You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by Gary Gregory <ga...@gmail.com> on 2012/11/08 13:33:31 UTC
Re: svn commit: r1406998 - in /httpcomponents/httpclient/branches/4.2.x:
RELEASE_NOTES.txt httpclient/src/main/java/org/apache/http/impl/auth/NTLMEngineImpl.java
In Commons land we generate release notes automatically. Is there a
reason it is not done this like here?
Gary
On Nov 8, 2012, at 5:27, "olegk@apache.org" <ol...@apache.org> wrote:
> Author: olegk
> Date: Thu Nov 8 10:26:33 2012
> New Revision: 1406998
>
> URL: http://svn.apache.org/viewvc?rev=1406998&view=rev
> Log:
> HTTPCLIENT-1258: Fixed NullPointerException in NTLMEngineImpl caused by null NT domain attribute
>
> Modified:
> httpcomponents/httpclient/branches/4.2.x/RELEASE_NOTES.txt
> httpcomponents/httpclient/branches/4.2.x/httpclient/src/main/java/org/apache/http/impl/auth/NTLMEngineImpl.java
>
> Modified: httpcomponents/httpclient/branches/4.2.x/RELEASE_NOTES.txt
> URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/branches/4.2.x/RELEASE_NOTES.txt?rev=1406998&r1=1406997&r2=1406998&view=diff
> ==============================================================================
> --- httpcomponents/httpclient/branches/4.2.x/RELEASE_NOTES.txt (original)
> +++ httpcomponents/httpclient/branches/4.2.x/RELEASE_NOTES.txt Thu Nov 8 10:26:33 2012
> @@ -1,6 +1,10 @@
> Changes since 4.2.2
> -------------------
>
> +* [HTTPCLIENT-1258] Fixed NullPointerException in NTLMEngineImpl caused by null NT domain
> + attribute.
> + Contributed by Oleg Kalnichevski <olegk at apache.org>
> +
> * [HTTPCLIENT-1254] Redirect with underscore in hostname causes ProtocolException.
> Contributed by Oleg Kalnichevski <olegk at apache.org>
>
>
> Modified: httpcomponents/httpclient/branches/4.2.x/httpclient/src/main/java/org/apache/http/impl/auth/NTLMEngineImpl.java
> URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/branches/4.2.x/httpclient/src/main/java/org/apache/http/impl/auth/NTLMEngineImpl.java?rev=1406998&r1=1406997&r2=1406998&view=diff
> ==============================================================================
> --- httpcomponents/httpclient/branches/4.2.x/httpclient/src/main/java/org/apache/http/impl/auth/NTLMEngineImpl.java (original)
> +++ httpcomponents/httpclient/branches/4.2.x/httpclient/src/main/java/org/apache/http/impl/auth/NTLMEngineImpl.java Thu Nov 8 10:26:33 2012
> @@ -29,6 +29,7 @@ package org.apache.http.impl.auth;
> import java.security.Key;
> import java.security.MessageDigest;
> import java.util.Arrays;
> +import java.util.Locale;
>
> import javax.crypto.Cipher;
> import javax.crypto.spec.SecretKeySpec;
> @@ -82,6 +83,42 @@ final class NTLMEngineImpl implements NT
> SIGNATURE[bytesWithoutNull.length] = (byte) 0x00;
> }
>
> + private static byte[] convert0(final String text) throws NTLMEngineException {
> + if (text == null) {
> + return null;
> + }
> + try {
> + return text.getBytes("UnicodeLittleUnmarked");
> + } catch (java.io.UnsupportedEncodingException ex) {
> + throw new NTLMEngineException("Unicode not supported", ex);
> + }
> + }
> +
> + private static byte[] convert(final String text) throws NTLMEngineException {
> + if (text == null) {
> + return new byte[] {};
> + }
> + return convert0(text);
> + }
> +
> + private static String convert0(final byte[] b) throws NTLMEngineException {
> + if (b == null) {
> + return null;
> + }
> + try {
> + return new String(b, "UnicodeLittleUnmarked");
> + } catch (java.io.UnsupportedEncodingException ex) {
> + throw new NTLMEngineException("Unicode not supported", ex);
> + }
> + }
> +
> + private static String convert(final byte[] b) throws NTLMEngineException {
> + if (b == null) {
> + return "";
> + }
> + return convert0(b);
> + }
> +
> /**
> * Returns the response for the given message.
