Java 类org.apache.http.auth.AuthProtocolState 实例源码

private void doPreemptiveAuth(
        final HttpHost host,
        final AuthScheme authScheme,
        final AuthState authState,
        final CredentialsProvider credsProvider) {
    String schemeName = authScheme.getSchemeName();
    if (this.log.isDebugEnabled()) {
        this.log.debug("Re-using cached '" + schemeName + "' auth scheme for " + host);
    }

    AuthScope authScope = new AuthScope(host, AuthScope.ANY_REALM, schemeName);
    Credentials creds = credsProvider.getCredentials(authScope);

    if (creds != null) {
        authState.setState(AuthProtocolState.SUCCESS);
        authState.update(authScheme, creds);
    } else {
        this.log.debug("No credentials for preemptive authentication");
    }
}

public boolean isAuthenticationRequested(
        final HttpHost host,
        final HttpResponse response,
        final AuthenticationStrategy authStrategy,
        final AuthState authState,
        final HttpContext context) {
    if (authStrategy.isAuthenticationRequested(host, response, context)) {
        return true;
    } else {
        switch (authState.getState()) {
        case CHALLENGED:
        case HANDSHAKE:
            authState.setState(AuthProtocolState.SUCCESS);
            authStrategy.authSucceeded(host, authState.getAuthScheme(), context);
            break;
        case SUCCESS:
            break;
        default:
            authState.setState(AuthProtocolState.UNCHALLENGED);
        }
        return false;
    }
}

private void doPreemptiveAuth(
        final HttpHost host,
        final AuthScheme authScheme,
        final AuthStateHC4 authState,
        final CredentialsProvider credsProvider) {
    final String schemeName = authScheme.getSchemeName();
    if (Log.isLoggable(TAG, Log.DEBUG)) {
        Log.d(TAG, "Re-using cached '" + schemeName + "' auth scheme for " + host);
    }

    final AuthScope authScope = new AuthScope(host.getHostName(), host.getPort(), AuthScope.ANY_REALM, schemeName);
    final Credentials creds = credsProvider.getCredentials(authScope);

    if (creds != null) {
        if ("BASIC".equalsIgnoreCase(authScheme.getSchemeName())) {
            authState.setState(AuthProtocolState.CHALLENGED);
        } else {
            authState.setState(AuthProtocolState.SUCCESS);
        }
        authState.update(authScheme, creds);
    } else {
        if (Log.isLoggable(TAG, Log.DEBUG)) {
            Log.d(TAG, "No credentials for preemptive authentication");
        }
    }
}

/**
 * Builds a configured HTTP context object that is pre-configured for
 * using HTTP Signature authentication.
 *
 * @param configurator HTTP Signatures configuration helper to pull properties from
 * @return configured HTTP context object
 */
protected HttpContext buildHttpContext(final HttpSignatureConfigurator configurator) {
    final HttpClientContext context = HttpClientContext.create();

    if (configurator != null) {
        AuthCache authCache = new BasicAuthCache();
        context.setAuthCache(authCache);

        AuthState authState = new AuthState();
        authState.update(configurator.getAuthScheme(), configurator.getCredentials());

        context.setAttribute(HttpClientContext.TARGET_AUTH_STATE,
                authState);
        context.getTargetAuthState().setState(AuthProtocolState.UNCHALLENGED);

    }

    return context;
}

private void doPreemptiveAuth(
        final HttpHost host,
        final AuthScheme authScheme,
        final AuthState authState,
        final CredentialsProvider credsProvider) {
    final String schemeName = authScheme.getSchemeName();
    if (this.log.isDebugEnabled()) {
        this.log.debug("Re-using cached '" + schemeName + "' auth scheme for " + host);
    }

    final AuthScope authScope = new AuthScope(host, AuthScope.ANY_REALM, schemeName);
    final Credentials creds = credsProvider.getCredentials(authScope);

    if (creds != null) {
        if ("BASIC".equalsIgnoreCase(authScheme.getSchemeName())) {
            authState.setState(AuthProtocolState.CHALLENGED);
        } else {
            authState.setState(AuthProtocolState.SUCCESS);
        }
        authState.update(authScheme, creds);
    } else {
        this.log.debug("No credentials for preemptive authentication");
    }
}

@Test
public void testAuthenticationRequestedAfterSuccess() throws Exception {
    final HttpResponse response = new BasicHttpResponse(HttpVersion.HTTP_1_1, HttpStatus.SC_UNAUTHORIZED, "UNAUTHORIZED");
    Mockito.when(this.defltAuthStrategy.isAuthenticationRequested(
            Mockito.any(HttpHost.class),
            Mockito.any(HttpResponse.class),
            Mockito.any(HttpContext.class))).thenReturn(Boolean.TRUE);

    this.authState.update(this.authScheme, this.credentials);
    this.authState.setState(AuthProtocolState.SUCCESS);

    Assert.assertTrue(this.httpAuthenticator.isAuthenticationRequested(
            this.defaultHost, response, this.defltAuthStrategy, this.authState, this.context));

    Mockito.verify(this.defltAuthStrategy).isAuthenticationRequested(this.defaultHost, response, this.context);
    Mockito.verify(this.defltAuthStrategy).authFailed(this.defaultHost, this.authScheme, this.context);
}

