예제 #1
0
        /// <summary>
        /// Returns an authenticated
        /// <see cref="HttpURLConnection"/>
        /// .
        /// </summary>
        /// <param name="url">the URL to connect to. Only HTTP/S URLs are supported.</param>
        /// <param name="token">the authentication token being used for the user.</param>
        /// <returns>
        /// an authenticated
        /// <see cref="HttpURLConnection"/>
        /// .
        /// </returns>
        /// <exception cref="System.IO.IOException">if an IO error occurred.</exception>
        /// <exception cref="AuthenticationException">if an authentication exception occurred.
        ///     </exception>
        /// <exception cref="Org.Apache.Hadoop.Security.Authentication.Client.AuthenticationException
        ///     "/>
        public virtual HttpURLConnection OpenConnection(Uri url, AuthenticatedURL.Token token
                                                        )
        {
            if (url == null)
            {
                throw new ArgumentException("url cannot be NULL");
            }
            if (!Runtime.EqualsIgnoreCase(url.Scheme, "http") && !Runtime.EqualsIgnoreCase
                    (url.Scheme, "https"))
            {
                throw new ArgumentException("url must be for a HTTP or HTTPS resource");
            }
            if (token == null)
            {
                throw new ArgumentException("token cannot be NULL");
            }
            authenticator.Authenticate(url, token);
            HttpURLConnection conn = (HttpURLConnection)url.OpenConnection();

            if (connConfigurator != null)
            {
                conn = connConfigurator.Configure(conn);
            }
            InjectToken(conn, token);
            return(conn);
        }
예제 #2
0
        public virtual void TestExtractTokenFail()
        {
            HttpURLConnection conn = Org.Mockito.Mockito.Mock <HttpURLConnection>();

            Org.Mockito.Mockito.When(conn.GetResponseCode()).ThenReturn(HttpURLConnection.HttpUnauthorized
                                                                        );
            string tokenStr = "foo";
            IDictionary <string, IList <string> > headers = new Dictionary <string, IList <string>
                                                                            >();
            IList <string> cookies = new AList <string>();

            cookies.AddItem(AuthenticatedURL.AuthCookie + "=" + tokenStr);
            headers["Set-Cookie"] = cookies;
            Org.Mockito.Mockito.When(conn.GetHeaderFields()).ThenReturn(headers);
            AuthenticatedURL.Token token = new AuthenticatedURL.Token();
            token.Set("bar");
            try
            {
                AuthenticatedURL.ExtractToken(conn, token);
                NUnit.Framework.Assert.Fail();
            }
            catch (AuthenticationException)
            {
                // Expected
                NUnit.Framework.Assert.IsFalse(token.IsSet());
            }
            catch (Exception)
            {
                NUnit.Framework.Assert.Fail();
            }
        }
예제 #3
0
 /// <summary>
 /// Implements the SPNEGO authentication sequence interaction using the current default principal
 /// in the Kerberos cache (normally set via kinit).
 /// </summary>
 /// <param name="token">the authentication token being used for the user.</param>
 /// <exception cref="System.IO.IOException">if an IO error occurred.</exception>
 /// <exception cref="AuthenticationException">if an authentication error occurred.</exception>
 /// <exception cref="Org.Apache.Hadoop.Security.Authentication.Client.AuthenticationException
 ///     "/>
 private void DoSpnegoSequence(AuthenticatedURL.Token token)
 {
     try
     {
         AccessControlContext context = AccessController.GetContext();
         Subject subject = Subject.GetSubject(context);
         if (subject == null || (subject.GetPrivateCredentials <KerberosKey>().IsEmpty() &&
                                 subject.GetPrivateCredentials <KerberosTicket>().IsEmpty()))
         {
             Log.Debug("No subject in context, logging in");
             subject = new Subject();
             LoginContext login = new LoginContext(string.Empty, subject, null, new KerberosAuthenticator.KerberosConfiguration
                                                       ());
             login.Login();
         }
         if (Log.IsDebugEnabled())
         {
             Log.Debug("Using subject: " + subject);
         }
         Subject.DoAs(subject, new _PrivilegedExceptionAction_287(this));
     }
     catch (PrivilegedActionException ex)
     {
         // Loop while the context is still not established
         throw new AuthenticationException(ex.GetException());
     }
     catch (LoginException ex)
     {
         throw new AuthenticationException(ex);
     }
     AuthenticatedURL.ExtractToken(conn, token);
 }
예제 #4
0
 public virtual void TestToken()
 {
     AuthenticatedURL.Token token = new AuthenticatedURL.Token();
     NUnit.Framework.Assert.IsFalse(token.IsSet());
     token = new AuthenticatedURL.Token("foo");
     Assert.True(token.IsSet());
     Assert.Equal("foo", token.ToString());
 }
예제 #5
0
        public virtual void TestInjectToken()
        {
            HttpURLConnection conn = Org.Mockito.Mockito.Mock <HttpURLConnection>();

