- private static HttpClient openHttpClient(Subject subject, String server) {
- try {
- String domain = "WORK.ARGEO.ORG";
- // disable https check
- // jdk.internal.httpclient.disableHostnameVerification=true
- HttpClient client = HttpClient.newBuilder().sslContext(insecureContext())
- .authenticator(new Authenticator() {
- public PasswordAuthentication getPasswordAuthentication() {
- // I haven't checked getRequestingScheme() here, since for NTLM
- // and Negotiate, the usrname and password are all the same.
- System.err.println("Feeding username and password for " + getRequestingScheme());
- return (new PasswordAuthentication("mbaudier@" + domain, null));
- }
-
- }).build();
-
- String token = RemoteAuthUtils.getGssToken(subject, "HTTP/" + server + "@" + domain);
-
- HttpRequest request = HttpRequest.newBuilder(URI.create("https://" + server + "/ipa/session/json")).GET()
- .header("Authorization", "Negotiate " + token).build();
- BodyHandler<String> bodyHandler = BodyHandlers.ofString();
- HttpResponse<String> response = client.send(request, bodyHandler);
- System.out.println(response.body());
- return client;
-
- // return client;
-// AuthPolicy.registerAuthScheme(SpnegoAuthScheme.NAME, SpnegoAuthScheme.class);
-// HttpParams params = DefaultHttpParams.getDefaultParams();
-// ArrayList<String> schemes = new ArrayList<>();
-// schemes.add(SpnegoAuthScheme.NAME);
-// params.setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY, schemes);
-// params.setParameter(CredentialsProvider.PROVIDER, new HttpCredentialProvider());
-// HttpClient httpClient = new HttpClient();
-// httpClient.executeMethod(new GetMethod(("https://" + server + "/ipa/session/json")));
-// return httpClient;
- } catch (
-
- Exception e) {
- throw new IllegalStateException("Cannot open client to IPA server " + server, e);
- }
-
- }
-
- private static SSLContext insecureContext() {
- TrustManager[] noopTrustManager = new TrustManager[] { new X509TrustManager() {
- public void checkClientTrusted(X509Certificate[] xcs, String string) {
- }
-
- public void checkServerTrusted(X509Certificate[] xcs, String string) {
- }
-
- public X509Certificate[] getAcceptedIssuers() {
- return null;
- }
- } };
- try {
- SSLContext sc = SSLContext.getInstance("ssl");
- sc.init(null, noopTrustManager, null);
- return sc;
- } catch (KeyManagementException | NoSuchAlgorithmException e) {
- throw new IllegalStateException("Cannot create insecure SSL context ", e);
- }
- }