1 /* 2 * $Header: /home/cvs/jakarta-commons/httpclient/src/test/org/apache/commons/httpclient/TestAuthenticator.java,v 1.25.2.3 2003/09/11 09:04:34 oglueck Exp $ 3 * $Revision: 1.25.2.3 $ 4 * $Date: 2003/09/11 09:04:34 $ 5 * ==================================================================== 6 * 7 * The Apache Software License, Version 1.1 8 * 9 * Copyright (c) 1999-2003 The Apache Software Foundation. All rights 10 * reserved. 11 * 12 * Redistribution and use in source and binary forms, with or without 13 * modification, are permitted provided that the following conditions 14 * are met: 15 * 16 * 1. Redistributions of source code must retain the above copyright 17 * notice, this list of conditions and the following disclaimer. 18 * 19 * 2. Redistributions in binary form must reproduce the above copyright 20 * notice, this list of conditions and the following disclaimer in 21 * the documentation and/or other materials provided with the 22 * distribution. 23 * 24 * 3. The end-user documentation included with the redistribution, if 25 * any, must include the following acknowlegement: 26 * "This product includes software developed by the 27 * Apache Software Foundation (http://www.apache.org/)." 28 * Alternately, this acknowlegement may appear in the software itself, 29 * if and wherever such third-party acknowlegements normally appear. 30 * 31 * 4. The names "The Jakarta Project", "Tomcat", and "Apache Software 32 * Foundation" must not be used to endorse or promote products derived 33 * from this software without prior written permission. For written 34 * permission, please contact apache@apache.org. 35 * 36 * 5. Products derived from this software may not be called "Apache" 37 * nor may "Apache" appear in their names without prior written 38 * permission of the Apache Group. 39 * 40 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED 41 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 42 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 43 * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR 44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 46 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF 47 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 48 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 49 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 50 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * ==================================================================== 53 * 54 * This software consists of voluntary contributions made by many 55 * individuals on behalf of the Apache Software Foundation. For more 56 * information on the Apache Software Foundation, please see 57 * <http://www.apache.org/>. 58 * 59 * [Additional notices, if required by prior licensing conditions] 60 * 61 */ 62 63 package org.apache.commons.httpclient; 64 65 import junit.framework.Test; 66 import junit.framework.TestCase; 67 import junit.framework.TestSuite; 68 69 import java.util.Hashtable; 70 import java.util.StringTokenizer; 71 import org.apache.commons.httpclient.auth.*; 72 import org.apache.commons.httpclient.util.Base64; 73 74 /*** 75 * Unit tests for {@link Authenticator}. 76 * 77 * @author Rodney Waldhoff 78 * @author <a href="mailto:jsdever@apache.org">Jeff Dever</a> 79 * @version $Id: TestAuthenticator.java,v 1.25.2.3 2003/09/11 09:04:34 oglueck Exp $ 80 */ 81 public class TestAuthenticator extends TestCase { 82 83 // ------------------------------------------------------------ Constructor 84 public TestAuthenticator(String testName) { 85 super(testName); 86 } 87 88 // ------------------------------------------------------------------- Main 89 public static void main(String args[]) { 90 String[] testCaseName = { TestAuthenticator.class.getName() }; 91 junit.textui.TestRunner.main(testCaseName); 92 } 93 94 // ------------------------------------------------------- Utility Methods 95 96 private void checkAuthorization(UsernamePasswordCredentials cred, String methodName, String auth) throws Exception { 97 Hashtable table = new Hashtable(); 98 StringTokenizer tokenizer = new StringTokenizer(auth, ",=\""); 99 while(tokenizer.hasMoreTokens()){ 100 String key = null; 101 String value = null; 102 if(tokenizer.hasMoreTokens()) 103 key = tokenizer.nextToken(); 104 