1 /*
2 * $Header: /home/cvs/jakarta-commons/httpclient/src/test/org/apache/commons/httpclient/TestAuthenticator.java,v 1.25.2.5 2003/11/24 08:48:25 oglueck Exp $
3 * $Revision: 1.25.2.5 $
4 * $Date: 2003/11/24 08:48:25 $
5 * ====================================================================
6 *
7 * The Apache Software License, Version 1.1
8 *
9 * Copyright (c) 1999-2003 The Apache Software Foundation. All rights
10 * reserved.
11 *
12 * Redistribution and use in source and binary forms, with or without
13 * modification, are permitted provided that the following conditions
14 * are met:
15 *
16 * 1. Redistributions of source code must retain the above copyright
17 * notice, this list of conditions and the following disclaimer.
18 *
19 * 2. Redistributions in binary form must reproduce the above copyright
20 * notice, this list of conditions and the following disclaimer in
21 * the documentation and/or other materials provided with the
22 * distribution.
23 *
24 * 3. The end-user documentation included with the redistribution, if
25 * any, must include the following acknowlegement:
26 * "This product includes software developed by the
27 * Apache Software Foundation (http://www.apache.org/)."
28 * Alternately, this acknowlegement may appear in the software itself,
29 * if and wherever such third-party acknowlegements normally appear.
30 *
31 * 4. The names "The Jakarta Project", "Tomcat", and "Apache Software
32 * Foundation" must not be used to endorse or promote products derived
33 * from this software without prior written permission. For written
34 * permission, please contact apache@apache.org.
35 *
36 * 5. Products derived from this software may not be called "Apache"
37 * nor may "Apache" appear in their names without prior written
38 * permission of the Apache Group.
39 *
40 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
41 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
42 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
43 * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
46 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
47 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
48 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
49 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
50 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This software consists of voluntary contributions made by many
55 * individuals on behalf of the Apache Software Foundation. For more
56 * information on the Apache Software Foundation, please see
57 * <http://www.apache.org/>.
58 *
59 * [Additional notices, if required by prior licensing conditions]
60 *
61 */
62
63 package org.apache.commons.httpclient;
64
65 import junit.framework.Test;
66 import junit.framework.TestCase;
67 import junit.framework.TestSuite;
68
69 import java.util.Hashtable;
70 import java.util.StringTokenizer;
71 import org.apache.commons.httpclient.auth.*;
72 import org.apache.commons.httpclient.util.Base64;
73
74 /***
75 * Unit tests for {@link Authenticator}.
76 *
77 * @author Rodney Waldhoff
78 * @author <a href="mailto:jsdever@apache.org">Jeff Dever</a>
79 * @version $Id: TestAuthenticator.java,v 1.25.2.5 2003/11/24 08:48:25 oglueck Exp $
80 */
81 public class TestAuthenticator extends TestCase {
82
83 // ------------------------------------------------------------ Constructor
84 public TestAuthenticator(String testName) {
85 super(testName);
86 }
87
88 // ------------------------------------------------------------------- Main
89 public static void main(String args[]) {
90 String[] testCaseName = { TestAuthenticator.class.getName() };
91 junit.textui.TestRunner.main(testCaseName);
92 }
93
94 // ------------------------------------------------------- Utility Methods
95
96 private void checkAuthorization(UsernamePasswordCredentials cred, String methodName, String auth) throws Exception {
97 Hashtable table = new Hashtable();
98 StringTokenizer tokenizer = new StringTokenizer(auth, ",=\"");
99 while(tokenizer.hasMoreTokens()){
100 String key = null;
101 String value = null;
102 if(tokenizer.hasMoreTokens())
103 key = tokenizer.nextToken();
104 if(tokenizer.hasMoreTokens()) {
105 value = tokenizer.nextToken();
106 assertFalse("Value of "+key+" was \"null\"", "null".equals(value));
107 }
108 if(key != null && value != null){
109 table.put(key.trim(),value.trim());
110 }
111 }
112 String response = (String) table.get("response");
113 table.put( "methodname", methodName );
114 //System.out.println(auth);
115 String digest = DigestScheme.createDigest(cred.getUserName(),cred.getPassword(), table);