@Test
public void testAuthenticationNotRequestedSuccess1() throws Exception {
    final HttpResponse response = new BasicHttpResponse(HttpVersion.HTTP_1_1, HttpStatus.SC_OK, "OK");
    Mockito.when(this.defltAuthStrategy.isAuthenticationRequested(
            Mockito.any(HttpHost.class),
            Mockito.any(HttpResponse.class),
            Mockito.any(HttpContext.class))).thenReturn(Boolean.FALSE);
    this.authState.update(this.authScheme, this.credentials);
    this.authState.setState(AuthProtocolState.CHALLENGED);

    Assert.assertFalse(this.httpAuthenticator.isAuthenticationRequested(
            this.defaultHost, response, this.defltAuthStrategy, this.authState, this.context));
    Assert.assertEquals(AuthProtocolState.SUCCESS, this.authState.getState());

    Mockito.verify(this.defltAuthStrategy).isAuthenticationRequested(this.defaultHost, response, this.context);
    Mockito.verify(this.defltAuthStrategy).authSucceeded(this.defaultHost, this.authScheme, this.context);
}

@Test
public void testAuthenticationNotRequestedSuccess2() throws Exception {
    final HttpResponse response = new BasicHttpResponse(HttpVersion.HTTP_1_1, HttpStatus.SC_OK, "OK");
    Mockito.when(this.defltAuthStrategy.isAuthenticationRequested(
            Mockito.any(HttpHost.class),
            Mockito.any(HttpResponse.class),
            Mockito.any(HttpContext.class))).thenReturn(Boolean.FALSE);
    this.authState.update(this.authScheme, this.credentials);
    this.authState.setState(AuthProtocolState.HANDSHAKE);

    Assert.assertFalse(this.httpAuthenticator.isAuthenticationRequested(
            this.defaultHost, response, this.defltAuthStrategy, this.authState, this.context));
    Assert.assertEquals(AuthProtocolState.SUCCESS, this.authState.getState());

    Mockito.verify(this.defltAuthStrategy).isAuthenticationRequested(this.defaultHost, response, this.context);
    Mockito.verify(this.defltAuthStrategy).authSucceeded(this.defaultHost, this.authScheme, this.context);
}

@Test
public void testAuthentication() throws Exception {
    final HttpHost host = new HttpHost("somehost", 80);
    final HttpResponse response = new BasicHttpResponse(HttpVersion.HTTP_1_1, HttpStatus.SC_UNAUTHORIZED, "UNAUTHORIZED");
    response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "Basic realm=\"test\""));
    response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "Digest realm=\"realm1\", nonce=\"1234\""));
    response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "whatever realm=\"realm1\", stuff=\"1234\""));

    final TargetAuthenticationStrategy authStrategy = new TargetAuthenticationStrategy();

    Assert.assertTrue(this.httpAuthenticator.handleAuthChallenge(host,
            response, authStrategy, this.authState, this.context));
    Assert.assertEquals(AuthProtocolState.CHALLENGED, this.authState.getState());

    final Queue<AuthOption> options = this.authState.getAuthOptions();
    Assert.assertNotNull(options);
    final AuthOption option1 = options.poll();
    Assert.assertNotNull(option1);
    Assert.assertEquals("digest", option1.getAuthScheme().getSchemeName());
    final AuthOption option2 = options.poll();
    Assert.assertNotNull(option2);
    Assert.assertEquals("basic", option2.getAuthScheme().getSchemeName());
    Assert.assertNull(options.poll());
}

@Test
public void testAuthenticationFailed() throws Exception {
    final HttpHost host = new HttpHost("somehost", 80);
    final HttpResponse response = new BasicHttpResponse(HttpVersion.HTTP_1_1, HttpStatus.SC_UNAUTHORIZED, "UNAUTHORIZED");
    response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "Basic realm=\"test\""));
    response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "Digest realm=\"realm1\", nonce=\"1234\""));

    this.authState.setState(AuthProtocolState.CHALLENGED);
    this.authState.update(this.authScheme, this.credentials);

    final TargetAuthenticationStrategy authStrategy = new TargetAuthenticationStrategy();

    Assert.assertFalse(this.httpAuthenticator.handleAuthChallenge(host,
            response, authStrategy, this.authState, this.context));

    Assert.assertEquals(AuthProtocolState.FAILURE, this.authState.getState());

    Mockito.verify(this.authCache).remove(host);
}

@Test
public void testAuthenticationFailedPreviously() throws Exception {
    final HttpHost host = new HttpHost("somehost", 80);
    final HttpResponse response = new BasicHttpResponse(HttpVersion.HTTP_1_1, HttpStatus.SC_UNAUTHORIZED, "UNAUTHORIZED");
    response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "Basic realm=\"test\""));
    response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "Digest realm=\"realm1\", nonce=\"1234\""));

    this.authState.setState(AuthProtocolState.FAILURE);

    final TargetAuthenticationStrategy authStrategy = new TargetAuthenticationStrategy();

    Assert.assertFalse(this.httpAuthenticator.handleAuthChallenge(host,
            response, authStrategy, this.authState, this.context));

