1 /* 2 * $Header: /home/cvs/jakarta-commons/httpclient/src/test/org/apache/commons/httpclient/TestAuthenticator.java,v 1.25.2.5 2003/11/24 08:48:25 oglueck Exp $ 3 * $Revision: 1.25.2.5 $ 4 * $Date: 2003/11/24 08:48:25 $ 5 * ==================================================================== 6 * 7 * The Apache Software License, Version 1.1 8 * 9 * Copyright (c) 1999-2003 The Apache Software Foundation. All rights 10 * reserved. 11 * 12 * Redistribution and use in source and binary forms, with or without 13 * modification, are permitted provided that the following conditions 14 * are met: 15 * 16 * 1. Redistributions of source code must retain the above copyright 17 * notice, this list of conditions and the following disclaimer. 18 * 19 * 2. Redistributions in binary form must reproduce the above copyright 20 * notice, this list of conditions and the following disclaimer in 21 * the documentation and/or other materials provided with the 22 * distribution. 23 * 24 * 3. The end-user documentation included with the redistribution, if 25 * any, must include the following acknowlegement: 26 * "This product includes software developed by the 27 * Apache Software Foundation (http://www.apache.org/)." 28 * Alternately, this acknowlegement may appear in the software itself, 29 * if and wherever such third-party acknowlegements normally appear. 30 * 31 * 4. The names "The Jakarta Project", "Tomcat", and "Apache Software 32 * Foundation" must not be used to endorse or promote products derived 33 * from this software without prior written permission. For written 34 * permission, please contact apache@apache.org. 35 * 36 * 5. Products derived from this software may not be called "Apache" 37 * nor may "Apache" appear in their names without prior written 38 * permission of the Apache Group. 39 * 40 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED 41 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 42 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 43 * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR 44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 46 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF 47 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 48 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 49 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 50 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * ==================================================================== 53 * 54 * This software consists of voluntary contributions made by many 55 * individuals on behalf of the Apache Software Foundation. For more 56 * information on the Apache Software Foundation, please see 57 * <http://www.apache.org/>. 58 * 59 * [Additional notices, if required by prior licensing conditions] 60 * 61 */ 62 63 package org.apache.commons.httpclient; 64 65 import junit.framework.Test; 66 import junit.framework.TestCase; 67 import junit.framework.TestSuite; 68 69 import java.util.Hashtable; 70 import java.util.StringTokenizer; 71 import org.apache.commons.httpclient.auth.*; 72 import org.apache.commons.httpclient.util.Base64; 73 74 /*** 75 * Unit tests for {@link Authenticator}. 76 * 77 * @author Rodney Waldhoff 78 * @author <a href="mailto:jsdever@apache.org">Jeff Dever</a> 79 * @version $Id: TestAuthenticator.java,v 1.25.2.5 2003/11/24 08:48:25 oglueck Exp $ 80 */ 81 public class TestAuthenticator extends TestCase { 82 83 // ------------------------------------------------------------ Constructor 84 public TestAuthenticator(String testName) { 85 super(testName); 86 } 87 88 // ------------------------------------------------------------------- Main 89 public static void main(String args[]) { 90 String[] testCaseName = { TestAuthenticator.class.getName() }; 91 junit.textui.TestRunner.main(testCaseName); 92 } 93 94 // ------------------------------------------------------- Utility Methods 95 96 private void checkAuthorization(UsernamePasswordCredentials cred, String methodName, String auth) throws Exception { 97 Hashtable table = new Hashtable(); 98 StringTokenizer tokenizer = new StringTokenizer(auth, ",=\""); 99 while(tokenizer.hasMoreTokens()){ 100 String key = null; 101 String value = null; 102 if(tokenizer.hasMoreTokens()) 103 key = tokenizer.nextToken(); 104 if(tokenizer.hasMoreTokens()) { 105 value = tokenizer.nextToken(); 