/* * Copyright (c) 2018, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. */ /* * @test * @bug 8225425 * @summary Verifies that transparent NTLM (on Windows) is not used by default, * and is used only when the relevant property is set. * @requires os.family == "windows" * @library /test/lib * @run testng/othervm * -Dtest.auth.succeed=false * TestTransparentNTLM * @run testng/othervm * -Djdk.http.ntlm.transparentAuth=allHosts * -Dtest.auth.succeed=true * TestTransparentNTLM * @run testng/othervm * -Djdk.http.ntlm.transparentAuth=blahblah * -Dtest.auth.succeed=false * TestTransparentNTLM * @run testng/othervm * -Djdk.http.ntlm.transparentAuth=trustedHosts * -Dtest.auth.succeed=false * TestTransparentNTLM */ // Run with `trustedHosts` to exercise the native code, nothing more. import java.io.Closeable; import java.io.IOException; import java.io.InputStream; import java.net.HttpURLConnection; import java.net.InetAddress; import java.net.InetSocketAddress; import java.net.ServerSocket; import java.net.Socket; import java.net.URL; import jdk.test.lib.net.URIBuilder; import org.testng.annotations.AfterTest; import org.testng.annotations.BeforeTest; import org.testng.annotations.Test; import org.testng.SkipException; import static java.lang.System.out; import static java.net.Proxy.NO_PROXY; import static java.nio.charset.StandardCharsets.UTF_8; import static org.testng.Assert.assertEquals; import static org.testng.Assert.fail; public class TestTransparentNTLM { boolean succeed; // true if authentication is expected to succeed Server server; URL url; @Test public void testNTLM() throws IOException { out.println("connecting to url: " + url); HttpURLConnection uc = (HttpURLConnection)url.openConnection(NO_PROXY); int respCode = uc.getResponseCode(); out.println("received: " + respCode); if (succeed) { assertEquals(respCode, HttpURLConnection.HTTP_OK); String body = new String(uc.getInputStream().readAllBytes(), UTF_8); out.println("received body: " + body); } else { assertEquals(respCode, HttpURLConnection.HTTP_UNAUTHORIZED); } } static class Server extends Thread implements Closeable { static final InetAddress LOOPBACK = InetAddress.getLoopbackAddress(); final ServerSocket serverSocket; final boolean expectAuthToSucceed; Server(boolean expectAuthToSucceed) throws IOException { super("TestTransparentNTLM-Server"); serverSocket = new ServerSocket(); serverSocket.bind(new InetSocketAddress(LOOPBACK, 0)); this.expectAuthToSucceed = expectAuthToSucceed; } int port() { return serverSocket.getLocalPort(); } static final String AUTH_REQUIRED = "HTTP/1.1 401 Unauthorized\r\n" + "Content-Length: 0\r\n" + "Connection: close\r\n" + "WWW-Authenticate: NTLM\r\n\r\n"; static final String AUTH_STAGE_TWO = "HTTP/1.1 401 Unauthorized\r\n" + "Content-Length: 0\r\n" + "WWW-Authenticate: NTLM TlRMTVNTUAACAAAAAAAAACgAAAABggAAU3J2Tm9uY2UAAAAAAAAAAA==\r\n\r\n"; static final String AUTH_SUCCESSFUL = "HTTP/1.1 200 OK\r\n" + "Content-Length: 11\r\n\r\n" + "Hello world"; @Override public void run() { try { try (Socket s = serverSocket.accept()) { out.println("Server accepted connection - 1"); readRequestHeaders(s.getInputStream()); s.getOutputStream().write(AUTH_REQUIRED.getBytes(UTF_8)); } if (expectAuthToSucceed) { // await the second follow up connection try (Socket s = serverSocket.accept()) { out.println("Server accepted connection - 2"); readRequestHeaders(s.getInputStream()); s.getOutputStream().write(AUTH_STAGE_TWO.getBytes(UTF_8)); readRequestHeaders(s.getInputStream()); s.getOutputStream().write(AUTH_SUCCESSFUL.getBytes(UTF_8)); } } } catch (IOException e) { fail("Unexpected exception", e); } } @Override public void close() throws IOException { serverSocket.close(); } static final byte[] REQUEST_END = new byte[] {'\r', '\n', '\r', '\n'}; // Read until the end of the HTTP request headers static void readRequestHeaders(InputStream is) throws IOException { int requestEndCount = 0, r; while ((r = is.read()) != -1) { if (r == REQUEST_END[requestEndCount]) { requestEndCount++; if (requestEndCount == 4) { break; } } else { requestEndCount = 0; } } } } @BeforeTest public void setup() throws Exception { succeed = System.getProperty("test.auth.succeed").equals("true"); if (succeed) out.println("Expect client to succeed, with 200 Ok"); else out.println("Expect client to fail, with 401 Unauthorized"); server = new Server(succeed); server.start(); url = URIBuilder.newBuilder() .scheme("http") .loopback() .port(server.port()) .path("/xxyyzz") .toURL(); } @AfterTest public void teardown() throws Exception { server.close(); server.join(); } }