| /* |
| * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. |
| * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
| * |
| * This code is free software; you can redistribute it and/or modify it |
| * under the terms of the GNU General Public License version 2 only, as |
| * published by the Free Software Foundation. |
| * |
| * This code is distributed in the hope that it will be useful, but WITHOUT |
| * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
| * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
| * version 2 for more details (a copy is included in the LICENSE file that |
| * accompanied this code). |
| * |
| * You should have received a copy of the GNU General Public License version |
| * 2 along with this work; if not, write to the Free Software Foundation, |
| * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
| * |
| * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
| * or visit www.oracle.com if you need additional information or have any |
| * questions. |
| */ |
| |
| /* @test |
| * @bug 8004502 |
| * @summary Sanity check that NTLM will not be selected by the http protocol |
| * handler when running on a profile that does not support NTLM |
| * @run main/othervm NoNTLM |
| */ |
| |
| import java.net.*; |
| import java.io.*; |
| import sun.net.www.MessageHeader; |
| |
| public class NoNTLM { |
| |
| static final String CRLF = "\r\n"; |
| |
| static final String OKAY = |
| "HTTP/1.1 200" + CRLF + |
| "Content-Length: 0" + CRLF + |
| "Connection: close" + CRLF + |
| CRLF; |
| |
| static class Client implements Runnable { |
| private final URL url; |
| private volatile IOException ioe; |
| private volatile int respCode; |
| |
| Client(int port) throws IOException { |
| this.url = new URL("http://127.0.0.1:" + port + "/foo.html"); |
| } |
| |
| public void run() { |
| try { |
| HttpURLConnection uc = |
| (HttpURLConnection)url.openConnection(Proxy.NO_PROXY); |
| try { |
| uc.getInputStream(); |
| } catch (IOException x) { |
| respCode = uc.getResponseCode(); |
| throw x; |
| } |
| uc.disconnect(); |
| } catch (IOException x) { |
| if (respCode == 0) |
| respCode = -1; |
| ioe = x; |
| } |
| } |
| |
| IOException ioException() { |
| return ioe; |
| } |
| |
| int respCode() { |
| return respCode; |
| } |
| |
| static void start(int port) throws IOException { |
| Client client = new Client(port); |
| new Thread(client).start(); |
| } |
| } |
| |
| /** |
| * Return the http response with WWW-Authenticate headers for the given |
| * authentication schemes. |
| */ |
| static String authReplyFor(String... schemes) { |
| // construct the server reply |
| String reply = "HTTP/1.1 401 Unauthorized" + CRLF + |
| "Content-Length: 0"+ CRLF + |
| "Connection: close" + CRLF; |
| for (String s: schemes) { |
| switch (s) { |
| case "Basic" : |
| reply += "WWW-Authenticate: Basic realm=\"wallyworld\"" + CRLF; |
| break; |
| case "Digest" : |
| reply += "WWW-Authenticate: Digest" + |
| " realm=\"wallyworld\"" + |
| " domain=/" + |
| " nonce=\"abcdefghijklmnopqrstuvwxyz\"" + |
| " qop=\"auth\"" + CRLF; |
| break; |
| case "NTLM" : |
| reply += "WWW-Authenticate: NTLM" + CRLF; |
| break; |
| default : |
| throw new RuntimeException("Should not get here"); |
| } |
| } |
| reply += CRLF; |
| return reply; |
| } |
| |
| /** |
| * Test the http protocol handler with the given authentication schemes |
| * in the WWW-Authenticate header. |
| */ |
| static void test(String... schemes) throws IOException { |
| |
| // the authentication scheme that the client is expected to choose |
| String expected = null; |
| for (String s: schemes) { |
| if (expected == null) { |
| expected = s; |
| } else if (s.equals("Digest")) { |
| expected = s; |
| } |
| } |
| |
| // server reply |
| String reply = authReplyFor(schemes); |
| |
| System.out.println("===================================="); |
| System.out.println("Expect client to choose: " + expected); |
| System.out.println(reply); |
| |
| try (ServerSocket ss = new ServerSocket(0)) { |
| Client.start(ss.getLocalPort()); |
| |
| // client ---- GET ---> server |
| // client <--- 401 ---- server |
| try (Socket s = ss.accept()) { |
| new MessageHeader().parseHeader(s.getInputStream()); |
| s.getOutputStream().write(reply.getBytes("US-ASCII")); |
| } |
| |
| // client ---- GET ---> server |
| // client <--- 200 ---- server |
| String auth; |
| try (Socket s = ss.accept()) { |
| MessageHeader mh = new MessageHeader(); |
| mh.parseHeader(s.getInputStream()); |
| s.getOutputStream().write(OKAY.getBytes("US-ASCII")); |
| auth = mh.findValue("Authorization"); |
| } |
| |
| // check Authorization header |
| if (auth == null) |
| throw new RuntimeException("Authorization header not found"); |
| System.out.println("Server received Authorization header: " + auth); |
| String[] values = auth.split(" "); |
| if (!values[0].equals(expected)) |
| throw new RuntimeException("Unexpected value"); |
| } |
| } |
| |
| /** |
| * Test the http protocol handler with one WWW-Authenticate header with |
| * the value "NTLM". |
| */ |
| static void testNTLM() throws Exception { |
| // server reply |
| String reply = authReplyFor("NTLM"); |
| |
| System.out.println("===================================="); |
| System.out.println("Expect client to fail with 401 Unauthorized"); |
| System.out.println(reply); |
| |
| try (ServerSocket ss = new ServerSocket(0)) { |
| Client client = new Client(ss.getLocalPort()); |
| Thread thr = new Thread(client); |
| thr.start(); |
| |
| // client ---- GET ---> server |
| // client <--- 401 ---- client |
| try (Socket s = ss.accept()) { |
| new MessageHeader().parseHeader(s.getInputStream()); |
| s.getOutputStream().write(reply.getBytes("US-ASCII")); |
| } |
| |
| // the client should fail with 401 |
| System.out.println("Waiting for client to terminate"); |
| thr.join(); |
| IOException ioe = client.ioException(); |
| if (ioe != null) |
| System.out.println("Client failed: " + ioe); |
| int respCode = client.respCode(); |
| if (respCode != 0 && respCode != -1) |
| System.out.println("Client received HTTP response code: " + respCode); |
| if (respCode != HttpURLConnection.HTTP_UNAUTHORIZED) |
| throw new RuntimeException("Unexpected response code"); |
| } |
| } |
| |
| public static void main(String[] args) throws Exception { |
| // assume NTLM is not supported when Kerberos is not available |
| try { |
| Class.forName("javax.security.auth.kerberos.KerberosPrincipal"); |
| System.out.println("Kerberos is present, assuming NTLM is supported too"); |
| return; |
| } catch (ClassNotFoundException okay) { } |
| |
| // setup Authenticator |
| Authenticator.setDefault(new Authenticator() { |
| @Override |
| protected PasswordAuthentication getPasswordAuthentication() { |
| return new PasswordAuthentication("user", "pass".toCharArray()); |
| } |
| }); |
| |
| // test combinations of authentication schemes |
| test("Basic"); |
| test("Digest"); |
| test("Basic", "Digest"); |
| test("Basic", "NTLM"); |
| test("Digest", "NTLM"); |
| test("Basic", "Digest", "NTLM"); |
| |
| // test NTLM only, this should fail with "401 Unauthorized" |
| testNTLM(); |
| |
| System.out.println(); |
| System.out.println("TEST PASSED"); |
| } |
| } |
| |