View Javadoc
1   /*
2    * ====================================================================
3    * Licensed to the Apache Software Foundation (ASF) under one
4    * or more contributor license agreements.  See the NOTICE file
5    * distributed with this work for additional information
6    * regarding copyright ownership.  The ASF licenses this file
7    * to you under the Apache License, Version 2.0 (the
8    * "License"); you may not use this file except in compliance
9    * with the License.  You may obtain a copy of the License at
10   *
11   *   http://www.apache.org/licenses/LICENSE-2.0
12   *
13   * Unless required by applicable law or agreed to in writing,
14   * software distributed under the License is distributed on an
15   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
16   * KIND, either express or implied.  See the License for the
17   * specific language governing permissions and limitations
18   * under the License.
19   * ====================================================================
20   *
21   * This software consists of voluntary contributions made by many
22   * individuals on behalf of the Apache Software Foundation.  For more
23   * information on the Apache Software Foundation, please see
24   * <http://www.apache.org/>.
25   *
26   */
27  package org.apache.http.impl.client.integration;
28  
29  import java.io.IOException;
30  
31  import org.apache.http.HttpException;
32  import org.apache.http.HttpHeaders;
33  import org.apache.http.HttpHost;
34  import org.apache.http.HttpRequest;
35  import org.apache.http.HttpResponse;
36  import org.apache.http.HttpStatus;
37  import org.apache.http.HttpVersion;
38  import org.apache.http.auth.AuthScope;
39  import org.apache.http.auth.NTCredentials;
40  import org.apache.http.client.methods.HttpGet;
41  import org.apache.http.client.protocol.HttpClientContext;
42  import org.apache.http.impl.client.BasicCredentialsProvider;
43  import org.apache.http.impl.client.HttpClients;
44  import org.apache.http.localserver.LocalServerTestBase;
45  import org.apache.http.message.BasicStatusLine;
46  import org.apache.http.protocol.HttpContext;
47  import org.apache.http.protocol.HttpRequestHandler;
48  import org.apache.http.util.EntityUtils;
49  import org.junit.Assert;
50  import org.junit.Test;
51  
52  /**
53   * Unit tests for some of the NTLM auth functionality..
54   */
55  public class TestClientAuthenticationFakeNTLM extends LocalServerTestBase {
56  
57      static class NtlmResponseHandler implements HttpRequestHandler {
58  
59          @Override
60          public void handle(
61                  final HttpRequest request,
62                  final HttpResponse response,
63                  final HttpContext context) throws HttpException, IOException {
64              response.setStatusLine(new BasicStatusLine(
65                      HttpVersion.HTTP_1_1,
66                      HttpStatus.SC_UNAUTHORIZED,
67                      "Authentication Required"));
68              response.setHeader("Connection", "Keep-Alive");
69              response.setHeader(HttpHeaders.WWW_AUTHENTICATE, "NTLM");
70          }
71      }
72  
73      @Test
74      public void testNTLMAuthenticationFailure() throws Exception {
75          this.serverBootstrap.registerHandler("*", new NtlmResponseHandler());
76  
77          final HttpHost target = start();
78  
79          final BasicCredentialsProvider credsProvider = new BasicCredentialsProvider();
80          credsProvider.setCredentials(AuthScope.ANY,
81                  new NTCredentials("test", "test", null, null));
82  
83          this.httpclient = HttpClients.custom()
84                  .setDefaultCredentialsProvider(credsProvider)
85                  .build();
86  
87          final HttpContext context = HttpClientContext.create();
88          final HttpGet httpget = new HttpGet("/");
89  
90          final HttpResponse response = this.httpclient.execute(target, httpget, context);
91          EntityUtils.consume(response.getEntity());
92          Assert.assertEquals(HttpStatus.SC_UNAUTHORIZED,
93                  response.getStatusLine().getStatusCode());
94      }
95  
96      static class NtlmType2MessageResponseHandler implements HttpRequestHandler {
97  
98          private final String authenticateHeaderValue;
99  
100         public NtlmType2MessageResponseHandler(final String type2Message) {
101             this.authenticateHeaderValue = "NTLM " + type2Message;
102         }
103 
104         @Override
105         public void handle(
106                 final HttpRequest request,
107                 final HttpResponse response,
108                 final HttpContext context) throws HttpException, IOException {
109             response.setStatusLine(new BasicStatusLine(
110                     HttpVersion.HTTP_1_1,
111                     HttpStatus.SC_UNAUTHORIZED,
112                     "Authentication Required"));
113             response.setHeader("Connection", "Keep-Alive");
114             if (!request.containsHeader(HttpHeaders.AUTHORIZATION)) {
115                 response.setHeader(HttpHeaders.WWW_AUTHENTICATE, "NTLM");
116             } else {
117                 response.setHeader(HttpHeaders.WWW_AUTHENTICATE, authenticateHeaderValue);
118             }
119         }
120     }
121 
122     @Test
123     public void testNTLMv1Type2Message() throws Exception {