if(tokenizer.hasMoreTokens()) 105 value = tokenizer.nextToken(); 106 if(key != null && value != null){ 107 table.put(key.trim(),value.trim()); 108 } 109 } 110 String response = (String) table.get("response"); 111 table.put( "methodname", methodName ); 112 String digest = DigestScheme.createDigest(cred.getUserName(),cred.getPassword(), table); 113 assertEquals(response, digest); 114 } 115 116 117 // ------------------------------------------------------- TestCase Methods 118 119 public static Test suite() { 120 return new TestSuite(TestAuthenticator.class); 121 } 122 123 124 // ---------------------------------- Test Methods for BasicScheme Authentication 125 126 public void testBasicAuthenticationWithNoCreds() { 127 String challenge = "Basic realm=\"realm1\""; 128 HttpState state = new HttpState(); 129 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge)); 130 try { 131 AuthScheme authscheme = new BasicScheme(challenge); 132 HttpAuthenticator.authenticate(authscheme, method, null, state); 133 fail("Should have thrown HttpException"); 134 } catch(HttpException e) { 135 // expected 136 } 137 } 138 139 public void testBasicAuthenticationWithNoRealm() { 140 String challenge = "Basic"; 141 HttpState state = new HttpState(); 142 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge)); 143 try { 144 AuthScheme authscheme = new BasicScheme(challenge); 145 HttpAuthenticator.authenticate(authscheme, method, null, state); 146 fail("Should have thrown HttpException"); 147 } catch(HttpException e) { 148 // expected 149 } 150 } 151 152 public void testBasicAuthenticationWithNoRealm2() { 153 String challenge = "Basic "; 154 HttpState state = new HttpState(); 155 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge)); 156 try { 157 AuthScheme authscheme = new BasicScheme(challenge); 158 HttpAuthenticator.authenticate(authscheme, method, null, state); 159 fail("Should have thrown HttpException"); 160 } catch(HttpException e) { 161 // expected 162 } 163 } 164 165 public void testBasicAuthenticationWithNullHttpState() throws Exception { 166 String challenge = "Basic realm=\"realm1\""; 167 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge)); 168 try { 169 AuthScheme authscheme = new BasicScheme(challenge); 170 HttpAuthenticator.authenticate(authscheme, method, null, null); 171 fail("Should have thrown IllegalArgumentException"); 172 } catch(IllegalArgumentException e) { 173 // expected 174 } 175 } 176 177 public void testInvalidAuthenticationScheme() throws Exception { 178 String challenge = "invalid realm=\"realm1\""; 179 try{ 180 HttpAuthenticator.selectAuthScheme( 181 new Header[] { new Header("WWW-Authenticate", challenge) }); 182 fail("Should have thrown UnsupportedOperationException"); 183 }catch (UnsupportedOperationException uoe){ 184 // expected 185 } 186 } 187 188 public void testBasicAuthenticationCaseInsensitivity() throws Exception { 189 String challenge = "bAsIc ReAlM=\"realm1\""; 190 HttpState state = new HttpState(); 191 state.setCredentials(null, null, new UsernamePasswordCredentials("username","password")); 192 HttpMethod method = new SimpleHttpMethod(new Header("WwW-AuThEnTiCaTe", challenge)); 193 AuthScheme authscheme = new BasicScheme(challenge); 194 assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state)); 195 assertTrue(null != method.getRequestHeader("Authorization")); 196 String expected = "Basic " + HttpConstants.getString(Base64.encode(HttpConstants.getBytes("username:password"))); 197 assertEquals(expected,method.getRequestHeader("Authorization").getValue()); 198 } 199 200 201 public void testBasicAuthenticationWithDefaultCreds() throws Exception { 202 HttpState state = new HttpState(); 203 state.setCredentials(null, null, new UsernamePasswordCredentials("username","password")); 204 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate","Basic realm=\"realm1\"")); 205 assertTrue(HttpAuthenticator.authenticateDefault(method, null, state)); 206 assertTrue(null != method.getRequestHeader("Authorization")); 207 String expected = "Basic " + HttpConstants.getString(Base64.encode(HttpConstants.getBytes("username:password"))); 208 assertEquals(expected,method.getRequestHeader("Authorization").getValue()); 209 } 210 211 public void testBasicAuthentication() throws