    Assert.assertEquals(AuthProtocolState.FAILURE, this.authState.getState());
}

@Test
public void testAuthenticationFailure() throws Exception {
    final HttpHost host = new HttpHost("somehost", 80);
    final HttpResponse response = new BasicHttpResponse(HttpVersion.HTTP_1_1, HttpStatus.SC_UNAUTHORIZED, "UNAUTHORIZED");
    response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "Basic realm=\"test\""));
    response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "Digest realm=\"realm1\", nonce=\"1234\""));
    response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "whatever realm=\"realm1\", stuff=\"1234\""));

    final TargetAuthenticationStrategy authStrategy = new TargetAuthenticationStrategy();

    this.authState.setState(AuthProtocolState.CHALLENGED);
    this.authState.update(new BasicScheme(), this.credentials);

    Assert.assertFalse(this.httpAuthenticator.handleAuthChallenge(host,
            response, authStrategy, this.authState, this.context));
    Assert.assertEquals(AuthProtocolState.FAILURE, this.authState.getState());
    Assert.assertNull(this.authState.getCredentials());
}

@Test
public void testAuthenticationHandshaking() throws Exception {
    final HttpHost host = new HttpHost("somehost", 80);
    final HttpResponse response = new BasicHttpResponse(HttpVersion.HTTP_1_1, HttpStatus.SC_UNAUTHORIZED, "UNAUTHORIZED");
    response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "Basic realm=\"test\""));
    response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "Digest realm=\"realm1\", stale=true, nonce=\"1234\""));
    response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "whatever realm=\"realm1\", stuff=\"1234\""));

    final TargetAuthenticationStrategy authStrategy = new TargetAuthenticationStrategy();

    this.authState.setState(AuthProtocolState.CHALLENGED);
    this.authState.update(new DigestScheme(), this.credentials);

    Assert.assertTrue(this.httpAuthenticator.handleAuthChallenge(host,
            response, authStrategy, this.authState, this.context));

    Assert.assertEquals(AuthProtocolState.HANDSHAKE, this.authState.getState());
}

@Test
public void testAuthenticationNoMatchingChallenge() throws Exception {
    final HttpHost host = new HttpHost("somehost", 80);
    final HttpResponse response = new BasicHttpResponse(HttpVersion.HTTP_1_1, HttpStatus.SC_UNAUTHORIZED, "UNAUTHORIZED");
    response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "Digest realm=\"realm1\", nonce=\"1234\""));
    response.addHeader(new BasicHeader(AUTH.WWW_AUTH, "whatever realm=\"realm1\", stuff=\"1234\""));

    final TargetAuthenticationStrategy authStrategy = new TargetAuthenticationStrategy();

    this.authState.setState(AuthProtocolState.CHALLENGED);
    this.authState.update(new BasicScheme(), this.credentials);

    Assert.assertTrue(this.httpAuthenticator.handleAuthChallenge(host,
            response, authStrategy, this.authState, this.context));
    Assert.assertEquals(AuthProtocolState.CHALLENGED, this.authState.getState());

    final Queue<AuthOption> options = this.authState.getAuthOptions();
    Assert.assertNotNull(options);
    final AuthOption option1 = options.poll();
    Assert.assertNotNull(option1);
    Assert.assertEquals("digest", option1.getAuthScheme().getSchemeName());
    Assert.assertNull(options.poll());
}

@Test
public void testAuthenticationException() throws Exception {
    final HttpHost host = new HttpHost("somehost", 80);
    final HttpResponse response = new BasicHttpResponse(HttpVersion.HTTP_1_1, HttpStatus.SC_UNAUTHORIZED, "UNAUTHORIZED");

    this.authState.setState(AuthProtocolState.CHALLENGED);

    Mockito.doThrow(new MalformedChallengeException()).when(this.defltAuthStrategy).getChallenges(
            Mockito.any(HttpHost.class),
            Mockito.any(HttpResponse.class),
            Mockito.any(HttpContext.class));

    Assert.assertFalse(this.httpAuthenticator.handleAuthChallenge(host,
            response, this.defltAuthStrategy, this.authState, this.context));

    Assert.assertEquals(AuthProtocolState.UNCHALLENGED, this.authState.getState());
    Assert.assertNull(this.authState.getAuthScheme());
    Assert.assertNull(this.authState.getCredentials());
}

@Test
public void testAuthChallengeStateNoOption() throws Exception {
    final HttpRequest request = new BasicHttpRequest("GET", "/");
    this.authState.setState(AuthProtocolState.CHALLENGED);
    this.authState.update(this.authScheme, this.credentials);

    Mockito.when(this.authScheme.authenticate(
            Mockito.any(Credentials.class),
            Mockito.any(HttpRequest.class),
            Mockito.any(HttpContext.class))).thenReturn(new BasicHeader(AUTH.WWW_AUTH_RESP, "stuff"));

    this.httpAuthenticator.generateAuthResponse(request, authState, context);

    Assert.assertTrue(request.containsHeader(AUTH.WWW_AUTH_RESP));

    Mockito.verify(this.authScheme).authenticate(this.credentials, request, this.context);
}

@Test
public void testAuthChallengeStateOneOptions() throws Exception {
    final HttpRequest request = new BasicHttpRequest("GET", "/");
    this.authState.setState(AuthProtocolState.CHALLENGED);
    final LinkedList<AuthOption> authOptions = new LinkedList<AuthOption>();
    authOptions.add(new AuthOption(this.authScheme, this.credentials));
    this.authState.update(authOptions);