116 assertEquals(response, digest);
117 }
118
119
120 // ------------------------------------------------------- TestCase Methods
121
122 public static Test suite() {
123 return new TestSuite(TestAuthenticator.class);
124 }
125
126
127 // ---------------------------------- Test Methods for BasicScheme Authentication
128
129 public void testBasicAuthenticationWithNoCreds() {
130 String challenge = "Basic realm=\"realm1\"";
131 HttpState state = new HttpState();
132 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
133 try {
134 AuthScheme authscheme = new BasicScheme(challenge);
135 HttpAuthenticator.authenticate(authscheme, method, null, state);
136 fail("Should have thrown HttpException");
137 } catch(HttpException e) {
138 // expected
139 }
140 }
141
142 public void testBasicAuthenticationWithNoRealm() {
143 String challenge = "Basic";
144 HttpState state = new HttpState();
145 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
146 try {
147 AuthScheme authscheme = new BasicScheme(challenge);
148 HttpAuthenticator.authenticate(authscheme, method, null, state);
149 fail("Should have thrown HttpException");
150 } catch(HttpException e) {
151 // expected
152 }
153 }
154
155 public void testBasicAuthenticationWithNoRealm2() {
156 String challenge = "Basic ";
157 HttpState state = new HttpState();
158 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
159 try {
160 AuthScheme authscheme = new BasicScheme(challenge);
161 HttpAuthenticator.authenticate(authscheme, method, null, state);
162 fail("Should have thrown HttpException");
163 } catch(HttpException e) {
164 // expected
165 }
166 }
167
168 public void testBasicAuthenticationWithNullHttpState() throws Exception {
169 String challenge = "Basic realm=\"realm1\"";
170 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
171 try {
172 AuthScheme authscheme = new BasicScheme(challenge);
173 HttpAuthenticator.authenticate(authscheme, method, null, null);
174 fail("Should have thrown IllegalArgumentException");
175 } catch(IllegalArgumentException e) {
176 // expected
177 }
178 }
179
180 public void testInvalidAuthenticationScheme() throws Exception {
181 String challenge = "invalid realm=\"realm1\"";
182 try{
183 HttpAuthenticator.selectAuthScheme(
184 new Header[] { new Header("WWW-Authenticate", challenge) });
185 fail("Should have thrown UnsupportedOperationException");
186 }catch (UnsupportedOperationException uoe){
187 // expected
188 }
189 }
190
191 public void testBasicAuthenticationCaseInsensitivity() throws Exception {
192 String challenge = "bAsIc ReAlM=\"realm1\"";
193 HttpState state = new HttpState();
194 state.setCredentials(null, null, new UsernamePasswordCredentials("username","password"));
195 HttpMethod method = new SimpleHttpMethod(new Header("WwW-AuThEnTiCaTe", challenge));
196 AuthScheme authscheme = new BasicScheme(challenge);
197 assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state));
198 assertTrue(null != method.getRequestHeader("Authorization"));
199 String expected = "Basic " + HttpConstants.getString(Base64.encode(HttpConstants.getBytes("username:password")));
200 assertEquals(expected,method.getRequestHeader("Authorization").getValue());
201 }
202
203
204 public void testBasicAuthenticationWithDefaultCreds() throws Exception {
205 HttpState state = new HttpState();
206 state.setCredentials(null, null, new UsernamePasswordCredentials("username","password"));
207 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate","Basic realm=\"realm1\""));
208 assertTrue(HttpAuthenticator.authenticateDefault(method, null, state));
209 assertTrue(null != method.getRequestHeader("Authorization"));
210 String expected = "Basic " + HttpConstants.getString(Base64.encode(HttpConstants.getBytes("username:password")));
211 assertEquals(expected,method.getRequestHeader("Authorization").getValue());
212 }
213
214 public void testBasicAuthentication() throws Exception {
215 String challenge = "Basic realm=\"realm\"";
216 HttpState state = new HttpState();
217 state.setCredentials("realm", null, new UsernamePasswordCredentials("username","password"));
218 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
219 AuthScheme authscheme = new BasicScheme(challenge);
220 assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state));
221 assertTrue(null != method.getRequestHeader("Authorization"));
222 String expected = "Basic " + HttpConstants.getString(Base64.encode(HttpConstants.getBytes("username:password")));
223 assertEquals(expected,method.getRequestHeader("Authorization").getValue());
224 }
225