Exception { 212 String challenge = "Basic realm=\"realm\""; 213 HttpState state = new HttpState(); 214 state.setCredentials("realm", null, new UsernamePasswordCredentials("username","password")); 215 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge)); 216 AuthScheme authscheme = new BasicScheme(challenge); 217 assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state)); 218 assertTrue(null != method.getRequestHeader("Authorization")); 219 String expected = "Basic " + HttpConstants.getString(Base64.encode(HttpConstants.getBytes("username:password"))); 220 assertEquals(expected,method.getRequestHeader("Authorization").getValue()); 221 } 222 223 224 public void testBasicAuthenticationWithMutlipleRealms() throws Exception { 225 String challenge1 = "Basic realm=\"realm1\""; 226 String challenge2 = "Basic realm=\"realm2\""; 227 HttpState state = new HttpState(); 228 state.setCredentials("realm1", null, new UsernamePasswordCredentials("username","password")); 229 state.setCredentials("realm2", null, new UsernamePasswordCredentials("uname2","password2")); 230 AuthScheme authscheme1 = new BasicScheme(challenge1); 231 AuthScheme authscheme2 = new BasicScheme(challenge2); 232 { 233 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate",challenge1)); 234 assertTrue(HttpAuthenticator.authenticate(authscheme1, method, null, state)); 235 assertTrue(null != method.getRequestHeader("Authorization")); 236 String expected = "Basic " + HttpConstants.getString(Base64.encode(HttpConstants.getBytes("username:password"))); 237 assertEquals(expected,method.getRequestHeader("Authorization").getValue()); 238 } 239 { 240 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge2)); 241 assertTrue(HttpAuthenticator.authenticate(authscheme2, method, null, state)); 242 assertTrue(null != method.getRequestHeader("Authorization")); 243 String expected = "Basic " + HttpConstants.getString(Base64.encode(HttpConstants.getBytes("uname2:password2"))); 244 assertEquals(expected,method.getRequestHeader("Authorization").getValue()); 245 } 246 } 247 248 public void testPreemptiveAuthorizationTrueNoCreds() throws Exception { 249 HttpState state = new HttpState(); 250 HttpMethod method = new SimpleHttpMethod(); 251 252 state.setAuthenticationPreemptive(true); 253 assertTrue(!HttpAuthenticator.authenticateDefault(method, null, state)); 254 assertTrue(null == method.getRequestHeader("Authorization")); 255 } 256 257 public void testPreemptiveAuthorizationTrueWithCreds() throws Exception { 258 HttpState state = new HttpState(); 259 HttpMethod method = new SimpleHttpMethod(); 260 state.setCredentials(null, null, new UsernamePasswordCredentials("username","password")); 261 262 state.setAuthenticationPreemptive(true); 263 assertTrue(HttpAuthenticator.authenticateDefault(method, null, state)); 264 assertTrue(null != method.getRequestHeader("Authorization")); 265 String expected = "Basic " + HttpConstants.getString(Base64.encode(HttpConstants.getBytes("username:password"))); 266 assertEquals(expected, method.getRequestHeader("Authorization").getValue()); 267 } 268 269 // --------------------------------- Test Methods for DigestScheme Authentication 270 271 public void testDigestAuthenticationWithNoCreds() { 272 String challenge = "Digest realm=\"realm1\""; 273 HttpState state = new HttpState(); 274 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge)); 275 try { 276 AuthScheme authscheme = new DigestScheme(challenge); 277 HttpAuthenticator.authenticate(authscheme, method, null, state); 278 fail("Should have thrown HttpException"); 279 } catch(HttpException e) { 280 // expected 281 } 282 } 283 284 public void testDigestAuthenticationWithNoRealm() { 285 String challenge = "Digest"; 286 HttpState state = new HttpState(); 287 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge)); 288 try { 289 AuthScheme authscheme = new DigestScheme(challenge); 290 HttpAuthenticator.authenticate(authscheme, method, null, state); 291 fail("Should have thrown HttpException"); 292 } catch(HttpException e) { 293 // expected 294 } 295 } 296 297 public void testDigestAuthenticationWithNoRealm2() { 298 String challenge = "Digest "; 299 HttpState state = new HttpState(); 300 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge)); 301 try { 302 