106 assertFalse("Value of "+key+" was \"null\"", "null".equals(value)); 107 } 108 if(key != null && value != null){ 109 table.put(key.trim(),value.trim()); 110 } 111 } 112 String response = (String) table.get("response"); 113 table.put( "methodname", methodName ); 114 //System.out.println(auth); 115 String digest = DigestScheme.createDigest(cred.getUserName(),cred.getPassword(), table); 116 assertEquals(response, digest); 117 } 118 119 120 // ------------------------------------------------------- TestCase Methods 121 122 public static Test suite() { 123 return new TestSuite(TestAuthenticator.class); 124 } 125 126 127 // ---------------------------------- Test Methods for BasicScheme Authentication 128 129 public void testBasicAuthenticationWithNoCreds() { 130 String challenge = "Basic realm=\"realm1\""; 131 HttpState state = new HttpState(); 132 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge)); 133 try { 134 AuthScheme authscheme = new BasicScheme(challenge); 135 HttpAuthenticator.authenticate(authscheme, method, null, state); 136 fail("Should have thrown HttpException"); 137 } catch(HttpException e) { 138 // expected 139 } 140 } 141 142 public void testBasicAuthenticationWithNoRealm() { 143 String challenge = "Basic"; 144 HttpState state = new HttpState(); 145 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge)); 146 try { 147 AuthScheme authscheme = new BasicScheme(challenge); 148 HttpAuthenticator.authenticate(authscheme, method, null, state); 149 fail("Should have thrown HttpException"); 150 } catch(HttpException e) { 151 // expected 152 } 153 } 154 155 public void testBasicAuthenticationWithNoRealm2() { 156 String challenge = "Basic "; 157 HttpState state = new HttpState(); 158 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge)); 159 try { 160 AuthScheme authscheme = new BasicScheme(challenge); 161 HttpAuthenticator.authenticate(authscheme, method, null, state); 162 fail("Should have thrown HttpException"); 163 } catch(HttpException e) { 164 // expected 165 } 166 } 167 168 public void testBasicAuthenticationWithNullHttpState() throws Exception { 169 String challenge = "Basic realm=\"realm1\""; 170 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge)); 171 try { 172 AuthScheme authscheme = new BasicScheme(challenge); 173 HttpAuthenticator.authenticate(authscheme, method, null, null); 174 fail("Should have thrown IllegalArgumentException"); 175 } catch(IllegalArgumentException e) { 176 // expected 177 } 178 } 179 180 public void testInvalidAuthenticationScheme() throws Exception { 181 String challenge = "invalid realm=\"realm1\""; 182 try{ 183 HttpAuthenticator.selectAuthScheme( 184 new Header[] { new Header("WWW-Authenticate", challenge) }); 185 fail("Should have thrown UnsupportedOperationException"); 186 }catch (UnsupportedOperationException uoe){ 187 // expected 188 } 189 } 190 191 public void testBasicAuthenticationCaseInsensitivity() throws Exception { 192 String challenge = "bAsIc ReAlM=\"realm1\""; 193 HttpState state = new HttpState(); 194 state.setCredentials(null, null, new UsernamePasswordCredentials("username","password")); 195 HttpMethod method = new SimpleHttpMethod(new Header("WwW-AuThEnTiCaTe", challenge)); 196 AuthScheme authscheme = new BasicScheme(challenge); 197 assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state)); 198 assertTrue(null != method.getRequestHeader("Authorization")); 199 String expected = "Basic " + HttpConstants.getString(Base64.encode(HttpConstants.getBytes("username:password"))); 200 assertEquals(expected,method.getRequestHeader("Authorization").getValue()); 201 } 202 203 204 public void testBasicAuthenticationWithDefaultCreds() throws Exception { 205 HttpState state = new HttpState(); 206 state.setCredentials(null, null, new UsernamePasswordCredentials("username","password")); 207 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate","Basic realm=\"realm1\"")); 208 assertTrue(HttpAuthenticator.authenticateDefault(method, null, state)); 209 assertTrue(null != method.getRequestHeader("Authorization")); 210 String expected = "Basic " + HttpConstants.getString(Base64.encode(HttpConstants.getBytes("username:password"))); 211 assertEquals(expected,method.getRequestHeader("Authorization").getValue()); 212 } 213 214 public void testBasicAuthentication() throws Exception { 215 String