226 public void testBasicAuthenticationWith88591Chars() throws Exception {
227 int[] germanChars = { 0xE4, 0x2D, 0xF6, 0x2D, 0xFc };
228 StringBuffer buffer = new StringBuffer();
229 for (int i = 0; i < germanChars.length; i++) {
230 buffer.append((char)germanChars[i]);
231 }
232
233 UsernamePasswordCredentials credentials = new UsernamePasswordCredentials("dh", buffer.toString());
234 assertEquals("Basic ZGg65C32Lfw=", BasicScheme.authenticate(credentials));
235 }
236
237 public void testBasicAuthenticationWithMutlipleRealms() throws Exception {
238 String challenge1 = "Basic realm=\"realm1\"";
239 String challenge2 = "Basic realm=\"realm2\"";
240 HttpState state = new HttpState();
241 state.setCredentials("realm1", null, new UsernamePasswordCredentials("username","password"));
242 state.setCredentials("realm2", null, new UsernamePasswordCredentials("uname2","password2"));
243 AuthScheme authscheme1 = new BasicScheme(challenge1);
244 AuthScheme authscheme2 = new BasicScheme(challenge2);
245 {
246 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate",challenge1));
247 assertTrue(HttpAuthenticator.authenticate(authscheme1, method, null, state));
248 assertTrue(null != method.getRequestHeader("Authorization"));
249 String expected = "Basic " + HttpConstants.getString(Base64.encode(HttpConstants.getBytes("username:password")));
250 assertEquals(expected,method.getRequestHeader("Authorization").getValue());
251 }
252 {
253 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge2));
254 assertTrue(HttpAuthenticator.authenticate(authscheme2, method, null, state));
255 assertTrue(null != method.getRequestHeader("Authorization"));
256 String expected = "Basic " + HttpConstants.getString(Base64.encode(HttpConstants.getBytes("uname2:password2")));
257 assertEquals(expected,method.getRequestHeader("Authorization").getValue());
258 }
259 }
260
261 public void testPreemptiveAuthorizationTrueNoCreds() throws Exception {
262 HttpState state = new HttpState();
263 HttpMethod method = new SimpleHttpMethod();
264
265 state.setAuthenticationPreemptive(true);
266 assertTrue(!HttpAuthenticator.authenticateDefault(method, null, state));
267 assertTrue(null == method.getRequestHeader("Authorization"));
268 }
269
270 public void testPreemptiveAuthorizationTrueWithCreds() throws Exception {
271 HttpState state = new HttpState();
272 HttpMethod method = new SimpleHttpMethod();
273 state.setCredentials(null, null, new UsernamePasswordCredentials("username","password"));
274
275 state.setAuthenticationPreemptive(true);
276 assertTrue(HttpAuthenticator.authenticateDefault(method, null, state));
277 assertTrue(null != method.getRequestHeader("Authorization"));
278 String expected = "Basic " + HttpConstants.getString(Base64.encode(HttpConstants.getBytes("username:password")));
279 assertEquals(expected, method.getRequestHeader("Authorization").getValue());
280 }
281
282 // --------------------------------- Test Methods for DigestScheme Authentication
283
284 public void testDigestAuthenticationWithNoCreds() {
285 String challenge = "Digest realm=\"realm1\", nonce=\"ABC123\"";
286 HttpState state = new HttpState();
287 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
288 try {
289 AuthScheme authscheme = new DigestScheme(challenge);
290 HttpAuthenticator.authenticate(authscheme, method, null, state);
291 fail("Should have thrown HttpException");
292 } catch(HttpException e) {
293 // expected
294 }
295 }
296
297 public void testDigestAuthenticationWithNoRealm() {
298 String challenge = "Digest";
299 try {
300 AuthScheme authscheme = new DigestScheme(challenge);
301 authscheme.hashCode(); //quiet Eclipse compiler
302 fail("Should have thrown HttpException");
303 } catch(MalformedChallengeException e) {
304 // expected
305 }
306 }
307
308 public void testDigestAuthenticationWithNoRealm2() {
309 String challenge = "Digest ";
310 try {
311 AuthScheme authscheme = new DigestScheme(challenge);
312 authscheme.hashCode(); //quiet Eclipse compiler
313 fail("Should have thrown HttpException");
314 } catch(MalformedChallengeException e) {
315 // expected
316 }
317 }
318
319 public void testDigestAuthenticationWithNullHttpState() throws Exception {
320 String challenge = "Digest realm=\"realm1\", nonce=\"ABC123\"";
321 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
322 try {
323 AuthScheme authscheme = new DigestScheme(challenge);
324 HttpAuthenticator.authenticate(authscheme, method, null, null);
325 fail("Should have thrown IllegalArgumentException");
326 } catch(IllegalArgumentException e) {
327 // expected
328 }
329 }
330
