Re: Kerberos authentication issue

Fri, 11 Dec 2009 05:09:28 -0800 

Hi,

I noticed that httpclient was being redirected from the url:

http://tunneltest.servoy.com/private

to

http://tunneltest.servoy.com/private/
I decided to try and eliminate the redirect by going to the second url directly, and now the kerberos authentication works. I guess that's a bug somewhere since authentication should work even if you get redirected, shouldn't it? 

Anyway, I also attached the working wirelog, for comparison reasons.
I also still don't understand why a new ticket is acquired for the service considering the ticket is in the cache... 

Regards,
Sebastiaan

Sebastiaan van Erk wrote:

Hi,

I guess it's useful to have the wire log as well, so I just attached it.

Regards,
Sebastiaan

Sebastiaan van Erk wrote:

Hi,
I'm trying to use the new Kerberos authentication in httpclient-4.1-alpha1. To start of, I'm simply running the example kerberos authentication program for the url "http://tunneltest.servoy.com/private"; (this is an internal test url, so it does not work from the internet). I tested the test url with Firefox with Kerberos authentication and it works fine, but with httpclient I'm seeing 2 things I don't understand:
1) A ticket request is done for the HTTP/[email protected] service even though it's already in my ticket cache. 
2) The ticket request fails with the error:
Dec 11, 2009 10:40:11 AM org.apache.http.client.protocol.RequestTargetAuthentication process SEVERE: Authentication error: Defective token detected (Mechanism level: Defective token detected (Mechanism level: Invalid SPNEGO NegTokenTarg token : DerInputStream.getLength(): lengthTag=127, too big.))
First of all, I don't understand why it has to request the ticket for the service if it's already in the cache. However, the request is for the right service, because I get the following line in my kdc.log:
2009-12-11T10:37:03 TGS-REQ [email protected] from IPv4:85.147.225.232 for HTTP/[email protected]
This is slightly different from the line I get when requesting the url from firefox, which reads:
2009-12-11T10:49:49 TGS-REQ [email protected] from IPv4:85.147.225.232 for HTTP/[email protected] [canonicalize]
Does anybody know what I'm doing wrong? To make sure that I'm not withholding any relevant information, below I've posted all the details. Especially interesting is the program output... 

Thanks in advance,
Sebastiaan

login.conf
------8<------
com.sun.security.jgss.initiate {
com.sun.security.auth.module.Krb5LoginModule required client=TRUE useTicketCache="true" ticketCache="/tmp/krb5cc_1000" debug=true; 
};

com.sun.security.jgss.accept {
com.sun.security.auth.module.Krb5LoginModule required client=TRUE useTicketCache="true" ticketCache="/tmp/krb5cc_1000" debug=true; 
};
------8<------

krb5.conf
------8<------
[libdefaults]
        default_realm = SERVOY.COM

[realms]
        SERVOY.COM = {
                kdc = tunneltest.servoy.com
                kpasswd_server = tunneltest.servoy.com
        }

[domain_realm]
        .servoy.com = SERVOY.COM
------8<------

the main method:
------8<------
    public static void main(String[] args) throws Exception {
System.setProperty("java.security.auth.login.config", "/home/sebster/login.conf"); 
        System.setProperty("java.security.krb5.conf", "/etc/krb5.conf");
        System.setProperty("sun.security.krb5.debug", "true");
System.setProperty("javax.security.auth.useSubjectCredsOnly", "false"); 

        DefaultHttpClient httpclient = new DefaultHttpClient();

        NegotiateSchemeFactory nsf = new NegotiateSchemeFactory();
        // nsf.setStripPort(false);
        // nsf.setSpengoGenerator(new BouncySpnegoTokenGenerator());

        httpclient.getAuthSchemes().register(AuthPolicy.SPNEGO, nsf);

        Credentials use_jaas_creds = new Credentials() {

            public String getPassword() {
                return null;
            }

            public Principal getUserPrincipal() {
                return null;
            }

        };
httpclient.getCredentialsProvider().setCredentials(new AuthScope(null, -1, null), use_jaas_creds);
HttpUriRequest request = new HttpGet("http://tunneltest.servoy.com/private";); 
        HttpResponse response = httpclient.execute(request);
        HttpEntity entity = response.getEntity();

        System.out.println("----------------------------------------");
        System.out.println(response.getStatusLine());
        System.out.println("----------------------------------------");
        if (entity != null) {
            System.out.println(EntityUtils.toString(entity));
        }
        System.out.println("----------------------------------------");

