232 DigestAuthentication.Parameters digestparams;
233
234 /* Current credentials in use */
235 AuthenticationInfo currentProxyCredentials = null;
236 AuthenticationInfo currentServerCredentials = null;
237 boolean needToCheck = true;
238 private boolean doingNTLM2ndStage = false; /* doing the 2nd stage of an NTLM server authentication */
239 private boolean doingNTLMp2ndStage = false; /* doing the 2nd stage of an NTLM proxy authentication */
240
241 /* try auth without calling Authenticator. Used for transparent NTLM authentication */
242 private boolean tryTransparentNTLMServer = true;
243 private boolean tryTransparentNTLMProxy = true;
244
245 /* Used by Windows specific code */
246 private Object authObj;
247
248 /* Set if the user is manually setting the Authorization or Proxy-Authorization headers */
249 boolean isUserServerAuth;
250 boolean isUserProxyAuth;
251
252 /* Progress source */
253 protected ProgressSource pi;
254
255 /* all the response headers we get back */
256 private MessageHeader responses;
257 /* the stream _from_ the server */
258 private InputStream inputStream = null;
259 /* post stream _to_ the server, if any */
260 private PosterOutputStream poster = null;
261
262 /* Indicates if the std. request headers have been set in requests. */
263 private boolean setRequests=false;
264
265 /* Indicates whether a request has already failed or not */
266 private boolean failedOnce=false;
267
268 /* Remembered Exception, we will throw it again if somebody
269 calls getInputStream after disconnect */
270 private Exception rememberedException = null;
271
1486 } while (redirects < maxRedirects);
1487
1488 throw new ProtocolException("Server redirected too many " +
1489 " times ("+ redirects + ")");
1490 } catch (RuntimeException e) {
1491 disconnectInternal();
1492 rememberedException = e;
1493 throw e;
1494 } catch (IOException e) {
1495 rememberedException = e;
1496
1497 // buffer the error stream if bytes < 4k
1498 // and it can be buffered within 1 second
1499 String te = responses.findValue("Transfer-Encoding");
1500 if (http != null && http.isKeepingAlive() && enableESBuffer &&
1501 (cl > 0 || (te != null && te.equalsIgnoreCase("chunked")))) {
1502 errorStream = ErrorStream.getErrorStream(inputStream, cl, http);
1503 }
1504 throw e;
1505 } finally {
1506 if (respCode == HTTP_PROXY_AUTH && proxyAuthentication != null) {
1507 proxyAuthentication.endAuthRequest();
1508 }
1509 else if (respCode == HTTP_UNAUTHORIZED && serverAuthentication != null) {
1510 serverAuthentication.endAuthRequest();
1511 }
1512 }
1513 }
1514
1515 /*
1516 * Creates a chained exception that has the same type as
1517 * original exception and with the same message. Right now,
1518 * there is no convenient APIs for doing so.
1519 */
1520 private IOException getChainedException(final IOException rememberedException) {
1521 try {
1522 final Object[] args = { rememberedException.getMessage() };
1523 IOException chainedException =
1524 java.security.AccessController.doPrivileged(
1525 new java.security.PrivilegedExceptionAction<IOException>() {
1526 public IOException run() throws Exception {
1527 return (IOException)
1528 rememberedException.getClass()
1529 .getConstructor(new Class[] { String.class })
1530 .newInstance(args);
1703 proxyAuthentication.addToCache();
1704 }
1705
1706 if (respCode == HTTP_OK) {
1707 setTunnelState(TunnelState.TUNNELING);
1708 break;
1709 }
1710 // we don't know how to deal with other response code
1711 // so disconnect and report error
1712 disconnectInternal();
1713 setTunnelState(TunnelState.NONE);
1714 break;
1715 } while (retryTunnel < maxRedirects);