            AuthenticatedURL.Token token = new AuthenticatedURL.Token();
            token.Set("foo");
            AuthenticatedURL.InjectToken(conn, token);
            Org.Mockito.Mockito.Verify(conn).AddRequestProperty(Org.Mockito.Mockito.Eq("Cookie"
                                                                                       ), Org.Mockito.Mockito.AnyString());
        }
예제 #6
0
 /*
  * Check if the passed token is of type "kerberos" or "kerberos-dt"
  */
 /// <exception cref="Org.Apache.Hadoop.Security.Authentication.Client.AuthenticationException
 ///     "/>
 private bool IsTokenKerberos(AuthenticatedURL.Token token)
 {
     if (token.IsSet())
     {
         AuthToken aToken = AuthToken.Parse(token.ToString());
         if (aToken.GetType().Equals("kerberos") || aToken.GetType().Equals("kerberos-dt"))
         {
             return(true);
         }
     }
     return(false);
 }
예제 #7
0
        /// <summary>Helper method that injects an authentication token to send with a connection.
        ///     </summary>
        /// <param name="conn">connection to inject the authentication token into.</param>
        /// <param name="token">authentication token to inject.</param>
        public static void InjectToken(HttpURLConnection conn, AuthenticatedURL.Token token
                                       )
        {
            string t = token.token;

            if (t != null)
            {
                if (!t.StartsWith("\""))
                {
                    t = "\"" + t + "\"";
                }
                conn.AddRequestProperty("Cookie", AuthCookieEq + t);
            }
        }
예제 #8
0
 /// <exception cref="System.Exception"/>
 protected internal virtual void _testAuthentication(Authenticator authenticator,
                                                     bool doPost)
 {
     Start();
     try
     {
         Uri url = new Uri(GetBaseURL());
         AuthenticatedURL.Token token = new AuthenticatedURL.Token();
         NUnit.Framework.Assert.IsFalse(token.IsSet());
         AuthenticatorTestCase.TestConnectionConfigurator connConf = new AuthenticatorTestCase.TestConnectionConfigurator
                                                                         ();
         AuthenticatedURL  aUrl = new AuthenticatedURL(authenticator, connConf);
         HttpURLConnection conn = aUrl.OpenConnection(url, token);
         Assert.True(connConf.invoked);
         string tokenStr = token.ToString();
         if (doPost)
         {
             conn.SetRequestMethod("POST");
             conn.SetDoOutput(true);
         }
         conn.Connect();
         if (doPost)
         {
             TextWriter writer = new OutputStreamWriter(conn.GetOutputStream());
             writer.Write(Post);
             writer.Close();
         }
         Assert.Equal(HttpURLConnection.HttpOk, conn.GetResponseCode());
         if (doPost)
         {
             BufferedReader reader = new BufferedReader(new InputStreamReader(conn.GetInputStream
                                                                                  ()));
             string echo = reader.ReadLine();
             Assert.Equal(Post, echo);
             NUnit.Framework.Assert.IsNull(reader.ReadLine());
         }
         aUrl = new AuthenticatedURL();
         conn = aUrl.OpenConnection(url, token);
         conn.Connect();
         Assert.Equal(HttpURLConnection.HttpOk, conn.GetResponseCode());
         Assert.Equal(tokenStr, token.ToString());
     }
     finally
     {
         Stop();
     }
 }
예제 #9
0
        /// <summary>Performs simple authentication against the specified URL.</summary>
        /// <remarks>
        /// Performs simple authentication against the specified URL.
        /// <p>
        /// If a token is given it does a NOP and returns the given token.
        /// <p>
        /// If no token is given, it will perform an HTTP <code>OPTIONS</code> request injecting an additional
        /// parameter
        /// <see cref="UserName"/>
        /// in the query string with the value returned by the
        /// <see cref="GetUserName()"/>
        /// method.
        /// <p>
        /// If the response is successful it will update the authentication token.
        /// </remarks>
        /// <param name="url">the URl to authenticate against.</param>
        /// <param name="token">the authencation token being used for the user.</param>
        /// <exception cref="System.IO.IOException">if an IO error occurred.</exception>
        /// <exception cref="AuthenticationException">if an authentication error occurred.</exception>
        /// <exception cref="Org.Apache.Hadoop.Security.Authentication.Client.AuthenticationException
        ///     "/>
        public virtual void Authenticate(Uri url, AuthenticatedURL.Token token)
        {
            string strUrl         = url.ToString();
            string paramSeparator = (strUrl.Contains("?")) ? "&" : "?";

            strUrl += paramSeparator + UserNameEq + GetUserName();
            url     = new Uri(strUrl);
            HttpURLConnection conn = (HttpURLConnection)url.OpenConnection();

            if (connConfigurator != null)
            {
                conn = connConfigurator.Configure(conn);
            }
            conn.SetRequestMethod("OPTIONS");
            conn.Connect();
            AuthenticatedURL.ExtractToken(conn, token);
        }
예제 #10
0
        public virtual void TestExtractTokenOK()
        {
            HttpURLConnection conn = Org.Mockito.Mockito.Mock <HttpURLConnection>();