    Mockito.when(this.authScheme.authenticate(
            Mockito.any(Credentials.class),
            Mockito.any(HttpRequest.class),
            Mockito.any(HttpContext.class))).thenReturn(new BasicHeader(AUTH.WWW_AUTH_RESP, "stuff"));

    this.httpAuthenticator.generateAuthResponse(request, authState, context);

    Assert.assertSame(this.authScheme, this.authState.getAuthScheme());
    Assert.assertSame(this.credentials, this.authState.getCredentials());
    Assert.assertNull(this.authState.getAuthOptions());

    Assert.assertTrue(request.containsHeader(AUTH.WWW_AUTH_RESP));

    Mockito.verify(this.authScheme).authenticate(this.credentials, request, this.context);
}

@Test
public void testAuthSuccess() throws Exception {
    final HttpRequest request = new BasicHttpRequest("GET", "/");
    this.authState.setState(AuthProtocolState.SUCCESS);
    this.authState.update(this.authScheme, this.credentials);

    Mockito.when(this.authScheme.isConnectionBased()).thenReturn(Boolean.FALSE);
    Mockito.when(this.authScheme.authenticate(
            Mockito.any(Credentials.class),
            Mockito.any(HttpRequest.class),
            Mockito.any(HttpContext.class))).thenReturn(new BasicHeader(AUTH.WWW_AUTH_RESP, "stuff"));

    this.httpAuthenticator.generateAuthResponse(request, authState, context);

    Assert.assertSame(this.authScheme, this.authState.getAuthScheme());
    Assert.assertSame(this.credentials, this.authState.getCredentials());
    Assert.assertNull(this.authState.getAuthOptions());

    Assert.assertTrue(request.containsHeader(AUTH.WWW_AUTH_RESP));

    Mockito.verify(this.authScheme).authenticate(this.credentials, request, this.context);
}

@Test
public void testAuthSuccessConnectionBased() throws Exception {
    final HttpRequest request = new BasicHttpRequest("GET", "/");
    this.authState.setState(AuthProtocolState.SUCCESS);
    this.authState.update(this.authScheme, this.credentials);

    Mockito.when(this.authScheme.isConnectionBased()).thenReturn(Boolean.TRUE);
    Mockito.when(this.authScheme.authenticate(
            Mockito.any(Credentials.class),
            Mockito.any(HttpRequest.class),
            Mockito.any(HttpContext.class))).thenReturn(new BasicHeader(AUTH.WWW_AUTH_RESP, "stuff"));

    this.httpAuthenticator.generateAuthResponse(request, authState, context);

    Assert.assertFalse(request.containsHeader(AUTH.WWW_AUTH_RESP));

    Mockito.verify(this.authScheme, Mockito.never()).authenticate(
            Mockito.any(Credentials.class),
            Mockito.any(HttpRequest.class),
            Mockito.any(HttpContext.class));
}

private void doPreemptiveAuth(
        final HttpHost host,
        final AuthScheme authScheme,
        final AuthStateHC4 authState,
        final CredentialsProvider credsProvider) {
    final String schemeName = authScheme.getSchemeName();
    if (Log.isLoggable(TAG, Log.DEBUG)) {
        Log.d(TAG, "Re-using cached '" + schemeName + "' auth scheme for " + host);
    }

    final AuthScope authScope = new AuthScope(host.getHostName(), host.getPort(), AuthScope.ANY_REALM, schemeName);
    final Credentials creds = credsProvider.getCredentials(authScope);

    if (creds != null) {
        if ("BASIC".equalsIgnoreCase(authScheme.getSchemeName())) {
            authState.setState(AuthProtocolState.CHALLENGED);
        } else {
            authState.setState(AuthProtocolState.SUCCESS);
        }
        authState.update(authScheme, creds);
    } else {
        if (Log.isLoggable(TAG, Log.DEBUG)) {
            Log.d(TAG, "No credentials for preemptive authentication");
        }
    }
}

@Override
public Queue<AuthOption> select(final Map<String, Header> challengeHeaders,
                                final HttpHost authhost,
                                final HttpResponse response,
                                final HttpContext context)
        throws MalformedChallengeException {
    final HttpClientContext httpClientContext = HttpClientContext.adapt(context);
    final AuthState state = httpClientContext.getTargetAuthState();
    final Queue<AuthOption> queue = new LinkedList<>();

    if (state == null || !state.getState().equals(AuthProtocolState.CHALLENGED)) {
        queue.add(authOption);
    } else {
        System.out.println("does this happen?");
    }

    return queue;
}

private void doPreemptiveAuth(
        final HttpHost host,
        final AuthScheme authScheme,
        final AuthStateHC4 authState,
        final CredentialsProvider credsProvider) {
    final String schemeName = authScheme.getSchemeName();
    if (Log.isLoggable(TAG, Log.DEBUG)) {
        Log.d(TAG, "Re-using cached '" + schemeName + "' auth scheme for " + host);
    }

    final AuthScope authScope = new AuthScope(host.getHostName(), host.getPort(), AuthScope.ANY_REALM, schemeName);
    final Credentials creds = credsProvider.getCredentials(authScope);