> *
> @@ -172,6 +209,9 @@ final class NTLMEngineImpl implements NT
>
> /** Strip dot suffix from a name */
> private static String stripDotSuffix(String value) {
> + if (value == null) {
> + return null;
> + }
> int index = value.indexOf(".");
> if (index != -1)
> return value.substring(0, index);
> @@ -413,14 +453,10 @@ final class NTLMEngineImpl implements NT
> * the NTLM Response and the NTLMv2 and LMv2 Hashes.
> */
> private static byte[] ntlmHash(String password) throws NTLMEngineException {
> - try {
> - byte[] unicodePassword = password.getBytes("UnicodeLittleUnmarked");
> - MD4 md4 = new MD4();
> - md4.update(unicodePassword);
> - return md4.getOutput();
> - } catch (java.io.UnsupportedEncodingException e) {
> - throw new NTLMEngineException("Unicode not supported: " + e.getMessage(), e);
> - }
> + byte[] unicodePassword = convert(password);
> + MD4 md4 = new MD4();
> + md4.update(unicodePassword);
> + return md4.getOutput();
> }
>
> /**
> @@ -438,16 +474,12 @@ final class NTLMEngineImpl implements NT
> */
> private static byte[] ntlmv2Hash(String target, String user, String password)
> throws NTLMEngineException {
> - try {
> - byte[] ntlmHash = ntlmHash(password);
> - HMACMD5 hmacMD5 = new HMACMD5(ntlmHash);
> - // Upper case username, mixed case target!!
> - hmacMD5.update(user.toUpperCase().getBytes("UnicodeLittleUnmarked"));
> - hmacMD5.update(target.getBytes("UnicodeLittleUnmarked"));
> - return hmacMD5.getOutput();
> - } catch (java.io.UnsupportedEncodingException e) {
> - throw new NTLMEngineException("Unicode not supported! " + e.getMessage(), e);
> - }
> + byte[] ntlmHash = ntlmHash(password);
> + HMACMD5 hmacMD5 = new HMACMD5(ntlmHash);
> + // Upper case username, mixed case target!!
> + hmacMD5.update(convert(user.toUpperCase(Locale.US)));
> + hmacMD5.update(convert(target));
> + return hmacMD5.getOutput();
> }
>
> /**
> @@ -759,17 +791,13 @@ final class NTLMEngineImpl implements NT
> /** Constructor. Include the arguments the message will need */
> Type1Message(String domain, String host) throws NTLMEngineException {
> super();
> - try {
> - // Strip off domain name from the host!
> - host = convertHost(host);
> - // Use only the base domain name!
> - domain = convertDomain(domain);
> -
> - hostBytes = host.getBytes("UnicodeLittleUnmarked");
> - domainBytes = domain.toUpperCase().getBytes("UnicodeLittleUnmarked");
> - } catch (java.io.UnsupportedEncodingException e) {
> - throw new NTLMEngineException("Unicode unsupported: " + e.getMessage(), e);
> - }
> + // Strip off domain name from the host!
> + host = convertHost(host);
> + // Use only the base domain name!
