You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hc.apache.org by ol...@apache.org on 2013/07/07 12:20:33 UTC
svn commit: r1500401 - in /httpcomponents/httpclient/trunk/httpclient/src:
main/java/org/apache/http/impl/auth/NTLMEngineImpl.java
test/java/org/apache/http/impl/client/integration/TestClientAuthenticationFakeNTLM.java
Author: olegk
Date: Sun Jul 7 10:20:33 2013
New Revision: 1500401
URL: http://svn.apache.org/r1500401
Log:
Follow up to HTTPCLIENT-1381: fixes another NPE
Contributed by Ricardo Pereira <thc202 at gmail.com>
Modified:
httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/NTLMEngineImpl.java
httpcomponents/httpclient/trunk/httpclient/src/test/java/org/apache/http/impl/client/integration/TestClientAuthenticationFakeNTLM.java
Modified: httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/NTLMEngineImpl.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/NTLMEngineImpl.java?rev=1500401&r1=1500400&r2=1500401&view=diff
==============================================================================
--- httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/NTLMEngineImpl.java (original)
+++ httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/NTLMEngineImpl.java Sun Jul 7 10:20:33 2013
@@ -624,7 +624,7 @@ final class NTLMEngineImpl implements NT
final MD4 md4 = new MD4();
md4.update(unicodePassword);
return md4.getOutput();
- } catch (java.io.UnsupportedEncodingException e) {
+ } catch (UnsupportedEncodingException e) {
throw new NTLMEngineException("Unicode not supported: " + e.getMessage(), e);
}
}
@@ -641,9 +641,11 @@ final class NTLMEngineImpl implements NT
final HMACMD5 hmacMD5 = new HMACMD5(ntlmHash);
// Upper case username, upper case domain!
hmacMD5.update(user.toUpperCase(Locale.US).getBytes("UnicodeLittleUnmarked"));
- hmacMD5.update(domain.toUpperCase(Locale.US).getBytes("UnicodeLittleUnmarked"));
+ if (domain != null) {
+ hmacMD5.update(domain.toUpperCase(Locale.US).getBytes("UnicodeLittleUnmarked"));
+ }
return hmacMD5.getOutput();
- } catch (java.io.UnsupportedEncodingException e) {
+ } catch (UnsupportedEncodingException e) {
throw new NTLMEngineException("Unicode not supported! " + e.getMessage(), e);
}
}
@@ -660,9 +662,11 @@ final class NTLMEngineImpl implements NT
final HMACMD5 hmacMD5 = new HMACMD5(ntlmHash);
// Upper case username, mixed case target!!
hmacMD5.update(user.toUpperCase(Locale.US).getBytes("UnicodeLittleUnmarked"));
- hmacMD5.update(domain.getBytes("UnicodeLittleUnmarked"));
+ if (domain != null) {
+ hmacMD5.update(domain.getBytes("UnicodeLittleUnmarked"));
+ }
return hmacMD5.getOutput();
- } catch (java.io.UnsupportedEncodingException e) {
+ } catch (UnsupportedEncodingException e) {
throw new NTLMEngineException("Unicode not supported! " + e.getMessage(), e);
}
}
@@ -981,7 +985,7 @@ final class NTLMEngineImpl implements NT
hostBytes = unqualifiedHost != null? unqualifiedHost.getBytes("ASCII") : null;
domainBytes = unqualifiedDomain != null ? unqualifiedDomain
.toUpperCase(Locale.US).getBytes("ASCII") : null;
- } catch (java.io.UnsupportedEncodingException e) {
+ } catch (UnsupportedEncodingException e) {
throw new NTLMEngineException("Unicode unsupported: " + e.getMessage(), e);
}
}
@@ -1104,7 +1108,7 @@ final class NTLMEngineImpl implements NT
if (bytes.length != 0) {
try {
target = new String(bytes, "UnicodeLittleUnmarked");
