1 /*
2 * ====================================================================
3 * Licensed to the Apache Software Foundation (ASF) under one
4 * or more contributor license agreements. See the NOTICE file
5 * distributed with this work for additional information
6 * regarding copyright ownership. The ASF licenses this file
7 * to you under the Apache License, Version 2.0 (the
8 * "License"); you may not use this file except in compliance
9 * with the License. You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing,
14 * software distributed under the License is distributed on an
15 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
16 * KIND, either express or implied. See the License for the
17 * specific language governing permissions and limitations
18 * under the License.
19 * ====================================================================
20 *
21 * This software consists of voluntary contributions made by many
22 * individuals on behalf of the Apache Software Foundation. For more
23 * information on the Apache Software Foundation, please see
24 * <http://www.apache.org/>.
25 *
26 */
27 package org.apache.http.impl.auth;
28
29 import org.apache.http.Header;
30 import org.apache.http.HttpRequest;
31 import org.apache.http.auth.AuthenticationException;
32 import org.apache.http.auth.Credentials;
33 import org.apache.http.protocol.HttpContext;
34 import org.apache.http.util.Args;
35 import org.ietf.jgss.GSSException;
36 import org.ietf.jgss.Oid;
37
38 /**
39 * SPNEGO (Simple and Protected GSSAPI Negotiation Mechanism) authentication
40 * scheme.
41 *
42 * @since 4.2
43 */
44 public class SPNegoScheme extends GGSSchemeBase {
45
46 private static final String SPNEGO_OID = "1.3.6.1.5.5.2";
47
48 /**
49 * @since 4.4
50 */
51 public SPNegoScheme(final boolean stripPort, final boolean useCanonicalHostname) {
52 super(stripPort, useCanonicalHostname);
53 }
54
55 public SPNegoScheme(final boolean stripPort) {
56 super(stripPort);
57 }
58
59 public SPNegoScheme() {
60 super();
61 }
62
63 @Override
64 public String getSchemeName() {
65 return "Negotiate";
66 }
67
68 /**
69 * Produces SPNEGO authorization Header based on token created by
70 * processChallenge.
71 *
72 * @param credentials not used by the SPNEGO scheme.
73 * @param request The request being authenticated
74 *
75 * @throws AuthenticationException if authentication string cannot
76 * be generated due to an authentication failure
77 *
78 * @return SPNEGO authentication Header
79 */
80 @Override
81 public Header authenticate(
82 final Credentials credentials,
83 final HttpRequest request,
84 final HttpContext context) throws AuthenticationException {
85 return super.authenticate(credentials, request, context);
86 }
87
88 @Override @SuppressWarnings("deprecation")
89 protected byte[] generateToken(final byte[] input, final String authServer) throws GSSException {
90 return super.generateToken(input, authServer);
91 }
92
93 @Override
94 protected byte[] generateToken(final byte[] input, final String authServer, final Credentials credentials) throws GSSException {
95 return generateGSSToken(input, new Oid(SPNEGO_OID), authServer, credentials);
96 }
97
98 /**
99 * There are no valid parameters for SPNEGO authentication so this
100 * method always returns {@code null}.
101 *
102 * @return {@code null}
103 */
104 @Override
105 public String getParameter(final String name) {
106 Args.notNull(name, "Parameter name");
107 return null;
108 }
109
110 /**
111 * The concept of an authentication realm is not supported by the Negotiate
112 * authentication scheme. Always returns {@code null}.
113 *
114 * @return {@code null}
115 */
116 @Override
117 public String getRealm() {
118 return null;
119 }
120
121 /**
122 * Returns {@code true}. SPNEGO authentication scheme is connection based.
123 *
124 * @return {@code true}.
125 */
126 @Override
127 public boolean isConnectionBased() {
128 return true;
129 }
130
131 }