challenge = "Basic realm=\"realm\""; 216 HttpState state = new HttpState(); 217 state.setCredentials("realm", null, new UsernamePasswordCredentials("username","password")); 218 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge)); 219 AuthScheme authscheme = new BasicScheme(challenge); 220 assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state)); 221 assertTrue(null != method.getRequestHeader("Authorization")); 222 String expected = "Basic " + HttpConstants.getString(Base64.encode(HttpConstants.getBytes("username:password"))); 223 assertEquals(expected,method.getRequestHeader("Authorization").getValue()); 224 } 225 226 public void testBasicAuthenticationWith88591Chars() throws Exception { 227 int[] germanChars = { 0xE4, 0x2D, 0xF6, 0x2D, 0xFc }; 228 StringBuffer buffer = new StringBuffer(); 229 for (int i = 0; i < germanChars.length; i++) { 230 buffer.append((char)germanChars[i]); 231 } 232 233 UsernamePasswordCredentials credentials = new UsernamePasswordCredentials("dh", buffer.toString()); 234 assertEquals("Basic ZGg65C32Lfw=", BasicScheme.authenticate(credentials)); 235 } 236 237 public void testBasicAuthenticationWithMutlipleRealms() throws Exception { 238 String challenge1 = "Basic realm=\"realm1\""; 239 String challenge2 = "Basic realm=\"realm2\""; 240 HttpState state = new HttpState(); 241 state.setCredentials("realm1", null, new UsernamePasswordCredentials("username","password")); 242 state.setCredentials("realm2", null, new UsernamePasswordCredentials("uname2","password2")); 243 AuthScheme authscheme1 = new BasicScheme(challenge1); 244 AuthScheme authscheme2 = new BasicScheme(challenge2); 245 { 246 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate",challenge1)); 247 assertTrue(HttpAuthenticator.authenticate(authscheme1, method, null, state)); 248 assertTrue(null != method.getRequestHeader("Authorization")); 249 String expected = "Basic " + HttpConstants.getString(Base64.encode(HttpConstants.getBytes("username:password"))); 250 assertEquals(expected,method.getRequestHeader("Authorization").getValue()); 251 } 252 { 253 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge2)); 254 assertTrue(HttpAuthenticator.authenticate(authscheme2, method, null, state)); 255 assertTrue(null != method.getRequestHeader("Authorization")); 256 String expected = "Basic " + HttpConstants.getString(Base64.encode(HttpConstants.getBytes("uname2:password2"))); 257 assertEquals(expected,method.getRequestHeader("Authorization").getValue()); 258 } 259 } 260 261 public void testPreemptiveAuthorizationTrueNoCreds() throws Exception { 262 HttpState state = new HttpState(); 263 HttpMethod method = new SimpleHttpMethod(); 264 265 state.setAuthenticationPreemptive(true); 266 assertTrue(!HttpAuthenticator.authenticateDefault(method, null, state)); 267 assertTrue(null == method.getRequestHeader("Authorization")); 268 } 269 270 public void testPreemptiveAuthorizationTrueWithCreds() throws Exception { 271 HttpState state = new HttpState(); 272 HttpMethod method = new SimpleHttpMethod(); 273 state.setCredentials(null, null, new UsernamePasswordCredentials("username","password")); 274 275 state.setAuthenticationPreemptive(true); 276 assertTrue(HttpAuthenticator.authenticateDefault(method, null, state)); 277 assertTrue(null != method.getRequestHeader("Authorization")); 278 String expected = "Basic " + HttpConstants.getString(Base64.encode(HttpConstants.getBytes("username:password"))); 279 assertEquals(expected, method.getRequestHeader("Authorization").getValue()); 280 } 281 282 // --------------------------------- Test Methods for DigestScheme Authentication 283 284 public void testDigestAuthenticationWithNoCreds() { 285 String challenge = "Digest realm=\"realm1\", nonce=\"ABC123\""; 286 HttpState state = new HttpState(); 287 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge)); 288 try { 289 AuthScheme authscheme = new DigestScheme(challenge); 290 HttpAuthenticator.authenticate(authscheme, method, null, state); 291 fail("Should have thrown HttpException"); 292 } catch(HttpException e) { 293 // expected 294 } 295 } 296 297 public void testDigestAuthenticationWithNoRealm() { 298 String challenge = "Digest"; 299 try { 300 AuthScheme authscheme = new DigestScheme(challenge); 301 authscheme.hashCode(); //quiet Eclipse compiler 302 fail("Should have thrown