import static org.argeo.cms.CmsMsg.username;
import java.io.IOException;
+import java.net.Authenticator;
+import java.net.PasswordAuthentication;
+import java.net.URI;
+import java.net.http.HttpClient;
+import java.net.http.HttpRequest;
+import java.net.http.HttpResponse;
+import java.net.http.HttpResponse.BodyHandler;
+import java.net.http.HttpResponse.BodyHandlers;
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivilegedAction;
+import java.security.cert.X509Certificate;
import java.util.List;
import java.util.Locale;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import org.argeo.cms.CmsMsg;
import org.argeo.cms.LocaleUtils;
import org.argeo.cms.auth.RemoteAuthCallback;
+import org.argeo.cms.auth.RemoteAuthUtils;
import org.argeo.cms.servlet.ServletHttpRequest;
import org.argeo.cms.servlet.ServletHttpResponse;
import org.argeo.cms.swt.CmsStyles;
else
loginContext = new LoginContext(CmsAuth.LOGIN_CONTEXT_USER, subject, this);
loginContext.login();
+// try {
+// openHttpClient(loginContext.getSubject(), "id-internal.work.argeo.net");
+// } catch (Exception e) {
+// e.printStackTrace();
+// }
cmsView.authChange(loginContext);
return true;
} catch (LoginException e) {
// }
}
+ private static HttpClient openHttpClient(Subject subject, String server) {
+ try {
+ String domain = "WORK.ARGEO.ORG";
+ // disable https check
+ // jdk.internal.httpclient.disableHostnameVerification=true
+ HttpClient client = HttpClient.newBuilder().sslContext(insecureContext())
+ .authenticator(new Authenticator() {
+ public PasswordAuthentication getPasswordAuthentication() {
+ // I haven't checked getRequestingScheme() here, since for NTLM
+ // and Negotiate, the usrname and password are all the same.
+ System.err.println("Feeding username and password for " + getRequestingScheme());
+ return (new PasswordAuthentication("mbaudier@" + domain, null));
+ }
+
+ }).build();
+
+ String token = RemoteAuthUtils.getGssToken(subject, "HTTP/" + server + "@" + domain);
+
+ HttpRequest request = HttpRequest.newBuilder(URI.create("https://" + server + "/ipa/session/json")).GET()
+ .header("Authorization", "Negotiate " + token).build();
+ BodyHandler<String> bodyHandler = BodyHandlers.ofString();
+ HttpResponse<String> response = client.send(request, bodyHandler);
+ System.out.println(response.body());
+ return client;
+
+ // return client;
+// AuthPolicy.registerAuthScheme(SpnegoAuthScheme.NAME, SpnegoAuthScheme.class);
+// HttpParams params = DefaultHttpParams.getDefaultParams();
+// ArrayList<String> schemes = new ArrayList<>();
+// schemes.add(SpnegoAuthScheme.NAME);
+// params.setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY, schemes);
+// params.setParameter(CredentialsProvider.PROVIDER, new HttpCredentialProvider());
+// HttpClient httpClient = new HttpClient();
+// httpClient.executeMethod(new GetMethod(("https://" + server + "/ipa/session/json")));
+// return httpClient;
+ } catch (
+
+ Exception e) {
+ throw new IllegalStateException("Cannot open client to IPA server " + server, e);
+ }
+
+ }
+
+ private static SSLContext insecureContext() {
+ TrustManager[] noopTrustManager = new TrustManager[] { new X509TrustManager() {
+ public void checkClientTrusted(X509Certificate[] xcs, String string) {
+ }
+
+ public void checkServerTrusted(X509Certificate[] xcs, String string) {
+ }
+
+ public X509Certificate[] getAcceptedIssuers() {
+ return null;
+ }
+ } };
+ try {
+ SSLContext sc = SSLContext.getInstance("ssl");
+ sc.init(null, noopTrustManager, null);
+ return sc;
+ } catch (KeyManagementException | NoSuchAlgorithmException e) {
+ throw new IllegalStateException("Cannot create insecure SSL context ", e);
+ }
+ }
+
protected void logout() {
cmsView.logout();
cmsView.navigateTo("~");