    if (creds != null) {
        if ("BASIC".equalsIgnoreCase(authScheme.getSchemeName())) {
            authState.setState(AuthProtocolState.CHALLENGED);
        } else {
            authState.setState(AuthProtocolState.SUCCESS);
        }
        authState.update(authScheme, creds);
    } else {
        if (Log.isLoggable(TAG, Log.DEBUG)) {
            Log.d(TAG, "No credentials for preemptive authentication");
        }
    }
}

private void setCredentials() {
    AuthState authState = httpClientContext.getTargetAuthState();
    if (authState != null) {
        CredentialsProvider credentialsProvider = httpClientContext.getCredentialsProvider();
        AuthScope authScope = new AuthScope(HttpHost.create(getBaseUrl()));
        org.apache.http.auth.Credentials credentials = credentialsProvider.getCredentials(authScope);
        if (credentials != null) {
            authState.update(new BasicScheme(), credentials);
            authState.setState(AuthProtocolState.CHALLENGED);
        }
    }
}

public boolean isAuthenticationRequested(
        final HttpHost host,
        final HttpResponse response,
        final AuthenticationStrategy authStrategy,
        final AuthStateHC4 authState,
        final HttpContext context) {
    if (authStrategy.isAuthenticationRequested(host, response, context)) {
        if (Log.isLoggable(TAG, Log.DEBUG)) {
            Log.d(TAG, "Authentication required");
        }
        if (authState.getState() == AuthProtocolState.SUCCESS) {
            authStrategy.authFailed(host, authState.getAuthScheme(), context);
        }
        return true;
    } else {
        switch (authState.getState()) {
        case CHALLENGED:
        case HANDSHAKE:
            if (Log.isLoggable(TAG, Log.DEBUG)) {
                Log.d(TAG, "Authentication succeeded");
            }
            authState.setState(AuthProtocolState.SUCCESS);
            authStrategy.authSucceeded(host, authState.getAuthScheme(), context);
            break;
        case SUCCESS:
            break;
        default:
            authState.setState(AuthProtocolState.UNCHALLENGED);
        }
        return false;
    }
}

public boolean isAuthenticationRequested(
        final HttpHost host,
        final HttpResponse response,
        final AuthenticationStrategy authStrategy,
        final AuthState authState,
        final HttpContext context) {
    if (authStrategy.isAuthenticationRequested(host, response, context)) {
        this.log.debug("Authentication required");
        if (authState.getState() == AuthProtocolState.SUCCESS) {
            authStrategy.authFailed(host, authState.getAuthScheme(), context);
        }
        return true;
    } else {
        switch (authState.getState()) {
        case CHALLENGED:
        case HANDSHAKE:
            this.log.debug("Authentication succeeded");
            authState.setState(AuthProtocolState.SUCCESS);
            authStrategy.authSucceeded(host, authState.getAuthScheme(), context);
            break;
        case SUCCESS:
            break;
        default:
            authState.setState(AuthProtocolState.UNCHALLENGED);
        }
        return false;
    }
}

@Test
public void testAuthSchemeAlreadySet() throws Exception {
    final HttpRequest request = new BasicHttpRequest("GET", "/");

    final HttpClientContext context = HttpClientContext.create();
    context.setAttribute(HttpClientContext.CREDS_PROVIDER, this.credProvider);
    context.setAttribute(HttpCoreContext.HTTP_TARGET_HOST, this.target);
    context.setAttribute(HttpClientContext.HTTP_ROUTE, new HttpRoute(this.target, null, this.proxy, false));
    context.setAttribute(HttpClientContext.TARGET_AUTH_STATE, this.targetState);
    context.setAttribute(HttpClientContext.PROXY_AUTH_STATE, this.proxyState);

    final AuthCache authCache = new BasicAuthCache();
    authCache.put(this.target, this.authscheme1);
    authCache.put(this.proxy, this.authscheme2);

    context.setAttribute(HttpClientContext.AUTH_CACHE, authCache);

    this.targetState.setState(AuthProtocolState.CHALLENGED);
    this.targetState.update(new BasicScheme(), new UsernamePasswordCredentials("user3", "secret3"));
    this.proxyState.setState(AuthProtocolState.CHALLENGED);
    this.proxyState.update(new BasicScheme(), new UsernamePasswordCredentials("user4", "secret4"));

    final HttpRequestInterceptor interceptor = new RequestAuthCache();
    interceptor.process(request, context);
    Assert.assertNotSame(this.authscheme1, this.targetState.getAuthScheme());
    Assert.assertNotSame(this.creds1, this.targetState.getCredentials());
    Assert.assertNotSame(this.authscheme2, this.proxyState.getAuthScheme());
    Assert.assertNotSame(this.creds2, this.proxyState.getCredentials());
}

@Test
public void testAuthenticationNotRequestedUnchallenged() throws Exception {
    final HttpResponse response = new BasicHttpResponse(HttpVersion.HTTP_1_1, HttpStatus.SC_OK, "OK");
    Mockito.when(this.defltAuthStrategy.isAuthenticationRequested(
            Mockito.any(HttpHost.class),
            Mockito.any(HttpResponse.class),
            Mockito.any(HttpContext.class))).thenReturn(Boolean.FALSE);

