/** * Produces Negotiate authorization string based on token created by * processChallenge. * * @param credentials Never used be the Negotiate scheme but must be provided to * satisfy common-httpclient API. Credentials from JAAS will be used insted. * @param method The method being authenticated * * @throws AuthenticationException if authorization string cannot * be generated due to an authentication failure * * @return an Negotiate authorization string * * @since 3.0 */ public String authenticate( Credentials credentials, HttpMethod method ) throws AuthenticationException { LOG.debug("enter NegotiateScheme.authenticate(Credentials, HttpMethod)"); if (state == UNINITIATED) { throw new IllegalStateException( "Negotiation authentication process has not been initiated"); } try { try { if(context==null) { LOG.info("host: " + method.getURI().getHost()); init( method.getURI().getHost() ); } } catch (org.apache.commons.httpclient.URIException urie) { LOG.error(urie.getMessage()); state = FAILED; throw new AuthenticationException(urie.getMessage()); } // HTTP 1.1 issue: // Mutual auth will never complete do to 200 insted of 401 in // return from server. "state" will never reach ESTABLISHED // but it works anyway token = context.initSecContext(token, 0, token.length); LOG.info("got token, sending " + token.length + " to server"); } catch (GSSException gsse) { LOG.fatal(gsse.getMessage()); state = FAILED; if( gsse.getMajor() == GSSException.DEFECTIVE_CREDENTIAL || gsse.getMajor() == GSSException.CREDENTIALS_EXPIRED ) throw new InvalidCredentialsException(gsse.getMessage(),gsse); if( gsse.getMajor() == GSSException.NO_CRED ) throw new CredentialsNotAvailableException(gsse.getMessage(),gsse); if( gsse.getMajor() == GSSException.DEFECTIVE_TOKEN || gsse.getMajor() == GSSException.DUPLICATE_TOKEN || gsse.getMajor() == GSSException.OLD_TOKEN ) throw new AuthChallengeException(gsse.getMessage(),gsse); // other error throw new AuthenticationException(gsse.getMessage()); } return "Negotiate " + new String(new Base64().encode(token)); }