        // This ensures the connection gets released back to the manager
        if (entity != null) {
            entity.consumeContent();
        }

        // When HttpClient instance is no longer needed,
        // shut down the connection manager to ensure
        // immediate deallocation of all system resources
        httpclient.getConnectionManager().shutdown();
    }
------8<------

the program output:
------8<------
Debug is true storeKey false useTicketCache true useKeyTab false doNotPrompt false ticketCache is /tmp/krb5cc_1000 isInitiator true KeyTab is null refreshKrb5Config is false principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false 
Acquire TGT from Cache
 >>>DEBUG <CCacheInputStream>  client principal is [email protected]
>>>DEBUG <CCacheInputStream> server principal is krbtgt/[email protected] 
 >>>DEBUG <CCacheInputStream> key type: 16
 >>>DEBUG <CCacheInputStream> auth time: Fri Dec 11 08:23:24 CET 2009
 >>>DEBUG <CCacheInputStream> start time: Fri Dec 11 08:23:24 CET 2009
 >>>DEBUG <CCacheInputStream> end time: Fri Dec 11 18:26:31 CET 2009
>>>DEBUG <CCacheInputStream> renew_till time: Thu Jan 01 01:00:00 CET 1970 
 >>> CCacheInputStream: readFlags()  INITIAL;
 >>>DEBUG <CCacheInputStream>
 >>>DEBUG <CCacheInputStream>  client principal is [email protected]
>>>DEBUG <CCacheInputStream> server principal is HTTP/[email protected] 
 >>>DEBUG <CCacheInputStream> key type: 16
 >>>DEBUG <CCacheInputStream> auth time: Fri Dec 11 08:23:24 CET 2009
 >>>DEBUG <CCacheInputStream> start time: Fri Dec 11 10:49:49 CET 2009
 >>>DEBUG <CCacheInputStream> end time: Fri Dec 11 18:26:31 CET 2009
>>>DEBUG <CCacheInputStream> renew_till time: Thu Jan 01 01:00:00 CET 1970 
 >>> CCacheInputStream: readFlags()
 >>>DEBUG <CCacheInputStream>
Principal is [email protected]
Commit Succeeded
Found ticket for [email protected] to go to krbtgt/[email protected] expiring on Fri Dec 11 18:26:31 CET 2009 
Entered Krb5Context.initSecContext with state=STATE_NEW
Service ticket not found in the subject
 >>> Credentials acquireServiceCreds: same realm
Using builtin default etypes for default_tgs_enctypes
default etypes for default_tgs_enctypes: 3 1 23 16 17.
 >>> CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType
 >>> EType: sun.security.krb5.internal.crypto.Des3CbcHmacSha1KdEType
>>> KrbKdcReq send: kdc=tunneltest.servoy.com UDP:88, timeout=30000, number of retries =3, #bytes=589 >>> KDCCommunication: kdc=tunneltest.servoy.com UDP:88, timeout=30000,Attempt =1, #bytes=589 
 >>> KrbKdcReq send: #bytes read=553
 >>> KrbKdcReq send: #bytes read=553
 >>> EType: sun.security.krb5.internal.crypto.Des3CbcHmacSha1KdEType
 >>> KrbApReq: APOptions are 00100000 00000000 00000000 00000000
 >>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
Krb5Context setting mySeqNumber to: 97051396