331 public void testDigestAuthenticationCaseInsensitivity() throws Exception {
332 String challenge = "dIgEsT ReAlM=\"realm1\", nONce=\"ABC123\"";
333 HttpState state = new HttpState();
334 UsernamePasswordCredentials cred = new UsernamePasswordCredentials("username","password");
335 state.setCredentials(null, null, cred);
336 HttpMethod method = new SimpleHttpMethod(new Header("WwW-AuThEnTiCaTe", challenge));
337 AuthScheme authscheme = new DigestScheme(challenge);
338 assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state));
339 assertTrue(null != method.getRequestHeader("Authorization"));
340 }
341
342
343 public void testDigestAuthenticationWithDefaultCreds() throws Exception {
344 String challenge = "Digest realm=\"realm1\", nonce=\"ABC123\"";
345 HttpState state = new HttpState();
346 UsernamePasswordCredentials cred = new UsernamePasswordCredentials("username","password");
347 state.setCredentials(null, null, cred);
348 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
349 AuthScheme authscheme = new DigestScheme(challenge);
350 assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state));
351 assertTrue(null != method.getRequestHeader("Authorization"));
352 checkAuthorization(cred, method.getName(), method.getRequestHeader("Authorization").getValue());
353 }
354
355 public void testDigestAuthentication() throws Exception {
356 String challenge = "Digest realm=\"realm1\", nonce=\"ABC123\"";
357 HttpState state = new HttpState();
358 UsernamePasswordCredentials cred = new UsernamePasswordCredentials("username","password");
359 state.setCredentials(null, null, cred);
360 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
361 AuthScheme authscheme = new DigestScheme(challenge);
362 assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state));
363 assertTrue(null != method.getRequestHeader("Authorization"));
364 checkAuthorization(cred, method.getName(), method.getRequestHeader("Authorization").getValue());
365 }
366
367 public void testDigestAuthenticationWithStaleNonce() throws Exception {
368
369 String headers =
370 "HTTP/1.1 401 OK\r\n" +
371 "Connection: close\r\n" +
372 "Content-Length: 0\r\n" +
373 "WWW-Authenticate: Digest realm=\"realm1\", nonce=\"ABC123\"\r\n";
374 String headers2 =
375 "HTTP/1.1 401 OK\r\n" +
376 "Connection: close\r\n" +
377 "Content-Length: 0\r\n" +
378 "WWW-Authenticate: Digest realm=\"realm1\", nonce=\"321CBA\", stale=\"true\"\r\n";
379 String headers3 =
380 "HTTP/1.1 200 OK\r\n" +
381 "Connection: close\r\n" +
382 "Server: HttpClient Test/2.0\r\n\r\n" +
383 "stuff\r\n";
384
385 SimpleHttpConnection conn = new SimpleHttpConnection();
386
387 conn.addResponse(headers);
388 conn.addResponse(headers2);
389 conn.addResponse(headers3);
390 HttpState state = new HttpState();
391 UsernamePasswordCredentials cred = new UsernamePasswordCredentials("username","password");
392 state.setCredentials(null, null, cred);
393
394 SimpleHttpMethod method = new SimpleHttpMethod();
395 method.setDoAuthentication(true);
396 assertEquals("Authentication failed", 200, method.execute(state, conn));
397 checkAuthorization(cred, method.getName(), method.getRequestHeader("Authorization").getValue());
398 }
399
400 public void testDigestAuthenticationWithMultipleRealms() throws Exception {
401 String challenge1 = "Digest realm=\"realm1\", nonce=\"ABC123\"";
402 String challenge2 = "Digest realm=\"realm2\", nonce=\"ABC123\"";
403 HttpState state = new HttpState();
404 UsernamePasswordCredentials cred = new UsernamePasswordCredentials("username","password");
405 state.setCredentials("realm1", null, cred);
406 UsernamePasswordCredentials cred2 = new UsernamePasswordCredentials("uname2","password2");
407 state.setCredentials("realm2", null, cred2);
408 AuthScheme authscheme1 = new DigestScheme(challenge1);
409 AuthScheme authscheme2 = new DigestScheme(challenge2);
410 {
411 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate",challenge1));
412 assertTrue(HttpAuthenticator.authenticate(authscheme1, method, null, state));
413 assertTrue(null != method.getRequestHeader("Authorization"));
414 checkAuthorization(cred, method.getName(), method.getRequestHeader("Authorization").getValue());
415 }
416 {
417 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate",challenge2));
418 assertTrue(HttpAuthenticator.authenticate(authscheme2, method, null, state));
419 assertTrue(null != method.getRequestHeader("Authorization"));
420 checkAuthorization(cred2, method.getName(), method.getRequestHeader("Authorization").getValue());
421 }
422 }
423
424 /***
425 * Test digest authentication using the MD5-sess algorithm.