- } catch (java.io.UnsupportedEncodingException e) {
+ } catch (UnsupportedEncodingException e) {
throw new NTLMEngineException(e.getMessage(), e);
}
}
Modified: httpcomponents/httpclient/trunk/httpclient/src/test/java/org/apache/http/impl/client/integration/TestClientAuthenticationFakeNTLM.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/httpclient/src/test/java/org/apache/http/impl/client/integration/TestClientAuthenticationFakeNTLM.java?rev=1500401&r1=1500400&r2=1500401&view=diff
==============================================================================
--- httpcomponents/httpclient/trunk/httpclient/src/test/java/org/apache/http/impl/client/integration/TestClientAuthenticationFakeNTLM.java (original)
+++ httpcomponents/httpclient/trunk/httpclient/src/test/java/org/apache/http/impl/client/integration/TestClientAuthenticationFakeNTLM.java Sun Jul 7 10:20:33 2013
@@ -99,7 +99,13 @@ public class TestClientAuthenticationFak
response.getStatusLine().getStatusCode());
}
- static class NtlmType2ResponseHandler implements HttpRequestHandler {
+ static class NtlmType2MessageResponseHandler implements HttpRequestHandler {
+
+ private final String authenticateHeaderValue;
+
+ public NtlmType2MessageResponseHandler(final String type2Message) {
+ this.authenticateHeaderValue = "NTLM " + type2Message;
+ }
public void handle(
final HttpRequest request,
@@ -113,16 +119,42 @@ public class TestClientAuthenticationFak
if (!request.containsHeader(HttpHeaders.AUTHORIZATION)) {
response.setHeader(HttpHeaders.WWW_AUTHENTICATE, "NTLM");
} else {
- response.setHeader(HttpHeaders.WWW_AUTHENTICATE, "NTLM TlRMTVNTUAACAA" +
- "AADAAMADgAAAAzwoICLgEjRWfCicKrw43DrwAAAAAAAAAAAAAAAAAAAAAGAHAX" +
- "AAAAD1MAZQByAHYAZQByAA==");
+ response.setHeader(HttpHeaders.WWW_AUTHENTICATE, authenticateHeaderValue);
}
}
}
@Test
- public void testNTLMType2() throws Exception {
- this.localServer.register("*", new NtlmType2ResponseHandler());
+ public void testNTLMv1Type2Message() throws Exception {
+ this.localServer.register("*", new NtlmType2MessageResponseHandler("TlRMTVNTUAACAA" +
+ "AADAAMADgAAAAzggLiASNFZ4mrze8AAAAAAAAAAAAAAAAAAAAABgBwFwAAAA9T" +
+ "AGUAcgB2AGUAcgA="));
+ this.localServer.start();
+
+ final BasicCredentialsProvider credsProvider = new BasicCredentialsProvider();
+ credsProvider.setCredentials(AuthScope.ANY,
+ new NTCredentials("test", "test", null, null));
+
+ this.httpclient = HttpClients.custom()
+ .setDefaultCredentialsProvider(credsProvider)
+ .build();
+
+ final HttpContext context = HttpClientContext.create();
+
+ final HttpHost targethost = getServerHttp();
+ final HttpGet httpget = new HttpGet("/");
+
+ final HttpResponse response = this.httpclient.execute(targethost, httpget, context);
+ EntityUtils.consume(response.getEntity());
+ Assert.assertEquals(HttpStatus.SC_UNAUTHORIZED,
+ response.getStatusLine().getStatusCode());
+ }
+
+ @Test
+ public void testNTLMv2Type2Message() throws Exception {
+ this.localServer.register("*", new NtlmType2MessageResponseHandler("TlRMTVNTUAACAA" +
+ "AADAAMADgAAAAzgoriASNFZ4mrze8AAAAAAAAAACQAJABEAAAABgBwFwAAAA9T" +
+ "AGUAcgB2AGUAcgACAAwARABvAG0AYQBpAG4AAQAMAFMAZQByAHYAZQByAAAAAAA="));
this.localServer.start();
final BasicCredentialsProvider credsProvider = new BasicCredentialsProvider();
Re: svn commit: r1500401
Posted by sebb <se...@gmail.com>.