HttpException"); 303 } catch(MalformedChallengeException e) { 304 // expected 305 } 306 } 307 308 public void testDigestAuthenticationWithNoRealm2() { 309 String challenge = "Digest "; 310 try { 311 AuthScheme authscheme = new DigestScheme(challenge); 312 authscheme.hashCode(); //quiet Eclipse compiler 313 fail("Should have thrown HttpException"); 314 } catch(MalformedChallengeException e) { 315 // expected 316 } 317 } 318 319 public void testDigestAuthenticationWithNullHttpState() throws Exception { 320 String challenge = "Digest realm=\"realm1\", nonce=\"ABC123\""; 321 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge)); 322 try { 323 AuthScheme authscheme = new DigestScheme(challenge); 324 HttpAuthenticator.authenticate(authscheme, method, null, null); 325 fail("Should have thrown IllegalArgumentException"); 326 } catch(IllegalArgumentException e) { 327 // expected 328 } 329 } 330 331 public void testDigestAuthenticationCaseInsensitivity() throws Exception { 332 String challenge = "dIgEsT ReAlM=\"realm1\", nONce=\"ABC123\""; 333 HttpState state = new HttpState(); 334 UsernamePasswordCredentials cred = new UsernamePasswordCredentials("username","password"); 335 state.setCredentials(null, null, cred); 336 HttpMethod method = new SimpleHttpMethod(new Header("WwW-AuThEnTiCaTe", challenge)); 337 AuthScheme authscheme = new DigestScheme(challenge); 338 assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state)); 339 assertTrue(null != method.getRequestHeader("Authorization")); 340 } 341 342 343 public void testDigestAuthenticationWithDefaultCreds() throws Exception { 344 String challenge = "Digest realm=\"realm1\", nonce=\"ABC123\""; 345 HttpState state = new HttpState(); 346 UsernamePasswordCredentials cred = new UsernamePasswordCredentials("username","password"); 347 state.setCredentials(null, null, cred); 348 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge)); 349 AuthScheme authscheme = new DigestScheme(challenge); 350 assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state)); 351 assertTrue(null != method.getRequestHeader("Authorization")); 352 checkAuthorization(cred, method.getName(), method.getRequestHeader("Authorization").getValue()); 353 } 354 355 public void testDigestAuthentication() throws Exception { 356 String challenge = "Digest realm=\"realm1\", nonce=\"ABC123\""; 357 HttpState state = new HttpState(); 358 UsernamePasswordCredentials cred = new UsernamePasswordCredentials("username","password"); 359 state.setCredentials(null, null, cred); 360 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge)); 361 AuthScheme authscheme = new DigestScheme(challenge); 362 assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state)); 363 assertTrue(null != method.getRequestHeader("Authorization")); 364 checkAuthorization(cred, method.getName(), method.getRequestHeader("Authorization").getValue()); 365 } 366 367 public void testDigestAuthenticationWithStaleNonce() throws Exception { 368 369 String headers = 370 "HTTP/1.1 401 OK\r\n" + 371 "Connection: close\r\n" + 372 "Content-Length: 0\r\n" + 373 "WWW-Authenticate: Digest realm=\"realm1\", nonce=\"ABC123\"\r\n"; 374 String headers2 = 375 "HTTP/1.1 401 OK\r\n" + 376 "Connection: close\r\n" + 377 "Content-Length: 0\r\n" + 378 "WWW-Authenticate: Digest realm=\"realm1\", nonce=\"321CBA\", stale=\"true\"\r\n"; 379 String headers3 = 380 "HTTP/1.1 200 OK\r\n" + 381 "Connection: close\r\n" + 382 "Server: HttpClient Test/2.0\r\n\r\n" + 383 "stuff\r\n"; 384 385 SimpleHttpConnection conn = new SimpleHttpConnection(); 386 387 conn.addResponse(headers); 388 conn.addResponse(headers2); 389 conn.addResponse(headers3); 390 HttpState state = new HttpState(); 391 UsernamePasswordCredentials cred = new UsernamePasswordCredentials("username","password"); 392 state.setCredentials(null, null, cred); 393 394 SimpleHttpMethod method = new SimpleHttpMethod(); 395 method.setDoAuthentication(true); 396 assertEquals("Authentication failed", 200, method.execute(state, conn)); 397 checkAuthorization(cred, method.getName(), method.getRequestHeader("Authorization").getValue()); 398 } 399 400 public void testDigestAuthenticationWithMultipleRealms() throws Exception { 401 String challenge1 = "Digest realm=\"realm1\", nonce=\"ABC123\""; 402 String challenge2 = "Digest realm=\"realm2\", nonce=\"ABC123\""; 403 