426 */
427 public void testDigestAuthenticationMD5Sess() throws Exception {
428 // Example using Digest auth with MD5-sess
429
430 String realm="realm";
431 String username="username";
432 String password="password";
433 String nonce="e273f1776275974f1a120d8b92c5b3cb";
434
435 String challenge="Digest realm=\"" + realm + "\", "
436 + "nonce=\"" + nonce + "\", "
437 + "opaque=\"SomeString\", "
438 + "stale=false, "
439 + "algorithm=MD5-sess, "
440 + "qop=\"auth\"";
441
442 HttpState state = new HttpState();
443 UsernamePasswordCredentials cred =
444 new UsernamePasswordCredentials(username, password);
445 state.setCredentials(realm, null, cred);
446 AuthScheme authscheme = new DigestScheme(challenge);
447 HttpMethod method =
448 new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
449 assertTrue(HttpAuthenticator.authenticate(
450 authscheme, method, null, state));
451 assertTrue(null != method.getRequestHeader("Authorization"));
452 checkAuthorization(cred, method.getName(),
453 method.getRequestHeader("Authorization").getValue());
454 }
455
456 // --------------------------------- Test Methods for NTLM Authentication
457
458 public void testNTLMAuthenticationWithNoCreds() {
459 String challenge = "NTLM";
460 HttpState state = new HttpState();
461 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
462 method.addRequestHeader("Host", "host");
463 try {
464 AuthScheme authscheme = new NTLMScheme(challenge);
465 HttpAuthenticator.authenticate(authscheme, method, null, state);
466 fail("Should have thrown HttpException");
467 } catch(HttpException e) {
468 // expected
469 }
470 }
471
472 public void testNTLMAuthenticationWithNullHttpState() throws Exception {
473 String challenge = "NTLM";
474 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
475 method.addRequestHeader("Host", "host");
476 try {
477 AuthScheme authscheme = new NTLMScheme(challenge);
478 HttpAuthenticator.authenticate(authscheme, method, null, null);
479 fail("Should have thrown IllegalArgumentException");
480 } catch(IllegalArgumentException e) {
481 // expected
482 }
483 }
484
485 public void testNTLMAuthenticationCaseInsensitivity() throws Exception {
486 String challenge = "nTlM";
487 HttpState state = new HttpState();
488 NTCredentials cred = new NTCredentials("username","password", "host",
489 "domain");
490 state.setCredentials(null, null, cred);
491 HttpMethod method = new SimpleHttpMethod(new Header("WwW-AuThEnTiCaTe", challenge));
492 AuthScheme authscheme = new NTLMScheme(challenge);
493 assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state));
494 assertTrue(null != method.getRequestHeader("Authorization"));
495 }
496
497 public void testNTLMAuthenticationResponse1() throws Exception {
498 String challenge = "NTLM";
499 String expected = "NTLM TlRMTVNTUAABAAAABlIAAAYABgAkAAAABAAEACAAAABIT" +
500 "1NURE9NQUlO";
501 HttpState state = new HttpState();
502 NTCredentials cred = new NTCredentials("username","password", "host",
503 "domain");
504 state.setCredentials(null, null, cred);
505 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
506 AuthScheme authscheme = new NTLMScheme(challenge);
507 assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state));
508 assertTrue(null != method.getRequestHeader("Authorization"));
509 assertEquals(expected,
510 method.getRequestHeader("Authorization").getValue());
511 }
512
513 public void testNTLMAuthenticationResponse2() throws Exception {
