--- /dev/null 2012-10-30 13:53:25.609028996 -0400 +++ new/test/sun/net/www/protocol/http/NoNTLM.java 2013-01-08 02:21:24.044660951 -0500 @@ -0,0 +1,241 @@ +/* + * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* @test + * @bug 8004502 + * @summary Sanity check that NTLM will not be selected by the http protocol + * handler when running on a profile that does not support NTLM + * @run main/othervm NoNTLM + */ + +import java.net.*; +import java.io.*; +import sun.net.www.MessageHeader; + +public class NoNTLM { + + static final String CRLF = "\r\n"; + + static final String OKAY = + "HTTP/1.1 200" + CRLF + + "Content-Length: 0" + CRLF + + "Connection: close" + CRLF + + CRLF; + + static class Client implements Runnable { + private final URL url; + private volatile IOException ioe; + private volatile int respCode; + + Client(int port) throws IOException { + this.url = new URL("http://127.0.0.1:" + port + "/foo.html"); + } + + public void run() { + try { + HttpURLConnection uc = + (HttpURLConnection)url.openConnection(Proxy.NO_PROXY); + try { + uc.getInputStream(); + } catch (IOException x) { + respCode = uc.getResponseCode(); + throw x; + } + uc.disconnect(); + } catch (IOException x) { + if (respCode == 0) + respCode = -1; + ioe = x; + } + } + + IOException ioException() { + return ioe; + } + + int respCode() { + return respCode; + } + + static void start(int port) throws IOException { + Client client = new Client(port); + new Thread(client).start(); + } + } + + /** + * Return the http response with WWW-Authenticate headers for the given + * authentication schemes. + */ + static String authReplyFor(String... schemes) { + // construct the server reply + String reply = "HTTP/1.1 401 Unauthorized" + CRLF + + "Content-Length: 0"+ CRLF + + "Connection: close" + CRLF; + for (String s: schemes) { + switch (s) { + case "Basic" : + reply += "WWW-Authenticate: Basic realm=\"wallyworld\"" + CRLF; + break; + case "Digest" : + reply += "WWW-Authenticate: Digest" + + " realm=\"wallyworld\"" + + " domain=/" + + " nonce=\"abcdefghijklmnopqrstuvwxyz\"" + + " qop=\"auth\"" + CRLF; + break; + case "NTLM" : + reply += "WWW-Authenticate: NTLM" + CRLF; + break; + default : + throw new RuntimeException("Should not get here"); + } + } + reply += CRLF; + return reply; + } + + + /** + * Test the http protocol handler with the given authentication schemes + * in the WWW-Authenticate header. + */ + static void test(String... schemes) throws IOException { + + // the authentication scheme that the client is expected to choose + String expected = null; + for (String s: schemes) { + if (expected == null) { + expected = s; + } else if (s.equals("Digest")) { + expected = s; + } + } + + // server reply + String reply = authReplyFor(schemes); + + System.out.println("===================================="); + System.out.println("Expect client to choose: " + expected); + System.out.println(reply); + + try (ServerSocket ss = new ServerSocket(0)) { + Client.start(ss.getLocalPort()); + + // client ---- GET ---> server + // client <--- 401 ---- server + try (Socket s = ss.accept()) { + new MessageHeader().parseHeader(s.getInputStream()); + s.getOutputStream().write(reply.getBytes("US-ASCII")); + } + + // client ---- GET ---> server + // client <--- 200 ---- server + String auth; + try (Socket s = ss.accept()) { + MessageHeader mh = new MessageHeader(); + mh.parseHeader(s.getInputStream()); + s.getOutputStream().write(OKAY.getBytes("US-ASCII")); + auth = mh.findValue("Authorization"); + } + + // check Authorization header + if (auth == null) + throw new RuntimeException("Authorization header not found"); + System.out.println("Server received Authorization header: " + auth); + String[] values = auth.split(" "); + if (!values[0].equals(expected)) + throw new RuntimeException("Unexpected value"); + } + } + + /** + * Test the http protocol handler with one WWW-Authenticate header with + * the value "NTLM". + */ + static void testNTLM() throws Exception { + // server reply + String reply = authReplyFor("NTLM"); + + System.out.println("===================================="); + System.out.println("Expect client to fail with 401 Unauthorized"); + System.out.println(reply); + + try (ServerSocket ss = new ServerSocket(0)) { + Client client = new Client(ss.getLocalPort()); + Thread thr = new Thread(client); + thr.start(); + + // client ---- GET ---> server + // client <--- 401 ---- client + try (Socket s = ss.accept()) { + new MessageHeader().parseHeader(s.getInputStream()); + s.getOutputStream().write(reply.getBytes("US-ASCII")); + } + + // the client should fail with 401 + System.out.println("Waiting for client to terminate"); + thr.join(); + IOException ioe = client.ioException(); + if (ioe != null) + System.out.println("Client failed: " + ioe); + int respCode = client.respCode(); + if (respCode != 0 && respCode != -1) + System.out.println("Client received HTTP response code: " + respCode); + if (respCode != HttpURLConnection.HTTP_UNAUTHORIZED) + throw new RuntimeException("Unexpected response code"); + } + } + + public static void main(String[] args) throws Exception { + // assume NTLM is not supported when Kerberos is not available + try { + Class.forName("javax.security.auth.kerberos.KerberosPrincipal"); + System.out.println("Kerberos is present, assuming NTLM is supported too"); + return; + } catch (ClassNotFoundException okay) { } + + // setup Authenticator + Authenticator.setDefault(new Authenticator() { + @Override + protected PasswordAuthentication getPasswordAuthentication() { + return new PasswordAuthentication("user", "pass".toCharArray()); + } + }); + + // test combinations of authentication schemes + test("Basic"); + test("Digest"); + test("Basic", "Digest"); + test("Basic", "NTLM"); + test("Digest", "NTLM"); + test("Basic", "Digest", "NTLM"); + + // test NTLM only, this should fail with "401 Unauthorized" + testNTLM(); + + System.out.println(); + System.out.println("TEST PASSED"); + } +} +