Realm realm = future.getRealm(); Realm proxyRealm = future.getProxyRealm(); requestFactory.addAuthorizationHeader(headers, perConnectionAuthorizationHeader(request, proxy, realm)); requestFactory.setProxyAuthorizationHeader(headers, perConnectionProxyAuthorizationHeader(request, proxyRealm));
addAuthorizationHeader(headers, perRequestAuthorizationHeader(request, realm)); setProxyAuthorizationHeader(headers, perRequestProxyAuthorizationHeader(request, proxyRealm));
private static String computeDigestAuthentication(Realm realm) { String realmUri = computeRealmURI(realm.getUri(), realm.isUseAbsoluteURI(), realm.isOmitQuery()); StringBuilder builder = new StringBuilder().append("Digest "); append(builder, "username", realm.getPrincipal(), true); append(builder, "realm", realm.getRealmName(), true); append(builder, "nonce", realm.getNonce(), true); append(builder, "uri", realmUri, true); if (isNonEmpty(realm.getAlgorithm())) append(builder, "algorithm", realm.getAlgorithm(), false); append(builder, "response", realm.getResponse(), true); if (realm.getOpaque() != null) append(builder, "opaque", realm.getOpaque(), true); if (realm.getQop() != null) { append(builder, "qop", realm.getQop(), false); // nc and cnonce only sent if server sent qop append(builder, "nc", realm.getNc(), false); append(builder, "cnonce", realm.getCnonce(), true); } builder.setLength(builder.length() - 2); // remove tailing ", " // FIXME isn't there a more efficient way? return new String(StringUtils.charSequence2Bytes(builder, ISO_8859_1)); }
authorizationHeader = computeBasicAuthentication(realm); break; case DIGEST: .setMethodName(request.getMethod()) .build(); authorizationHeader = computeDigestAuthentication(realm);
private static String computeBasicAuthentication(Realm realm) { return realm != null ? computeBasicAuthentication(realm.getPrincipal(), realm.getPassword(), realm.getCharset()) : null; }
private void newResponse(MessageDigest md) { // when using preemptive auth, the request uri is missing if (uri != null) { // BEWARE: compute first as it uses the cached StringBuilder String digestUri = AuthenticatorUtils.computeRealmURI(uri, useAbsoluteURI, omitQuery); StringBuilder sb = StringBuilderPool.DEFAULT.stringBuilder(); // WARNING: DON'T MOVE, BUFFER IS RECYCLED!!!! byte[] ha1 = ha1(sb, md); byte[] ha2 = ha2(sb, digestUri, md); appendBase16(sb, ha1); appendMiddlePart(sb); appendBase16(sb, ha2); byte[] responseDigest = md5FromRecycledStringBuilder(sb, md); response = toHexString(responseDigest); } }
public static String perConnectionProxyAuthorizationHeader(Request request, Realm proxyRealm) { String proxyAuthorization = null; if (proxyRealm != null && proxyRealm.isUsePreemptiveAuth()) { switch (proxyRealm.getScheme()) { case NTLM: case KERBEROS: case SPNEGO: List<String> auth = request.getHeaders().getAll(PROXY_AUTHORIZATION); if (getHeaderWithPrefix(auth, "NTLM") == null) { String msg = NtlmEngine.INSTANCE.generateType1Msg(); proxyAuthorization = "NTLM " + msg; } break; default: } } return proxyAuthorization; }
public static String perRequestProxyAuthorizationHeader(Request request, Realm proxyRealm) { String proxyAuthorization = null; if (proxyRealm != null && proxyRealm.isUsePreemptiveAuth()) { switch (proxyRealm.getScheme()) { case BASIC: proxyAuthorization = computeBasicAuthentication(proxyRealm); break; case DIGEST: if (isNonEmpty(proxyRealm.getNonce())) { // update realm with request information proxyRealm = realm(proxyRealm) .setUri(request.getUri()) .setMethodName(request.getMethod()) .build(); proxyAuthorization = computeDigestAuthentication(proxyRealm); } break; case NTLM: case KERBEROS: case SPNEGO: // NTLM, KERBEROS and SPNEGO are only set on the first request with a connection, // see perConnectionProxyAuthorizationHeader break; default: throw new IllegalStateException("Invalid Authentication scheme " + proxyRealm.getScheme()); } } return proxyAuthorization; }
public static String computeBasicAuthentication(ProxyServer proxyServer) { return computeBasicAuthentication(proxyServer.getPrincipal(), proxyServer.getPassword(), proxyServer.getCharset()); }
public static String computeRealmURI(Realm realm) { return computeRealmURI(realm.getUri(), realm.isUseAbsoluteURI(), realm.isOmitQuery()); }
if (getHeaderWithPrefix(wwwAuthHeaders, "Basic") == null) { LOGGER.info("Can't handle 401 with Basic realm as WWW-Authenticate headers don't match"); return false; String digestHeader = getHeaderWithPrefix(wwwAuthHeaders, "Digest"); if (digestHeader == null) { LOGGER.info("Can't handle 401 with Digest realm as WWW-Authenticate headers don't match"); String ntlmHeader = getHeaderWithPrefix(wwwAuthHeaders, "NTLM"); if (ntlmHeader == null) { LOGGER.info("Can't handle 401 with NTLM realm as WWW-Authenticate headers don't match"); if (getHeaderWithPrefix(wwwAuthHeaders, NEGOTIATE) == null) { LOGGER.info("Can't handle 401 with Kerberos or Spnego realm as WWW-Authenticate headers don't match"); return false; String ntlmHeader2 = getHeaderWithPrefix(wwwAuthHeaders, "NTLM"); if (ntlmHeader2 != null) { LOGGER.warn("Kerberos/Spnego auth failed, proceeding with NTLM");
