You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hc.apache.org by ol...@apache.org on 2013/07/08 11:28:50 UTC

svn commit: r1500629 - in /httpcomponents/httpclient/trunk/httpclient/src: main/java/org/apache/http/impl/auth/NTLMScheme.java test/java/org/apache/http/impl/client/integration/TestClientAuthenticationFakeNTLM.java

Author: olegk
Date: Mon Jul  8 09:28:50 2013
New Revision: 1500629

URL: http://svn.apache.org/r1500629
Log:
Follow up to HTTPCLIENT-1383: fixes another infinite loop in case of an out of sequence NTLM response
Contributed by Ricardo Pereira <thc202 at gmail.com>

Modified:
    httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/NTLMScheme.java
    httpcomponents/httpclient/trunk/httpclient/src/test/java/org/apache/http/impl/client/integration/TestClientAuthenticationFakeNTLM.java

Modified: httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/NTLMScheme.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/NTLMScheme.java?rev=1500629&r1=1500628&r2=1500629&view=diff
==============================================================================
--- httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/NTLMScheme.java (original)
+++ httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/NTLMScheme.java Mon Jul  8 09:28:50 2013
@@ -109,6 +109,7 @@ public class NTLMScheme extends AuthSche
         } else {
             if (this.state.compareTo(State.MSG_TYPE1_GENERATED) < 0) {
                 this.state = State.FAILED;
+                throw new MalformedChallengeException("Out of sequence NTLM response message");
             } else if (this.state == State.MSG_TYPE1_GENERATED) {
                 this.state = State.MSG_TYPE2_RECEVIED;
             }
@@ -127,7 +128,9 @@ public class NTLMScheme extends AuthSche
               + credentials.getClass().getName());
         }
         String response = null;
-        if (this.state == State.CHALLENGE_RECEIVED || this.state == State.FAILED) {
+        if (this.state == State.FAILED) {
+            throw new AuthenticationException("NTLM authentication failed");
+        } else if (this.state == State.CHALLENGE_RECEIVED) {
             response = this.engine.generateType1Msg(
                     ntcredentials.getDomain(),
                     ntcredentials.getWorkstation());

Modified: httpcomponents/httpclient/trunk/httpclient/src/test/java/org/apache/http/impl/client/integration/TestClientAuthenticationFakeNTLM.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/httpclient/src/test/java/org/apache/http/impl/client/integration/TestClientAuthenticationFakeNTLM.java?rev=1500629&r1=1500628&r2=1500629&view=diff
==============================================================================
--- httpcomponents/httpclient/trunk/httpclient/src/test/java/org/apache/http/impl/client/integration/TestClientAuthenticationFakeNTLM.java (original)
+++ httpcomponents/httpclient/trunk/httpclient/src/test/java/org/apache/http/impl/client/integration/TestClientAuthenticationFakeNTLM.java Mon Jul  8 09:28:50 2013
@@ -178,6 +178,12 @@ public class TestClientAuthenticationFak
 
     static class NtlmType2MessageOnlyResponseHandler implements HttpRequestHandler {
 
+        private final String authenticateHeaderValue;
+
+        public NtlmType2MessageOnlyResponseHandler(final String type2Message) {
+            this.authenticateHeaderValue = "NTLM " + type2Message;
+        }
+
         public void handle(
                 final HttpRequest request,
                 final HttpResponse response,
@@ -187,15 +193,41 @@ public class TestClientAuthenticationFak
                     HttpStatus.SC_UNAUTHORIZED,
                     "Authentication Required"));
             response.setHeader("Connection", "Keep-Alive");
-            response.setHeader(HttpHeaders.WWW_AUTHENTICATE, "NTLM TlRMTVNTUAACAA" +
-                    "AADAAMADgAAAAzggLiASNFZ4mrze8AAAAAAAAAAAAAAAAAAAAABgBwFwAAAA9T" +
-                    "AGUAcgB2AGUAcgA=");
+            response.setHeader(HttpHeaders.WWW_AUTHENTICATE, authenticateHeaderValue);
         }
     }
 
     @Test
     public void testNTLMType2MessageOnlyAuthenticationFailure() throws Exception {
-        this.localServer.register("*", new NtlmType2MessageOnlyResponseHandler());
+        this.localServer.register("*", new NtlmType2MessageOnlyResponseHandler("TlRMTVNTUAACAA" +
+                "AADAAMADgAAAAzggLiASNFZ4mrze8AAAAAAAAAAAAAAAAAAAAABgBwFwAAAA9T" +
+                "AGUAcgB2AGUAcgA="));
+        this.localServer.start();
+
+        final BasicCredentialsProvider credsProvider = new BasicCredentialsProvider();
+        credsProvider.setCredentials(AuthScope.ANY,
+                new NTCredentials("test", "test", null, null));
+
+        this.httpclient = HttpClients.custom()
+                .setDefaultCredentialsProvider(credsProvider)
+                .build();
+
+        final HttpContext context = HttpClientContext.create();
+
+        final HttpHost targethost = getServerHttp();
+        final HttpGet httpget = new HttpGet("/");
+
+        final HttpResponse response = this.httpclient.execute(targethost, httpget, context);
+        EntityUtils.consume(response.getEntity());
+        Assert.assertEquals(HttpStatus.SC_UNAUTHORIZED,
+                response.getStatusLine().getStatusCode());
+    }
+
+    @Test
+    public void testNTLMType2NonUnicodeMessageOnlyAuthenticationFailure() throws Exception {
+        this.localServer.register("*", new NtlmType2MessageOnlyResponseHandler("TlRMTVNTUAACAA" +
+                "AABgAGADgAAAAyggLiASNFZ4mrze8AAAAAAAAAAAAAAAAAAAAABgBwFwAAAA9T" +
+                "ZXJ2ZXI="));
         this.localServer.start();
 
         final BasicCredentialsProvider credsProvider = new BasicCredentialsProvider();