HttpState state = new HttpState(); 404 UsernamePasswordCredentials cred = new UsernamePasswordCredentials("username","password"); 405 state.setCredentials("realm1", null, cred); 406 UsernamePasswordCredentials cred2 = new UsernamePasswordCredentials("uname2","password2"); 407 state.setCredentials("realm2", null, cred2); 408 AuthScheme authscheme1 = new DigestScheme(challenge1); 409 AuthScheme authscheme2 = new DigestScheme(challenge2); 410 { 411 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate",challenge1)); 412 assertTrue(HttpAuthenticator.authenticate(authscheme1, method, null, state)); 413 assertTrue(null != method.getRequestHeader("Authorization")); 414 checkAuthorization(cred, method.getName(), method.getRequestHeader("Authorization").getValue()); 415 } 416 { 417 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate",challenge2)); 418 assertTrue(HttpAuthenticator.authenticate(authscheme2, method, null, state)); 419 assertTrue(null != method.getRequestHeader("Authorization")); 420 checkAuthorization(cred2, method.getName(), method.getRequestHeader("Authorization").getValue()); 421 } 422 } 423 424 /*** 425 * Test digest authentication using the MD5-sess algorithm. 426 */ 427 public void testDigestAuthenticationMD5Sess() throws Exception { 428 // Example using Digest auth with MD5-sess 429 430 String realm="realm"; 431 String username="username"; 432 String password="password"; 433 String nonce="e273f1776275974f1a120d8b92c5b3cb"; 434 435 String challenge="Digest realm=\"" + realm + "\", " 436 + "nonce=\"" + nonce + "\", " 437 + "opaque=\"SomeString\", " 438 + "stale=false, " 439 + "algorithm=MD5-sess, " 440 + "qop=\"auth\""; 441 442 HttpState state = new HttpState(); 443 UsernamePasswordCredentials cred = 444 new UsernamePasswordCredentials(username, password); 445 state.setCredentials(realm, null, cred); 446 AuthScheme authscheme = new DigestScheme(challenge); 447 HttpMethod method = 448 new SimpleHttpMethod(new Header("WWW-Authenticate", challenge)); 449 assertTrue(HttpAuthenticator.authenticate( 450 authscheme, method, null, state)); 451 assertTrue(null != method.getRequestHeader("Authorization")); 452 checkAuthorization(cred, method.getName(), 453 method.getRequestHeader("Authorization").getValue()); 454 } 455 456 // --------------------------------- Test Methods for NTLM Authentication 457 458 public void testNTLMAuthenticationWithNoCreds() { 459 String challenge = "NTLM"; 460 HttpState state = new HttpState(); 461 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge)); 462 method.addRequestHeader("Host", "host"); 463 try { 464 AuthScheme authscheme = new NTLMScheme(challenge); 465 HttpAuthenticator.authenticate(authscheme, method, null, state); 466 fail("Should have thrown HttpException"); 467 } catch(HttpException e) { 468 // expected 469 } 470 } 471 472 public void testNTLMAuthenticationWithNullHttpState() throws Exception { 473 String challenge = "NTLM"; 474 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge)); 475 method.addRequestHeader("Host", "host"); 476 try { 477 AuthScheme authscheme = new NTLMScheme(challenge); 478 HttpAuthenticator.authenticate(authscheme, method, null, null); 479 fail("Should have thrown IllegalArgumentException"); 480 } catch(IllegalArgumentException e) { 481 // expected 482 } 483 } 484 485 public void testNTLMAuthenticationCaseInsensitivity() throws Exception { 486 String challenge = "nTlM"; 487 HttpState state = new HttpState(); 488 NTCredentials cred = new NTCredentials("username","password", "host", 489 "domain"); 490 state.setCredentials(null, null, cred); 491 HttpMethod method = new SimpleHttpMethod(new Header("WwW-AuThEnTiCaTe", challenge)); 492 AuthScheme authscheme = new NTLMScheme(challenge); 493 assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state)); 494 assertTrue(null != method.getRequestHeader("Authorization")); 495 } 496 497 public void testNTLMAuthenticationResponse1() throws Exception { 498 String challenge = "NTLM"; 499 String expected = "NTLM TlRMTVNTUAABAAAABlIAAAYABgAkAAAABAAEACAAAABIT" + 500 "1NURE9NQUlO"; 501 HttpState state = new HttpState(); 502 NTCredentials cred = new NTCredentials("username","password", "host", 503 "domain"); 504 state.setCredentials(null, null, cred); 505 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge)); 506 AuthScheme authscheme = new