public virtual void TestExtractTokenFail()
{
HttpURLConnection conn = Org.Mockito.Mockito.Mock <HttpURLConnection>();
Org.Mockito.Mockito.When(conn.GetResponseCode()).ThenReturn(HttpURLConnection.HttpUnauthorized
);
string tokenStr = "foo";
IDictionary <string, IList <string> > headers = new Dictionary <string, IList <string>
>();
IList <string> cookies = new AList <string>();
cookies.AddItem(AuthenticatedURL.AuthCookie + "=" + tokenStr);
headers["Set-Cookie"] = cookies;
Org.Mockito.Mockito.When(conn.GetHeaderFields()).ThenReturn(headers);
AuthenticatedURL.Token token = new AuthenticatedURL.Token();
token.Set("bar");
try
{
AuthenticatedURL.ExtractToken(conn, token);
NUnit.Framework.Assert.Fail();
}
catch (AuthenticationException)
{
// Expected
NUnit.Framework.Assert.IsFalse(token.IsSet());
}
catch (Exception)
{
NUnit.Framework.Assert.Fail();
}
}
public virtual void TestToken()
{
AuthenticatedURL.Token token = new AuthenticatedURL.Token();
NUnit.Framework.Assert.IsFalse(token.IsSet());
token = new AuthenticatedURL.Token("foo");
Assert.True(token.IsSet());
Assert.Equal("foo", token.ToString());
}
/*
* Check if the passed token is of type "kerberos" or "kerberos-dt"
*/
/// <exception cref="Org.Apache.Hadoop.Security.Authentication.Client.AuthenticationException
/// "/>
private bool IsTokenKerberos(AuthenticatedURL.Token token)
{
if (token.IsSet())
{
AuthToken aToken = AuthToken.Parse(token.ToString());
if (aToken.GetType().Equals("kerberos") || aToken.GetType().Equals("kerberos-dt"))
{
return(true);
}
}
return(false);
}
/// <exception cref="System.Exception"/>
protected internal virtual void _testAuthentication(Authenticator authenticator,
bool doPost)
{
Start();
try
{
Uri url = new Uri(GetBaseURL());
AuthenticatedURL.Token token = new AuthenticatedURL.Token();
NUnit.Framework.Assert.IsFalse(token.IsSet());
AuthenticatorTestCase.TestConnectionConfigurator connConf = new AuthenticatorTestCase.TestConnectionConfigurator
();
AuthenticatedURL aUrl = new AuthenticatedURL(authenticator, connConf);
HttpURLConnection conn = aUrl.OpenConnection(url, token);
Assert.True(connConf.invoked);
string tokenStr = token.ToString();
if (doPost)
{
conn.SetRequestMethod("POST");
conn.SetDoOutput(true);
}
conn.Connect();
if (doPost)
{
TextWriter writer = new OutputStreamWriter(conn.GetOutputStream());
writer.Write(Post);
writer.Close();
}
Assert.Equal(HttpURLConnection.HttpOk, conn.GetResponseCode());
if (doPost)
{
BufferedReader reader = new BufferedReader(new InputStreamReader(conn.GetInputStream
()));
string echo = reader.ReadLine();
Assert.Equal(Post, echo);
NUnit.Framework.Assert.IsNull(reader.ReadLine());
}
aUrl = new AuthenticatedURL();
conn = aUrl.OpenConnection(url, token);
conn.Connect();
Assert.Equal(HttpURLConnection.HttpOk, conn.GetResponseCode());
Assert.Equal(tokenStr, token.ToString());
}
finally
{
Stop();
}
}
/// <summary>Performs SPNEGO authentication against the specified URL.</summary>
/// <remarks>
/// Performs SPNEGO authentication against the specified URL.
/// <p>
/// If a token is given it does a NOP and returns the given token.
/// <p>
/// If no token is given, it will perform the SPNEGO authentication sequence using an
/// HTTP <code>OPTIONS</code> request.
/// </remarks>
/// <param name="url">the URl to authenticate against.</param>
/// <param name="token">the authentication token being used for the user.</param>
/// <exception cref="System.IO.IOException">if an IO error occurred.</exception>
/// <exception cref="AuthenticationException">if an authentication error occurred.</exception>
/// <exception cref="Org.Apache.Hadoop.Security.Authentication.Client.AuthenticationException
/// "/>
public virtual void Authenticate(Uri url, AuthenticatedURL.Token token)
{
if (!token.IsSet())
{
this.url = url;
base64 = new Base64(0);
conn = (HttpURLConnection)url.OpenConnection();
if (connConfigurator != null)
{
conn = connConfigurator.Configure(conn);
}
conn.SetRequestMethod(AuthHttpMethod);
conn.Connect();
bool needFallback = false;
if (conn.GetResponseCode() == HttpURLConnection.HttpOk)
{
Log.Debug("JDK performed authentication on our behalf.");
// If the JDK already did the SPNEGO back-and-forth for
// us, just pull out the token.
AuthenticatedURL.ExtractToken(conn, token);
if (IsTokenKerberos(token))
{
return;
}
needFallback = true;
}
if (!needFallback && IsNegotiate())
{
Log.Debug("Performing our own SPNEGO sequence.");
DoSpnegoSequence(token);
}
else
{
Log.Debug("Using fallback authenticator sequence.");
Authenticator auth = GetFallBackAuthenticator();
// Make sure that the fall back authenticator have the same
// ConnectionConfigurator, since the method might be overridden.
// Otherwise the fall back authenticator might not have the information
// to make the connection (e.g., SSL certificates)
auth.SetConnectionConfigurator(connConfigurator);
auth.Authenticate(url, token);
}
}
}