1716
1717 if (retryTunnel >= maxRedirects || (respCode != HTTP_OK)) {
1718 throw new IOException("Unable to tunnel through proxy."+
1719 " Proxy returns \"" +
1720 statusLine + "\"");
1721 }
1722 } finally {
1723 if (respCode == HTTP_PROXY_AUTH && proxyAuthentication != null) {
1724 proxyAuthentication.endAuthRequest();
1725 }
1726 }
1727
1728 // restore original request headers
1729 requests = savedRequests;
1730
1731 // reset responses
1732 responses.reset();
1733 }
1734
1735 static String connectRequestURI(URL url) {
1736 String host = url.getHost();
1737 int port = url.getPort();
1738 port = port != -1 ? port : url.getDefaultPort();
1739
1740 return host + ":" + port;
1741 }
1742
1743 /**
1744 * send a CONNECT request for establishing a tunnel to proxy server
1820 String realm = p.findValue("realm");
1821 String scheme = authhdr.scheme();
1822 AuthScheme authScheme = UNKNOWN;
1823 if ("basic".equalsIgnoreCase(scheme)) {
1824 authScheme = BASIC;
1825 } else if ("digest".equalsIgnoreCase(scheme)) {
1826 authScheme = DIGEST;
1827 } else if ("ntlm".equalsIgnoreCase(scheme)) {
1828 authScheme = NTLM;
1829 doingNTLMp2ndStage = true;
1830 } else if ("Kerberos".equalsIgnoreCase(scheme)) {
1831 authScheme = KERBEROS;
1832 doingNTLMp2ndStage = true;
1833 } else if ("Negotiate".equalsIgnoreCase(scheme)) {
1834 authScheme = NEGOTIATE;
1835 doingNTLMp2ndStage = true;
1836 }
1837
1838 if (realm == null)
1839 realm = "";
1840 ret = AuthenticationInfo.getProxyAuth(host,
1841 port,
1842 realm,
1843 authScheme);
1844 if (ret == null) {
1845 switch (authScheme) {
1846 case BASIC:
1847 InetAddress addr = null;
1848 try {
1849 final String finalHost = host;
1850 addr = java.security.AccessController.doPrivileged(
1851 new java.security.PrivilegedExceptionAction<InetAddress>() {
1852 public InetAddress run()
1853 throws java.net.UnknownHostException {
1854 return InetAddress.getByName(finalHost);
1855 }
1856 });
1857 } catch (java.security.PrivilegedActionException ignored) {
1858 // User will have an unknown host.
1859 }
1860 PasswordAuthentication a =
1861 privilegedRequestPasswordAuthentication(
1862 host, addr, port, "http",
1863 realm, scheme, url, RequestorType.PROXY);
1964 String scheme = authhdr.scheme();
1965 AuthScheme authScheme = UNKNOWN;
1966 if ("basic".equalsIgnoreCase(scheme)) {
1967 authScheme = BASIC;
1968 } else if ("digest".equalsIgnoreCase(scheme)) {
1969 authScheme = DIGEST;
1970 } else if ("ntlm".equalsIgnoreCase(scheme)) {
1971 authScheme = NTLM;
1972 doingNTLM2ndStage = true;
1973 } else if ("Kerberos".equalsIgnoreCase(scheme)) {
1974 authScheme = KERBEROS;
1975 doingNTLM2ndStage = true;
1976 } else if ("Negotiate".equalsIgnoreCase(scheme)) {
1977 authScheme = NEGOTIATE;
1978 doingNTLM2ndStage = true;
1979 }
1980
1981 domain = p.findValue ("domain");
1982 if (realm == null)
1983 realm = "";
1984 ret = AuthenticationInfo.getServerAuth(url, realm, authScheme);
1985 InetAddress addr = null;
1986 if (ret == null) {
1987 try {
1988 addr = InetAddress.getByName(url.getHost());
1989 } catch (java.net.UnknownHostException ignored) {
1990 // User will have addr = null
1991 }
1992 }
1993 // replacing -1 with default port for a protocol
1994 int port = url.getPort();
1995 if (port == -1) {
1996 port = url.getDefaultPort();
1997 }
1998 if (ret == null) {
1999 switch(authScheme) {
2000 case KERBEROS:
2001 ret = new NegotiateAuthentication(new HttpCallerInfo(authhdr.getHttpCallerInfo(), "Kerberos"));
2002 break;
2003 case NEGOTIATE:
2004 ret = new NegotiateAuthentication(new HttpCallerInfo(authhdr.getHttpCallerInfo(), "Negotiate"));
|
232 DigestAuthentication.Parameters digestparams;