Created InitSecContextToken:
0000: 01 00 6E 82 01 D5 30 82   01 D1 A0 03 02 01 05 A1  ..n...0.........
0010: 03 02 01 0E A2 07 03 05   00 20 00 00 00 A3 82 01  ......... ......
0020: 01 61 81 FE 30 81 FB A0   03 02 01 05 A1 0C 1B 0A  .a..0...........
0030: 53 45 52 56 4F 59 2E 43   4F 4D A2 28 30 26 A0 03  SERVOY.COM.(0&..
0040: 02 01 01 A1 1F 30 1D 1B   04 48 54 54 50 1B 15 74  .....0...HTTP..t
0050: 75 6E 6E 65 6C 74 65 73   74 2E 73 65 72 76 6F 79  unneltest.servoy
0060: 2E 63 6F 6D A3 81 BB 30   81 B8 A0 03 02 01 03 A1  .com...0........
0070: 03 02 01 01 A2 81 AB 04   81 A8 CF 09 B8 16 47 4B  ..............GK
0080: A0 F1 83 49 AA A9 9F EA   25 C2 E0 07 C1 DF E9 5C  ...I....%......\
0090: 82 F6 09 55 F3 3F 35 5C   C6 BE 22 B6 20 23 D0 92  ...U.?5\..". #..
00A0: 2E AF 3B 71 5B 6F 88 5C   D2 33 F7 8B 6B 7C 4C FB  ..;q[o.\.3..k.L.
00B0: 95 F7 D0 22 A3 D1 85 58   B9 CB 40 8C B4 6B B4 51  ..."[email protected]
00C0: 87 FD 97 AD BC B8 A7 7D   5E 5D 42 78 F2 CC 41 A0  ........^]Bx..A.
00D0: 39 C8 5B 29 86 C4 62 77   3B E8 33 19 69 8F 33 62  9.[)..bw;.3.i.3b
00E0: 0A 14 9F B2 35 B9 04 6C   0D 31 B4 21 66 7B 1F 06  ....5..l.1.!f...
00F0: FA 1F 0C AF 73 E5 57 86   CC D7 46 23 79 B9 4A CB  ....s.W...F#y.J.
0100: 69 13 46 E6 30 18 93 69   91 D6 91 E3 86 DD DE B5  i.F.0..i........
0110: 8A 7C 73 E8 6F 12 F2 21   64 19 F0 9F 21 B3 00 1E  ..s.o..!d...!...
0120: A0 3F A4 81 B6 30 81 B3   A0 03 02 01 03 A2 81 AB  .?...0..........
0130: 04 81 A8 9D 59 DC 23 05   29 7B 79 3E 99 35 30 61  ....Y.#.).y>.50a
0140: EC 59 46 2C F4 0B 82 87   72 9C 36 9F F3 C4 32 55  .YF,....r.6...2U
0150: 67 AA 47 DF 0A 61 A9 41   7C 25 CD F2 32 36 B6 4E  g.G..a.A.%..26.N
0160: 22 5F 3C 60 CA D2 97 15   26 32 E9 4A B6 79 4A 23  "_<`....&2.J.yJ#
0170: F2 15 17 95 FB 87 66 63   8A 93 8D B2 BD 36 E3 D4  ......fc.....6..
0180: 26 75 CD CA 23 3B E1 C5   8B 32 CD E2 70 1D 1A 03  &u..#;...2..p...
0190: DD ED 2B 1B AF 97 AB 19   A9 88 EF 52 87 6A 2D 94  ..+........R.j-.
01A0: DA 84 4E F4 F0 99 CE E6   CF 67 A8 E6 7F CB 7D C5  ..N......g......
01B0: 68 D5 15 57 B5 52 08 F8   AC 24 21 52 B2 9E 55 68  h..W.R...$!R..Uh
01C0: D2 3D FA C2 51 D4 92 5B   CF 60 E4 59 3C A8 85 4E  .=..Q..[.`.Y<..N
01D0: 8F BB EE 39 3B 79 3A AE   06 F4 CC                 ...9;y:....
Dec 11, 2009 10:55:08 AM org.apache.http.client.protocol.RequestTargetAuthentication process SEVERE: Authentication error: Defective token detected (Mechanism level: Defective token detected (Mechanism level: Invalid SPNEGO NegTokenTarg token : DerInputStream.getLength(): lengthTag=127, too big.)) 
----------------------------------------
HTTP/1.1 401 Authorization Required
----------------------------------------
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Authorization Required</title>
</head><body>
<h1>Authorization Required</h1>
<p>This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>

