Search in sources :

Example 1 with AuthState

use of org.apache.commons.httpclient.auth.AuthState in project zaproxy by zaproxy.

the class HttpMethodDirector method authenticateProxy.

private void authenticateProxy(final HttpMethod method) throws AuthenticationException {
    // Clean up existing authentication headers
    boolean userDefinedAuthenticationHeaders = !cleanAuthHeaders(method, PROXY_AUTH_RESP);
    if (userDefinedAuthenticationHeaders) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("User defined '" + PROXY_AUTH_RESP + "' headers present in the request.");
        }
    }
    AuthState authstate = method.getProxyAuthState();
    AuthScheme authscheme = authstate.getAuthScheme();
    if (authscheme == null) {
        return;
    }
    if (authstate.isAuthRequested() || !authscheme.isConnectionBased()) {
        AuthScope authscope = new AuthScope(conn.getProxyHost(), conn.getProxyPort(), authscheme.getRealm(), authscheme.getSchemeName());
        if (LOG.isDebugEnabled()) {
            LOG.debug("Authenticating with " + authscope);
        }
        Credentials credentials = this.state.getProxyCredentials(authscope);
        if (credentials != null) {
            if (userDefinedAuthenticationHeaders) {
                if (!method.getParams().getBooleanParameter(PARAM_REMOVE_USER_DEFINED_AUTH_HEADERS, false)) {
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("Ignoring proxy authentication, user defined '" + PROXY_AUTH_RESP + "' headers present in the request.");
                    }
                    return;
                }
                method.removeRequestHeader(PROXY_AUTH_RESP);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Removed user defined '" + PROXY_AUTH_RESP + "' headers.");
                }
            }
            String authstring = authscheme.authenticate(credentials, method);
            if (authstring != null) {
                method.addRequestHeader(new Header(PROXY_AUTH_RESP, authstring, true));
            }
        } else {
            if (LOG.isWarnEnabled()) {
                LOG.warn("Required proxy credentials not available for " + authscope);
                if (method.getProxyAuthState().isPreemptive()) {
                    LOG.warn("Preemptive authentication requested but no default " + "proxy credentials available");
                }
            }
        }
    }
}
Also used : AuthState(org.apache.commons.httpclient.auth.AuthState) AuthScope(org.apache.commons.httpclient.auth.AuthScope) AuthScheme(org.apache.commons.httpclient.auth.AuthScheme)

Example 2 with AuthState

use of org.apache.commons.httpclient.auth.AuthState in project zaproxy by zaproxy.

the class HttpMethodDirector method processProxyAuthChallenge.

private boolean processProxyAuthChallenge(final HttpMethod method) throws MalformedChallengeException, AuthenticationException {
    AuthState authstate = method.getProxyAuthState();
    Map<?, ?> proxyChallenges = AuthChallengeParser.parseChallenges(method.getResponseHeaders(PROXY_AUTH_CHALLENGE));
    if (proxyChallenges.isEmpty()) {
        LOG.debug("Proxy authentication challenge(s) not found");
        return false;
    }
    AuthScheme authscheme = null;
    try {
        authscheme = this.authProcessor.processChallenge(authstate, proxyChallenges);
    } catch (AuthChallengeException e) {
        if (LOG.isWarnEnabled()) {
            LOG.warn(e.getMessage());
        }
    }
    if (authscheme == null) {
        return false;
    }
    AuthScope authscope = new AuthScope(conn.getProxyHost(), conn.getProxyPort(), authscheme.getRealm(), authscheme.getSchemeName());
    if (LOG.isDebugEnabled()) {
        LOG.debug("Proxy authentication scope: " + authscope);
    }
    if (authstate.isAuthAttempted() && authscheme.isComplete()) {
        // Already tried and failed
        Credentials credentials = promptForProxyCredentials(authscheme, method.getParams(), authscope);
        if (credentials == null) {
            if (LOG.isInfoEnabled()) {
                LOG.info("Failure authenticating with " + authscope);
            }
            return false;
        } else {
            return true;
        }
    } else {
        authstate.setAuthAttempted(true);
        Credentials credentials = this.state.getProxyCredentials(authscope);
        if (credentials == null) {
            credentials = promptForProxyCredentials(authscheme, method.getParams(), authscope);
        }
        if (credentials == null) {
            if (LOG.isInfoEnabled()) {
                LOG.info("No credentials available for " + authscope);
            }
            return false;
        } else {
            return true;
        }
    }
}
Also used : AuthChallengeException(org.apache.commons.httpclient.auth.AuthChallengeException) AuthState(org.apache.commons.httpclient.auth.AuthState) AuthScope(org.apache.commons.httpclient.auth.AuthScope) AuthScheme(org.apache.commons.httpclient.auth.AuthScheme)

