You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hc.apache.org by ol...@apache.org on 2017/11/24 21:47:17 UTC
[1/3] httpcomponents-client git commit: CredSspScheme to require a
valid SSLContext
Repository: httpcomponents-client
Updated Branches:
refs/heads/4.6.x f8a26dffd -> d40f30c46
CredSspScheme to require a valid SSLContext
Project: http://git-wip-us.apache.org/repos/asf/httpcomponents-client/repo
Commit: http://git-wip-us.apache.org/repos/asf/httpcomponents-client/commit/d40f30c4
Tree: http://git-wip-us.apache.org/repos/asf/httpcomponents-client/tree/d40f30c4
Diff: http://git-wip-us.apache.org/repos/asf/httpcomponents-client/diff/d40f30c4
Branch: refs/heads/4.6.x
Commit: d40f30c4689dd88184f890609d9dfa6c17c0edec
Parents: 6d8a3af
Author: Oleg Kalnichevski <ol...@apache.org>
Authored: Fri Nov 24 19:03:59 2017 +0100
Committer: Oleg Kalnichevski <ol...@apache.org>
Committed: Fri Nov 24 22:44:23 2017 +0100
----------------------------------------------------------------------
.../apache/http/impl/auth/CredSspScheme.java | 63 ++------------------
.../http/impl/auth/CredSspSchemeFactory.java | 35 ++++++++++-
2 files changed, 38 insertions(+), 60 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/httpcomponents-client/blob/d40f30c4/httpclient/src/main/java/org/apache/http/impl/auth/CredSspScheme.java
----------------------------------------------------------------------
diff --git a/httpclient/src/main/java/org/apache/http/impl/auth/CredSspScheme.java b/httpclient/src/main/java/org/apache/http/impl/auth/CredSspScheme.java
index 748642c..7c7515b 100644
--- a/httpclient/src/main/java/org/apache/http/impl/auth/CredSspScheme.java
+++ b/httpclient/src/main/java/org/apache/http/impl/auth/CredSspScheme.java
@@ -30,11 +30,8 @@ package org.apache.http.impl.auth;
import java.nio.ByteBuffer;
import java.nio.charset.Charset;
-import java.security.KeyManagementException;
-import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.Certificate;
-import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
@@ -46,8 +43,6 @@ import javax.net.ssl.SSLEngineResult.Status;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.X509TrustManager;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.logging.Log;
@@ -62,10 +57,9 @@ import org.apache.http.auth.Credentials;
import org.apache.http.auth.InvalidCredentialsException;
import org.apache.http.auth.MalformedChallengeException;
import org.apache.http.auth.NTCredentials;
-import org.apache.http.conn.ssl.SSLInitializationException;
import org.apache.http.message.BufferedHeader;
import org.apache.http.protocol.HttpContext;
-import org.apache.http.ssl.SSLContexts;
+import org.apache.http.util.Args;
import org.apache.http.util.CharArrayBuffer;
import org.apache.http.util.CharsetUtils;
@@ -118,6 +112,7 @@ public class CredSspScheme extends AuthSchemeBase
CREDENTIALS_SENT;
}
+ private final SSLContext sslContext;
private State state;
private SSLEngine sslEngine;
private NTLMEngineImpl.Type1Message type1Message;
@@ -129,7 +124,8 @@ public class CredSspScheme extends AuthSchemeBase
private byte[] peerPublicKey;
- public CredSspScheme() {
+ public CredSspScheme(final SSLContext sslContext) {
+ this.sslContext = Args.notNull(sslContext, "SSL context");
state = State.UNINITIATED;
}
@@ -174,57 +170,6 @@ public class CredSspScheme extends AuthSchemeBase
private SSLEngine createSSLEngine()
{
- final SSLContext sslContext;
- try
- {
- sslContext = SSLContexts.custom().build();
- }
- catch ( final NoSuchAlgorithmException e )
- {
- throw new SSLInitializationException( "Error creating SSL Context: " + e.getMessage(), e );
- }
- catch ( final KeyManagementException e )
- {
- throw new SSLInitializationException( "Error creating SSL Context: " + e.getMessage(), e );
- }
-
- final X509TrustManager tm = new X509TrustManager()
- {
-
- @Override
- public void checkClientTrusted( final X509Certificate[] chain, final String authType )
- throws CertificateException
- {
- // Nothing to do.