AuthScheme authscheme = new DigestScheme(challenge); 303 HttpAuthenticator.authenticate(authscheme, method, null, state); 304 fail("Should have thrown HttpException"); 305 } catch(HttpException e) { 306 // expected 307 } 308 } 309 310 public void testDigestAuthenticationWithNullHttpState() throws Exception { 311 String challenge = "Digest realm=\"realm1\""; 312 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge)); 313 try { 314 AuthScheme authscheme = new DigestScheme(challenge); 315 HttpAuthenticator.authenticate(authscheme, method, null, null); 316 fail("Should have thrown IllegalArgumentException"); 317 } catch(IllegalArgumentException e) { 318 // expected 319 } 320 } 321 322 public void testDigestAuthenticationCaseInsensitivity() throws Exception { 323 String challenge = "dIgEsT ReAlM=\"realm1\""; 324 HttpState state = new HttpState(); 325 UsernamePasswordCredentials cred = new UsernamePasswordCredentials("username","password"); 326 state.setCredentials(null, null, cred); 327 HttpMethod method = new SimpleHttpMethod(new Header("WwW-AuThEnTiCaTe", challenge)); 328 AuthScheme authscheme = new DigestScheme(challenge); 329 assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state)); 330 assertTrue(null != method.getRequestHeader("Authorization")); 331 } 332 333 334 public void testDigestAuthenticationWithDefaultCreds() throws Exception { 335 String challenge = "Digest realm=\"realm1\""; 336 HttpState state = new HttpState(); 337 UsernamePasswordCredentials cred = new UsernamePasswordCredentials("username","password"); 338 state.setCredentials(null, null, cred); 339 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge)); 340 AuthScheme authscheme = new DigestScheme(challenge); 341 assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state)); 342 assertTrue(null != method.getRequestHeader("Authorization")); 343 checkAuthorization(cred, method.getName(), method.getRequestHeader("Authorization").getValue()); 344 } 345 346 public void testDigestAuthentication() throws Exception { 347 String challenge = "Digest realm=\"realm1\""; 348 HttpState state = new HttpState(); 349 UsernamePasswordCredentials cred = new UsernamePasswordCredentials("username","password"); 350 state.setCredentials(null, null, cred); 351 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge)); 352 AuthScheme authscheme = new DigestScheme(challenge); 353 assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state)); 354 assertTrue(null != method.getRequestHeader("Authorization")); 355 checkAuthorization(cred, method.getName(), method.getRequestHeader("Authorization").getValue()); 356 } 357 358 public void testDigestAuthenticationWithStaleNonce() throws Exception { 359 360 String headers = 361 "HTTP/1.1 401 OK\r\n" + 362 "Connection: close\r\n" + 363 "Content-Length: 0\r\n" + 364 "WWW-Authenticate: Digest realm=\"realm1\", nonce=\"ABC123\"\r\n"; 365 String headers2 = 366 "HTTP/1.1 401 OK\r\n" + 367 "Connection: close\r\n" + 368 "Content-Length: 0\r\n" + 369 "WWW-Authenticate: Digest realm=\"realm1\", nonce=\"321CBA\", stale=\"true\"\r\n"; 370 String headers3 = 371 "HTTP/1.1 200 OK\r\n" + 372 "Connection: close\r\n" + 373 "Server: HttpClient Test/2.0\r\n\r\n" + 374 "stuff\r\n"; 375 376 SimpleHttpConnection conn = new SimpleHttpConnection(); 377 378 conn.addResponse(headers); 379 conn.addResponse(headers2); 380 conn.addResponse(headers3); 381 HttpState state = new HttpState(); 382 UsernamePasswordCredentials cred = new UsernamePasswordCredentials("username","password"); 383 state.setCredentials(null, null, cred); 384 385 SimpleHttpMethod method = new SimpleHttpMethod(); 386 method.setDoAuthentication(true); 387 assertEquals("Authentication failed", 200, method.execute(state, conn)); 388 checkAuthorization(cred, method.getName(), method.getRequestHeader("Authorization").getValue()); 389 } 390 391 public void testDigestAuthenticationWithMultipleRealms() throws Exception { 392 String challenge1 = "Digest realm=\"realm1\""; 393 String challenge2 = "Digest realm=\"realm2\""; 394 HttpState state = new HttpState(); 395 UsernamePasswordCredentials cred = new UsernamePasswordCredentials("username","password"); 396 state.setCredentials("realm1", null, cred); 397 UsernamePasswordCredentials cred2 = new