    Assert.assertFalse(this.httpAuthenticator.isAuthenticationRequested(
            this.defaultHost, response, this.defltAuthStrategy, this.authState, this.context));
    Assert.assertEquals(AuthProtocolState.UNCHALLENGED, this.authState.getState());

    Mockito.verify(this.defltAuthStrategy).isAuthenticationRequested(this.defaultHost, response, this.context);
}

@Test
public void testAuthFailureState() throws Exception {
    final HttpRequest request = new BasicHttpRequest("GET", "/");
    this.authState.setState(AuthProtocolState.FAILURE);
    this.authState.update(this.authScheme, this.credentials);

    this.httpAuthenticator.generateAuthResponse(request, authState, context);

    Assert.assertFalse(request.containsHeader(AUTH.WWW_AUTH_RESP));

    Mockito.verify(this.authScheme, Mockito.never()).authenticate(
            Mockito.any(Credentials.class),
            Mockito.any(HttpRequest.class),
            Mockito.any(HttpContext.class));
}

@Test
public void testAuthChallengeStateMultipleOption() throws Exception {
    final HttpRequest request = new BasicHttpRequest("GET", "/");
    this.authState.setState(AuthProtocolState.CHALLENGED);

    final LinkedList<AuthOption> authOptions = new LinkedList<AuthOption>();
    final ContextAwareAuthScheme authScheme1 = Mockito.mock(ContextAwareAuthScheme.class);
    Mockito.doThrow(new AuthenticationException()).when(authScheme1).authenticate(
            Mockito.any(Credentials.class),
            Mockito.any(HttpRequest.class),
            Mockito.any(HttpContext.class));
    final ContextAwareAuthScheme authScheme2 = Mockito.mock(ContextAwareAuthScheme.class);
    Mockito.when(authScheme2.authenticate(
            Mockito.any(Credentials.class),
            Mockito.any(HttpRequest.class),
            Mockito.any(HttpContext.class))).thenReturn(new BasicHeader(AUTH.WWW_AUTH_RESP, "stuff"));
    authOptions.add(new AuthOption(authScheme1, this.credentials));
    authOptions.add(new AuthOption(authScheme2, this.credentials));
    this.authState.update(authOptions);

    this.httpAuthenticator.generateAuthResponse(request, authState, context);

    Assert.assertSame(authScheme2, this.authState.getAuthScheme());
    Assert.assertSame(this.credentials, this.authState.getCredentials());
    Assert.assertNull(this.authState.getAuthOptions());

    Assert.assertTrue(request.containsHeader(AUTH.WWW_AUTH_RESP));

    Mockito.verify(authScheme1, Mockito.times(1)).authenticate(this.credentials, request, this.context);
    Mockito.verify(authScheme2, Mockito.times(1)).authenticate(this.credentials, request, this.context);
}

public boolean isAuthenticationRequested(
        final HttpHost host,
        final HttpResponse response,
        final AuthenticationStrategy authStrategy,
        final AuthStateHC4 authState,
        final HttpContext context) {
    if (authStrategy.isAuthenticationRequested(host, response, context)) {
        if (Log.isLoggable(TAG, Log.DEBUG)) {
            Log.d(TAG, "Authentication required");
        }
        if (authState.getState() == AuthProtocolState.SUCCESS) {
            authStrategy.authFailed(host, authState.getAuthScheme(), context);
        }
        return true;
    } else {
        switch (authState.getState()) {
        case CHALLENGED:
        case HANDSHAKE:
            if (Log.isLoggable(TAG, Log.DEBUG)) {
                Log.d(TAG, "Authentication succeeded");
            }
            authState.setState(AuthProtocolState.SUCCESS);
            authStrategy.authSucceeded(host, authState.getAuthScheme(), context);
            break;
        case SUCCESS:
            break;
        default:
            authState.setState(AuthProtocolState.UNCHALLENGED);
        }
        return false;
    }
}

/**
 * Determines if the given HTTP response response represents
 * an authentication challenge that was sent back as a result
 * of authentication failure.
 *
 * @param authHost authentication host.
 * @param response HTTP response.
 * @param context  HTTP context.
 * @return {@code true} if user authentication is required,
 *                      {@code false} otherwise.
 */
@Override
public boolean isAuthenticationRequested(final HttpHost authHost,
                                         final HttpResponse response,
                                         final HttpContext context) {
    final StatusLine line = response.getStatusLine();
    final int code = line.getStatusCode();
    final HttpClientContext clientContext = HttpClientContext.adapt(context);

    final AuthState authState = clientContext.getTargetAuthState();
    final AuthProtocolState authProtocolState = authState.getState();

    if (code == HttpStatus.SC_UNAUTHORIZED) {
        if (authProtocolState.equals(AuthProtocolState.CHALLENGED)) {
            clientContext.getTargetAuthState().setState(AuthProtocolState.FAILURE);
            authFailed(authHost, authState.getAuthScheme(), context);
        }

