1 package org
.argeo
.cms
.internal
.http
.client
;
3 import java
.net
.MalformedURLException
;
5 import java
.net
.http
.HttpClient
;
6 import java
.net
.http
.HttpRequest
;
7 import java
.net
.http
.HttpResponse
;
8 import java
.net
.http
.HttpResponse
.BodyHandler
;
9 import java
.net
.http
.HttpResponse
.BodyHandlers
;
10 import java
.security
.KeyManagementException
;
11 import java
.security
.NoSuchAlgorithmException
;
12 import java
.security
.cert
.X509Certificate
;
14 import javax
.net
.ssl
.SSLContext
;
15 import javax
.net
.ssl
.TrustManager
;
16 import javax
.net
.ssl
.X509TrustManager
;
17 import javax
.security
.auth
.Subject
;
18 import javax
.security
.auth
.login
.LoginContext
;
20 import org
.argeo
.cms
.auth
.RemoteAuthUtils
;
22 public class SpnegoHttpClient
{
23 public static void main(String
[] args
) throws MalformedURLException
{
24 String principal
= System
.getProperty("javax.security.auth.login.name");
25 if (args
.length
== 0 || principal
== null) {
26 System
.err
.println("usage: java -Djavax.security.auth.login.name=<principal@REALM> "
27 + SpnegoHttpClient
.class.getName() + " <url>");
33 String server
= u
.getHost();
35 URL jaasUrl
= SpnegoAuthScheme
.class.getResource("jaas.cfg");
36 System
.setProperty("java.security.auth.login.config", jaasUrl
.toExternalForm());
38 LoginContext lc
= new LoginContext("SINGLE_USER");
41 // int responseCode = Subject.doAs(lc.getSubject(), new PrivilegedExceptionAction<Integer>() {
43 // public Integer run() throws Exception {
45 // InputStream ins = u.openConnection().getInputStream();
46 // BufferedReader reader = new BufferedReader(new InputStreamReader(ins));
48 // while ((str = reader.readLine()) != null)
49 // System.out.println(str);
52 HttpClient httpClient
= openHttpClient(lc
.getSubject());
53 String token
= RemoteAuthUtils
.getGssToken(lc
.getSubject(), "HTTP", server
);
55 HttpRequest request
= HttpRequest
.newBuilder().uri(u
.toURI()) //
56 .header("Authorization", "Negotiate " + token
) //
58 BodyHandler
<String
> bodyHandler
= BodyHandlers
.ofString();
59 HttpResponse
<String
> response
= httpClient
.send(request
, bodyHandler
);
60 System
.out
.println(response
.body());
61 int responseCode
= response
.statusCode();
62 // return response.statusCode();
65 System
.out
.println("Reponse code: " + responseCode
);
66 } catch (Exception e
) {
71 private static HttpClient
openHttpClient(Subject subject
) {
72 // disable https check
73 // jdk.internal.httpclient.disableHostnameVerification=true
74 HttpClient client
= HttpClient
.newBuilder().sslContext(insecureContext())
75 // .authenticator(new Authenticator() {
76 // public PasswordAuthentication getPasswordAuthentication() {
81 .version(HttpClient
.Version
.HTTP_1_1
).build();
86 // AuthPolicy.registerAuthScheme(SpnegoAuthScheme.NAME, SpnegoAuthScheme.class);
87 // HttpParams params = DefaultHttpParams.getDefaultParams();
88 // ArrayList<String> schemes = new ArrayList<>();
89 // schemes.add(SpnegoAuthScheme.NAME);
90 // params.setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY, schemes);
91 // params.setParameter(CredentialsProvider.PROVIDER, new HttpCredentialProvider());
92 // HttpClient httpClient = new HttpClient();
93 // httpClient.executeMethod(new GetMethod(("https://" + server + "/ipa/session/json")));
98 private static SSLContext
insecureContext() {
99 TrustManager
[] noopTrustManager
= new TrustManager
[] { new X509TrustManager() {
100 public void checkClientTrusted(X509Certificate
[] xcs
, String string
) {
103 public void checkServerTrusted(X509Certificate
[] xcs
, String string
) {
106 public X509Certificate
[] getAcceptedIssuers() {
111 SSLContext sc
= SSLContext
.getInstance("ssl");
112 sc
.init(null, noopTrustManager
, null);
114 } catch (KeyManagementException
| NoSuchAlgorithmException e
) {
115 throw new IllegalStateException("Cannot create insecure SSL context ", e
);