On 8 July 2013 10:34, Oleg Kalnichevski <ol...@apache.org> wrote:
> On Sun, 2013-07-07 at 20:18 +0100, sebb wrote:
>> On 7 July 2013 11:20, <ol...@apache.org> wrote:
>> > Author: olegk
>> > Date: Sun Jul 7 10:20:33 2013
>> > New Revision: 1500401
>> >
>> > URL: http://svn.apache.org/r1500401
>> > Log:
>> > Follow up to HTTPCLIENT-1381: fixes another NPE
>> > Contributed by Ricardo Pereira <thc202 at gmail.com>
>> >
>> > Modified:
>> > httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/NTLMEngineImpl.java
>> > httpcomponents/httpclient/trunk/httpclient/src/test/java/org/apache/http/impl/client/integration/TestClientAuthenticationFakeNTLM.java
>> >
>> > Modified: httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/NTLMEngineImpl.java
>> > URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/NTLMEngineImpl.java?rev=1500401&r1=1500400&r2=1500401&view=diff
>> > ==============================================================================
>> > --- httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/NTLMEngineImpl.java (original)
>> > +++ httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/NTLMEngineImpl.java Sun Jul 7 10:20:33 2013
>> > @@ -624,7 +624,7 @@ final class NTLMEngineImpl implements NT
>> > final MD4 md4 = new MD4();
>> > md4.update(unicodePassword);
>> > return md4.getOutput();
>> > - } catch (java.io.UnsupportedEncodingException e) {
>> > + } catch (UnsupportedEncodingException e) {
>> > throw new NTLMEngineException("Unicode not supported: " + e.getMessage(), e);
>> > }
>> > }
>> > @@ -641,9 +641,11 @@ final class NTLMEngineImpl implements NT
>> > final HMACMD5 hmacMD5 = new HMACMD5(ntlmHash);
>> > // Upper case username, upper case domain!
>> > hmacMD5.update(user.toUpperCase(Locale.US).getBytes("UnicodeLittleUnmarked"));
>> > - hmacMD5.update(domain.toUpperCase(Locale.US).getBytes("UnicodeLittleUnmarked"));
>> > + if (domain != null) {
>> > + hmacMD5.update(domain.toUpperCase(Locale.US).getBytes("UnicodeLittleUnmarked"));
>>
>> Note that getBytes(String) is also Locale-sensitive; should probably
>> use Locale.ENGLISH.
>> (Locale.ROOT is 1.6+)
>
> Sebastian,
>
> I am not sure I follow you. String#getBytes only takes charset encoding
> as a parameter (either as string prior to 1.6 or Charset in 1.6+), not a
> locale. In any way just go ahead and commit the fix if you see a problem
> with this code.
Sorry, brain-fart!
The code is fine as is - though it might be worth considering using a
constant for the charset.
This could then be documented.
> Cheers
>
> Oleg
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
> For additional commands, e-mail: dev-help@hc.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
Re: svn commit: r1500401
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Sun, 2013-07-07 at 20:18 +0100, sebb wrote:
> On 7 July 2013 11:20, <ol...@apache.org> wrote:
> > Author: olegk
> > Date: Sun Jul 7 10:20:33 2013
> > New Revision: 1500401
> >
> > URL: http://svn.apache.org/r1500401
> > Log:
> > Follow up to HTTPCLIENT-1381: fixes another NPE
> > Contributed by Ricardo Pereira <thc202 at gmail.com>
> >
> > Modified:
> > httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/NTLMEngineImpl.java
> > httpcomponents/httpclient/trunk/httpclient/src/test/java/org/apache/http/impl/client/integration/TestClientAuthenticationFakeNTLM.java
> >
> > Modified: httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/NTLMEngineImpl.java
> > URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/NTLMEngineImpl.java?rev=1500401&r1=1500400&r2=1500401&view=diff
> > ==============================================================================
> > --- httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/NTLMEngineImpl.java (original)
> > +++ httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/NTLMEngineImpl.java Sun Jul 7 10:20:33 2013
> > @@ -624,7 +624,7 @@ final class NTLMEngineImpl implements NT
> > final MD4 md4 = new MD4();
> > md4.update(unicodePassword);
> > return md4.getOutput();
> > - } catch (java.io.UnsupportedEncodingException e) {
> > + } catch (UnsupportedEncodingException e) {
> > throw new NTLMEngineException("Unicode not supported: " + e.getMessage(), e);
> > }
> > }
> > @@ -641,9 +641,11 @@ final class NTLMEngineImpl implements NT
> > final HMACMD5 hmacMD5 = new HMACMD5(ntlmHash);
> > // Upper case username, upper case domain!
> > hmacMD5.update(user.toUpperCase(Locale.US).getBytes("UnicodeLittleUnmarked"));
> > - hmacMD5.update(domain.toUpperCase(Locale.US).getBytes("UnicodeLittleUnmarked"));
> > + if (domain != null) {
> > + hmacMD5.update(domain.toUpperCase(Locale.US).getBytes("UnicodeLittleUnmarked"));
>
> Note that getBytes(String) is also Locale-sensitive; should probably
> use Locale.ENGLISH.