- }
-
-
- @Override
- public void checkServerTrusted( final X509Certificate[] chain, final String authType )
- throws CertificateException
- {
- // Nothing to do, accept all. CredSSP server is using its own certificate without any
- // binding to the PKI trust chains. The public key is verified as part of the CredSSP
- // protocol exchange.
- }
-
-
- @Override
- public X509Certificate[] getAcceptedIssuers()
- {
- return null;
- }
-
- };
- try
- {
- sslContext.init( null, new TrustManager[]
- { tm }, null );
- }
- catch ( final KeyManagementException e )
- {
- throw new SSLInitializationException( "SSL Context initialization error: " + e.getMessage(), e );
- }
final SSLEngine sslEngine = sslContext.createSSLEngine();
sslEngine.setUseClientMode( true );
return sslEngine;
http://git-wip-us.apache.org/repos/asf/httpcomponents-client/blob/d40f30c4/httpclient/src/main/java/org/apache/http/impl/auth/CredSspSchemeFactory.java
----------------------------------------------------------------------
diff --git a/httpclient/src/main/java/org/apache/http/impl/auth/CredSspSchemeFactory.java b/httpclient/src/main/java/org/apache/http/impl/auth/CredSspSchemeFactory.java
index 27754bc..4eb8292 100644
--- a/httpclient/src/main/java/org/apache/http/impl/auth/CredSspSchemeFactory.java
+++ b/httpclient/src/main/java/org/apache/http/impl/auth/CredSspSchemeFactory.java
@@ -28,18 +28,51 @@
package org.apache.http.impl.auth;
+import java.security.KeyManagementException;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+
+import javax.net.ssl.SSLContext;
+
import org.apache.http.annotation.Experimental;
import org.apache.http.auth.AuthScheme;
import org.apache.http.auth.AuthSchemeProvider;
+import org.apache.http.conn.ssl.SSLInitializationException;
+import org.apache.http.conn.ssl.TrustAllStrategy;
import org.apache.http.protocol.HttpContext;
+import org.apache.http.ssl.SSLContexts;
@Experimental
public class CredSspSchemeFactory implements AuthSchemeProvider
{
+ private final SSLContext sslContext;
+
+ public CredSspSchemeFactory() {
+ this(createDefaultContext());
+ }
+
+ public CredSspSchemeFactory(final SSLContext sslContext) {
+ this.sslContext = sslContext != null ? sslContext : createDefaultContext();
+ }
+
+ private static SSLContext createDefaultContext() throws SSLInitializationException {
+ try {
+ return SSLContexts.custom()
+ .loadTrustMaterial(new TrustAllStrategy())
+ .build();
+ } catch (final NoSuchAlgorithmException ex) {
+ throw new SSLInitializationException(ex.getMessage(), ex);
+ } catch (final KeyManagementException ex) {
+ throw new SSLInitializationException(ex.getMessage(), ex);
+ } catch (final KeyStoreException ex) {
+ throw new SSLInitializationException(ex.getMessage(), ex);
+ }
+ }
+
@Override
public AuthScheme create( final HttpContext context )
{
- return new CredSspScheme();
+ return new CredSspScheme(sslContext);
}
}
[2/3] httpcomponents-client git commit: Marked CREDSSP auth scheme
experimental
Posted by ol...@apache.org.