514 String challenge =
515 "NTLM TlRMTVNTUAACAAAACgAKADAAAAAGgoEAPc4kP4LtCV8AAAAAAAAAAJ4AngA" +
516 "6AAAASU5UUkFFUEhPWAIAFABJAE4AVABSAEEARQBQAEgATwBYAAEAEgBCAE8AQQB" +
517 "SAEQAUgBPAE8ATQAEACgAaQBuAHQAcgBhAGUAcABoAG8AeAAuAGUAcABoAG8AeAA" +
518 "uAGMAbwBtAAMAPABCAG8AYQByAGQAcgBvAG8AbQAuAGkAbgB0AHIAYQBlAHAAaAB" +
519 "vAHgALgBlAHAAaABvAHgALgBjAG8AbQAAAAAA";
520
521 String expected = "NTLM TlRMTVNTUAADAAAAGAAYAFIAAAAAAAAAagAAAAYABgB" +
522 "AAAAACAAIAEYAAAAEAAQATgAAAAAAAABqAAAABlIAAERPTUFJTlVTRVJOQU1FSE" +
523 "9TVAaC+vLxUEHnUtpItj9Dp4kzwQfd61Lztg==";
524 HttpState state = new HttpState();
525 NTCredentials cred = new NTCredentials("username","password", "host",
526 "domain");
527 state.setCredentials(null, null, cred);
528 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
529 AuthScheme authscheme = new NTLMScheme(challenge);
530 assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state));
531 assertTrue(null != method.getRequestHeader("Authorization"));
532 assertEquals(expected,
533 method.getRequestHeader("Authorization").getValue());
534 }
535
536 public void testNTLMAuthenticationWithDefaultCreds() throws Exception {
537 String challenge =
538 "NTLM TlRMTVNTUAACAAAACgAKADAAAAAGgoEAPc4kP4LtCV8AAAAAAAAAAJ4AngA" +
539 "6AAAASU5UUkFFUEhPWAIAFABJAE4AVABSAEEARQBQAEgATwBYAAEAEgBCAE8AQQB" +
540 "SAEQAUgBPAE8ATQAEACgAaQBuAHQAcgBhAGUAcABoAG8AeAAuAGUAcABoAG8AeAA" +
541 "uAGMAbwBtAAMAPABCAG8AYQByAGQAcgBvAG8AbQAuAGkAbgB0AHIAYQBlAHAAaAB" +
542 "vAHgALgBlAHAAaABvAHgALgBjAG8AbQAAAAAA";
543 String expected = "NTLM TlRMTVNTUAADAAAAGAAYAFIAAAAAAAAAagAAAAYABgB" +
544 "AAAAACAAIAEYAAAAEAAQATgAAAAAAAABqAAAABlIAAERPTUFJTlVTRVJOQU1FSE" +
545 "9TVAaC+vLxUEHnUtpItj9Dp4kzwQfd61Lztg==";
546 HttpState state = new HttpState();
547 NTCredentials cred = new NTCredentials("username","password", "host",
548 "domain");
549 state.setCredentials(null, null, cred);
550 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge));
551 method.addRequestHeader("Host", "host");
552 AuthScheme authscheme = new NTLMScheme(challenge);
553 assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state));
554 assertTrue(null != method.getRequestHeader("Authorization"));
555 assertEquals(expected,
556 method.getRequestHeader("Authorization").getValue());
557 }
558
559 public void testNTLMAuthenticationRetry() throws Exception {
560 NTCredentials cred = new NTCredentials("username", "password", "host", "domain");
561 HttpState state = new HttpState();
562 state.setCredentials(null, null, cred);
563 HttpMethod method = new SimpleHttpMethod();
564 SimpleHttpConnection conn = new SimpleHttpConnection();
565 conn.addResponse(
566 "HTTP/1.1 401 Unauthorized\r\n" +
567 "WWW-Authenticate: NTLM\r\n" +
568 "Connection: close\r\n" +
569 "Server: HttpClient Test/2.0\r\n");
570 conn.addResponse(
571 "HTTP/1.1 401 Unauthorized\r\n" +
572 "WWW-Authenticate: NTLM TlRMTVNTUAACAAAAAAAAACgAAAABggAAU3J2Tm9uY2UAAAAAAAAAAA==\r\n" +
573 "Connection: close\r\n" +
574 "Server: HttpClient Test/2.0\r\n");
575 conn.addResponse(
576 "HTTP/1.1 200 OK\r\n" +
577 "Connection: close\r\n" +
578 "Server: HttpClient Test/2.0\r\n\r\n" +
579 "stuff\r\n");
580 method.execute(state, conn);
581 assertNull(method.getResponseHeader("WWW-Authenticate"));
582 assertEquals(200, method.getStatusCode());
583 }
584
585 /***
586 * Test that the Unauthorized response is returned when doAuthentication is false.