Example 3 with AuthState

use of org.apache.commons.httpclient.auth.AuthState in project zaproxy by zaproxy.

the class HttpMethodDirector method authenticateHost.

private void authenticateHost(final HttpMethod method) throws AuthenticationException {
    // Clean up existing authentication headers
    boolean userDefinedAuthenticationHeaders = !cleanAuthHeaders(method, WWW_AUTH_RESP);
    if (userDefinedAuthenticationHeaders) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("User defined '" + WWW_AUTH_RESP + "' headers present in the request.");
        }
    }
    AuthState authstate = method.getHostAuthState();
    AuthScheme authscheme = authstate.getAuthScheme();
    if (authscheme == null) {
        return;
    }
    if (authstate.isAuthRequested() || !authscheme.isConnectionBased()) {
        String host = method.getParams().getVirtualHost();
        if (host == null) {
            host = conn.getHost();
        }
        int port = conn.getPort();
        AuthScope authscope = new AuthScope(host, port, authscheme.getRealm(), authscheme.getSchemeName());
        if (LOG.isDebugEnabled()) {
            LOG.debug("Authenticating with " + authscope);
        }
        Credentials credentials = this.state.getCredentials(authscope);
        if (credentials != null) {
            if (userDefinedAuthenticationHeaders) {
                if (!method.getParams().getBooleanParameter(PARAM_REMOVE_USER_DEFINED_AUTH_HEADERS, false)) {
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("Ignoring authentication, user defined '" + WWW_AUTH_RESP + "' headers present in the request.");
                    }
                    return;
                }
                method.removeRequestHeader(WWW_AUTH_RESP);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Removed user defined '" + WWW_AUTH_RESP + "' headers.");
                }
            }
            String authstring = authscheme.authenticate(credentials, method);
            if (authstring != null) {
                method.addRequestHeader(new Header(WWW_AUTH_RESP, authstring, true));
            }
        } else {
            if (LOG.isWarnEnabled()) {
                LOG.warn("Required credentials not available for " + authscope);
                if (method.getHostAuthState().isPreemptive()) {
                    LOG.warn("Preemptive authentication requested but no default " + "credentials available");
                }
            }
        }
    }
}
Also used : AuthState(org.apache.commons.httpclient.auth.AuthState) AuthScope(org.apache.commons.httpclient.auth.AuthScope) AuthScheme(org.apache.commons.httpclient.auth.AuthScheme)

Example 4 with AuthState

use of org.apache.commons.httpclient.auth.AuthState in project zaproxy by zaproxy.

the class HttpMethodDirector method executeConnect.