----------------------------------------
------8<------

13:54:03.126 DEBUG [main] org.apache.http.impl.conn.SingleClientConnManager
 Get connection for route HttpRoute[{}->http://tunneltest.servoy.com]
13:54:03.227 DEBUG [main] org.apache.http.client.protocol.RequestAddCookies
 CookieSpec selected: best-match
13:54:03.247 DEBUG [main] org.apache.http.impl.client.DefaultHttpClient
 Attempt 1 to execute request
13:54:03.247 DEBUG [main] org.apache.http.impl.conn.DefaultClientConnection
 Sending request: GET /private/ HTTP/1.1
13:54:03.248 DEBUG [main] org.apache.http.wire
 >> "GET /private/ HTTP/1.1[EOL]"
13:54:03.249 DEBUG [main] org.apache.http.wire
 >> "Host: tunneltest.servoy.com[EOL]"
13:54:03.250 DEBUG [main] org.apache.http.wire
 >> "Connection: Keep-Alive[EOL]"
13:54:03.250 DEBUG [main] org.apache.http.wire
 >> "User-Agent: Apache-HttpClient/4.1-alpha1 (java 1.5)[EOL]"
13:54:03.250 DEBUG [main] org.apache.http.wire
 >> "[EOL]"
13:54:03.250 DEBUG [main] org.apache.http.headers
 >> GET /private/ HTTP/1.1
13:54:03.250 DEBUG [main] org.apache.http.headers
 >> Host: tunneltest.servoy.com
13:54:03.250 DEBUG [main] org.apache.http.headers
 >> Connection: Keep-Alive
13:54:03.250 DEBUG [main] org.apache.http.headers
 >> User-Agent: Apache-HttpClient/4.1-alpha1 (java 1.5)
13:54:03.300 DEBUG [main] org.apache.http.wire
 << "HTTP/1.1 401 Authorization Required[EOL]"
13:54:03.304 DEBUG [main] org.apache.http.wire
 << "Date: Fri, 11 Dec 2009 12:49:55 GMT[EOL]"
13:54:03.304 DEBUG [main] org.apache.http.wire
 << "Server: Apache/2.2.13 (FreeBSD) mod_ssl/2.2.13 OpenSSL/0.9.8e DAV/2 
mod_auth_kerb/5.4[EOL]"
13:54:03.304 DEBUG [main] org.apache.http.wire
 << "WWW-Authenticate: Negotiate[EOL]"
13:54:03.304 DEBUG [main] org.apache.http.wire
 << "Content-Length: 401[EOL]"
13:54:03.304 DEBUG [main] org.apache.http.wire
 << "Keep-Alive: timeout=5, max=100[EOL]"
13:54:03.304 DEBUG [main] org.apache.http.wire
 << "Connection: Keep-Alive[EOL]"
13:54:03.304 DEBUG [main] org.apache.http.wire
 << "Content-Type: text/html; charset=iso-8859-1[EOL]"
13:54:03.304 DEBUG [main] org.apache.http.wire
 << "[EOL]"
13:54:03.306 DEBUG [main] org.apache.http.impl.conn.DefaultClientConnection
 Receiving response: HTTP/1.1 401 Authorization Required
13:54:03.306 DEBUG [main] org.apache.http.headers
 << HTTP/1.1 401 Authorization Required
13:54:03.306 DEBUG [main] org.apache.http.headers
 << Date: Fri, 11 Dec 2009 12:49:55 GMT
13:54:03.306 DEBUG [main] org.apache.http.headers
 << Server: Apache/2.2.13 (FreeBSD) mod_ssl/2.2.13 OpenSSL/0.9.8e DAV/2 
mod_auth_kerb/5.4
13:54:03.306 DEBUG [main] org.apache.http.headers
 << WWW-Authenticate: Negotiate
13:54:03.306 DEBUG [main] org.apache.http.headers
 << Content-Length: 401
13:54:03.306 DEBUG [main] org.apache.http.headers
 << Keep-Alive: timeout=5, max=100
13:54:03.306 DEBUG [main] org.apache.http.headers
 << Connection: Keep-Alive
13:54:03.306 DEBUG [main] org.apache.http.headers
 << Content-Type: text/html; charset=iso-8859-1
13:54:03.315 DEBUG [main] org.apache.http.impl.client.DefaultHttpClient
 Connection can be kept alive for 5000 ms
13:54:03.315 DEBUG [main] org.apache.http.impl.client.DefaultHttpClient