            Org.Mockito.Mockito.When(conn.GetResponseCode()).ThenReturn(HttpURLConnection.HttpOk
                                                                        );
            string tokenStr = "foo";
            IDictionary <string, IList <string> > headers = new Dictionary <string, IList <string>
                                                                            >();
            IList <string> cookies = new AList <string>();

            cookies.AddItem(AuthenticatedURL.AuthCookie + "=" + tokenStr);
            headers["Set-Cookie"] = cookies;
            Org.Mockito.Mockito.When(conn.GetHeaderFields()).ThenReturn(headers);
            AuthenticatedURL.Token token = new AuthenticatedURL.Token();
            AuthenticatedURL.ExtractToken(conn, token);
            Assert.Equal(tokenStr, token.ToString());
        }
예제 #11
0
 /// <summary>Performs SPNEGO authentication against the specified URL.</summary>
 /// <remarks>
 /// Performs SPNEGO authentication against the specified URL.
 /// <p>
 /// If a token is given it does a NOP and returns the given token.
 /// <p>
 /// If no token is given, it will perform the SPNEGO authentication sequence using an
 /// HTTP <code>OPTIONS</code> request.
 /// </remarks>
 /// <param name="url">the URl to authenticate against.</param>
 /// <param name="token">the authentication token being used for the user.</param>
 /// <exception cref="System.IO.IOException">if an IO error occurred.</exception>
 /// <exception cref="AuthenticationException">if an authentication error occurred.</exception>
 /// <exception cref="Org.Apache.Hadoop.Security.Authentication.Client.AuthenticationException
 ///     "/>
 public virtual void Authenticate(Uri url, AuthenticatedURL.Token token)
 {
     if (!token.IsSet())
     {
         this.url = url;
         base64   = new Base64(0);
         conn     = (HttpURLConnection)url.OpenConnection();
         if (connConfigurator != null)
         {
             conn = connConfigurator.Configure(conn);
         }
         conn.SetRequestMethod(AuthHttpMethod);
         conn.Connect();
         bool needFallback = false;
         if (conn.GetResponseCode() == HttpURLConnection.HttpOk)
         {
             Log.Debug("JDK performed authentication on our behalf.");
             // If the JDK already did the SPNEGO back-and-forth for
             // us, just pull out the token.
             AuthenticatedURL.ExtractToken(conn, token);
             if (IsTokenKerberos(token))
             {
                 return;
             }
             needFallback = true;
         }
         if (!needFallback && IsNegotiate())
         {
             Log.Debug("Performing our own SPNEGO sequence.");
             DoSpnegoSequence(token);
         }
         else
         {
             Log.Debug("Using fallback authenticator sequence.");
             Authenticator auth = GetFallBackAuthenticator();
             // Make sure that the fall back authenticator have the same
             // ConnectionConfigurator, since the method might be overridden.
             // Otherwise the fall back authenticator might not have the information
             // to make the connection (e.g., SSL certificates)
             auth.SetConnectionConfigurator(connConfigurator);
             auth.Authenticate(url, token);
         }
     }
 }
예제 #12
0
        /// <summary>Helper method that extracts an authentication token received from a connection.
        ///     </summary>
        /// <remarks>
        /// Helper method that extracts an authentication token received from a connection.
        /// <p>
        /// This method is used by
        /// <see cref="Authenticator"/>
        /// implementations.
        /// </remarks>
        /// <param name="conn">connection to extract the authentication token from.</param>
        /// <param name="token">the authentication token.</param>
        /// <exception cref="System.IO.IOException">if an IO error occurred.</exception>
        /// <exception cref="AuthenticationException">if an authentication exception occurred.
        ///     </exception>
        /// <exception cref="Org.Apache.Hadoop.Security.Authentication.Client.AuthenticationException
        ///     "/>
        public static void ExtractToken(HttpURLConnection conn, AuthenticatedURL.Token token
                                        )
        {
            int respCode = conn.GetResponseCode();

            if (respCode == HttpURLConnection.HttpOk || respCode == HttpURLConnection.HttpCreated ||
                respCode == HttpURLConnection.HttpAccepted)
            {
                IDictionary <string, IList <string> > headers = conn.GetHeaderFields();
                IList <string> cookies = headers["Set-Cookie"];
                if (cookies != null)
                {
                    foreach (string cookie in cookies)
                    {
                        if (cookie.StartsWith(AuthCookieEq))
                        {
                            string value     = Runtime.Substring(cookie, AuthCookieEq.Length);
                            int    separator = value.IndexOf(";");
                            if (separator > -1)
                            {
                                value = Runtime.Substring(value, 0, separator);
                            }
                            if (value.Length > 0)
                            {
                                token.Set(value);
                            }
                        }
                    }
                }
            }
            else
            {
                token.Set(null);
                throw new AuthenticationException("Authentication failed, status: " + conn.GetResponseCode
                                                      () + ", message: " + conn.GetResponseMessage());
            }
        }