/**
 * Executes a ConnectMethod to establish a tunneled connection.
 *
 * @return <code>true</code> if the connect was successful
 *
 * @throws IOException
 * @throws HttpException
 */
private boolean executeConnect() throws IOException, HttpException {
    this.connectMethod = new ConnectMethod(this.hostConfiguration);
    this.connectMethod.getParams().setDefaults(this.hostConfiguration.getParams());
    String agent = (String) getParams().getParameter(PARAM_DEFAULT_USER_AGENT_CONNECT_REQUESTS);
    if (agent != null) {
        this.connectMethod.setRequestHeader("User-Agent", agent);
    }
    int code;
    for (; ; ) {
        if (!this.conn.isOpen()) {
            this.conn.open();
        }
        if (this.params.isAuthenticationPreemptive() || this.state.isAuthenticationPreemptive()) {
            LOG.debug("Preemptively sending default basic credentials");
            this.connectMethod.getProxyAuthState().setPreemptive();
            this.connectMethod.getProxyAuthState().setAuthAttempted(true);
        }
        try {
            authenticateProxy(this.connectMethod);
        } catch (AuthenticationException e) {
            LOG.error(e.getMessage(), e);
        }
        applyConnectionParams(this.connectMethod);
        this.connectMethod.execute(state, this.conn);
        code = this.connectMethod.getStatusCode();
        boolean retry = false;
        AuthState authstate = this.connectMethod.getProxyAuthState();
        authstate.setAuthRequested(code == HttpStatus.SC_PROXY_AUTHENTICATION_REQUIRED);
        if (authstate.isAuthRequested()) {
            if (processAuthenticationResponse(this.connectMethod)) {
                retry = true;
            }
        }
        if (!retry) {
            break;
        }
        if (this.connectMethod.getResponseBodyAsStream() != null) {
            this.connectMethod.getResponseBodyAsStream().close();
        }
    }
    if ((code >= 200) && (code < 300)) {
        this.conn.tunnelCreated();
        // Drop the connect method, as it is no longer needed
        this.connectMethod = null;
        return true;
    } else {
        return false;
    }
}
Also used : AuthenticationException(org.apache.commons.httpclient.auth.AuthenticationException) AuthState(org.apache.commons.httpclient.auth.AuthState)

Example 5 with AuthState

use of org.apache.commons.httpclient.auth.AuthState in project zaproxy by zaproxy.

the class HttpMethodDirector method processWWWAuthChallenge.

private boolean processWWWAuthChallenge(final HttpMethod method) throws MalformedChallengeException, AuthenticationException {
    AuthState authstate = method.getHostAuthState();
    Map<?, ?> challenges = AuthChallengeParser.parseChallenges(method.getResponseHeaders(WWW_AUTH_CHALLENGE));
    if (challenges.isEmpty()) {
        LOG.debug("Authentication challenge(s) not found");
        return false;
    }
    AuthScheme authscheme = null;
    try {
        authscheme = this.authProcessor.processChallenge(authstate, challenges);
    } catch (AuthChallengeException e) {
        if (LOG.isWarnEnabled()) {
            LOG.warn(e.getMessage());
        }
    }
    if (authscheme == null) {
        return false;
    }
    String host = method.getParams().getVirtualHost();
    if (host == null) {
        host = conn.getHost();
    }
    int port = conn.getPort();
    AuthScope authscope = new AuthScope(host, port, authscheme.getRealm(), authscheme.getSchemeName());
    if (LOG.isDebugEnabled()) {
        LOG.debug("Authentication scope: " + authscope);
    }
    if (authstate.isAuthAttempted() && authscheme.isComplete()) {
        // Already tried and failed
        Credentials credentials = promptForCredentials(authscheme, method.getParams(), authscope);
        if (credentials == null) {
            if (LOG.isInfoEnabled()) {
                LOG.info("Failure authenticating with " + authscope);
            }
            return false;
        } else {
            return true;
        }
    } else {
        authstate.setAuthAttempted(true);
        Credentials credentials = this.state.getCredentials(authscope);
        if (credentials == null) {
            credentials = promptForCredentials(authscheme, method.getParams(), authscope);
        }
        if (credentials == null) {
            if (LOG.isInfoEnabled()) {
                LOG.info("No credentials available for " + authscope);
            }
            return false;
        } else {
            return true;
        }
    }
}
Also used : AuthChallengeException(org.apache.commons.httpclient.auth.AuthChallengeException) AuthState(org.apache.commons.httpclient.auth.AuthState) AuthScope(org.apache.commons.httpclient.auth.AuthScope) AuthScheme(org.apache.commons.httpclient.auth.AuthScheme)

Aggregations

AuthState (org.apache.commons.httpclient.auth.AuthState)5 AuthScheme (org.apache.commons.httpclient.auth.AuthScheme)4 AuthScope (org.apache.commons.httpclient.auth.AuthScope)4 AuthChallengeException (org.apache.commons.httpclient.auth.AuthChallengeException)2 AuthenticationException (org.apache.commons.httpclient.auth.AuthenticationException)1