Marked CREDSSP auth scheme experimental
Project: http://git-wip-us.apache.org/repos/asf/httpcomponents-client/repo
Commit: http://git-wip-us.apache.org/repos/asf/httpcomponents-client/commit/6d8a3af7
Tree: http://git-wip-us.apache.org/repos/asf/httpcomponents-client/tree/6d8a3af7
Diff: http://git-wip-us.apache.org/repos/asf/httpcomponents-client/diff/6d8a3af7
Branch: refs/heads/4.6.x
Commit: 6d8a3af7ab40d74bf6ca3f255e5475247f766666
Parents: ec368ae
Author: Oleg Kalnichevski <ol...@apache.org>
Authored: Fri Nov 24 18:51:03 2017 +0100
Committer: Oleg Kalnichevski <ol...@apache.org>
Committed: Fri Nov 24 22:44:23 2017 +0100
----------------------------------------------------------------------
.../src/main/java/org/apache/http/impl/auth/CredSspScheme.java | 2 ++
.../main/java/org/apache/http/impl/auth/CredSspSchemeFactory.java | 3 ++-
2 files changed, 4 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/httpcomponents-client/blob/6d8a3af7/httpclient/src/main/java/org/apache/http/impl/auth/CredSspScheme.java
----------------------------------------------------------------------
diff --git a/httpclient/src/main/java/org/apache/http/impl/auth/CredSspScheme.java b/httpclient/src/main/java/org/apache/http/impl/auth/CredSspScheme.java
index 0d42266..748642c 100644
--- a/httpclient/src/main/java/org/apache/http/impl/auth/CredSspScheme.java
+++ b/httpclient/src/main/java/org/apache/http/impl/auth/CredSspScheme.java
@@ -55,6 +55,7 @@ import org.apache.commons.logging.LogFactory;
import org.apache.http.Consts;
import org.apache.http.Header;
import org.apache.http.HttpRequest;
+import org.apache.http.annotation.Experimental;
import org.apache.http.auth.AUTH;
import org.apache.http.auth.AuthenticationException;
import org.apache.http.auth.Credentials;
@@ -82,6 +83,7 @@ import org.apache.http.util.CharsetUtils;
* The implementation was inspired by Python CredSSP and NTLM implementation by Jordan Borean.
* </p>
*/
+@Experimental
public class CredSspScheme extends AuthSchemeBase
{
private static final Charset UNICODE_LITTLE_UNMARKED = CharsetUtils.lookup( "UnicodeLittleUnmarked" );
http://git-wip-us.apache.org/repos/asf/httpcomponents-client/blob/6d8a3af7/httpclient/src/main/java/org/apache/http/impl/auth/CredSspSchemeFactory.java
----------------------------------------------------------------------
diff --git a/httpclient/src/main/java/org/apache/http/impl/auth/CredSspSchemeFactory.java b/httpclient/src/main/java/org/apache/http/impl/auth/CredSspSchemeFactory.java
index 3953b57..27754bc 100644
--- a/httpclient/src/main/java/org/apache/http/impl/auth/CredSspSchemeFactory.java
+++ b/httpclient/src/main/java/org/apache/http/impl/auth/CredSspSchemeFactory.java
@@ -28,11 +28,12 @@
package org.apache.http.impl.auth;
+import org.apache.http.annotation.Experimental;
import org.apache.http.auth.AuthScheme;
import org.apache.http.auth.AuthSchemeProvider;
import org.apache.http.protocol.HttpContext;
-
+@Experimental
public class CredSspSchemeFactory implements AuthSchemeProvider
{
[3/3] httpcomponents-client git commit: Eliminated DebugUtil class
Posted by ol...@apache.org.