233
234 /* Current credentials in use */
235 AuthenticationInfo currentProxyCredentials = null;
236 AuthenticationInfo currentServerCredentials = null;
237 boolean needToCheck = true;
238 private boolean doingNTLM2ndStage = false; /* doing the 2nd stage of an NTLM server authentication */
239 private boolean doingNTLMp2ndStage = false; /* doing the 2nd stage of an NTLM proxy authentication */
240
241 /* try auth without calling Authenticator. Used for transparent NTLM authentication */
242 private boolean tryTransparentNTLMServer = true;
243 private boolean tryTransparentNTLMProxy = true;
244
245 /* Used by Windows specific code */
246 private Object authObj;
247
248 /* Set if the user is manually setting the Authorization or Proxy-Authorization headers */
249 boolean isUserServerAuth;
250 boolean isUserProxyAuth;
251
252 String serverAuthKey, proxyAuthKey;
253
254 /* Progress source */
255 protected ProgressSource pi;
256
257 /* all the response headers we get back */
258 private MessageHeader responses;
259 /* the stream _from_ the server */
260 private InputStream inputStream = null;
261 /* post stream _to_ the server, if any */
262 private PosterOutputStream poster = null;
263
264 /* Indicates if the std. request headers have been set in requests. */
265 private boolean setRequests=false;
266
267 /* Indicates whether a request has already failed or not */
268 private boolean failedOnce=false;
269
270 /* Remembered Exception, we will throw it again if somebody
271 calls getInputStream after disconnect */
272 private Exception rememberedException = null;
273
1488 } while (redirects < maxRedirects);
1489
1490 throw new ProtocolException("Server redirected too many " +
1491 " times ("+ redirects + ")");
1492 } catch (RuntimeException e) {
1493 disconnectInternal();
1494 rememberedException = e;
1495 throw e;
1496 } catch (IOException e) {
1497 rememberedException = e;
1498
1499 // buffer the error stream if bytes < 4k
1500 // and it can be buffered within 1 second
1501 String te = responses.findValue("Transfer-Encoding");
1502 if (http != null && http.isKeepingAlive() && enableESBuffer &&
1503 (cl > 0 || (te != null && te.equalsIgnoreCase("chunked")))) {
1504 errorStream = ErrorStream.getErrorStream(inputStream, cl, http);
1505 }
1506 throw e;
1507 } finally {
1508 if (proxyAuthKey != null) {
1509 AuthenticationInfo.endAuthRequest(proxyAuthKey);
1510 }
1511 if (serverAuthKey != null) {
1512 AuthenticationInfo.endAuthRequest(serverAuthKey);
1513 }
1514 }
1515 }
1516
1517 /*
1518 * Creates a chained exception that has the same type as
1519 * original exception and with the same message. Right now,
1520 * there is no convenient APIs for doing so.
1521 */
1522 private IOException getChainedException(final IOException rememberedException) {
1523 try {
1524 final Object[] args = { rememberedException.getMessage() };
1525 IOException chainedException =
1526 java.security.AccessController.doPrivileged(
1527 new java.security.PrivilegedExceptionAction<IOException>() {
1528 public IOException run() throws Exception {
1529 return (IOException)
1530 rememberedException.getClass()
1531 .getConstructor(new Class[] { String.class })
1532 .newInstance(args);
1705 proxyAuthentication.addToCache();
1706 }
1707
1708 if (respCode == HTTP_OK) {
1709 setTunnelState(TunnelState.TUNNELING);
1710 break;
1711 }
1712 // we don't know how to deal with other response code
1713 // so disconnect and report error
1714 disconnectInternal();
1715 setTunnelState(TunnelState.NONE);
1716 break;
1717 } while (retryTunnel < maxRedirects);
1718
1719 if (retryTunnel >= maxRedirects || (respCode != HTTP_OK)) {