 Target requested authentication
13:54:03.316 DEBUG [main] 
org.apache.http.impl.client.DefaultTargetAuthenticationHandler
 Authentication schemes in the order of preference: [negotiate, NTLM, Digest, 
Basic]
13:54:03.316 DEBUG [main] 
org.apache.http.impl.client.DefaultTargetAuthenticationHandler
 negotiate authentication scheme selected
13:54:03.318 DEBUG [main] org.apache.http.impl.auth.NegotiateScheme
 Will NOT strip ports off Service Names e.g. HTTP/server:8080 -> HTTP/server
13:54:03.319 DEBUG [main] org.apache.http.impl.auth.NegotiateScheme
 Challenge header: WWW-Authenticate: Negotiate
13:54:03.319 DEBUG [main] org.apache.http.impl.client.DefaultHttpClient
 Authorization challenge processed
13:54:03.319 DEBUG [main] org.apache.http.impl.client.DefaultHttpClient
 Authentication scope: NEGOTIATE <any realm>@tunneltest.servoy.com:80
13:54:03.319 DEBUG [main] org.apache.http.impl.client.DefaultHttpClient
 Found credentials
13:54:03.319 DEBUG [main] org.apache.http.wire
 << "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">[\n]"
13:54:03.319 DEBUG [main] org.apache.http.wire
 << "<html><head>[\n]"
13:54:03.319 DEBUG [main] org.apache.http.wire
 << "<title>401 Authorization Required</title>[\n]"
13:54:03.319 DEBUG [main] org.apache.http.wire
 << "</head><body>[\n]"
13:54:03.319 DEBUG [main] org.apache.http.wire
 << "<h1>Authorization Required</h1>[\n]"
13:54:03.319 DEBUG [main] org.apache.http.wire
 << "<p>This server could not verify that you[\n]"
13:54:03.320 DEBUG [main] org.apache.http.wire
 << "are authorized to access the document[\n]"
13:54:03.320 DEBUG [main] org.apache.http.wire
 << "requested.  Either you supplied the wrong[\n]"
13:54:03.320 DEBUG [main] org.apache.http.wire
 << "credentials (e.g., bad password), or your[\n]"
13:54:03.320 DEBUG [main] org.apache.http.wire
 << "browser doesn't understand how to supply[\n]"
13:54:03.320 DEBUG [main] org.apache.http.wire
 << "the credentials required.</p>[\n]"
13:54:03.320 DEBUG [main] org.apache.http.wire
 << "</body></html>[\n]"
13:54:03.320 DEBUG [main] org.apache.http.client.protocol.RequestAddCookies
 CookieSpec selected: best-match
13:54:03.320 DEBUG [main] org.apache.http.impl.auth.NegotiateScheme
 init tunneltest.servoy.com
Debug is  true storeKey false useTicketCache true useKeyTab false doNotPrompt 
false ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is 
false principal is null tryFirstPass is false useFirstPass is false storePass 
is false clearPass is false
Acquire TGT from Cache
>>>KinitOptions cache name is /tmp/krb5cc_1000
>>>DEBUG <CCacheInputStream>  client principal is [email protected]
>>>DEBUG <CCacheInputStream> server principal is krbtgt/[email protected]
>>>DEBUG <CCacheInputStream> key type: 16
>>>DEBUG <CCacheInputStream> auth time: Fri Dec 11 12:59:30 CET 2009
>>>DEBUG <CCacheInputStream> start time: Fri Dec 11 12:59:30 CET 2009
>>>DEBUG <CCacheInputStream> end time: Fri Dec 11 23:03:37 CET 2009
>>>DEBUG <CCacheInputStream> renew_till time: Thu Jan 01 01:00:00 CET 1970
>>> CCacheInputStream: readFlags()  INITIAL;
>>>DEBUG <CCacheInputStream>
Principal is [email protected]
Commit Succeeded 