        return true;
    }

    if (clientContext.getTargetAuthState() == null) {
        return true;
    }

    return false;
}

public boolean isAuthenticationRequested(
        final HttpHost host,
        final HttpResponse response,
        final AuthenticationStrategy authStrategy,
        final AuthStateHC4 authState,
        final HttpContext context) {
    if (authStrategy.isAuthenticationRequested(host, response, context)) {
        if (Log.isLoggable(TAG, Log.DEBUG)) {
            Log.d(TAG, "Authentication required");
        }
        if (authState.getState() == AuthProtocolState.SUCCESS) {
            authStrategy.authFailed(host, authState.getAuthScheme(), context);
        }
        return true;
    } else {
        switch (authState.getState()) {
        case CHALLENGED:
        case HANDSHAKE:
            if (Log.isLoggable(TAG, Log.DEBUG)) {
                Log.d(TAG, "Authentication succeeded");
            }
            authState.setState(AuthProtocolState.SUCCESS);
            authStrategy.authSucceeded(host, authState.getAuthScheme(), context);
            break;
        case SUCCESS:
            break;
        default:
            authState.setState(AuthProtocolState.UNCHALLENGED);
        }
        return false;
    }
}

public boolean authenticate(
        final HttpHost host,
        final HttpResponse response,
        final AuthenticationStrategy authStrategy,
        final AuthState authState,
        final HttpContext context) {
    try {
        if (this.log.isDebugEnabled()) {
            this.log.debug(host.toHostString() + " requested authentication");
        }
        Map<String, Header> challenges = authStrategy.getChallenges(host, response, context);
        if (challenges.isEmpty()) {
            this.log.debug("Response contains no authentication challenges");
            return false;
        }

        AuthScheme authScheme = authState.getAuthScheme();
        switch (authState.getState()) {
        case FAILURE:
            return false;
        case SUCCESS:
            authState.reset();
            break;
        case CHALLENGED:
        case HANDSHAKE:
            if (authScheme == null) {
                this.log.debug("Auth scheme is null");
                authStrategy.authFailed(host, null, context);
                authState.reset();
                authState.setState(AuthProtocolState.FAILURE);
                return false;
            }
        case UNCHALLENGED:
            if (authScheme != null) {
                String id = authScheme.getSchemeName();
                Header challenge = challenges.get(id.toLowerCase(Locale.US));
                if (challenge != null) {
                    this.log.debug("Authorization challenge processed");
                    authScheme.processChallenge(challenge);
                    if (authScheme.isComplete()) {
                        this.log.debug("Authentication failed");
                        authStrategy.authFailed(host, authState.getAuthScheme(), context);
                        authState.reset();
                        authState.setState(AuthProtocolState.FAILURE);
                        return false;
                    } else {
                        authState.setState(AuthProtocolState.HANDSHAKE);
                        return true;
                    }
                } else {
                    authState.reset();
                    // Retry authentication with a different scheme
                }
            }
        }
        Queue<AuthOption> authOptions = authStrategy.select(challenges, host, response, context);
        if (authOptions != null && !authOptions.isEmpty()) {
            if (this.log.isDebugEnabled()) {
                this.log.debug("Selected authentication options: " + authOptions);
            }
            authState.setState(AuthProtocolState.CHALLENGED);
            authState.update(authOptions);
            return true;
        } else {
            return false;
        }
    } catch (MalformedChallengeException ex) {
        if (this.log.isWarnEnabled()) {
            this.log.warn("Malformed challenge: " +  ex.getMessage());
        }
        authState.reset();
        return false;
    }
}

public boolean handleAuthChallenge(
        final HttpHost host,
        final HttpResponse response,
        final AuthenticationStrategy authStrategy,
        final AuthState authState,
        final HttpContext context) {
    try {
        if (this.log.isDebugEnabled()) {
            this.log.debug(host.toHostString() + " requested authentication");
        }
        final Map<String, Header> challenges = authStrategy.getChallenges(host, response, context);
        if (challenges.isEmpty()) {
            this.log.debug("Response contains no authentication challenges");
            return false;
        }

        final AuthScheme authScheme = authState.getAuthScheme();
        switch (authState.getState()) {
        case FAILURE:
            return false;
        case SUCCESS:
            authState.reset();
            break;
        case CHALLENGED:
        case HANDSHAKE:
            if (authScheme == null) {
                this.log.debug("Auth scheme is null");
                authStrategy.authFailed(host, null, context);
                authState.reset();
                authState.setState(AuthProtocolState.FAILURE);
                return false;
            }
        case UNCHALLENGED:
            if (authScheme != null) {
                final String id = authScheme.getSchemeName();
                final Header challenge = challenges.get(id.toLowerCase(Locale.ROOT));
                if (challenge != null) {
                    this.log.debug("Authorization challenge processed");
                    authScheme.processChallenge(challenge);
                    if (authScheme.isComplete()) {
                        this.log.debug("Authentication failed");
                        authStrategy.authFailed(host, authState.getAuthScheme(), context);
                        authState.reset();
                        authState.setState(AuthProtocolState.FAILURE);
                        return false;
                    } else {
                        authState.setState(AuthProtocolState.HANDSHAKE);
                        return true;
                    }
                } else {
                    authState.reset();
                    // Retry authentication with a different scheme
                }
            }
        }
        final Queue<AuthOption> authOptions = authStrategy.select(challenges, host, response, context);
        if (authOptions != null && !authOptions.isEmpty()) {
            if (this.log.isDebugEnabled()) {
                this.log.debug("Selected authentication options: " + authOptions);
            }
            authState.setState(AuthProtocolState.CHALLENGED);
            authState.update(authOptions);
            return true;
        } else {
            return false;
        }
    } catch (final MalformedChallengeException ex) {
        if (this.log.isWarnEnabled()) {
            this.log.warn("Malformed challenge: " +  ex.getMessage());
        }
        authState.reset();
        return false;
    }
}

