1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27 package org.apache.http.impl.auth;
28
29 import java.io.IOException;
30
31 import org.apache.commons.logging.Log;
32 import org.apache.commons.logging.LogFactory;
33 import org.apache.http.Header;
34 import org.apache.http.HttpRequest;
35 import org.apache.http.auth.AuthenticationException;
36 import org.apache.http.auth.Credentials;
37 import org.apache.http.protocol.HttpContext;
38 import org.apache.http.util.Args;
39 import org.ietf.jgss.GSSException;
40 import org.ietf.jgss.Oid;
41
42
43
44
45
46
47
48
49
50 @Deprecated
51 public class NegotiateScheme extends GGSSchemeBase {
52
53 private final Log log = LogFactory.getLog(getClass());
54
55 private static final String SPNEGO_OID = "1.3.6.1.5.5.2";
56 private static final String KERBEROS_OID = "1.2.840.113554.1.2.2";
57
58 private final SpnegoTokenGenerator spengoGenerator;
59
60
61
62
63
64 public NegotiateScheme(final SpnegoTokenGenerator spengoGenerator, final boolean stripPort) {
65 super(stripPort);
66 this.spengoGenerator = spengoGenerator;
67 }
68
69 public NegotiateScheme(final SpnegoTokenGenerator spengoGenerator) {
70 this(spengoGenerator, false);
71 }
72
73 public NegotiateScheme() {
74 this(null, false);
75 }
76
77
78
79
80
81
82 @Override
83 public String getSchemeName() {
84 return "Negotiate";
85 }
86
87 @Override
88 public Header authenticate(
89 final Credentials credentials,
90 final HttpRequest request) throws AuthenticationException {
91 return authenticate(credentials, request, null);
92 }
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107 @Override
108 public Header authenticate(
109 final Credentials credentials,
110 final HttpRequest request,
111 final HttpContext context) throws AuthenticationException {
112 return super.authenticate(credentials, request, context);
113 }
114
115 @Override
116 protected byte[] generateToken(final byte[] input, final String authServer) throws GSSException {
117 return super.generateToken(input, authServer);
118 }
119
120 @Override
121 protected byte[] generateToken(final byte[] input, final String authServer, final Credentials credentials) throws GSSException {
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137 Oid negotiationOid = new Oid(SPNEGO_OID);
138
139 byte[] token = input;
140 boolean tryKerberos = false;
141 try {
142 token = generateGSSToken(token, negotiationOid, authServer, credentials);
143 } catch (final GSSException ex){
144
145
146 if (ex.getMajor() == GSSException.BAD_MECH ){
147 log.debug("GSSException BAD_MECH, retry with Kerberos MECH");
148 tryKerberos = true;
149 } else {
150 throw ex;
151 }
152
153 }
154 if (tryKerberos){
155
156 log.debug("Using Kerberos MECH " + KERBEROS_OID);
157 negotiationOid = new Oid(KERBEROS_OID);
158 token = generateGSSToken(token, negotiationOid, authServer, credentials);
159
160
161
162
163
164 if (token != null && spengoGenerator != null) {
165 try {
166 token = spengoGenerator.generateSpnegoDERObject(token);
167 } catch (final IOException ex) {
168 log.error(ex.getMessage(), ex);
169 }
170 }
171 }
172 return token;
173 }
174
175
176
177
178
179
180
181
182
183
184
185 @Override
186 public String getParameter(final String name) {
187 Args.notNull(name, "Parameter name");
188 return null;
189 }
190
191
192
193
194
195
196
197 @Override
198 public String getRealm() {
199 return null;
200 }
201
202
203
204
205
206
207
208 @Override
209 public boolean isConnectionBased() {
210 return true;
211 }
212
213 }