[jira] [Commented] (HTTPCLIENT-1093) Digest authentication fails when connecting to IIS 7.5 with MD5-sess scheme

Mon, 23 May 2011 09:45:36 -0700 

    [ 
https://issues.apache.org/jira/browse/HTTPCLIENT-1093?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13038035#comment-13038035
 ] 

Jesse Docken commented on HTTPCLIENT-1093:
------------------------------------------

It does appear to be an issue in how I was constructing the request over the 
proxy.  I am however still encountering Digest authorization issues, but since 
these are different from this particular one, I will open a new bug report.

> Digest authentication fails when connecting to IIS 7.5 with MD5-sess scheme
> ---------------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-1093
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1093
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 4.1.1
>         Environment: Windows Server 2008 R2 Standard Edition SP1 (64-bit 
> Intel)
> Java Runtime Environment 1.6.0_24
> Localhost proxy on port 8888
>            Reporter: Jesse Docken
>
> I have the web server configured to authenticate on Digest using md5-sess 
> over the local AD.  I'm running Fiddler in the background, which creates a 
> localhost proxy on port 8888.  When I authenticate into the server using 
> Firefox, it generates the response code properly and can access the server.  
> However, when I attempt to connect with HttpClient it always receives a 401 
> response from the server.  Upon investigation, it appears that Firefox 
> generates the response differently than HttpClient does.
> The following code creates the same response that Firefox generates and 
> returns to the server:
> public static void main (String args[]) throws Exception {
>       MessageDigest md5 = MessageDigest.getInstance("md5");
>       Charset utf8 = Charset.forName("UTF-8");
>       byte[] HA2Input = "GET:/".getBytes(utf8);
>       String nonce = "server-generated nonce";
>       String cnonce = "random digits";
>       String counter = "00000001";
>       String qop = "auth";
>       byte[] HA1Input = "user:realm:password".getBytes(utf8);
>               
>       byte[] HA1 = md5.digest(HA1Input);
>       HA1 = md5.digest((ByteArrayToHex(HA1) + ":" + nonce + ":" + 
> cnonce).getBytes(utf8));
>       byte[] HA2 = md5.digest(HA2Input);
>               
>       byte[] ResponseInput = (ByteArrayToHex(HA1) + ":" + nonce + ":" + 
> counter + ":" +
>                       cnonce + ":" + qop + ":" + 
> ByteArrayToHex(HA2)).getBytes(utf8);
>       
>       byte[] Response = md5.digest(ResponseInput);
>               
>       System.out.println("Response: " + ByteArrayToHex(Response));
> }
>       
> private static String ByteArrayToHex(byte[] bytes) {
>       char[] hexArray = 
> {'0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f'};
>       char[] hexChars = new char[bytes.length * 2];
>       int v;
>       for ( int j = 0; j < bytes.length; j++ ) {
>               v = bytes[j] & 0xFF;
>               hexChars[j*2] = hexArray[v/16];
>               hexChars[j*2 + 1] = hexArray[v%16];
>       }
>       return new String(hexChars);
> }
> Replacing the string constants with the proper values will generate the 
> proper response result.  When I use this code with the values that HttpClient 
> generates, however, it fails.  Is there a reason for this?
> Also, here is the original code I used to connect to the server via 
> HttpClient:
> public static void main(String args[]) throws Exception {
>       DefaultHttpClient httpclient = new DefaultHttpClient();
>       HttpContext localContext = new BasicHttpContext();
>       HttpHost target = new HttpHost("192.168.0.1", 80, "http");
>       HttpHead httphead = new HttpHead("/"); 
>       HttpHost proxy = new HttpHost("localhost", 8888);
>       httpclient.getParams().setParameter(ConnRoutePNames.DEFAULT_PROXY, 
> proxy);
>       CredentialsProvider credsProvider = new BasicCredentialsProvider();
>       credsProvider.setCredentials(AuthScope.ANY,
>                       new NTCredentials("user", "password", "workstation", 
> ""));
>       if (!new File(System.getenv("windir") + "\\krb5.ini").exists()) {
>               List<String> authtypes = new ArrayList<String>();
>               authtypes.add(AuthPolicy.NTLM);
>               authtypes.add(AuthPolicy.DIGEST);
>               authtypes.add(AuthPolicy.BASIC);
>               httpclient.getParams().setParameter(AuthPNames.PROXY_AUTH_PREF,
>                               authtypes);
>               httpclient.getParams().setParameter(AuthPNames.TARGET_AUTH_PREF,
>                               authtypes);
>       }
>       localContext.setAttribute(ClientContext.CREDS_PROVIDER, credsProvider);
>       HttpResponse response = httpclient.execute(target, httphead, 
> localContext);
>       System.out.println("Response code: " + response.getStatusLine());   // 
> Generates 401
>       EntityUtils.consume(response.getEntity());
>       HttpGet httpget = new HttpGet("/");
>       response = httpclient.execute(target, httpget, localContext);
>       System.out.println("Response code: " + response.getStatusLine());   // 
> Generates 401
> }

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to