@Test public void testNegotiate() throws IOException { String securityPackage = "Negotiate"; // client credentials handle IWindowsCredentialsHandle clientCredentials = null; WindowsSecurityContextImpl clientContext = null; try { // client credentials handle clientCredentials = WindowsCredentialsHandleImpl.getCurrent(securityPackage); clientCredentials.initialize(); // initial client security context clientContext = new WindowsSecurityContextImpl(); clientContext.setPrincipalName(WindowsAccountImpl.getCurrentUsername()); clientContext.setCredentialsHandle(clientCredentials.getHandle()); clientContext.setSecurityPackage(securityPackage); clientContext.initialize(null, null, WindowsAccountImpl.getCurrentUsername()); // negotiate boolean authenticated = false; SimpleHttpRequest request = new SimpleHttpRequest(); request.setQueryString("j_negotiate_check"); while (true) { String clientToken = Base64.encode(clientContext.getToken()); request.addHeader("Authorization", securityPackage + " " + clientToken); SimpleHttpResponse response = new SimpleHttpResponse(); authenticated = _authenticator.authenticate(request, response); if (authenticated) { assertTrue(response.getHeaderNames().size() >= 0); break; } assertTrue(response.getHeader("WWW-Authenticate").startsWith(securityPackage + " ")); assertEquals("keep-alive", response.getHeader("Connection")); assertEquals(2, response.getHeaderNames().size()); assertEquals(401, response.getStatus()); String continueToken = response.getHeader("WWW-Authenticate").substring(securityPackage.length() + 1); byte[] continueTokenBytes = Base64.decode(continueToken); assertTrue(continueTokenBytes.length > 0); SecBufferDesc continueTokenBuffer = new SecBufferDesc(Sspi.SECBUFFER_TOKEN, continueTokenBytes); clientContext.initialize( clientContext.getHandle(), continueTokenBuffer, WindowsAccountImpl.getCurrentUsername()); } assertTrue(authenticated); } finally { if (clientContext != null) { clientContext.dispose(); } if (clientCredentials != null) { clientCredentials.dispose(); } } }
/** Test challenge post. */ @Test public void testChallengePOST() { final String securityPackage = "Negotiate"; IWindowsCredentialsHandle clientCredentials = null; WindowsSecurityContextImpl clientContext = null; try { // client credentials handle clientCredentials = WindowsCredentialsHandleImpl.getCurrent(securityPackage); clientCredentials.initialize(); // initial client security context clientContext = new WindowsSecurityContextImpl(); clientContext.setPrincipalName(WindowsAccountImpl.getCurrentUsername()); clientContext.setCredentialsHandle(clientCredentials.getHandle()); clientContext.setSecurityPackage(securityPackage); clientContext.initialize(null, null, WindowsAccountImpl.getCurrentUsername()); final SimpleHttpRequest request = new SimpleHttpRequest(); request.setMethod("POST"); request.setContentLength(0); final String clientToken = BaseEncoding.base64().encode(clientContext.getToken()); request.addHeader("Authorization", securityPackage + " " + clientToken); final SimpleHttpResponse response = new SimpleHttpResponse(); this.authenticator.authenticate(request, response); Assert.assertTrue(response.getHeader("WWW-Authenticate").startsWith(securityPackage + " ")); Assert.assertEquals("keep-alive", response.getHeader("Connection")); Assert.assertEquals(2, response.getHeaderNames().size()); Assert.assertEquals(401, response.getStatus()); } finally { if (clientContext != null) { clientContext.dispose(); } if (clientCredentials != null) { clientCredentials.dispose(); } } }
/** Test post empty. */ @Test public void testPOSTEmpty() { final String securityPackage = "Negotiate"; IWindowsCredentialsHandle clientCredentials = null; WindowsSecurityContextImpl clientContext = null; try { // client credentials handle clientCredentials = WindowsCredentialsHandleImpl.getCurrent(securityPackage); clientCredentials.initialize(); // initial client security context clientContext = new WindowsSecurityContextImpl(); clientContext.setPrincipalName(WindowsAccountImpl.getCurrentUsername()); clientContext.setCredentialsHandle(clientCredentials.getHandle()); clientContext.setSecurityPackage(securityPackage); clientContext.initialize(null, null, WindowsAccountImpl.getCurrentUsername()); // negotiate boolean authenticated = false; final SimpleHttpRequest request = new