NTLMScheme(challenge); 507 assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state)); 508 assertTrue(null != method.getRequestHeader("Authorization")); 509 assertEquals(expected, 510 method.getRequestHeader("Authorization").getValue()); 511 } 512 513 public void testNTLMAuthenticationResponse2() throws Exception { 514 String challenge = 515 "NTLM TlRMTVNTUAACAAAACgAKADAAAAAGgoEAPc4kP4LtCV8AAAAAAAAAAJ4AngA" + 516 "6AAAASU5UUkFFUEhPWAIAFABJAE4AVABSAEEARQBQAEgATwBYAAEAEgBCAE8AQQB" + 517 "SAEQAUgBPAE8ATQAEACgAaQBuAHQAcgBhAGUAcABoAG8AeAAuAGUAcABoAG8AeAA" + 518 "uAGMAbwBtAAMAPABCAG8AYQByAGQAcgBvAG8AbQAuAGkAbgB0AHIAYQBlAHAAaAB" + 519 "vAHgALgBlAHAAaABvAHgALgBjAG8AbQAAAAAA"; 520 521 String expected = "NTLM TlRMTVNTUAADAAAAGAAYAFIAAAAAAAAAagAAAAYABgB" + 522 "AAAAACAAIAEYAAAAEAAQATgAAAAAAAABqAAAABlIAAERPTUFJTlVTRVJOQU1FSE" + 523 "9TVAaC+vLxUEHnUtpItj9Dp4kzwQfd61Lztg=="; 524 HttpState state = new HttpState(); 525 NTCredentials cred = new NTCredentials("username","password", "host", 526 "domain"); 527 state.setCredentials(null, null, cred); 528 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge)); 529 AuthScheme authscheme = new NTLMScheme(challenge); 530 assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state)); 531 assertTrue(null != method.getRequestHeader("Authorization")); 532 assertEquals(expected, 533 method.getRequestHeader("Authorization").getValue()); 534 } 535 536 public void testNTLMAuthenticationWithDefaultCreds() throws Exception { 537 String challenge = 538 "NTLM TlRMTVNTUAACAAAACgAKADAAAAAGgoEAPc4kP4LtCV8AAAAAAAAAAJ4AngA" + 539 "6AAAASU5UUkFFUEhPWAIAFABJAE4AVABSAEEARQBQAEgATwBYAAEAEgBCAE8AQQB" + 540 "SAEQAUgBPAE8ATQAEACgAaQBuAHQAcgBhAGUAcABoAG8AeAAuAGUAcABoAG8AeAA" + 541 "uAGMAbwBtAAMAPABCAG8AYQByAGQAcgBvAG8AbQAuAGkAbgB0AHIAYQBlAHAAaAB" + 542 "vAHgALgBlAHAAaABvAHgALgBjAG8AbQAAAAAA"; 543 String expected = "NTLM TlRMTVNTUAADAAAAGAAYAFIAAAAAAAAAagAAAAYABgB" + 544 "AAAAACAAIAEYAAAAEAAQATgAAAAAAAABqAAAABlIAAERPTUFJTlVTRVJOQU1FSE" + 545 "9TVAaC+vLxUEHnUtpItj9Dp4kzwQfd61Lztg=="; 546 HttpState state = new HttpState(); 547 NTCredentials cred = new NTCredentials("username","password", "host", 548 "domain"); 549 state.setCredentials(null, null, cred); 550 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge)); 551 method.addRequestHeader("Host", "host"); 552 AuthScheme authscheme = new NTLMScheme(challenge); 553 assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state)); 554 assertTrue(null != method.getRequestHeader("Authorization")); 555 assertEquals(expected, 556 method.getRequestHeader("Authorization").getValue()); 557 } 558 559 public void testNTLMAuthenticationRetry() throws Exception { 560 NTCredentials cred = new NTCredentials("username", "password", "host", "domain"); 561 HttpState state = new HttpState(); 562 state.setCredentials(null, null, cred); 563 HttpMethod method = new SimpleHttpMethod(); 564 SimpleHttpConnection conn = new SimpleHttpConnection(); 565 conn.addResponse( 566 "HTTP/1.1 401 Unauthorized\r\n" + 567 "WWW-Authenticate: NTLM\r\n" + 568 "Connection: close\r\n" + 569 "Server: HttpClient Test/2.0\r\n"); 570 conn.addResponse( 571 "HTTP/1.1 401 Unauthorized\r\n" + 572 "WWW-Authenticate: NTLM TlRMTVNTUAACAAAAAAAAACgAAAABggAAU3J2Tm9uY2UAAAAAAAAAAA==\r\n" + 573 "Connection: close\r\n" + 574 "Server: HttpClient Test/2.0\r\n"); 575 conn.addResponse( 576 "HTTP/1.1 200 OK\r\n" + 577 "Connection: close\r\n" + 578 "Server: HttpClient Test/2.0\r\n\r\n" + 579 "stuff\r\n"); 580 method.execute(state, conn); 581 assertNull(method.getResponseHeader("WWW-Authenticate")); 582 assertEquals(200, method.getStatusCode()); 583 } 584 585 /*** 586 * Test that the Unauthorized response is returned when doAuthentication is false. 