587 */
588 public void testDoAuthenticateFalse() throws Exception {
589 HttpState state = new HttpState();
590 state.setCredentials(null, "Protected",
591 new UsernamePasswordCredentials("name", "pass"));
592 HttpMethod method = new SimpleHttpMethod();
593 method.setDoAuthentication(false);
594 SimpleHttpConnection conn = new SimpleHttpConnection();
595 conn.addResponse(
596 "HTTP/1.1 401 Unauthorized\r\n" +
597 "WWW-Authenticate: Basic realm=\"Protected\"\r\n" +
598 "Connection: close\r\n" +
599 "Server: HttpClient Test/2.0\r\n");
600 conn.addResponse(
601 "HTTP/1.1 200 OK\r\n" +
602 "Connection: close\r\n" +
603 "Server: HttpClient Test/2.0\r\n");
604 method.execute(state, conn);
605 assertNotNull(method.getResponseHeader("WWW-Authenticate"));
606 assertNull(method.getRequestHeader("Authorization"));
607 assertEquals(401, method.getStatusCode());
608
609 }
610
611
612 /***
613 */
614 public void testInvalidCredentials() throws Exception {
615 HttpState state = new HttpState();
616 state.setCredentials(null, "Protected", new UsernamePasswordCredentials("name", "pass"));
617 HttpMethod method = new SimpleHttpMethod();
618 method.setDoAuthentication(false);
619 SimpleHttpConnection conn = new SimpleHttpConnection();
620 conn.addResponse(
621 "HTTP/1.1 401 Unauthorized\r\n" +
622 "WWW-Authenticate: Basic realm=\"Protected\"\r\n" +
623 "Connection: close\r\n" +
624 "Server: HttpClient Test/2.0\r\n"
625 );
626 method.execute(state, conn);
627 assertEquals(401, method.getStatusCode());
628 }
629
630
631 // --------------------------------- Test Methods for Multiple Authentication
632
633 public void testMultipleChallengeBasic() throws Exception {
634 HttpState state = new HttpState();
635 state.setCredentials("Protected", null, new UsernamePasswordCredentials("name", "pass"));
636 HttpMethod method = new SimpleHttpMethod();
637 SimpleHttpConnection conn = new SimpleHttpConnection();
638 conn.addResponse(
639 "HTTP/1.1 401 Unauthorized\r\n" +
640 "WWW-Authenticate: Unsupported\r\n" +
641 "WWW-Authenticate: Basic realm=\"Protected\"\r\n" +
642 "Connection: close\r\n" +
643 "Server: HttpClient Test/2.0\r\n"
644 );
645 conn.addResponse(
646 "HTTP/1.1 200 OK\r\n" +
647 "Connection: close\r\n" +
648 "Server: HttpClient Test/2.0\r\n"
649 );
650 method.execute(state, conn);
651 Header authHeader = method.getRequestHeader("Authorization");
652 assertNotNull(authHeader);
653
654 String authValue = authHeader.getValue();
655 assertTrue(authValue.startsWith("Basic"));
656 }
657
658 public void testMultipleChallengeBasicLongRealm() throws Exception {
659 HttpState state = new HttpState();
660 state.setCredentials(null, null, new UsernamePasswordCredentials("name", "pass"));
661 HttpMethod method = new SimpleHttpMethod();
662 SimpleHttpConnection conn = new SimpleHttpConnection();
663 conn.addResponse(
664 "HTTP/1.1 401 Unauthorized\r\n" +
665 "WWW-Authenticate: Unsupported\r\n" +
666 "WWW-Authenticate: Basic realm=\"This site is protected. We put this message into the realm string, against all reasonable rationale, so that users would see it in the authentication dialog generated by your browser.\"\r\n" +
667 "Connection: close\r\n" +
668 "Server: HttpClient Test/2.0\r\n"
669 );
670 conn.addResponse(
671 "HTTP/1.1 200 OK\r\n" +
672 "Connection: close\r\n" +
673 "Server: HttpClient Test/2.0\r\n"
674 );
675 method.execute(state, conn);
676 Header authHeader = method.getRequestHeader("Authorization");
677 assertNotNull(authHeader);
678
679 String authValue = authHeader.getValue();
680 assertTrue(authValue.startsWith("Basic"));
681 }
682
683
684
685
686 public void testMultipleChallengeDigest() throws Exception {
687 HttpState state = new HttpState();
688 state.setCredentials("Protected", null, new UsernamePasswordCredentials("name", "pass"));
689 HttpMethod method = new SimpleHttpMethod();
690 SimpleHttpConnection conn = new SimpleHttpConnection();
691 conn.addResponse(
692 "HTTP/1.1 401 Unauthorized\r\n" +
693 "WWW-Authenticate: Unsupported\r\n" +
694 "WWW-Authenticate: Digest realm=\"Protected\", nonce=\"ABC123\"\r\n" +
695 "WWW-Authenticate: Basic realm=\"Protected\"\r\n" +
696 "Connection: close\r\n" +
697 "Server: HttpClient Test/2.0\r\n"
698 );
699 conn.addResponse(
700 "HTTP/1.1 200 OK\r\n" +
701 "Connection: close\r\n" +
702 "Server: HttpClient Test/2.0\r\n"
703 );
704 method.execute(state, conn);
705 Header authHeader = method.getRequestHeader("Authorization");
706 assertNotNull(authHeader);
707
708 String authValue = authHeader.getValue();
709 assertTrue(authValue.startsWith("Digest"));
710 }
711
712
713 public void testMultipleProxyChallengeBasic() throws Exception {