> + domain = convertDomain(domain);
> +
> + hostBytes = convert(host);
> + domainBytes = convert(domain != null ? domain.toUpperCase(Locale.US) : null);
> }
>
> /**
> @@ -847,11 +875,7 @@ final class NTLMEngineImpl implements NT
> if (getMessageLength() >= 12 + 8) {
> byte[] bytes = readSecurityBuffer(12);
> if (bytes.length != 0) {
> - try {
> - target = new String(bytes, "UnicodeLittleUnmarked");
> - } catch (java.io.UnsupportedEncodingException e) {
> - throw new NTLMEngineException(e.getMessage(), e);
> - }
> + target = convert(bytes);
> }
> }
>
> @@ -943,14 +967,9 @@ final class NTLMEngineImpl implements NT
> ntResp = new byte[0];
> lmResp = getLMResponse(password, nonce);
> }
> -
> - try {
> - domainBytes = domain.toUpperCase().getBytes("UnicodeLittleUnmarked");
> - hostBytes = host.getBytes("UnicodeLittleUnmarked");
> - userBytes = user.getBytes("UnicodeLittleUnmarked");
> - } catch (java.io.UnsupportedEncodingException e) {
> - throw new NTLMEngineException("Unicode not supported: " + e.getMessage(), e);
> - }
> + domainBytes = convert(domain != null ? domain.toUpperCase(Locale.US) : null);
> + hostBytes = convert(host);
> + userBytes = convert(user);
> }
>
> /** Assemble the response */
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
Re: svn commit: r1406998
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Thu, 2012-11-08 at 09:54 -0500, Gary Gregory wrote:
> On Thu, Nov 8, 2012 at 9:46 AM, Oleg Kalnichevski <ol...@apache.org> wrote:
>
> > On Thu, 2012-11-08 at 07:33 -0500, Gary Gregory wrote:
> > > In Commons land we generate release notes automatically. Is there a
> > > reason it is not done this like here?
> > >
> > > Gary
> > >
> >
> > Gary
> >
> > No reason other than inertia on my part. I generally find it more
> > manageable updating the release notes at the same time as committing a
> > fix or a changeset to the repository rather than trying to generate
> > release notes shortly before a release. Usually, come release, I can
> > hardly remembering what all those issues were about. This also allows me
> > to omit issues I deem unimportant. But as any manual process, I fully
> > admit it can be error-prone.
> >
>
> It's the same process over there except that commits are made to code and
> to a changes.xml file which is used to generate an HTML report (as part of
> the Maven reports, see Commons IO [1] for example) and a txt file at
> release time.
>
I'll happily adjust if someone can lay the groundwork for using
changes.xml instead of a plain RELEASE_NOTES.txt.
Oleg
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
Re: svn commit: r1406998
Posted by Gary Gregory <ga...@gmail.com>.
On Thu, Nov 8, 2012 at 9:46 AM, Oleg Kalnichevski <ol...@apache.org> wrote:
> On Thu, 2012-11-08 at 07:33 -0500, Gary Gregory wrote:
> > In Commons land we generate release notes automatically. Is there a
> > reason it is not done this like here?
> >
> > Gary
> >
>
> Gary
>
> No reason other than inertia on my part. I generally find it more
> manageable updating the release notes at the same time as committing a
> fix or a changeset to the repository rather than trying to generate
> release notes shortly before a release. Usually, come release, I can
> hardly remembering what all those issues were about. This also allows me
> to omit issues I deem unimportant. But as any manual process, I fully
> admit it can be error-prone.
>
It's the same process over there except that commits are made to code and
to a changes.xml file which is used to generate an HTML report (as part of
the Maven reports, see Commons IO [1] for example) and a txt file at
release time.
> I'll happily vacate the role of the release manager, though.
>
I think you are the best one for this project ATM. As for me, I do not know
its innards well enough yet ;)
Gary
[1] https://commons.apache.org/io/changes-report.html
>
> Oleg
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
> For additional commands, e-mail: dev-help@hc.apache.org
>
>
--
E-Mail: garydgregory@gmail.com | ggregory@apache.org
JUnit in Action, 2nd Ed: <http://goog_1249600977>http://bit.ly/ECvg0
Spring Batch in Action: <http://s.apache.org/HOq>http://bit.ly/bqpbCK
Blog: http://garygregory.wordpress.com
Home: http://garygregory.com/
Tweet! http://twitter.com/GaryGregory
Re: svn commit: r1406998
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Thu, 2012-11-08 at 07:33 -0500, Gary Gregory wrote:
> In Commons land we generate release notes automatically. Is there a
> reason it is not done this like here?
>
> Gary
>
Gary
No reason other than inertia on my part. I generally find it more
manageable updating the release notes at the same time as committing a
fix or a changeset to the repository rather than trying to generate
release notes shortly before a release. Usually, come release, I can
hardly remembering what all those issues were about. This also allows me
to omit issues I deem unimportant. But as any manual process, I fully
admit it can be error-prone.
I'll happily vacate the role of the release manager, though.
Oleg
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org