UsernamePasswordCredentials("uname2","password2"); 398 state.setCredentials("realm2", null, cred2); 399 AuthScheme authscheme1 = new DigestScheme(challenge1); 400 AuthScheme authscheme2 = new DigestScheme(challenge2); 401 { 402 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate",challenge1)); 403 assertTrue(HttpAuthenticator.authenticate(authscheme1, method, null, state)); 404 assertTrue(null != method.getRequestHeader("Authorization")); 405 checkAuthorization(cred, method.getName(), method.getRequestHeader("Authorization").getValue()); 406 } 407 { 408 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate",challenge2)); 409 assertTrue(HttpAuthenticator.authenticate(authscheme2, method, null, state)); 410 assertTrue(null != method.getRequestHeader("Authorization")); 411 checkAuthorization(cred2, method.getName(), method.getRequestHeader("Authorization").getValue()); 412 } 413 } 414 415 /*** 416 * Test digest authentication using the MD5-sess algorithm. 417 */ 418 public void testDigestAuthenticationMD5Sess() throws Exception { 419 // Example using Digest auth with MD5-sess 420 421 String realm="realm"; 422 String username="username"; 423 String password="password"; 424 String nonce="e273f1776275974f1a120d8b92c5b3cb"; 425 426 String challenge="Digest realm=\"" + realm + "\", " 427 + nonce + "\"" + nonce + "\", " 428 + "opaque=\"SomeString\", " 429 + "stale=false, " 430 + "algorithm=MD5-sess, " 431 + "qop=\"auth\""; 432 433 HttpState state = new HttpState(); 434 UsernamePasswordCredentials cred = 435 new UsernamePasswordCredentials(username, password); 436 state.setCredentials(realm, null, cred); 437 AuthScheme authscheme = new DigestScheme(challenge); 438 HttpMethod method = 439 new SimpleHttpMethod(new Header("WWW-Authenticate", challenge)); 440 assertTrue(HttpAuthenticator.authenticate( 441 authscheme, method, null, state)); 442 assertTrue(null != method.getRequestHeader("Authorization")); 443 checkAuthorization(cred, method.getName(), 444 method.getRequestHeader("Authorization").getValue()); 445 } 446 447 // --------------------------------- Test Methods for NTLM Authentication 448 449 public void testNTLMAuthenticationWithNoCreds() { 450 String challenge = "NTLM"; 451 HttpState state = new HttpState(); 452 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge)); 453 method.addRequestHeader("Host", "host"); 454 try { 455 AuthScheme authscheme = new NTLMScheme(challenge); 456 HttpAuthenticator.authenticate(authscheme, method, null, state); 457 fail("Should have thrown HttpException"); 458 } catch(HttpException e) { 459 // expected 460 } 461 } 462 463 public void testNTLMAuthenticationWithNullHttpState() throws Exception { 464 String challenge = "NTLM"; 465 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge)); 466 method.addRequestHeader("Host", "host"); 467 try { 468 AuthScheme authscheme = new NTLMScheme(challenge); 469 HttpAuthenticator.authenticate(authscheme, method, null, null); 470 fail("Should have thrown IllegalArgumentException"); 471 } catch(IllegalArgumentException e) { 472 // expected 473 } 474 } 475 476 public void testNTLMAuthenticationCaseInsensitivity() throws Exception { 477 String challenge = "nTlM"; 478 HttpState state = new HttpState(); 479 NTCredentials cred = new NTCredentials("username","password", "host", 480 "domain"); 481 state.setCredentials(null, null, cred); 482 HttpMethod method = new SimpleHttpMethod(new Header("WwW-AuThEnTiCaTe", challenge)); 483 AuthScheme authscheme = new NTLMScheme(challenge); 484 assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state)); 485 assertTrue(null != method.getRequestHeader("Authorization")); 486 } 487 488 public void testNTLMAuthenticationResponse1() throws Exception { 489 String challenge = "NTLM"; 490 String expected = "NTLM TlRMTVNTUAABAAAABlIAAAYABgAkAAAABAAEACAAAABIT" + 491 "1NURE9NQUlO"; 492 HttpState state = new HttpState(); 493 NTCredentials cred = new NTCredentials("username","password", "host", 494 "domain"); 495 state.setCredentials(null, null, cred); 496 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge)); 497 AuthScheme authscheme = new NTLMScheme(challenge); 498 assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state)); 499 assertTrue(null != method.getRequestHeader("Authorization")); 500 