Realm realm = request.getRealm() != null ? request.getRealm() : config.getRealm(); boolean connect = future.getNettyRequest().getHttpRequest().getMethod() == HttpMethod.CONNECT; requestFactory.addAuthorizationHeader(headers, perConnectionAuthorizationHeader(request, proxy, realm)); requestFactory.setProxyAuthorizationHeader(headers, perConnectionProxyAuthorizationHeader(request, proxy, connect));
addAuthorizationHeader(headers, perRequestAuthorizationHeader(request, realm)); setProxyAuthorizationHeader(headers, perRequestProxyAuthorizationHeader(request, proxyServer, realm, connect));
public static String perRequestProxyAuthorizationHeader(Request request, ProxyServer proxyServer, Realm realm, boolean connect) { String proxyAuthorization = null; if (!connect && proxyServer != null && proxyServer.getScheme() == AuthScheme.BASIC) { proxyAuthorization = computeBasicAuthentication(proxyServer); } else if (realm != null && realm.getUsePreemptiveAuth() && realm.isTargetProxy()) { switch (realm.getScheme()) { case BASIC: proxyAuthorization = computeBasicAuthentication(realm); break; case DIGEST: if (isNonEmpty(realm.getNonce())) proxyAuthorization = computeDigestAuthentication(realm); break; case NTLM: case KERBEROS: case SPNEGO: // NTLM, KERBEROS and SPNEGO are only set on the first request, // see firstRequestOnlyAuthorizationHeader case NONE: break; default: throw new IllegalStateException("Invalid Authentication " + realm); } } return proxyAuthorization; }
private static String computeDigestAuthentication(Realm realm) { StringBuilder builder = new StringBuilder().append("Digest "); append(builder, "username", realm.getPrincipal(), true); append(builder, "realm", realm.getRealmName(), true); append(builder, "nonce", realm.getNonce(), true); append(builder, "uri", computeRealmURI(realm), true); if (isNonEmpty(realm.getAlgorithm())) append(builder, "algorithm", realm.getAlgorithm(), false); append(builder, "response", realm.getResponse(), true); if (realm.getOpaque() != null) append(builder, "opaque", realm.getOpaque(), true); if (realm.getQop() != null) { append(builder, "qop", realm.getQop(), false); // nc and cnonce only sent if server sent qop append(builder, "nc", realm.getNc(), false); append(builder, "cnonce", realm.getCnonce(), true); } builder.setLength(builder.length() - 2); // remove tailing ", " // FIXME isn't there a more efficient way? return new String(StringUtils.charSequence2Bytes(builder, ISO_8859_1)); }
public static String computeBasicAuthentication(Realm realm) { return computeBasicAuthentication(realm.getPrincipal(), realm.getPassword(), realm.getCharset()); }
private void newResponse(MessageDigest md) { // BEWARE: compute first as it used the cached StringBuilder String digestUri = AuthenticatorUtils.computeRealmURI(uri, useAbsoluteURI, omitQuery); StringBuilder sb = StringUtils.stringBuilder(); // WARNING: DON'T MOVE, BUFFER IS RECYCLED!!!! byte[] secretDigest = secretDigest(sb, md); byte[] dataDigest = dataDigest(sb, digestUri, md); appendBase16(sb, secretDigest); appendDataBase(sb); appendBase16(sb, dataDigest); byte[] responseDigest = md5FromRecycledStringBuilder(sb, md); response = toHexString(responseDigest); }
if (getHeaderWithPrefix(proxyAuthHeaders, "Basic") == null) { LOGGER.info("Can't handle 407 with Basic realm as Proxy-Authenticate headers don't match"); return false; String digestHeader = getHeaderWithPrefix(proxyAuthHeaders, "Digest"); if (digestHeader == null) { LOGGER.info("Can't handle 407 with Digest realm as Proxy-Authenticate headers don't match"); String ntlmHeader = getHeaderWithPrefix(proxyAuthHeaders, "NTLM"); if (ntlmHeader == null) { LOGGER.info("Can't handle 407 with NTLM realm as Proxy-Authenticate headers don't match"); if (getHeaderWithPrefix(proxyAuthHeaders, NEGOTIATE) == null) { LOGGER.info("Can't handle 407 with Kerberos or Spnego realm as Proxy-Authenticate headers don't match"); return false; String ntlmHeader2 = getHeaderWithPrefix(proxyAuthHeaders, "NTLM"); if (ntlmHeader2 != null) { LOGGER.warn("Kerberos/Spnego proxy auth failed, proceeding with NTLM");
Realm realm = request.getRealm() != null ? request.getRealm() : config.getRealm(); boolean connect = future.getNettyRequest().getHttpRequest().getMethod() == HttpMethod.CONNECT; requestFactory.addAuthorizationHeader(headers, perConnectionAuthorizationHeader(request, proxy, realm)); requestFactory.setProxyAuthorizationHeader(headers, perConnectionProxyAuthorizationHeader(request, proxy, connect));
addAuthorizationHeader(headers, perRequestAuthorizationHeader(request, realm)); setProxyAuthorizationHeader(headers, perRequestProxyAuthorizationHeader(request, proxyServer, realm, connect));