124         this.serverBootstrap.registerHandler("*", new NtlmType2MessageResponseHandler("TlRMTVNTUAACAA" +
125                 "AADAAMADgAAAAzggLiASNFZ4mrze8AAAAAAAAAAAAAAAAAAAAABgBwFwAAAA9T" +
126                 "AGUAcgB2AGUAcgA="));
127         final HttpHost target = start();
128 
129         final BasicCredentialsProvider credsProvider = new BasicCredentialsProvider();
130         credsProvider.setCredentials(AuthScope.ANY,
131                 new NTCredentials("test", "test", null, null));
132 
133         this.httpclient = HttpClients.custom()
134                 .setDefaultCredentialsProvider(credsProvider)
135                 .build();
136 
137         final HttpContext context = HttpClientContext.create();
138         final HttpGet httpget = new HttpGet("/");
139 
140         final HttpResponse response = this.httpclient.execute(target, httpget, context);
141         EntityUtils.consume(response.getEntity());
142         Assert.assertEquals(HttpStatus.SC_UNAUTHORIZED,
143                 response.getStatusLine().getStatusCode());
144     }
145 
146     @Test
147     public void testNTLMv2Type2Message() throws Exception {
148         this.serverBootstrap.registerHandler("*", new NtlmType2MessageResponseHandler("TlRMTVNTUAACAA" +
149                 "AADAAMADgAAAAzgoriASNFZ4mrze8AAAAAAAAAACQAJABEAAAABgBwFwAAAA9T" +
150                 "AGUAcgB2AGUAcgACAAwARABvAG0AYQBpAG4AAQAMAFMAZQByAHYAZQByAAAAAAA="));
151         final HttpHost target = start();
152 
153         final BasicCredentialsProvider credsProvider = new BasicCredentialsProvider();
154         credsProvider.setCredentials(AuthScope.ANY,
155                 new NTCredentials("test", "test", null, null));
156 
157         this.httpclient = HttpClients.custom()
158                 .setDefaultCredentialsProvider(credsProvider)
159                 .build();
160 
161         final HttpContext context = HttpClientContext.create();
162         final HttpGet httpget = new HttpGet("/");
163 
164         final HttpResponse response = this.httpclient.execute(target, httpget, context);
165         EntityUtils.consume(response.getEntity());
166         Assert.assertEquals(HttpStatus.SC_UNAUTHORIZED,
167                 response.getStatusLine().getStatusCode());
168     }
169 
170     static class NtlmType2MessageOnlyResponseHandler implements HttpRequestHandler {
171 
172         private final String authenticateHeaderValue;
173 
174         public NtlmType2MessageOnlyResponseHandler(final String type2Message) {
175             this.authenticateHeaderValue = "NTLM " + type2Message;
176         }
177 
178         @Override
179         public void handle(
180                 final HttpRequest request,
181                 final HttpResponse response,
182                 final HttpContext context) throws HttpException, IOException {
183             response.setStatusLine(new BasicStatusLine(
184                     HttpVersion.HTTP_1_1,
185                     HttpStatus.SC_UNAUTHORIZED,
186                     "Authentication Required"));
187             response.setHeader("Connection", "Keep-Alive");
188             response.setHeader(HttpHeaders.WWW_AUTHENTICATE, authenticateHeaderValue);
189         }
190     }
191 
192     @Test
193     public void testNTLMType2MessageOnlyAuthenticationFailure() throws Exception {
194         this.serverBootstrap.registerHandler("*", new NtlmType2MessageOnlyResponseHandler("TlRMTVNTUAACAA" +
195                 "AADAAMADgAAAAzggLiASNFZ4mrze8AAAAAAAAAAAAAAAAAAAAABgBwFwAAAA9T" +
196                 "AGUAcgB2AGUAcgA="));
197 
198         final HttpHost target = start();
199 
200         final HttpClientContext context = HttpClientContext.create();
201         final BasicCredentialsProvider credsProvider = new BasicCredentialsProvider();
202         credsProvider.setCredentials(AuthScope.ANY,
203                 new NTCredentials("test", "test", null, null));
204         context.setCredentialsProvider(credsProvider);
205         final HttpGet httpget = new HttpGet("/");
206 
207         final HttpResponse response = this.httpclient.execute(target, httpget, context);
208         EntityUtils.consume(response.getEntity());
209         Assert.assertEquals(HttpStatus.SC_UNAUTHORIZED,
210                 response.getStatusLine().getStatusCode());
211     }
212 
213     @Test
214     public void testNTLMType2NonUnicodeMessageOnlyAuthenticationFailure() throws Exception {
215         this.serverBootstrap.registerHandler("*", new NtlmType2MessageOnlyResponseHandler("TlRMTVNTUAACAA" +
216                 "AABgAGADgAAAAyggLiASNFZ4mrze8AAAAAAAAAAAAAAAAAAAAABgBwFwAAAA9T" +
217                 "ZXJ2ZXI="));
218 
219         final HttpHost target = start();
220 
221         final HttpClientContext context = HttpClientContext.create();
222         final BasicCredentialsProvider credsProvider = new BasicCredentialsProvider();
223         credsProvider.setCredentials(AuthScope.ANY,
224                 new NTCredentials("test", "test", null, null));
225         context.setCredentialsProvider(credsProvider);
226         final HttpGet httpget = new HttpGet("/");
227 
228         final HttpResponse response = this.httpclient.execute(target, httpget, context);
229         EntityUtils.consume(response.getEntity());
230         Assert.assertEquals(HttpStatus.SC_UNAUTHORIZED,
231                 response.getStatusLine().getStatusCode());
232     }
233 
234 }