> (Locale.ROOT is 1.6+)
Sebastian,
I am not sure I follow you. String#getBytes only takes charset encoding
as a parameter (either as string prior to 1.6 or Charset in 1.6+), not a
locale. In any way just go ahead and commit the fix if you see a problem
with this code.
Cheers
Oleg
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
Re: svn commit: r1500401 - in /httpcomponents/httpclient/trunk/httpclient/src:
main/java/org/apache/http/impl/auth/NTLMEngineImpl.java test/java/org/apache/http/impl/client/integration/TestClientAuthenticationFakeNTLM.java
Posted by sebb <se...@gmail.com>.
On 7 July 2013 11:20, <ol...@apache.org> wrote:
> Author: olegk
> Date: Sun Jul 7 10:20:33 2013
> New Revision: 1500401
>
> URL: http://svn.apache.org/r1500401
> Log:
> Follow up to HTTPCLIENT-1381: fixes another NPE
> Contributed by Ricardo Pereira <thc202 at gmail.com>
>
> Modified:
> httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/NTLMEngineImpl.java
> httpcomponents/httpclient/trunk/httpclient/src/test/java/org/apache/http/impl/client/integration/TestClientAuthenticationFakeNTLM.java
>
> Modified: httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/NTLMEngineImpl.java
> URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/NTLMEngineImpl.java?rev=1500401&r1=1500400&r2=1500401&view=diff
> ==============================================================================
> --- httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/NTLMEngineImpl.java (original)
> +++ httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/auth/NTLMEngineImpl.java Sun Jul 7 10:20:33 2013
> @@ -624,7 +624,7 @@ final class NTLMEngineImpl implements NT
> final MD4 md4 = new MD4();
> md4.update(unicodePassword);
> return md4.getOutput();
> - } catch (java.io.UnsupportedEncodingException e) {
> + } catch (UnsupportedEncodingException e) {
> throw new NTLMEngineException("Unicode not supported: " + e.getMessage(), e);
> }
> }
> @@ -641,9 +641,11 @@ final class NTLMEngineImpl implements NT
> final HMACMD5 hmacMD5 = new HMACMD5(ntlmHash);
> // Upper case username, upper case domain!
> hmacMD5.update(user.toUpperCase(Locale.US).getBytes("UnicodeLittleUnmarked"));
> - hmacMD5.update(domain.toUpperCase(Locale.US).getBytes("UnicodeLittleUnmarked"));
> + if (domain != null) {
> + hmacMD5.update(domain.toUpperCase(Locale.US).getBytes("UnicodeLittleUnmarked"));
Note that getBytes(String) is also Locale-sensitive; should probably
use Locale.ENGLISH.
(Locale.ROOT is 1.6+)
> + }
> return hmacMD5.getOutput();
> - } catch (java.io.UnsupportedEncodingException e) {
> + } catch (UnsupportedEncodingException e) {
> throw new NTLMEngineException("Unicode not supported! " + e.getMessage(), e);
> }
> }
> @@ -660,9 +662,11 @@ final class NTLMEngineImpl implements NT
> final HMACMD5 hmacMD5 = new HMACMD5(ntlmHash);
> // Upper case username, mixed case target!!