587 */ 588 public void testDoAuthenticateFalse() throws Exception { 589 HttpState state = new HttpState(); 590 state.setCredentials(null, "Protected", 591 new UsernamePasswordCredentials("name", "pass")); 592 HttpMethod method = new SimpleHttpMethod(); 593 method.setDoAuthentication(false); 594 SimpleHttpConnection conn = new SimpleHttpConnection(); 595 conn.addResponse( 596 "HTTP/1.1 401 Unauthorized\r\n" + 597 "WWW-Authenticate: Basic realm=\"Protected\"\r\n" + 598 "Connection: close\r\n" + 599 "Server: HttpClient Test/2.0\r\n"); 600 conn.addResponse( 601 "HTTP/1.1 200 OK\r\n" + 602 "Connection: close\r\n" + 603 "Server: HttpClient Test/2.0\r\n"); 604 method.execute(state, conn); 605 assertNotNull(method.getResponseHeader("WWW-Authenticate")); 606 assertNull(method.getRequestHeader("Authorization")); 607 assertEquals(401, method.getStatusCode()); 608 609 } 610 611 612 /*** 613 */ 614 public void testInvalidCredentials() throws Exception { 615 HttpState state = new HttpState(); 616 state.setCredentials(null, "Protected", new UsernamePasswordCredentials("name", "pass")); 617 HttpMethod method = new SimpleHttpMethod(); 618 method.setDoAuthentication(false); 619 SimpleHttpConnection conn = new SimpleHttpConnection(); 620 conn.addResponse( 621 "HTTP/1.1 401 Unauthorized\r\n" + 622 "WWW-Authenticate: Basic realm=\"Protected\"\r\n" + 623 "Connection: close\r\n" + 624 "Server: HttpClient Test/2.0\r\n" 625 ); 626 method.execute(state, conn); 627 assertEquals(401, method.getStatusCode()); 628 } 629 630 631 // --------------------------------- Test Methods for Multiple Authentication 632 633 public void testMultipleChallengeBasic() throws Exception { 634 HttpState state = new HttpState(); 635 state.setCredentials("Protected", null, new UsernamePasswordCredentials("name", "pass")); 636 HttpMethod method = new SimpleHttpMethod(); 637 SimpleHttpConnection conn = new SimpleHttpConnection(); 638 conn.addResponse( 639 "HTTP/1.1 401 Unauthorized\r\n" + 640 "WWW-Authenticate: Unsupported\r\n" + 641 "WWW-Authenticate: Basic realm=\"Protected\"\r\n" + 642 "Connection: close\r\n" + 643 "Server: HttpClient Test/2.0\r\n" 644 ); 645 conn.addResponse( 646 "HTTP/1.1 200 OK\r\n" + 647 "Connection: close\r\n" + 648 "Server: HttpClient Test/2.0\r\n" 649 ); 650 method.execute(state, conn); 651 Header authHeader = method.getRequestHeader("Authorization"); 652 assertNotNull(authHeader); 653 654 String authValue = authHeader.getValue(); 655 assertTrue(authValue.startsWith("Basic")); 656 } 657 658 public void testMultipleChallengeBasicLongRealm() throws Exception { 659 HttpState state = new HttpState(); 660 state.setCredentials(null, null, new UsernamePasswordCredentials("name", "pass")); 661 HttpMethod method = new SimpleHttpMethod(); 662 SimpleHttpConnection conn = new SimpleHttpConnection(); 663 conn.addResponse( 664 "HTTP/1.1 401 Unauthorized\r\n" + 665 "WWW-Authenticate: Unsupported\r\n" + 666 "WWW-Authenticate: Basic realm=\"This site is protected. We put this message into the realm string, against all reasonable rationale, so that users would see it in the authentication dialog generated by your browser.\"\r\n" + 667 "Connection: close\r\n" + 668 "Server: HttpClient Test/2.0\r\n" 669 ); 670 conn.addResponse( 671 "HTTP/1.1 200 OK\r\n" + 672 "Connection: close\r\n" + 673 "Server: HttpClient Test/2.0\r\n" 674 ); 675 method.execute(state, conn); 676 Header authHeader = method.getRequestHeader("Authorization"); 677 assertNotNull(authHeader); 678 679 String authValue = authHeader.getValue(); 680 assertTrue(authValue.startsWith("Basic")); 681 } 682 683 684 685 686 public void testMultipleChallengeDigest() throws Exception { 687 HttpState state = new HttpState(); 688 state.setCredentials("Protected", null, new UsernamePasswordCredentials("name", "pass")); 689 HttpMethod method = new SimpleHttpMethod(); 690 SimpleHttpConnection conn = new SimpleHttpConnection(); 691 conn.addResponse( 692 "HTTP/1.1 401 Unauthorized\r\n" + 693 "WWW-Authenticate: Unsupported\r\n" + 694 "WWW-Authenticate: Digest realm=\"Protected\", nonce=\"ABC123\"\r\n" + 695 "WWW-Authenticate: Basic realm=\"Protected\"\r\n" + 696 "Connection: close\r\n" + 697 "Server: HttpClient Test/2.0\r\n" 698 ); 699 conn.addResponse( 700 "HTTP/1.1 200 OK\r\n" + 701 "Connection: close\r\n" + 702 "Server: HttpClient Test/2.0\r\n" 703 ); 704 method.execute(state, conn); 705 Header authHeader = method.getRequestHeader("Authorization"); 706 assertNotNull(authHeader); 707 708 String authValue = authHeader.getValue(); 709 assertTrue(authValue.startsWith("Digest")); 710 } 711 712 713 public void testMultipleProxyChallengeBasic() throws Exception { 714 HttpState state = new HttpState(); 715 state.setProxyCredentials("Protected", new UsernamePasswordCredentials("name", "pass")); 716 HttpMethod method = new SimpleHttpMethod(); 717 SimpleHttpConnection conn = new SimpleHttpConnection(); 718 conn.addResponse( 719 "HTTP/1.1 407 Proxy Authentication