1 /*
   2  * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.
   8  *
   9  * This code is distributed in the hope that it will be useful, but WITHOUT
  10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12  * version 2 for more details (a copy is included in the LICENSE file that
  13  * accompanied this code).
  14  *
  15  * You should have received a copy of the GNU General Public License version
  16  * 2 along with this work; if not, write to the Free Software Foundation,
  17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  18  *
  19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  20  * or visit www.oracle.com if you need additional information or have any
  21  * questions.
  22  */
  23 
  24 /**
  25  * @test
  26  * @bug 8217237
  27  * @modules java.net.http
  28  * @run main/othervm AuthSchemesTest
  29  * @summary HttpClient does not deal well with multi-valued WWW-Authenticate challenge headers
  30  */
  31 
  32 import java.io.IOException;
  33 import java.io.InputStream;
  34 import java.io.OutputStream;
  35 import java.net.*;
  36 import java.net.Authenticator;
  37 import java.net.http.HttpClient;
  38 import java.net.http.HttpRequest;
  39 import java.net.http.HttpResponse;
  40 
  41 public class AuthSchemesTest {
  42     static class BasicServer extends Thread {
  43 
  44         ServerSocket server;
  45 
  46         Socket s;
  47         InputStream is;
  48         OutputStream os;
  49         static final String RESPONSE = "Hello world";
  50         static final String respLength = Integer.toString(RESPONSE.length());
  51         static final String realm = "wally world";
  52 
  53         String reply1 = "HTTP/1.1 401 Unauthorized\r\n"+
  54                 "WWW-Authenticate: BarScheme\r\n" +
  55                 "WWW-Authenticate: FooScheme realm=\""+realm+"\"\r\n" +
  56                 "WWW-Authenticate: Basic realm=\""+realm+"\"\r\n" +
  57                 "WWW-Authenticate: WoofScheme\r\n\r\n";
  58 
  59         String reply2 = "HTTP/1.1 200 OK\r\n"+
  60                 "Date: Mon, 15 Jan 2001 12:18:21 GMT\r\n" +
  61                 "Server: Apache/1.3.14 (Unix)\r\n" +
  62                 "Connection: close\r\n" +
  63                 "Content-Type: text/html; charset=iso-8859-1\r\n" +
  64                 "Content-Length: " + respLength + "\r\n\r\n";
  65 
  66         BasicServer(ServerSocket s) {
  67             server = s;
  68         }
  69 
  70         String response() {
  71             return RESPONSE;
  72         }
  73 
  74         void readAll(Socket s) throws IOException {
  75             byte[] buf = new byte [128];
  76             InputStream is = s.getInputStream();
  77             s.setSoTimeout(1000);
  78             try {
  79                 while (is.read(buf) > 0) ;
  80             } catch (SocketTimeoutException x) { }
  81         }
  82 
  83         public void run() {
  84             try {
  85                 System.out.println("Server 1: accept");
  86                 s = server.accept();
  87                 System.out.println("accepted");
  88                 os = s.getOutputStream();
  89                 os.write(reply1.getBytes());
  90                 readAll(s);
  91                 s.close();
  92 
  93                 System.out.println("Server 2: accept");
  94                 s = server.accept();
  95                 System.out.println("accepted");
  96                 os = s.getOutputStream();
  97                 os.write((reply2+RESPONSE).getBytes());
  98                 readAll(s);
  99                 s.close();
 100 
 101             }
 102             catch (Exception e) {
 103                 System.out.println(e);
 104             }
 105             finished();
 106         }
 107 
 108         boolean isfinished = false;
 109 
 110         public synchronized void finished() {
 111             isfinished = true;
 112             notifyAll();
 113         }
 114 
 115         public synchronized void waitforfinish() {
 116             while (!isfinished) {
 117                 try {
 118                     wait();
 119                 } catch (InterruptedException e) {
 120                     e.printStackTrace();
 121                 }
 122             }
 123         }
 124     }
 125 
 126     static class Auth extends Authenticator {
 127         protected PasswordAuthentication getPasswordAuthentication() {
 128             return new PasswordAuthentication("user", new char[] {'a','b','c'});
 129         }
 130     }
 131 
 132     static String serverAuthority(ServerSocket server) {
 133         return InetAddress.getLoopbackAddress().getHostName() + ":"
 134                 + server.getLocalPort();
 135     }
 136 
 137     public static void main(String[] args) throws Exception {
 138         ServerSocket serversocket = null;
 139         BasicServer server = null;
 140         Auth authenticator = new Auth();
 141 
 142         serversocket = new ServerSocket(0, 10, InetAddress.getLoopbackAddress());
 143         int port = serversocket.getLocalPort();
 144         server = new BasicServer(serversocket);
 145 
 146         HttpClient client = HttpClient.newBuilder()
 147                 .authenticator(authenticator)
 148                 .build();
 149         server.start();
 150         URI uri = URI.create("http://" + serverAuthority(serversocket) + "/foo");
 151         HttpRequest request = HttpRequest.newBuilder(uri)
 152                 .GET()
 153                 .build();
 154         HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());
 155         if (response.statusCode() != 200 || !response.body().equals(server.response())) {
 156             System.out.println("Status code = " + response.statusCode());
 157             serversocket.close();
 158             throw new RuntimeException("Test failed");
 159         }
 160         serversocket.close();
 161         server.waitforfinish();
 162         System.out.println("OK");
 163     }
 164 }