> hmacMD5.update(user.toUpperCase(Locale.US).getBytes("UnicodeLittleUnmarked"));
> - hmacMD5.update(domain.getBytes("UnicodeLittleUnmarked"));
> + if (domain != null) {
> + hmacMD5.update(domain.getBytes("UnicodeLittleUnmarked"));
> + }
> return hmacMD5.getOutput();
> - } catch (java.io.UnsupportedEncodingException e) {
> + } catch (UnsupportedEncodingException e) {
> throw new NTLMEngineException("Unicode not supported! " + e.getMessage(), e);
> }
> }
> @@ -981,7 +985,7 @@ final class NTLMEngineImpl implements NT
> hostBytes = unqualifiedHost != null? unqualifiedHost.getBytes("ASCII") : null;
> domainBytes = unqualifiedDomain != null ? unqualifiedDomain
> .toUpperCase(Locale.US).getBytes("ASCII") : null;
> - } catch (java.io.UnsupportedEncodingException e) {
> + } catch (UnsupportedEncodingException e) {
> throw new NTLMEngineException("Unicode unsupported: " + e.getMessage(), e);
> }
> }
> @@ -1104,7 +1108,7 @@ final class NTLMEngineImpl implements NT
> if (bytes.length != 0) {
> try {
> target = new String(bytes, "UnicodeLittleUnmarked");
> - } catch (java.io.UnsupportedEncodingException e) {
> + } catch (UnsupportedEncodingException e) {
> throw new NTLMEngineException(e.getMessage(), e);
> }
> }
>
> Modified: httpcomponents/httpclient/trunk/httpclient/src/test/java/org/apache/http/impl/client/integration/TestClientAuthenticationFakeNTLM.java
> URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/httpclient/src/test/java/org/apache/http/impl/client/integration/TestClientAuthenticationFakeNTLM.java?rev=1500401&r1=1500400&r2=1500401&view=diff
> ==============================================================================
> --- httpcomponents/httpclient/trunk/httpclient/src/test/java/org/apache/http/impl/client/integration/TestClientAuthenticationFakeNTLM.java (original)
> +++ httpcomponents/httpclient/trunk/httpclient/src/test/java/org/apache/http/impl/client/integration/TestClientAuthenticationFakeNTLM.java Sun Jul 7 10:20:33 2013
> @@ -99,7 +99,13 @@ public class TestClientAuthenticationFak
> response.getStatusLine().getStatusCode());
> }
>
> - static class NtlmType2ResponseHandler implements HttpRequestHandler {
> + static class NtlmType2MessageResponseHandler implements HttpRequestHandler {
> +
> + private final String authenticateHeaderValue;
> +
> + public NtlmType2MessageResponseHandler(final String type2Message) {
> + this.authenticateHeaderValue = "NTLM " + type2Message;
> + }
>
> public void handle(
> final HttpRequest request,
> @@ -113,16 +119,42 @@ public class TestClientAuthenticationFak
> if (!request.containsHeader(HttpHeaders.AUTHORIZATION)) {
> response.setHeader(HttpHeaders.WWW_AUTHENTICATE, "NTLM");
> } else {
> - response.setHeader(HttpHeaders.WWW_AUTHENTICATE, "NTLM TlRMTVNTUAACAA" +
> - "AADAAMADgAAAAzwoICLgEjRWfCicKrw43DrwAAAAAAAAAAAAAAAAAAAAAGAHAX" +
> - "AAAAD1MAZQByAHYAZQByAA==");
> + response.setHeader(HttpHeaders.WWW_AUTHENTICATE, authenticateHeaderValue);
> }
> }
> }
>
> @Test
> - public void testNTLMType2() throws Exception {
> - this.localServer.register("*", new NtlmType2ResponseHandler());
> + public void testNTLMv1Type2Message() throws Exception {
> + this.localServer.register("*", new NtlmType2MessageResponseHandler("TlRMTVNTUAACAA" +
> + "AADAAMADgAAAAzggLiASNFZ4mrze8AAAAAAAAAAAAAAAAAAAAABgBwFwAAAA9T" +
> + "AGUAcgB2AGUAcgA="));
> + this.localServer.start();
> +
> + final BasicCredentialsProvider credsProvider = new BasicCredentialsProvider();
> + credsProvider.setCredentials(AuthScope.ANY,
> + new NTCredentials("test", "test", null, null));
> +
> + this.httpclient = HttpClients.custom()
> + .setDefaultCredentialsProvider(credsProvider)
> + .build();
> +
> + final HttpContext context = HttpClientContext.create();
> +
> + final HttpHost targethost = getServerHttp();
> + final HttpGet httpget = new HttpGet("/");
> +
> + final HttpResponse response = this.httpclient.execute(targethost, httpget, context);
> + EntityUtils.consume(response.getEntity());
> + Assert.assertEquals(HttpStatus.SC_UNAUTHORIZED,
> + response.getStatusLine().getStatusCode());
> + }
> +
> + @Test
> + public void testNTLMv2Type2Message() throws Exception {
> + this.localServer.register("*", new NtlmType2MessageResponseHandler("TlRMTVNTUAACAA" +
> + "AADAAMADgAAAAzgoriASNFZ4mrze8AAAAAAAAAACQAJABEAAAABgBwFwAAAA9T" +
> + "AGUAcgB2AGUAcgACAAwARABvAG0AYQBpAG4AAQAMAFMAZQByAHYAZQByAAAAAAA="));
> this.localServer.start();
>
> final BasicCredentialsProvider credsProvider = new BasicCredentialsProvider();
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org