Found ticket for [email protected] to go to krbtgt/[email protected] 
expiring on Fri Dec 11 23:03:37 CET 2009
Entered Krb5Context.initSecContext with state=STATE_NEW
Service ticket not found in the subject
>>> Credentials acquireServiceCreds: same realm
Using builtin default etypes for default_tgs_enctypes
default etypes for default_tgs_enctypes: 3 1 23 16 17.
>>> CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType
>>> EType: sun.security.krb5.internal.crypto.Des3CbcHmacSha1KdEType
>>> KrbKdcReq send: kdc=tunneltest.servoy.com UDP:88, timeout=30000, number of 
>>> retries =3, #bytes=589
>>> KDCCommunication: kdc=tunneltest.servoy.com UDP:88, timeout=30000,Attempt 
>>> =1, #bytes=589
>>> KrbKdcReq send: #bytes read=553
>>> KrbKdcReq send: #bytes read=553
>>> EType: sun.security.krb5.internal.crypto.Des3CbcHmacSha1KdEType
>>> KrbApReq: APOptions are 00100000 00000000 00000000 00000000
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
Krb5Context setting mySeqNumber to: 791406465
Created InitSecContextToken:
0000: 01 00 6E 82 01 D5 30 82   01 D1 A0 03 02 01 05 A1  ..n...0.........
0010: 03 02 01 0E A2 07 03 05   00 20 00 00 00 A3 82 01  ......... ......
0020: 01 61 81 FE 30 81 FB A0   03 02 01 05 A1 0C 1B 0A  .a..0...........
0030: 53 45 52 56 4F 59 2E 43   4F 4D A2 28 30 26 A0 03  SERVOY.COM.(0&..
0040: 02 01 01 A1 1F 30 1D 1B   04 48 54 54 50 1B 15 74  .....0...HTTP..t
0050: 75 6E 6E 65 6C 74 65 73   74 2E 73 65 72 76 6F 79  unneltest.servoy
0060: 2E 63 6F 6D A3 81 BB 30   81 B8 A0 03 02 01 03 A1  .com...0........
0070: 03 02 01 01 A2 81 AB 04   81 A8 E5 EE 4D CA 6F 21  ............M.o!
0080: 69 9F 68 18 8E D1 AD B4   98 E6 A2 6C E8 8E CF 1D  i.h........l....
0090: DC F4 C1 92 EF 91 99 C0   A9 BA 95 35 C7 CE 9C 96  ...........5....
00A0: 12 CA 73 29 A5 1F E3 A4   1A A2 D7 ED 5A 9B 20 4C  ..s)........Z. L
00B0: 75 C6 8B E5 F4 23 D8 69   00 4B 51 4C C5 A4 2C 06  u....#.i.KQL..,.
00C0: 01 5D 2C 79 DB 09 5D B6   DA 0A 36 C4 0F 33 D1 89  .],y..]...6..3..
00D0: E9 3B B9 24 D8 19 F0 E0   CC A2 FB 2F FD 4B A5 11  .;.$......./.K..
00E0: 79 B7 B3 EE 62 23 76 54   00 5A A1 3A 56 89 AD 66  y...b#vT.Z.:V..f
00F0: 68 A5 0D BE B7 0E 45 FA   3C D0 DC C0 C7 73 34 CD  h.....E.<....s4.
0100: 8B 99 67 23 61 11 B2 E5   D7 DA E3 C2 8B 48 81 C2  ..g#a........H..
0110: BA 82 42 20 42 08 18 D5   38 3B E3 31 82 64 AE 75  ..B B...8;.1.d.u
0120: C2 7B A4 81 B6 30 81 B3   A0 03 02 01 03 A2 81 AB  .....0..........
0130: 04 81 A8 B1 7A 53 88 0D   79 24 46 D4 B3 92 7F 97  ....zS..y$F.....
0140: 4E CB 34 A4 AB 6B 37 5C   C1 09 9E A4 16 FA 85 59  N.4..k7\.......Y
0150: D0 AA EF 9E 01 44 89 97   42 99 B1 0B 0B 91 58 EE  .....D..B.....X.
0160: 7D B9 6C A9 87 1B 14 1D   52 C8 F6 91 A9 22 0A 6C  ..l.....R....".l
0170: 6F CF 9A 73 58 43 01 12   AD C0 90 4C 5B 3A 9D 48  o..sXC.....L[:.H
0180: F1 8B C2 3F 30 93 CC 76   CB 0B 70 64 4B F7 D1 E5  ...?0..v..pdK...
0190: 01 C8 E3 05 F1 4C EC BD   5E 71 B8 35 BC D7 67 4D  .....L..^q.5..gM
01A0: C9 2F 2F 01 74 D5 D3 84   83 79 8D 1C 36 90 42 D0  .//.t....y..6.B.
01B0: C2 47 60 C3 0A 0C D9 D9   64 A1 5A FC B0 84 6F 14  .G`.....d.Z...o.
01C0: FD 63 CD 89 EB 6E EC C1   3C 48 2F E3 02 E7 54 39  .c...n..<H/...T9
01D0: 1E 7D F9 F7 AA 18 BC E2   AE D1 21                 ..........!

