1 /* 2 * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 /** 25 * @test 26 * @bug 8217237 27 * @modules java.net.http 28 * @run main/othervm AuthSchemesTest 29 * @summary HttpClient does not deal well with multi-valued WWW-Authenticate challenge headers 30 */ 31 32 import java.io.IOException; 33 import java.io.InputStream; 34 import java.io.OutputStream; 35 import java.net.*; 36 import java.net.Authenticator; 37 import java.net.http.HttpClient; 38 import java.net.http.HttpRequest; 39 import java.net.http.HttpResponse; 40 41 public class AuthSchemesTest { 42 static class BasicServer extends Thread { 43 44 ServerSocket server; 45 46 Socket s; 47 InputStream is; 48 OutputStream os; 49 static final String RESPONSE = "Hello world"; 50 static final String respLength = Integer.toString(RESPONSE.length()); 51 static final String realm = "wally world"; 52 53 String reply1 = "HTTP/1.1 401 Unauthorized\r\n"+ 54 "WWW-Authenticate: BarScheme\r\n" + 55 "WWW-Authenticate: FooScheme realm=\""+realm+"\"\r\n" + 56 "WWW-Authenticate: Basic realm=\""+realm+"\"\r\n" + 57 "WWW-Authenticate: WoofScheme\r\n\r\n"; 58 59 String reply2 = "HTTP/1.1 200 OK\r\n"+ 60 "Date: Mon, 15 Jan 2001 12:18:21 GMT\r\n" + 61 "Server: Apache/1.3.14 (Unix)\r\n" + 62 "Connection: close\r\n" + 63 "Content-Type: text/html; charset=iso-8859-1\r\n" + 64 "Content-Length: " + respLength + "\r\n\r\n"; 65 66 BasicServer(ServerSocket s) { 67 server = s; 68 } 69 70 String response() { 71 return RESPONSE; 72 } 73 74 void readAll(Socket s) throws IOException { 75 byte[] buf = new byte [128]; 76 InputStream is = s.getInputStream(); 77 s.setSoTimeout(1000); 78 try { 79 while (is.read(buf) > 0) ; 80 } catch (SocketTimeoutException x) { } 81 } 82 83 public void run() { 84 try { 85 System.out.println("Server 1: accept"); 86 s = server.accept(); 87 System.out.println("accepted"); 88 os = s.getOutputStream(); 89 os.write(reply1.getBytes()); 90 readAll(s); 91 s.close(); 92 93 System.out.println("Server 2: accept"); 94 s = server.accept(); 95 System.out.println("accepted"); 96 os = s.getOutputStream(); 97 os.write((reply2+RESPONSE).getBytes()); 98 readAll(s); 99 s.close(); 100 101 } 102 catch (Exception e) { 103 System.out.println(e); 104 } 105 finished(); 106 } 107 108 boolean isfinished = false; 109 110 public synchronized void finished() { 111 isfinished = true; 112 notifyAll(); 113 } 114 115 public synchronized void waitforfinish() { 116 while (!isfinished) { 117 try { 118 wait(); 119 } catch (InterruptedException e) { 120 e.printStackTrace(); 121 } 122 } 123 } 124 } 125 126 static class Auth extends Authenticator { 127 protected PasswordAuthentication getPasswordAuthentication() { 128 return new PasswordAuthentication("user", new char[] {'a','b','c'}); 129 } 130 } 131 132 static String serverAuthority(ServerSocket server) { 133 return InetAddress.getLoopbackAddress().getHostName() + ":" 134 + server.getLocalPort(); 135 } 136 137 public static void main(String[] args) throws Exception { 138 ServerSocket serversocket = null; 139 BasicServer server = null; 140 Auth authenticator = new Auth(); 141 142 serversocket = new ServerSocket(0, 10, InetAddress.getLoopbackAddress()); 143 int port = serversocket.getLocalPort(); 144 server = new BasicServer(serversocket); 145 146 HttpClient client = HttpClient.newBuilder() 147 .authenticator(authenticator) 148 .build(); 149 server.start(); 150 URI uri = URI.create("http://" + serverAuthority(serversocket) + "/foo"); 151 HttpRequest request = HttpRequest.newBuilder(uri) 152 .GET() 153 .build(); 154 HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString()); 155 if (response.statusCode() != 200 || !response.body().equals(server.response())) { 156 System.out.println("Status code = " + response.statusCode()); 157 serversocket.close(); 158 throw new RuntimeException("Test failed"); 159 } 160 serversocket.close(); 161 server.waitforfinish(); 162 System.out.println("OK"); 163 } 164 }