SimpleHttpRequest(); request.setMethod("POST"); request.setContentLength(0); String clientToken; String continueToken; byte[] continueTokenBytes; SimpleHttpResponse response; SecBufferDesc continueTokenBuffer; while (true) { clientToken = BaseEncoding.base64().encode(clientContext.getToken()); request.addHeader("Authorization", securityPackage + " " + clientToken); response = new SimpleHttpResponse(); try { authenticated = this.authenticator.authenticate(request, response); } catch (final Exception e) { NegotiateAuthenticatorTests.LOGGER.error("{}", e); return; } if (authenticated) { Assertions.assertThat(response.getHeaderNames().size()).isGreaterThanOrEqualTo(0); break; } if (response.getHeader("WWW-Authenticate").startsWith(securityPackage + ",")) { Assert.assertEquals("close", response.getHeader("Connection")); Assert.assertEquals(2, response.getHeaderNames().size()); Assert.assertEquals(401, response.getStatus()); return; } Assert.assertTrue(response.getHeader("WWW-Authenticate").startsWith(securityPackage + " ")); Assert.assertEquals("keep-alive", response.getHeader("Connection")); Assert.assertEquals(2, response.getHeaderNames().size()); Assert.assertEquals(401, response.getStatus()); continueToken = response.getHeader("WWW-Authenticate").substring(securityPackage.length() + 1); continueTokenBytes = BaseEncoding.base64().decode(continueToken); Assertions.assertThat(continueTokenBytes.length).isGreaterThan(0); continueTokenBuffer = new SecBufferDesc(Sspi.SECBUFFER_TOKEN, continueTokenBytes); clientContext.initialize( clientContext.getHandle(), continueTokenBuffer, WindowsAccountImpl.getCurrentUsername()); } Assert.assertTrue(authenticated); } finally { if (clientContext != null) { clientContext.dispose(); } if (clientCredentials != null) { clientCredentials.dispose(); } } }
/** Test negotiate. */ @Test public void testNegotiate() { final String securityPackage = "Negotiate"; IWindowsCredentialsHandle clientCredentials = null; WindowsSecurityContextImpl clientContext = null; try { // client credentials handle clientCredentials = WindowsCredentialsHandleImpl.getCurrent(securityPackage); clientCredentials.initialize(); // initial client security context clientContext = new WindowsSecurityContextImpl(); clientContext.setPrincipalName(WindowsAccountImpl.getCurrentUsername()); clientContext.setCredentialsHandle(clientCredentials.getHandle()); clientContext.setSecurityPackage(securityPackage); clientContext.initialize(null, null, WindowsAccountImpl.getCurrentUsername()); // negotiate boolean authenticated = false; final SimpleHttpRequest request = new SimpleHttpRequest(); while (true) { final String clientToken = BaseEncoding.base64().encode(clientContext.getToken()); request.addHeader("Authorization", securityPackage + " " + clientToken); final SimpleHttpResponse response = new SimpleHttpResponse(); authenticated = this.authenticator.authenticate(request, response); if (authenticated) { Assert.assertNotNull(request.getUserPrincipal()); Assert.assertTrue(request.getUserPrincipal() instanceof GenericWindowsPrincipal); final GenericWindowsPrincipal windowsPrincipal = (GenericWindowsPrincipal) request.getUserPrincipal(); Assert.assertTrue(windowsPrincipal.getSidString().startsWith("S-")); Assertions.assertThat(windowsPrincipal.getSid().length).isGreaterThan(0); Assert.assertTrue(windowsPrincipal.getGroups().containsKey("Everyone")); Assertions.assertThat(response.getHeaderNames().size()).isLessThanOrEqualTo(1); break; } Assert.assertTrue(response.getHeader("WWW-Authenticate").startsWith(securityPackage + " ")); Assert.assertEquals("keep-alive", response.getHeader("Connection")); Assert.assertEquals(2, response.getHeaderNames().size()); Assert.assertEquals(401, response.getStatus()); final String continueToken = response.getHeader("WWW-Authenticate").substring(securityPackage.length() + 1); final byte[] continueTokenBytes = BaseEncoding.base64().decode(continueToken); Assertions.assertThat(continueTokenBytes.length).isGreaterThan(0); final SecBufferDesc continueTokenBuffer = new SecBufferDesc(Sspi.SECBUFFER_TOKEN, continueTokenBytes); clientContext.initialize( clientContext.getHandle(), continueTokenBuffer, WindowsAccountImpl.getCurrentUsername()); } Assert.assertTrue(authenticated); } finally { if (clientContext != null) { clientContext.dispose(); } if (clientCredentials != null) { clientCredentials.dispose(); } } }