttpStatus.SC_UNAUTHORIZED,
93 response.getStatusLine().getStatusCode());
94 }
95
96 static class NtlmType2MessageResponseHandler implements HttpRequestHandler {
97
98 private final String authenticateHeaderValue;
99
100 public NtlmType2MessageResponseHandler(final String type2Message) {
101 this.authenticateHeaderValue = "NTLM " + type2Message;
102 }
103
104 @Override
105 public void handle(
106 final HttpRequest request,
107 final HttpResponse response,
108 final HttpContext context) throws HttpException, IOException {
109 response.setStatusLine(new BasicStatusLine(
110 HttpVersion.HTTP_1_1,
111 HttpStatus.SC_UNAUTHORIZED,
112 "Authentication Required"));
113 response.setHeader("Connection", "Keep-Alive");
114 if (!request.containsHeader(HttpHeaders.AUTHORIZATION)) {
115 response.setHeader(HttpHeaders.WWW_AUTHENTICATE, "NTLM");
116 } else {
117 response.setHeader(HttpHeaders.WWW_AUTHENTICATE, authenticateHeaderValue);
118 }
119 }
120 }
121
122 @Test
123 public void testNTLMv1Type2Message() throws Exception {
124 this.serverBootstrap.registerHandler("*", new NtlmType2MessageResponseHandler("TlRMTVNTUAACAA" +
125 "AADAAMADgAAAAzggLiASNFZ4mrze8AAAAAAAAAAAAAAAAAAAAABgBwFwAAAA9T" +
126 "AGUAcgB2AGUAcgA="));
127 final HttpHost target = start();
128
129 final BasicCredentialsProvider credsProvider = new BasicCredentialsProvider();
130 credsProvider.setCredentials(AuthScope.ANY,
131 new NTCredentials("test", "test", null, null));
132
133 this.httpclient = HttpClients.custom()
134 .setDefaultCredentialsProvider(credsProvider)
135 .build();
136
137 final HttpContext context = HttpClientContext.create();
138 final HttpGet httpget = new HttpGet("/");
139
140 final HttpResponse response = this.httpclient.execute(target, httpget, context);
141 EntityUtils.consume(response.getEntity());
142 Assert.assertEquals(HttpStatus.SC_UNAUTHORIZED,
143 response.getStatusLine().getStatusCode());
144 }
145
146 @Test
147 public void testNTLMv2Type2Message() throws Exception {
148 this.serverBootstrap.registerHandler("*", new NtlmType2MessageResponseHandler("TlRMTVNTUAACAA" +
149 "AADAAMADgAAAAzgoriASNFZ4mrze8AAAAAAAAAACQAJABEAAAABgBwFwAAAA9T" +
150 "AGUAcgB2AGUAcgACAAwARABvAG0AYQBpAG4AAQAMAFMAZQByAHYAZQByAAAAAAA="));
151 final HttpHost target = start();
152
153 final BasicCredentialsProvider credsProvider = new BasicCredentialsProvider();
154 credsProvider.setCredentials(AuthScope.ANY,
155 new NTCredentials("test", "test", null, null));
156
157 this.httpclient = HttpClients.custom()
158 .setDefaultCredentialsProvider(credsProvider)
159 .build();
160
161 final HttpContext context = HttpClientContext.create();
162 final HttpGet httpget = new HttpGet("/");
163
164 final HttpResponse response = this.httpclient.execute(target, httpget, context);
165 EntityUtils.consume(response.getEntity());
166 Assert.assertEquals(HttpStatus.SC_UNAUTHORIZED,
167 response.getStatusLine().getStatusCode());
168 }
169
170 static class NtlmType2MessageOnlyResponseHandler implements HttpRequestHandler {
171
172 private final String authenticateHeaderValue;
173
174 public NtlmType2MessageOnlyResponseHandler(final String type2Message) {
175 this.authenticateHeaderValue = "NTLM " + type2Message;
176 }
177
178 @Override
179 public void handle(
180 final HttpRequest request,
181 final HttpResponse response,
182 final HttpContext context) throws HttpException, IOException {
183 response.setStatusLine(new BasicStatusLine(
184 HttpVersion.HTTP_1_1,
185 HttpStatus.SC_UNAUTHORIZED,
186 "Authentication Required"));
187 response.setHeader("Connection", "Keep-Alive");
188 response.setHeader(HttpHeaders.WWW_AUTHENTICATE, authenticateHeaderValue);
189 }
190 }
191
192 @Test
193 public void testNTLMType2MessageOnlyAuthenticationFailure() throws Exception {
194 this.serverBootstrap.registerHandler("*", new NtlmType2MessageOnlyResponseHandler("TlRMTVNTUAACAA" +
195 "AADAAMADgAAAAzggLiASNFZ4mrze8AAAAAAAAAAAAAAAAAAAAABgBwFwAAAA9T" +
196 "AGUAcgB2AGUAcgA="));
197
198 final HttpHost target = start();
199
200 final HttpClientContext context = HttpClientContext.create();
201 final BasicCredentialsProvider credsProvider = new BasicCredentialsProvider();
202 credsProvider.setCredentials(AuthScope.ANY,
203 new NTCredentials("test", "test", null, null));
204 context.setCredentialsProvider(credsProvider);
205 final HttpGet httpget = new HttpGet("/");
206
207 final HttpResponse response = this.httpclient.execute(target, httpget, context);
208 EntityUtils.consume(response.getEntity());
209 Assert.assertEquals(HttpStatus.SC_UNAUTHORIZED,
210 response.getStatusLine().getStatusCode());
211 }
212
213 @Test
214 public void testNTLMType2NonUnicodeMessageOnlyAuthenticationFailure() throws Exception {
215 this.serverBootstrap.registerHandler("*", new NtlmType2MessageOnlyResponseHandler("TlRMTVNTUAACAA" +
216 "AABgAGADgAAAAyggLiASNFZ4mrze8AAAAAAAAAAAAAAAAAAAAABgBwFwAAAA9T" +
217 "ZXJ2ZXI="));
218
219 final HttpHost target = start();
220
221 final HttpClientContext context = HttpClientContext.create();
222 final BasicCredentialsProvider credsProvider = new BasicCredentialsProvider();
223 credsProvider.setCredentials(AuthScope.ANY,
224 new NTCredentials("test", "test", null, null));
225 context.setCredentialsProvider(credsProvider);
226 final HttpGet httpget = new HttpGet("/");
227
228 final HttpResponse response = this.httpclient.execute(target, httpget, context);
229 EntityUtils.consume(response.getEntity());
230 Assert.assertEquals(HttpStatus.SC_UNAUTHORIZED,
231 response.getStatusLine().getStatusCode());
232 }
233
234 }