13:54:04.298 INFO  [main] org.apache.http.impl.auth.NegotiateScheme
 got token, sending 539 bytes to server
13:54:04.304 DEBUG [main] org.apache.http.impl.client.DefaultHttpClient
 Attempt 2 to execute request
13:54:04.304 DEBUG [main] org.apache.http.impl.conn.DefaultClientConnection
 Sending request: GET /private/ HTTP/1.1
13:54:04.305 DEBUG [main] org.apache.http.wire
 >> "GET /private/ HTTP/1.1[EOL]"
13:54:04.305 DEBUG [main] org.apache.http.wire
 >> "Host: tunneltest.servoy.com[EOL]"
13:54:04.305 DEBUG [main] org.apache.http.wire
 >> "Connection: Keep-Alive[EOL]"
13:54:04.305 DEBUG [main] org.apache.http.wire
 >> "User-Agent: Apache-HttpClient/4.1-alpha1 (java 1.5)[EOL]"
13:54:04.305 DEBUG [main] org.apache.http.wire
 >> "Authorization: Negotiate 
 >> YIICFwYGKwYBBQUCoIICCzCCAgegDTALBgkqhkiG9xIBAgKhBAMCAD6iggHuBIIB6mCCAeYGCSqGSIb3EgECAgEAboIB1TCCAdGgAwIBBaEDAgEOogcDBQAgAAAAo4IBAWGB/jCB+6ADAgEFoQwbClNFUlZPWS5DT02iKDAmoAMCAQGhHzAdGwRIVFRQGxV0dW5uZWx0ZXN0LnNlcnZveS5jb22jgbswgbigAwIBA6EDAgEBooGrBIGo5e5Nym8haZ9oGI7RrbSY5qJs6I7PHdz0wZLvkZnAqbqVNcfOnJYSynMppR/jpBqi1+1amyBMdcaL5fQj2GkAS1FMxaQsBgFdLHnbCV222go2xA8z0YnpO7kk2Bnw4Myi+y/9S6URebez7mIjdlQAWqE6VomtZmilDb63DkX6PNDcwMdzNM2LmWcjYRGy5dfa48KLSIHCuoJCIEIIGNU4O+MxgmSudcJ7pIG2MIGzoAMCAQOigasEgaixelOIDXkkRtSzkn+XTss0pKtrN1zBCZ6kFvqFWdCq754BRImXQpmxCwuRWO59uWyphxsUHVLI9pGpIgpsb8+ac1hDARKtwJBMWzqdSPGLwj8wk8x2ywtwZEv30eUByOMF8UzsvV5xuDW812dNyS8vAXTV04SDeY0cNpBC0MJHYMMKDNnZZKFa/LCEbxT9Y82J627swTxIL+MC51Q5Hn3596oYvOKu0SE=[EOL]"
13:54:04.305 DEBUG [main] org.apache.http.wire
 >> "[EOL]"
13:54:04.305 DEBUG [main] org.apache.http.headers
 >> GET /private/ HTTP/1.1
13:54:04.305 DEBUG [main] org.apache.http.headers
 >> Host: tunneltest.servoy.com
13:54:04.305 DEBUG [main] org.apache.http.headers
 >> Connection: Keep-Alive
13:54:04.305 DEBUG [main] org.apache.http.headers
 >> User-Agent: Apache-HttpClient/4.1-alpha1 (java 1.5)
13:54:04.305 DEBUG [main] org.apache.http.headers
 >> Authorization: Negotiate 
 >> YIICFwYGKwYBBQUCoIICCzCCAgegDTALBgkqhkiG9xIBAgKhBAMCAD6iggHuBIIB6mCCAeYGCSqGSIb3EgECAgEAboIB1TCCAdGgAwIBBaEDAgEOogcDBQAgAAAAo4IBAWGB/jCB+6ADAgEFoQwbClNFUlZPWS5DT02iKDAmoAMCAQGhHzAdGwRIVFRQGxV0dW5uZWx0ZXN0LnNlcnZveS5jb22jgbswgbigAwIBA6EDAgEBooGrBIGo5e5Nym8haZ9oGI7RrbSY5qJs6I7PHdz0wZLvkZnAqbqVNcfOnJYSynMppR/jpBqi1+1amyBMdcaL5fQj2GkAS1FMxaQsBgFdLHnbCV222go2xA8z0YnpO7kk2Bnw4Myi+y/9S6URebez7mIjdlQAWqE6VomtZmilDb63DkX6PNDcwMdzNM2LmWcjYRGy5dfa48KLSIHCuoJCIEIIGNU4O+MxgmSudcJ7pIG2MIGzoAMCAQOigasEgaixelOIDXkkRtSzkn+XTss0pKtrN1zBCZ6kFvqFWdCq754BRImXQpmxCwuRWO59uWyphxsUHVLI9pGpIgpsb8+ac1hDARKtwJBMWzqdSPGLwj8wk8x2ywtwZEv30eUByOMF8UzsvV5xuDW812dNyS8vAXTV04SDeY0cNpBC0MJHYMMKDNnZZKFa/LCEbxT9Y82J627swTxIL+MC51Q5Hn3596oYvOKu0SE=
13:54:04.548 DEBUG [main] org.apache.http.wire
 << "HTTP/1.1 200 OK[EOL]"
13:54:04.548 DEBUG [main] org.apache.http.wire
 << "Date: Fri, 11 Dec 2009 12:49:56 GMT[EOL]"
13:54:04.548 DEBUG [main] org.apache.http.wire
 << "Server: Apache/2.2.13 (FreeBSD) mod_ssl/2.2.13 OpenSSL/0.9.8e DAV/2 
mod_auth_kerb/5.4[EOL]"