714 HttpState state = new HttpState();
715 state.setProxyCredentials("Protected", new UsernamePasswordCredentials("name", "pass"));
716 HttpMethod method = new SimpleHttpMethod();
717 SimpleHttpConnection conn = new SimpleHttpConnection();
718 conn.addResponse(
719 "HTTP/1.1 407 Proxy Authentication Required\r\n" +
720 "Proxy-Authenticate: Basic realm=\"Protected\"\r\n" +
721 "Proxy-Authenticate: Unsupported\r\n" +
722 "Connection: close\r\n" +
723 "Server: HttpClient Test/2.0\r\n"
724 );
725 conn.addResponse(
726 "HTTP/1.1 200 OK\r\n" +
727 "Connection: close\r\n" +
728 "Server: HttpClient Test/2.0\r\n"
729 );
730 method.execute(state, conn);
731 Header authHeader = method.getRequestHeader("Proxy-Authorization");
732 assertNotNull(authHeader);
733
734 String authValue = authHeader.getValue();
735 assertTrue(authValue.startsWith("Basic"));
736 }
737
738
739 public void testMultipleProxyChallengeDigest() throws Exception {
740 HttpState state = new HttpState();
741 state.setProxyCredentials("Protected", new UsernamePasswordCredentials("name", "pass"));
742 HttpMethod method = new SimpleHttpMethod();
743 SimpleHttpConnection conn = new SimpleHttpConnection();
744 conn.addResponse(
745 "HTTP/1.1 407 Proxy Authentication Required\r\n" +
746 "Proxy-Authenticate: Basic realm=\"Protected\"\r\n" +
747 "Proxy-Authenticate: Digest realm=\"Protected\", nonce=\"ABC123\"\r\n" +
748 "Proxy-Authenticate: Unsupported\r\n" +
749 "Connection: close\r\n" +
750 "Server: HttpClient Test/2.0\r\n"
751 );
752 conn.addResponse(
753 "HTTP/1.1 200 OK\r\n" +
754 "Connection: close\r\n" +
755 "Server: HttpClient Test/2.0\r\n"
756 );
757 method.execute(state, conn);
758 Header authHeader = method.getRequestHeader("Proxy-Authorization");
759 assertNotNull(authHeader);
760
761 String authValue = authHeader.getValue();
762 assertTrue(authValue.startsWith("Digest"));
763 }
764
765
766 // --------------------------------- Test Methods for Selecting Credentials
767
768 public void testDefaultCredentials() throws Exception {
769 HttpState state = new HttpState();
770 Credentials expected = new UsernamePasswordCredentials("name", "pass");
771 state.setCredentials(null, null, expected);
772 Credentials got = state.getCredentials("realm", "host");
773 assertEquals(got, expected);
774 }
775
776 public void testRealmCredentials() throws Exception {
777 HttpState state = new HttpState();
778 Credentials expected = new UsernamePasswordCredentials("name", "pass");
779 state.setCredentials("realm", null, expected);
780 Credentials got = state.getCredentials("realm", "host");
781 assertEquals(expected, got);
782 }
783
784 public void testHostCredentials() throws Exception {
785 HttpState state = new HttpState();
786 Credentials expected = new UsernamePasswordCredentials("name", "pass");
787 state.setCredentials(null, "host", expected);
788 Credentials got = state.getCredentials("realm", "host");
789 assertEquals(expected, got);
790 }
791
792 public void testBothCredentials() throws Exception {
793 HttpState state = new HttpState();
794 Credentials expected = new UsernamePasswordCredentials("name", "pass");
795 state.setCredentials("realm", "host", expected);
796 Credentials got = state.getCredentials("realm", "host");
797 assertEquals(expected, got);
798 }
799
800 public void testWrongHostCredentials() throws Exception {
801 HttpState state = new HttpState();
802 Credentials expected = new UsernamePasswordCredentials("name", "pass");
803 state.setCredentials(null, "host1", expected);
804 Credentials got = state.getCredentials("realm", "host2");
805 assertNotSame(expected, got);
806 }
807
808 public void testWrongRealmCredentials() throws Exception {
809 HttpState state = new HttpState();
810 Credentials cred = new UsernamePasswordCredentials("name", "pass");
811 state.setCredentials("realm1", "host", cred);
812 Credentials got = state.getCredentials("realm2", "host");
813 assertNotSame(cred, got);
814 }
815
816 public void testRealmSpoof() throws Exception {
817 HttpState state = new HttpState();
818 Credentials cred = new UsernamePasswordCredentials("name", "pass");
819 state.setCredentials(null, "admin.apache.org", cred);
820 Credentials got = state.getCredentials("admin.apache.org", "myhost");
821 assertNotSame(cred, got);
822 }
823
824 public void testRealmSpoof2() throws Exception {
825 HttpState state = new HttpState();
826 Credentials cred = new UsernamePasswordCredentials("name", "pass");
827 state.setCredentials(null, "whatever", cred);
828 Credentials got = state.getCredentials("nullwhatever", null);
829 assertNotSame(cred, got);
830 }
831 }
This page was automatically generated by Maven