assertEquals(expected, 501 method.getRequestHeader("Authorization").getValue()); 502 } 503 504 public void testNTLMAuthenticationResponse2() throws Exception { 505 String challenge = 506 "NTLM TlRMTVNTUAACAAAACgAKADAAAAAGgoEAPc4kP4LtCV8AAAAAAAAAAJ4AngA" + 507 "6AAAASU5UUkFFUEhPWAIAFABJAE4AVABSAEEARQBQAEgATwBYAAEAEgBCAE8AQQB" + 508 "SAEQAUgBPAE8ATQAEACgAaQBuAHQAcgBhAGUAcABoAG8AeAAuAGUAcABoAG8AeAA" + 509 "uAGMAbwBtAAMAPABCAG8AYQByAGQAcgBvAG8AbQAuAGkAbgB0AHIAYQBlAHAAaAB" + 510 "vAHgALgBlAHAAaABvAHgALgBjAG8AbQAAAAAA"; 511 512 String expected = "NTLM TlRMTVNTUAADAAAAGAAYAFIAAAAAAAAAagAAAAYABgB" + 513 "AAAAACAAIAEYAAAAEAAQATgAAAAAAAABqAAAABlIAAERPTUFJTlVTRVJOQU1FSE" + 514 "9TVAaC+vLxUEHnUtpItj9Dp4kzwQfd61Lztg=="; 515 HttpState state = new HttpState(); 516 NTCredentials cred = new NTCredentials("username","password", "host", 517 "domain"); 518 state.setCredentials(null, null, cred); 519 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge)); 520 AuthScheme authscheme = new NTLMScheme(challenge); 521 assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state)); 522 assertTrue(null != method.getRequestHeader("Authorization")); 523 assertEquals(expected, 524 method.getRequestHeader("Authorization").getValue()); 525 } 526 527 public void testNTLMAuthenticationWithDefaultCreds() throws Exception { 528 String challenge = 529 "NTLM TlRMTVNTUAACAAAACgAKADAAAAAGgoEAPc4kP4LtCV8AAAAAAAAAAJ4AngA" + 530 "6AAAASU5UUkFFUEhPWAIAFABJAE4AVABSAEEARQBQAEgATwBYAAEAEgBCAE8AQQB" + 531 "SAEQAUgBPAE8ATQAEACgAaQBuAHQAcgBhAGUAcABoAG8AeAAuAGUAcABoAG8AeAA" + 532 "uAGMAbwBtAAMAPABCAG8AYQByAGQAcgBvAG8AbQAuAGkAbgB0AHIAYQBlAHAAaAB" + 533 "vAHgALgBlAHAAaABvAHgALgBjAG8AbQAAAAAA"; 534 String expected = "NTLM TlRMTVNTUAADAAAAGAAYAFIAAAAAAAAAagAAAAYABgB" + 535 "AAAAACAAIAEYAAAAEAAQATgAAAAAAAABqAAAABlIAAERPTUFJTlVTRVJOQU1FSE" + 536 "9TVAaC+vLxUEHnUtpItj9Dp4kzwQfd61Lztg=="; 537 HttpState state = new HttpState(); 538 NTCredentials cred = new NTCredentials("username","password", "host", 539 "domain"); 540 state.setCredentials(null, null, cred); 541 HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge)); 542 method.addRequestHeader("Host", "host"); 543 AuthScheme authscheme = new NTLMScheme(challenge); 544 assertTrue(HttpAuthenticator.authenticate(authscheme, method, null, state)); 545 assertTrue(null != method.getRequestHeader("Authorization")); 546 assertEquals(expected, 547 method.getRequestHeader("Authorization").getValue()); 548 } 549 550 public void testNTLMAuthenticationRetry() throws Exception { 551 NTCredentials cred = new NTCredentials("username", "password", "host", "domain"); 552 HttpState state = new HttpState(); 553 state.setCredentials(null, null, cred); 554 HttpMethod method = new SimpleHttpMethod(); 555 SimpleHttpConnection conn = new SimpleHttpConnection(); 556 conn.addResponse( 557 "HTTP/1.1 401 Unauthorized\r\n" + 558 "WWW-Authenticate: NTLM\r\n" + 559 "Connection: close\r\n" + 560 "Server: HttpClient Test/2.0\r\n"); 561 conn.addResponse( 562 "HTTP/1.1 401 Unauthorized\r\n" + 563 "WWW-Authenticate: NTLM TlRMTVNTUAACAAAAAAAAACgAAAABggAAU3J2Tm9uY2UAAAAAAAAAAA==\r\n" + 564 "Connection: close\r\n" + 565 "Server: HttpClient Test/2.0\r\n"); 566 conn.addResponse( 567 "HTTP/1.1 200 OK\r\n" + 568 "Connection: close\r\n" + 569 "Server: HttpClient Test/2.0\r\n\r\n" + 570 "stuff\r\n"); 571 method.execute(state, conn); 572 assertNull(method.getResponseHeader("WWW-Authenticate")); 573 assertEquals(200, method.getStatusCode()); 574 } 575 576 /*** 577 * Test that the Unauthorized response is returned when doAuthentication is false. 578 */ 579 public void testDoAuthenticateFalse() throws Exception { 580 HttpState state = new HttpState(); 581 state.setCredentials(null, "Protected", 582 new UsernamePasswordCredentials("name", "pass")); 583 HttpMethod method = new SimpleHttpMethod(); 584 method.setDoAuthentication(false); 585 SimpleHttpConnection conn = new SimpleHttpConnection(); 586 conn.addResponse( 587 "HTTP/1.1 401 Unauthorized\r\n" + 588 "WWW-Authenticate: Basic realm=\"Protected\"\r\n" + 589 "Connection: close\r\n" + 590 "Server: HttpClient Test/2.0\r\n"); 591 conn.addResponse( 592 "HTTP/1.1 200 OK\r\n" + 593 "Connection: close\r\n" + 594 "Server: HttpClient Test/2.0\r\n"); 595 method.execute(state, conn); 596 