1
/*
2
 * Copyright (c) 2018, 2019, Oracle and/or its affiliates. All rights reserved.
3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4
 *
5
 * This code is free software; you can redistribute it and/or modify it
6
 * under the terms of the GNU General Public License version 2 only, as
7
 * published by the Free Software Foundation.
8
 *
9
 * This code is distributed in the hope that it will be useful, but WITHOUT
10
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
12
 * version 2 for more details (a copy is included in the LICENSE file that
13
 * accompanied this code).
14
 *
15
 * You should have received a copy of the GNU General Public License version
16
 * 2 along with this work; if not, write to the Free Software Foundation,
17
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18
 *
19
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20
 * or visit www.oracle.com if you need additional information or have any
21
 * questions.
22
 */
23

24
/*
25
 * @test
26
 * @bug 8225425
27
 * @summary Verifies that transparent NTLM (on Windows) is not used by default,
28
 *          and is used only when the relevant property is set.
29
 * @requires os.family == "windows"
30
 * @library ../../../../../lib/testlibrary
31
 * @run testng/othervm
32
 *      -Dtest.auth.succeed=false
33
 *      TestTransparentNTLM
34
 * @run testng/othervm
35
 *      -Djdk.http.ntlm.transparentAuth=allHosts
36
 *      -Dtest.auth.succeed=true
37
 *      TestTransparentNTLM
38
 * @run testng/othervm
39
 *      -Djdk.http.ntlm.transparentAuth=blahblah
40
 *      -Dtest.auth.succeed=false
41
 *      TestTransparentNTLM
42
 * @run testng/othervm
43
 *      -Djdk.http.ntlm.transparentAuth=trustedHosts
44
 *      -Dtest.auth.succeed=false
45
 *      TestTransparentNTLM
46
 */
47

48
// Run with `trustedHosts` to exercise the native code, nothing more.
49

50
import java.io.BufferedReader;
51
import java.io.Closeable;
52
import java.io.IOException;
53
import java.io.InputStream;
54
import java.io.InputStreamReader;
55
import java.net.HttpURLConnection;
56
import java.net.InetAddress;
57
import java.net.InetSocketAddress;
58
import java.net.ServerSocket;
59
import java.net.Socket;
60
import java.net.URL;
61
import jdk.testlibrary.net.URIBuilder;
62
import org.testng.annotations.AfterTest;
63
import org.testng.annotations.BeforeTest;
64
import org.testng.annotations.Test;
65
import org.testng.SkipException;
66
import static java.lang.System.out;
67
import static java.net.Proxy.NO_PROXY;
68
import static java.nio.charset.StandardCharsets.UTF_8;
69
import static org.testng.Assert.assertEquals;
70
import static org.testng.Assert.fail;
71

72
public class TestTransparentNTLM {
73

74
    boolean succeed;  // true if authentication is expected to succeed
75
    Server server;
76
    URL url;
77

78
    @Test
79
    public void testNTLM() throws IOException {
80
        out.println("connecting to url: " + url);
81
        HttpURLConnection uc = (HttpURLConnection)url.openConnection(NO_PROXY);
82
        int respCode = uc.getResponseCode();
83
        out.println("received: " + respCode);
84

85
        if (succeed) {
86
            assertEquals(respCode, HttpURLConnection.HTTP_OK);
87
            InputStream is = uc.getInputStream();
88
            BufferedReader r = new BufferedReader(new InputStreamReader(is, UTF_8));
89
            String body = r.readLine();
90
            out.print("received body: ");
91
            do {
92
                out.print(body);
93
                body = r.readLine();
94
            } while (body != null);
95
        } else {
96
            assertEquals(respCode, HttpURLConnection.HTTP_UNAUTHORIZED);
97
        }
98
    }
99

100
    static class Server extends Thread implements  Closeable {
101

102
        static final InetAddress LOOPBACK = InetAddress.getLoopbackAddress();
103
        final ServerSocket serverSocket;
104
        final boolean expectAuthToSucceed;
105

106
        Server(boolean expectAuthToSucceed) throws IOException {
107
            super("TestTransparentNTLM-Server");
108
            serverSocket = new ServerSocket();
109
            serverSocket.bind(new InetSocketAddress(LOOPBACK, 0));
110
            this.expectAuthToSucceed = expectAuthToSucceed;
111
        }
112

113
        int port() {
114
            return serverSocket.getLocalPort();
115
        }
116

117
        static final String AUTH_REQUIRED =
118
                "HTTP/1.1 401 Unauthorized\r\n" +
119
                "Content-Length: 0\r\n" +
120
                "Connection: close\r\n" +
121
                "WWW-Authenticate: NTLM\r\n\r\n";
122

123
        static final String AUTH_STAGE_TWO =
124
                "HTTP/1.1 401 Unauthorized\r\n" +
125
                "Content-Length: 0\r\n" +
126
                "WWW-Authenticate: NTLM TlRMTVNTUAACAAAAAAAAACgAAAABggAAU3J2Tm9uY2UAAAAAAAAAAA==\r\n\r\n";
127

128
        static final String AUTH_SUCCESSFUL =
129
                "HTTP/1.1 200 OK\r\n" +
130
                "Content-Length: 11\r\n\r\n" +
131
                "Hello world";
132

133
        @Override
134
        public void run() {
135
            try {
136
                try (Socket s = serverSocket.accept()) {
137
                    out.println("Server accepted connection - 1");
138
                    readRequestHeaders(s.getInputStream());
139
                    s.getOutputStream().write(AUTH_REQUIRED.getBytes(UTF_8));
140
                }
141

142
                if (expectAuthToSucceed) {
143
                    // await the second follow up connection
144
                    try (Socket s = serverSocket.accept()) {
145
                        out.println("Server accepted connection - 2");
146
                        readRequestHeaders(s.getInputStream());
147
                        s.getOutputStream().write(AUTH_STAGE_TWO.getBytes(UTF_8));
148
                        readRequestHeaders(s.getInputStream());
149
                        s.getOutputStream().write(AUTH_SUCCESSFUL.getBytes(UTF_8));
150
                    }
151
                }
152
            } catch (IOException e) {
153
                fail("Unexpected exception", e);
154
            }
155
        }
156

157
        @Override
158
        public void close() throws IOException {
159
            serverSocket.close();
160
        }
161

162
        static final byte[] REQUEST_END = new byte[] {'\r', '\n', '\r', '\n'};
163

164
        // Read until the end of the HTTP request headers
165
        static void readRequestHeaders(InputStream is) throws IOException {
166
            int requestEndCount = 0, r;
167
            while ((r = is.read()) != -1) {
168
                if (r == REQUEST_END[requestEndCount]) {
169
                    requestEndCount++;
170
                    if (requestEndCount == 4) {
171
                        break;
172
                    }
173
                } else {
174
                    requestEndCount = 0;
175
                }
176
            }
177
        }
178
    }
179

180
    @BeforeTest
181
    public void setup() throws Exception {
182
        succeed = System.getProperty("test.auth.succeed").equals("true");
183
        if (succeed)
184
            out.println("Expect client to succeed, with 200 Ok");
185
        else
186
            out.println("Expect client to fail, with 401 Unauthorized");
187

188
        server = new Server(succeed);
189
        server.start();
190
        url = URIBuilder.newBuilder()
191
                .scheme("http")
192
                .loopback()
193
                .port(server.port())
194
                .path("/xxyyzz")
195
                .toURL();
196
    }
197

198
    @AfterTest
199
    public void teardown() throws Exception {
200
        server.close();
201
        server.join();
202
    }
203
}
204

205