Eliminated DebugUtil class
Project: http://git-wip-us.apache.org/repos/asf/httpcomponents-client/repo
Commit: http://git-wip-us.apache.org/repos/asf/httpcomponents-client/commit/ec368aef
Tree: http://git-wip-us.apache.org/repos/asf/httpcomponents-client/tree/ec368aef
Diff: http://git-wip-us.apache.org/repos/asf/httpcomponents-client/diff/ec368aef
Branch: refs/heads/4.6.x
Commit: ec368aefb1bd146a18da654299c81734c9bb8cb0
Parents: f8a26df
Author: Oleg Kalnichevski <ol...@apache.org>
Authored: Fri Nov 24 18:47:00 2017 +0100
Committer: Oleg Kalnichevski <ol...@apache.org>
Committed: Fri Nov 24 22:44:23 2017 +0100
----------------------------------------------------------------------
.../apache/http/impl/auth/CredSspScheme.java | 20 +++-
.../org/apache/http/impl/auth/DebugUtil.java | 96 --------------------
2 files changed, 17 insertions(+), 99 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/httpcomponents-client/blob/ec368aef/httpclient/src/main/java/org/apache/http/impl/auth/CredSspScheme.java
----------------------------------------------------------------------
diff --git a/httpclient/src/main/java/org/apache/http/impl/auth/CredSspScheme.java b/httpclient/src/main/java/org/apache/http/impl/auth/CredSspScheme.java
index 721c84e..0d42266 100644
--- a/httpclient/src/main/java/org/apache/http/impl/auth/CredSspScheme.java
+++ b/httpclient/src/main/java/org/apache/http/impl/auth/CredSspScheme.java
@@ -1001,20 +1001,34 @@ public class CredSspScheme extends AuthSchemeBase
}
+ public static void dump( final StringBuilder sb, final byte[] bytes )
+ {
+ if ( bytes == null )
+ {
+ sb.append( "null" );
+ return;
+ }
+ for ( final byte b : bytes )
+ {
+ sb.append( String.format( "%02X ", b ) );
+ }
+ }
+
+
public String debugDump()
{
final StringBuilder sb = new StringBuilder( "TsRequest\n" );
sb.append( " negoToken:\n" );
sb.append( " " );
- DebugUtil.dump( sb, negoToken );
+ dump( sb, negoToken );
sb.append( "\n" );
sb.append( " authInfo:\n" );
sb.append( " " );
- DebugUtil.dump( sb, authInfo );
+ dump( sb, authInfo );
sb.append( "\n" );
sb.append( " pubKeyAuth:\n" );
sb.append( " " );
- DebugUtil.dump( sb, pubKeyAuth );
+ dump( sb, pubKeyAuth );
return sb.toString();
}
http://git-wip-us.apache.org/repos/asf/httpcomponents-client/blob/ec368aef/httpclient/src/main/java/org/apache/http/impl/auth/DebugUtil.java
----------------------------------------------------------------------
diff --git a/httpclient/src/main/java/org/apache/http/impl/auth/DebugUtil.java b/httpclient/src/main/java/org/apache/http/impl/auth/DebugUtil.java
deleted file mode 100644
index 2c8110e..0000000
--- a/httpclient/src/main/java/org/apache/http/impl/auth/DebugUtil.java
+++ /dev/null
@@ -1,96 +0,0 @@
-/*
- * ====================================================================
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation. For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- */
-
-package org.apache.http.impl.auth;
-
-
-import java.nio.ByteBuffer;
-
-
-/**
- * Simple debugging utility class for CredSSP and NTLM implementations.
- */
-class DebugUtil
-{
-
- public static String dump( final ByteBuffer buf )
- {
- final ByteBuffer dup = buf.duplicate();
- final StringBuilder sb = new StringBuilder( dup.toString() );
- sb.append( ": " );
- while ( dup.position() < dup.limit() )
- {
- sb.append( String.format( "%02X ", dup.get() ) );
- }
- return sb.toString();
- }
-
-
- public static void dump( final StringBuilder sb, final byte[] bytes )
- {
- if ( bytes == null )
- {
- sb.append( "null" );
- return;
- }
- for ( final byte b : bytes )
- {
- sb.append( String.format( "%02X ", b ) );
- }
- }
-
-
- public static String dump( final byte[] bytes )
- {
- final StringBuilder sb = new StringBuilder();
- dump( sb, bytes );
- return sb.toString();
- }
-
-
- public static byte[] fromHex( final String hex )
- {
- int i = 0;
- final byte[] bytes = new byte[200000];
- int h = 0;
- while ( h < hex.length() )
- {
- if ( hex.charAt( h ) == ' ' )
- {
- h++;
- }
- final String str = hex.substring( h, h + 2 );
- bytes[i] = ( byte ) Integer.parseInt( str, 16 );
- i++;
- h = h + 2;
- }
- final byte[] outbytes = new byte[i];
- System.arraycopy( bytes, 0, outbytes, 0, i );
- return outbytes;
- }
-
-}