1 30 31 package org.apache.commons.httpclient.contrib.auth; 32 33 import org.apache.commons.codec.binary.Base64; 34 import org.apache.commons.httpclient.Credentials; 35 import org.apache.commons.httpclient.HttpMethod; 36 import org.apache.commons.httpclient.auth.AuthChallengeException; 37 import org.apache.commons.httpclient.auth.AuthScheme; 38 import org.apache.commons.httpclient.auth.AuthenticationException; 39 import org.apache.commons.httpclient.auth.CredentialsNotAvailableException; 40 import org.apache.commons.httpclient.auth.InvalidCredentialsException; 41 import org.apache.commons.logging.Log; 42 import org.apache.commons.logging.LogFactory; 43 import org.ietf.jgss.GSSContext ; 44 import org.ietf.jgss.GSSException ; 45 import org.ietf.jgss.GSSManager ; 46 import org.ietf.jgss.GSSName ; 47 import org.ietf.jgss.Oid ; 48 49 54 public class NegotiateScheme implements AuthScheme { 55 56 57 private static final Log LOG = LogFactory.getLog(NegotiateScheme.class); 58 59 60 private String challenge = null; 61 62 private static final int UNINITIATED = 0; 63 private static final int INITIATED = 1; 64 private static final int NEGOTIATING = 3; 65 private static final int ESTABLISHED = 4; 66 private static final int FAILED = Integer.MAX_VALUE; 67 68 private GSSContext context = null; 69 70 71 private int state; 72 73 74 byte[] token = new byte[0]; 75 76 81 protected void init(String server) throws GSSException { 82 LOG.debug("init " + server); 83 84 Oid krb5Oid = new Oid ("1.2.840.113554.1.2.2"); 85 GSSManager manager = GSSManager.getInstance(); 86 GSSName serverName = manager.createName("HTTP/"+server, null); 87 context = manager.createContext(serverName, krb5Oid, null, 88 GSSContext.DEFAULT_LIFETIME); 89 context.requestMutualAuth(true); 90 context.requestCredDeleg(true); 91 state = INITIATED; 92 } 93 94 99 public NegotiateScheme() { 100 super(); 101 state = UNINITIATED; 102 } 103 104 109 public NegotiateScheme(final String challenge) { 110 super(); 111 LOG.debug("enter NegotiateScheme("+challenge+")"); 112 processChallenge(challenge); 113 } 114 115 122 public void processChallenge(final String challenge){ 123 LOG.debug("enter processChallenge(challenge=\""+challenge+"\")"); 124 if (challenge.startsWith("Negotiate")) { 125 if(isComplete() == false) 126 state = NEGOTIATING; 127 128 if (challenge.startsWith("Negotiate ")) 129 token = new Base64().decode(challenge.substring(10).getBytes()); 130 else 131 token = new byte[0]; 132 } 133 } 134 135 143 public boolean isComplete() { 144 LOG.debug("enter isComplete()"); 145 return this.state == ESTABLISHED || this.state == FAILED; 146 } 147 148 153 public String getSchemeName() { 154 return "Negotiate"; 155 } 156 157 163 public String getRealm() { 164 return null; 165 } 166 167 185 public String getID() { 186 LOG.debug("enter getID(): " + challenge); 187 return challenge; 188 } 189 190 200 public String getParameter(String name) { 201 LOG.debug("enter getParameter("+name+")"); 202 if (name == null) { 203 throw new IllegalArgumentException ("Parameter name may not be null"); 204 } 205 return null; 206 } 207 208 216 public boolean isConnectionBased() { 217 LOG.info("enter isConnectionBased()"); 218 return true; 219 } 220 221 228 public String authenticate(Credentials credentials, String method, String uri) 229 throws AuthenticationException { 230 throw new AuthenticationException("method not supported by Negotiate scheme"); 231 } 232 233 248 public String authenticate( 249 Credentials credentials, 250 HttpMethod method 251 ) throws AuthenticationException { 252 LOG.debug("enter NegotiateScheme.authenticate(Credentials, HttpMethod)"); 253 254 if (state == UNINITIATED) { 255 throw new IllegalStateException ( 256 "Negotiation authentication process has not been initiated"); 257 } 258 259 try { 260 try { 261 if(context==null) { 262 LOG.info("host: " + method.getURI().getHost()); 263 init( method.getURI().getHost() ); 264 } 265 } catch (org.apache.commons.httpclient.URIException urie) { 266 LOG.error(urie.getMessage()); 267 state = FAILED; 268 throw new AuthenticationException(urie.getMessage()); 269 } 270 271 token = context.initSecContext(token, 0, token.length); 276 LOG.info("got token, sending " + token.length + " to server"); 277 } catch (GSSException gsse) { 278 LOG.fatal(gsse.getMessage()); 279 state = FAILED; 280 if( gsse.getMajor() == GSSException.DEFECTIVE_CREDENTIAL 281 || gsse.getMajor() == GSSException.CREDENTIALS_EXPIRED ) 282 throw new InvalidCredentialsException(gsse.getMessage(),gsse); 283 if( gsse.getMajor() == GSSException.NO_CRED ) 284 throw new CredentialsNotAvailableException(gsse.getMessage(),gsse); 285 if( gsse.getMajor() == GSSException.DEFECTIVE_TOKEN 286 || gsse.getMajor() == GSSException.DUPLICATE_TOKEN 287 || gsse.getMajor() == GSSException.OLD_TOKEN ) 288 throw new AuthChallengeException(gsse.getMessage(),gsse); 289 throw new AuthenticationException(gsse.getMessage()); 291 } 292 return "Negotiate " + new String (new Base64().encode(token)); 293 } 294 } 295 | Popular Tags |