1720 throw new IOException("Unable to tunnel through proxy."+
1721 " Proxy returns \"" +
1722 statusLine + "\"");
1723 }
1724 } finally {
1725 if (proxyAuthKey != null) {
1726 AuthenticationInfo.endAuthRequest(proxyAuthKey);
1727 }
1728 }
1729
1730 // restore original request headers
1731 requests = savedRequests;
1732
1733 // reset responses
1734 responses.reset();
1735 }
1736
1737 static String connectRequestURI(URL url) {
1738 String host = url.getHost();
1739 int port = url.getPort();
1740 port = port != -1 ? port : url.getDefaultPort();
1741
1742 return host + ":" + port;
1743 }
1744
1745 /**
1746 * send a CONNECT request for establishing a tunnel to proxy server
1822 String realm = p.findValue("realm");
1823 String scheme = authhdr.scheme();
1824 AuthScheme authScheme = UNKNOWN;
1825 if ("basic".equalsIgnoreCase(scheme)) {
1826 authScheme = BASIC;
1827 } else if ("digest".equalsIgnoreCase(scheme)) {
1828 authScheme = DIGEST;
1829 } else if ("ntlm".equalsIgnoreCase(scheme)) {
1830 authScheme = NTLM;
1831 doingNTLMp2ndStage = true;
1832 } else if ("Kerberos".equalsIgnoreCase(scheme)) {
1833 authScheme = KERBEROS;
1834 doingNTLMp2ndStage = true;
1835 } else if ("Negotiate".equalsIgnoreCase(scheme)) {
1836 authScheme = NEGOTIATE;
1837 doingNTLMp2ndStage = true;
1838 }
1839
1840 if (realm == null)
1841 realm = "";
1842 proxyAuthKey = AuthenticationInfo.getProxyAuthKey(host, port, realm, authScheme);
1843 ret = AuthenticationInfo.getProxyAuth(proxyAuthKey);
1844 if (ret == null) {
1845 switch (authScheme) {
1846 case BASIC:
1847 InetAddress addr = null;
1848 try {
1849 final String finalHost = host;
1850 addr = java.security.AccessController.doPrivileged(
1851 new java.security.PrivilegedExceptionAction<InetAddress>() {
1852 public InetAddress run()
1853 throws java.net.UnknownHostException {
1854 return InetAddress.getByName(finalHost);
1855 }
1856 });
1857 } catch (java.security.PrivilegedActionException ignored) {
1858 // User will have an unknown host.
1859 }
1860 PasswordAuthentication a =
1861 privilegedRequestPasswordAuthentication(
1862 host, addr, port, "http",
1863 realm, scheme, url, RequestorType.PROXY);
1964 String scheme = authhdr.scheme();
1965 AuthScheme authScheme = UNKNOWN;
1966 if ("basic".equalsIgnoreCase(scheme)) {
1967 authScheme = BASIC;
1968 } else if ("digest".equalsIgnoreCase(scheme)) {
1969 authScheme = DIGEST;
1970 } else if ("ntlm".equalsIgnoreCase(scheme)) {
1971 authScheme = NTLM;
1972 doingNTLM2ndStage = true;
1973 } else if ("Kerberos".equalsIgnoreCase(scheme)) {
1974 authScheme = KERBEROS;
1975 doingNTLM2ndStage = true;
1976 } else if ("Negotiate".equalsIgnoreCase(scheme)) {
1977 authScheme = NEGOTIATE;
1978 doingNTLM2ndStage = true;
1979 }
1980
1981 domain = p.findValue ("domain");
1982 if (realm == null)
1983 realm = "";
1984 serverAuthKey = AuthenticationInfo.getServerAuthKey(url, realm, authScheme);
1985 ret = AuthenticationInfo.getServerAuth(serverAuthKey);
1986 InetAddress addr = null;
1987 if (ret == null) {
1988 try {
1989 addr = InetAddress.getByName(url.getHost());
1990 } catch (java.net.UnknownHostException ignored) {
1991 // User will have addr = null
1992 }
1993 }
1994 // replacing -1 with default port for a protocol
1995 int port = url.getPort();
1996 if (port == -1) {
1997 port = url.getDefaultPort();
1998 }
1999 if (ret == null) {
2000 switch(authScheme) {
2001 case KERBEROS:
2002 ret = new NegotiateAuthentication(new HttpCallerInfo(authhdr.getHttpCallerInfo(), "Kerberos"));
2003 break;
2004 case NEGOTIATE:
2005 ret = new NegotiateAuthentication(new HttpCallerInfo(authhdr.getHttpCallerInfo(), "Negotiate"));
|