1 /*
2 * ====================================================================
3 * Licensed to the Apache Software Foundation (ASF) under one
4 * or more contributor license agreements. See the NOTICE file
5 * distributed with this work for additional information
6 * regarding copyright ownership. The ASF licenses this file
7 * to you under the Apache License, Version 2.0 (the
8 * "License"); you may not use this file except in compliance
9 * with the License. You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing,
14 * software distributed under the License is distributed on an
15 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
16 * KIND, either express or implied. See the License for the
17 * specific language governing permissions and limitations
18 * under the License.
19 * ====================================================================
20 *
21 * This software consists of voluntary contributions made by many
22 * individuals on behalf of the Apache Software Foundation. For more
23 * information on the Apache Software Foundation, please see
24 * <http://www.apache.org/>.
25 *
26 */
27 package org.apache.http.impl.auth;
28
29 import org.apache.http.Header;
30 import org.apache.http.HttpRequest;
31 import org.apache.http.auth.AuthenticationException;
32 import org.apache.http.auth.Credentials;
33 import org.apache.http.protocol.HttpContext;
34 import org.apache.http.util.Args;
35 import org.ietf.jgss.GSSException;
36 import org.ietf.jgss.Oid;
37
38 /**
39 * KERBEROS authentication scheme.
40 *
41 * @since 4.2
42 */
43 public class KerberosScheme extends GGSSchemeBase {
44
45 private static final String KERBEROS_OID = "1.2.840.113554.1.2.2";
46
47 /**
48 * @since 4.4
49 */
50 public KerberosScheme(final boolean stripPort, final boolean useCanonicalHostname) {
51 super(stripPort, useCanonicalHostname);
52 }
53
54 public KerberosScheme(final boolean stripPort) {
55 super(stripPort);
56 }
57
58 public KerberosScheme() {
59 super();
60 }
61
62 @Override
63 public String getSchemeName() {
64 return "Kerberos";
65 }
66
67 /**
68 * Produces KERBEROS authorization Header based on token created by
69 * processChallenge.
70 *
71 * @param credentials not used by the KERBEROS scheme.
72 * @param request The request being authenticated
73 *
74 * @throws AuthenticationException if authentication string cannot
75 * be generated due to an authentication failure
76 *
77 * @return KERBEROS authentication Header
78 */
79 @Override
80 public Header authenticate(
81 final Credentials credentials,
82 final HttpRequest request,
83 final HttpContext context) throws AuthenticationException {
84 return super.authenticate(credentials, request, context);
85 }
86
87 @Override @SuppressWarnings("deprecation")
88 protected byte[] generateToken(final byte[] input, final String authServer) throws GSSException {
89 return super.generateToken(input, authServer);
90 }
91
92 @Override
93 protected byte[] generateToken(final byte[] input, final String authServer, final Credentials credentials) throws GSSException {
94 return generateGSSToken(input, new Oid(KERBEROS_OID), authServer, credentials);
95 }
96
97 /**
98 * There are no valid parameters for KERBEROS authentication so this
99 * method always returns {@code null}.
100 *
101 * @return {@code null}
102 */
103 @Override
104 public String getParameter(final String name) {
105 Args.notNull(name, "Parameter name");
106 return null;
107 }
108
109 /**
110 * The concept of an authentication realm is not supported by the Negotiate
111 * authentication scheme. Always returns {@code null}.
112 *
113 * @return {@code null}
114 */
115 @Override
116 public String getRealm() {
117 return null;
118 }
119
120 /**
121 * Returns {@code true}. KERBEROS authentication scheme is connection based.
122 *
123 * @return {@code true}.
124 */
125 @Override
126 public boolean isConnectionBased() {
127 return true;
128 }
129
130 }