assertNotNull(method.getResponseHeader("WWW-Authenticate")); 597 assertNull(method.getRequestHeader("Authorization")); 598 assertEquals(401, method.getStatusCode()); 599 600 } 601 602 603 /*** 604 */ 605 public void testInvalidCredentials() throws Exception { 606 HttpState state = new HttpState(); 607 state.setCredentials(null, "Protected", new UsernamePasswordCredentials("name", "pass")); 608 HttpMethod method = new SimpleHttpMethod(); 609 method.setDoAuthentication(false); 610 SimpleHttpConnection conn = new SimpleHttpConnection(); 611 conn.addResponse( 612 "HTTP/1.1 401 Unauthorized\r\n" + 613 "WWW-Authenticate: Basic realm=\"Protected\"\r\n" + 614 "Connection: close\r\n" + 615 "Server: HttpClient Test/2.0\r\n" 616 ); 617 method.execute(state, conn); 618 assertEquals(401, method.getStatusCode()); 619 } 620 621 622 // --------------------------------- Test Methods for Multiple Authentication 623 624 public void testMultipleChallengeBasic() throws Exception { 625 HttpState state = new HttpState(); 626 state.setCredentials("Protected", null, new UsernamePasswordCredentials("name", "pass")); 627 HttpMethod method = new SimpleHttpMethod(); 628 SimpleHttpConnection conn = new SimpleHttpConnection(); 629 conn.addResponse( 630 "HTTP/1.1 401 Unauthorized\r\n" + 631 "WWW-Authenticate: Unsupported\r\n" + 632 "WWW-Authenticate: Basic realm=\"Protected\"\r\n" + 633 "Connection: close\r\n" + 634 "Server: HttpClient Test/2.0\r\n" 635 ); 636 conn.addResponse( 637 "HTTP/1.1 200 OK\r\n" + 638 "Connection: close\r\n" + 639 "Server: HttpClient Test/2.0\r\n" 640 ); 641 method.execute(state, conn); 642 Header authHeader = method.getRequestHeader("Authorization"); 643 assertNotNull(authHeader); 644 645 String authValue = authHeader.getValue(); 646 assertTrue(authValue.startsWith("Basic")); 647 } 648 649 public void testMultipleChallengeBasicLongRealm() throws Exception { 650 HttpState state = new HttpState(); 651 state.setCredentials(null, null, new UsernamePasswordCredentials("name", "pass")); 652 HttpMethod method = new SimpleHttpMethod(); 653 SimpleHttpConnection conn = new SimpleHttpConnection(); 654 conn.addResponse( 655 "HTTP/1.1 401 Unauthorized\r\n" + 656 "WWW-Authenticate: Unsupported\r\n" + 657 "WWW-Authenticate: Basic realm=\"This site is protected. We put this message into the realm string, against all reasonable rationale, so that users would see it in the authentication dialog generated by your browser.\"\r\n" + 658 "Connection: close\r\n" + 659 "Server: HttpClient Test/2.0\r\n" 660 ); 661 conn.addResponse( 662 "HTTP/1.1 200 OK\r\n" + 663 "Connection: close\r\n" + 664 "Server: HttpClient Test/2.0\r\n" 665 ); 666 method.execute(state, conn); 667 Header authHeader = method.getRequestHeader("Authorization"); 668 assertNotNull(authHeader); 669 670 String authValue = authHeader.getValue(); 671 assertTrue(authValue.startsWith("Basic")); 672 } 673 674 675 676 677 public void testMultipleChallengeDigest() throws Exception { 678 HttpState state = new HttpState(); 679 state.setCredentials("Protected", null, new UsernamePasswordCredentials("name", "pass")); 680 HttpMethod method = new SimpleHttpMethod(); 681 SimpleHttpConnection conn = new SimpleHttpConnection(); 682 conn.addResponse( 683 "HTTP/1.1 401 Unauthorized\r\n" + 684 "WWW-Authenticate: Unsupported\r\n" + 685 "WWW-Authenticate: Digest realm=\"Protected\"\r\n" + 686 "WWW-Authenticate: Basic realm=\"Protected\"\r\n" + 687 "Connection: close\r\n" + 688 "Server: HttpClient Test/2.0\r\n" 689 ); 690 conn.addResponse( 691 "HTTP/1.1 200 OK\r\n" + 692 "Connection: close\r\n" + 693 "Server: HttpClient Test/2.0\r\n" 694 ); 695 method.execute(state, conn); 696 Header authHeader = method.getRequestHeader("Authorization"); 697 assertNotNull(authHeader); 698 699 String authValue = authHeader.getValue(); 700 assertTrue(authValue.startsWith("Digest")); 701 } 702 703 704 public void testMultipleProxyChallengeBasic() throws Exception { 705 HttpState state = new HttpState(); 706 state.setProxyCredentials("Protected", new UsernamePasswordCredentials("name", "pass")); 707 HttpMethod method = new SimpleHttpMethod(); 708 SimpleHttpConnection conn = new SimpleHttpConnection(); 709 conn.addResponse( 710 "HTTP/1.1 407 Proxy Authentication Required\r\n" + 711 "Proxy-Authenticate: Basic