Required\r\n" + 720 "Proxy-Authenticate: Basic realm=\"Protected\"\r\n" + 721 "Proxy-Authenticate: Unsupported\r\n" + 722 "Connection: close\r\n" + 723 "Server: HttpClient Test/2.0\r\n" 724 ); 725 conn.addResponse( 726 "HTTP/1.1 200 OK\r\n" + 727 "Connection: close\r\n" + 728 "Server: HttpClient Test/2.0\r\n" 729 ); 730 method.execute(state, conn); 731 Header authHeader = method.getRequestHeader("Proxy-Authorization"); 732 assertNotNull(authHeader); 733 734 String authValue = authHeader.getValue(); 735 assertTrue(authValue.startsWith("Basic")); 736 } 737 738 739 public void testMultipleProxyChallengeDigest() throws Exception { 740 HttpState state = new HttpState(); 741 state.setProxyCredentials("Protected", new UsernamePasswordCredentials("name", "pass")); 742 HttpMethod method = new SimpleHttpMethod(); 743 SimpleHttpConnection conn = new SimpleHttpConnection(); 744 conn.addResponse( 745 "HTTP/1.1 407 Proxy Authentication Required\r\n" + 746 "Proxy-Authenticate: Basic realm=\"Protected\"\r\n" + 747 "Proxy-Authenticate: Digest realm=\"Protected\", nonce=\"ABC123\"\r\n" + 748 "Proxy-Authenticate: Unsupported\r\n" + 749 "Connection: close\r\n" + 750 "Server: HttpClient Test/2.0\r\n" 751 ); 752 conn.addResponse( 753 "HTTP/1.1 200 OK\r\n" + 754 "Connection: close\r\n" + 755 "Server: HttpClient Test/2.0\r\n" 756 ); 757 method.execute(state, conn); 758 Header authHeader = method.getRequestHeader("Proxy-Authorization"); 759 assertNotNull(authHeader); 760 761 String authValue = authHeader.getValue(); 762 assertTrue(authValue.startsWith("Digest")); 763 } 764 765 766 // --------------------------------- Test Methods for Selecting Credentials 767 768 public void testDefaultCredentials() throws Exception { 769 HttpState state = new HttpState(); 770 Credentials expected = new UsernamePasswordCredentials("name", "pass"); 771 state.setCredentials(null, null, expected); 772 Credentials got = state.getCredentials("realm", "host"); 773 assertEquals(got, expected); 774 } 775 776 public void testRealmCredentials() throws Exception { 777 HttpState state = new HttpState(); 778 Credentials expected = new UsernamePasswordCredentials("name", "pass"); 779 state.setCredentials("realm", null, expected); 780 Credentials got = state.getCredentials("realm", "host"); 781 assertEquals(expected, got); 782 } 783 784 public void testHostCredentials() throws Exception { 785 HttpState state = new HttpState(); 786 Credentials expected = new UsernamePasswordCredentials("name", "pass"); 787 state.setCredentials(null, "host", expected); 788 Credentials got = state.getCredentials("realm", "host"); 789 assertEquals(expected, got); 790 } 791 792 public void testBothCredentials() throws Exception { 793 HttpState state = new HttpState(); 794 Credentials expected = new UsernamePasswordCredentials("name", "pass"); 795 state.setCredentials("realm", "host", expected); 796 Credentials got = state.getCredentials("realm", "host"); 797 assertEquals(expected, got); 798 } 799 800 public void testWrongHostCredentials() throws Exception { 801 HttpState state = new HttpState(); 802 Credentials expected = new UsernamePasswordCredentials("name", "pass"); 803 state.setCredentials(null, "host1", expected); 804 Credentials got = state.getCredentials("realm", "host2"); 805 assertNotSame(expected, got); 806 } 807 808 public void testWrongRealmCredentials() throws Exception { 809 HttpState state = new HttpState(); 810 Credentials cred = new UsernamePasswordCredentials("name", "pass"); 811 state.setCredentials("realm1", "host", cred); 812 Credentials got = state.getCredentials("realm2", "host"); 813 assertNotSame(cred, got); 814 } 815 816 public void testRealmSpoof() throws Exception { 817 HttpState state = new HttpState(); 818 Credentials cred = new UsernamePasswordCredentials("name", "pass"); 819 state.setCredentials(null, "admin.apache.org", cred); 820 Credentials got = state.getCredentials("admin.apache.org", "myhost"); 821 assertNotSame(cred, got); 822 } 823 824 public void testRealmSpoof2() throws Exception { 825 HttpState state = new HttpState(); 826 Credentials cred = new UsernamePasswordCredentials("name", "pass"); 827 state.setCredentials(null, "whatever", cred); 828 Credentials got = state.getCredentials("nullwhatever", null); 829 assertNotSame(cred, got); 830 } 831 }

This page was automatically generated by Maven