13:54:04.548 DEBUG [main] org.apache.http.wire
 << "WWW-Authenticate: Negotiate 
oYGDMIGAoAMKAQChCwYJKoZIhvcSAQIComwEamBoBgkqhkiG9xIBAgICAG9ZMFegAwIBBaEDAgEPokswSaADAgEDokIEQFO8vQRvYvG9eIxG2fGtK2ApRF3sm+A2C8rthRoS1zTsge1rp5AYKGt/tPgCpXf7p8H/C1czWK/Wa1yLGpAAsh0=[EOL]"
13:54:04.548 DEBUG [main] org.apache.http.wire
 << "Last-Modified: Thu, 10 Dec 2009 12:44:24 GMT[EOL]"
13:54:04.548 DEBUG [main] org.apache.http.wire
 << "ETag: "159010-1e-47a5f2ab79a00"[EOL]"
13:54:04.548 DEBUG [main] org.apache.http.wire
 << "Accept-Ranges: bytes[EOL]"
13:54:04.548 DEBUG [main] org.apache.http.wire
 << "Content-Length: 30[EOL]"
13:54:04.548 DEBUG [main] org.apache.http.wire
 << "Keep-Alive: timeout=5, max=99[EOL]"
13:54:04.548 DEBUG [main] org.apache.http.wire
 << "Connection: Keep-Alive[EOL]"
13:54:04.548 DEBUG [main] org.apache.http.wire
 << "Content-Type: text/html[EOL]"
13:54:04.548 DEBUG [main] org.apache.http.wire
 << "[EOL]"
13:54:04.549 DEBUG [main] org.apache.http.impl.conn.DefaultClientConnection
 Receiving response: HTTP/1.1 200 OK
13:54:04.549 DEBUG [main] org.apache.http.headers
 << HTTP/1.1 200 OK
13:54:04.549 DEBUG [main] org.apache.http.headers
 << Date: Fri, 11 Dec 2009 12:49:56 GMT
13:54:04.549 DEBUG [main] org.apache.http.headers
 << Server: Apache/2.2.13 (FreeBSD) mod_ssl/2.2.13 OpenSSL/0.9.8e DAV/2 
mod_auth_kerb/5.4
13:54:04.549 DEBUG [main] org.apache.http.headers
 << WWW-Authenticate: Negotiate 
oYGDMIGAoAMKAQChCwYJKoZIhvcSAQIComwEamBoBgkqhkiG9xIBAgICAG9ZMFegAwIBBaEDAgEPokswSaADAgEDokIEQFO8vQRvYvG9eIxG2fGtK2ApRF3sm+A2C8rthRoS1zTsge1rp5AYKGt/tPgCpXf7p8H/C1czWK/Wa1yLGpAAsh0=
13:54:04.549 DEBUG [main] org.apache.http.headers
 << Last-Modified: Thu, 10 Dec 2009 12:44:24 GMT
13:54:04.549 DEBUG [main] org.apache.http.headers
 << ETag: "159010-1e-47a5f2ab79a00"
13:54:04.549 DEBUG [main] org.apache.http.headers
 << Accept-Ranges: bytes
13:54:04.549 DEBUG [main] org.apache.http.headers
 << Content-Length: 30
13:54:04.549 DEBUG [main] org.apache.http.headers
 << Keep-Alive: timeout=5, max=99
13:54:04.549 DEBUG [main] org.apache.http.headers
 << Connection: Keep-Alive
13:54:04.549 DEBUG [main] org.apache.http.headers
 << Content-Type: text/html
13:54:04.549 DEBUG [main] org.apache.http.impl.client.DefaultHttpClient
 Connection can be kept alive for 5000 ms
----------------------------------------
HTTP/1.1 200 OK
----------------------------------------
13:54:04.554 DEBUG [main] org.apache.http.wire
 << "<body>[\n]"
13:54:04.554 DEBUG [main] org.apache.http.wire
 << "[0x9]OOOOH SECRET![\n]"
13:54:04.554 DEBUG [main] org.apache.http.wire
 << "</body>[\n]"
13:54:04.554 DEBUG [main] org.apache.http.impl.conn.SingleClientConnManager
 Releasing connection 
org.apache.http.impl.conn.singleclientconnmanager$connadap...@18ce14a
<body>
        OOOOH SECRET!
</body>

----------------------------------------
13:54:04.554 DEBUG [main] org.apache.http.impl.conn.DefaultClientConnection
 Connection shut down

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply via email to