realm=\"Protected\"\r\n" + 712 "Proxy-Authenticate: Unsupported\r\n" + 713 "Connection: close\r\n" + 714 "Server: HttpClient Test/2.0\r\n" 715 ); 716 conn.addResponse( 717 "HTTP/1.1 200 OK\r\n" + 718 "Connection: close\r\n" + 719 "Server: HttpClient Test/2.0\r\n" 720 ); 721 method.execute(state, conn); 722 Header authHeader = method.getRequestHeader("Proxy-Authorization"); 723 assertNotNull(authHeader); 724 725 String authValue = authHeader.getValue(); 726 assertTrue(authValue.startsWith("Basic")); 727 } 728 729 730 public void testMultipleProxyChallengeDigest() throws Exception { 731 HttpState state = new HttpState(); 732 state.setProxyCredentials("Protected", new UsernamePasswordCredentials("name", "pass")); 733 HttpMethod method = new SimpleHttpMethod(); 734 SimpleHttpConnection conn = new SimpleHttpConnection(); 735 conn.addResponse( 736 "HTTP/1.1 407 Proxy Authentication Required\r\n" + 737 "Proxy-Authenticate: Basic realm=\"Protected\"\r\n" + 738 "Proxy-Authenticate: Digest realm=\"Protected\"\r\n" + 739 "Proxy-Authenticate: Unsupported\r\n" + 740 "Connection: close\r\n" + 741 "Server: HttpClient Test/2.0\r\n" 742 ); 743 conn.addResponse( 744 "HTTP/1.1 200 OK\r\n" + 745 "Connection: close\r\n" + 746 "Server: HttpClient Test/2.0\r\n" 747 ); 748 method.execute(state, conn); 749 Header authHeader = method.getRequestHeader("Proxy-Authorization"); 750 assertNotNull(authHeader); 751 752 String authValue = authHeader.getValue(); 753 assertTrue(authValue.startsWith("Digest")); 754 } 755 756 757 // --------------------------------- Test Methods for Selecting Credentials 758 759 public void testDefaultCredentials() throws Exception { 760 HttpState state = new HttpState(); 761 Credentials expected = new UsernamePasswordCredentials("name", "pass"); 762 state.setCredentials(null, null, expected); 763 Credentials got = state.getCredentials("realm", "host"); 764 assertEquals(got, expected); 765 } 766 767 public void testRealmCredentials() throws Exception { 768 HttpState state = new HttpState(); 769 Credentials expected = new UsernamePasswordCredentials("name", "pass"); 770 state.setCredentials("realm", null, expected); 771 Credentials got = state.getCredentials("realm", "host"); 772 assertEquals(expected, got); 773 } 774 775 public void testHostCredentials() throws Exception { 776 HttpState state = new HttpState(); 777 Credentials expected = new UsernamePasswordCredentials("name", "pass"); 778 state.setCredentials(null, "host", expected); 779 Credentials got = state.getCredentials("realm", "host"); 780 assertEquals(expected, got); 781 } 782 783 public void testBothCredentials() throws Exception { 784 HttpState state = new HttpState(); 785 Credentials expected = new UsernamePasswordCredentials("name", "pass"); 786 state.setCredentials("realm", "host", expected); 787 Credentials got = state.getCredentials("realm", "host"); 788 assertEquals(expected, got); 789 } 790 791 public void testWrongHostCredentials() throws Exception { 792 HttpState state = new HttpState(); 793 Credentials expected = new UsernamePasswordCredentials("name", "pass"); 794 state.setCredentials(null, "host1", expected); 795 Credentials got = state.getCredentials("realm", "host2"); 796 assertNotSame(expected, got); 797 } 798 799 public void testWrongRealmCredentials() throws Exception { 800 HttpState state = new HttpState(); 801 Credentials cred = new UsernamePasswordCredentials("name", "pass"); 802 state.setCredentials("realm1", "host", cred); 803 Credentials got = state.getCredentials("realm2", "host"); 804 assertNotSame(cred, got); 805 } 806 807 public void testRealmSpoof() throws Exception { 808 HttpState state = new HttpState(); 809 Credentials cred = new UsernamePasswordCredentials("name", "pass"); 810 state.setCredentials(null, "admin.apache.org", cred); 811 Credentials got = state.getCredentials("admin.apache.org", "myhost"); 812 assertNotSame(cred, got); 813 } 814 815 public void testRealmSpoof2() throws Exception { 816 HttpState state = new HttpState(); 817 Credentials cred = new UsernamePasswordCredentials("name", "pass"); 818 state.setCredentials(null, "whatever", cred); 819 Credentials got = state.getCredentials("nullwhatever", null); 820 assertNotSame(cred, got); 821 } 822 }

This page was automatically generated by Maven