@Test
public void testExecEntityEnclosingRequestRetryOnAuthChallenge() throws Exception {
    final HttpRoute route = new HttpRoute(target);
    final HttpRequestWrapper request = HttpRequestWrapper.wrap(new HttpGet("http://bar/test"));
    final HttpResponse response1 = new BasicHttpResponse(HttpVersion.HTTP_1_1, 401, "Huh?");
    final InputStream instream1 = Mockito.spy(new ByteArrayInputStream(new byte[] {1, 2, 3}));
    response1.setEntity(EntityBuilder.create()
            .setStream(instream1)
            .build());
    final HttpResponse response2 = new BasicHttpResponse(HttpVersion.HTTP_1_1, 200, "OK");
    final InputStream instream2 = Mockito.spy(new ByteArrayInputStream(new byte[] {2, 3, 4}));
    response2.setEntity(EntityBuilder.create()
            .setStream(instream2)
            .build());

    final AuthState proxyAuthState = new AuthState();
    proxyAuthState.setState(AuthProtocolState.SUCCESS);
    proxyAuthState.update(new NTLMScheme(), new NTCredentials("user:pass"));

    final HttpClientContext context = new HttpClientContext();
    context.setAttribute(HttpClientContext.PROXY_AUTH_STATE, proxyAuthState);

    Mockito.when(managedConn.isOpen()).thenReturn(Boolean.TRUE);
    Mockito.when(managedConn.isStale()).thenReturn(Boolean.FALSE);
    Mockito.when(requestExecutor.execute(
            Mockito.same(request),
            Mockito.<HttpClientConnection>any(),
            Mockito.<HttpClientContext>any())).thenReturn(response1, response2);
    Mockito.when(reuseStrategy.keepAlive(
            Mockito.<HttpResponse>any(),
            Mockito.<HttpClientContext>any())).thenReturn(Boolean.FALSE);
    Mockito.when(targetAuthStrategy.isAuthenticationRequested(
            Mockito.eq(target),
            Mockito.same(response1),
            Mockito.<HttpClientContext>any())).thenReturn(Boolean.TRUE);

    final CloseableHttpResponse finalResponse = mainClientExec.execute(
            route, request, context, execAware);
    Mockito.verify(requestExecutor, Mockito.times(2)).execute(request, managedConn, context);
    Mockito.verify(managedConn).close();
    Mockito.verify(instream2, Mockito.never()).close();

    Assert.assertNotNull(finalResponse);
    Assert.assertEquals(200, finalResponse.getStatusLine().getStatusCode());
    Assert.assertNull(proxyAuthState.getAuthScheme());
    Assert.assertNull(proxyAuthState.getCredentials());
}

@Test
public void testCrossSiteRedirect() throws Exception {
    final HttpRoute route = new HttpRoute(target);
    final HttpGet get = new HttpGet("/test");
    final HttpRequestWrapper request = HttpRequestWrapper.wrap(get);
    final HttpClientContext context = HttpClientContext.create();

    final AuthState targetAuthState = new AuthState();
    targetAuthState.setState(AuthProtocolState.SUCCESS);
    targetAuthState.update(new BasicScheme(), new UsernamePasswordCredentials("user", "pass"));
    final AuthState proxyAuthState = new AuthState();
    proxyAuthState.setState(AuthProtocolState.SUCCESS);
    proxyAuthState.update(new NTLMScheme(), new NTCredentials("user", "pass", null, null));
    context.setAttribute(HttpClientContext.TARGET_AUTH_STATE, targetAuthState);
    context.setAttribute(HttpClientContext.PROXY_AUTH_STATE, proxyAuthState);

    final CloseableHttpResponse response1 = Mockito.mock(CloseableHttpResponse.class);
    final CloseableHttpResponse response2 = Mockito.mock(CloseableHttpResponse.class);
    final HttpGet redirect = new HttpGet("http://otherhost/redirect");
    Mockito.when(requestExecutor.execute(
            Mockito.eq(route),
            Mockito.same(request),
            Mockito.<HttpClientContext>any(),
            Mockito.<HttpExecutionAware>any())).thenReturn(response1);
    Mockito.when(requestExecutor.execute(
            Mockito.eq(route),
            HttpRequestWrapperMatcher.same(redirect),
            Mockito.<HttpClientContext>any(),
            Mockito.<HttpExecutionAware>any())).thenReturn(response2);
    Mockito.when(redirectStrategy.isRedirected(
            Mockito.same(get),
            Mockito.same(response1),
            Mockito.<HttpClientContext>any())).thenReturn(Boolean.TRUE);
    Mockito.when(redirectStrategy.getRedirect(
            Mockito.same(get),
            Mockito.same(response1),
            Mockito.<HttpClientContext>any())).thenReturn(redirect);
    Mockito.when(httpRoutePlanner.determineRoute(
            Mockito.eq(target),
            Mockito.<HttpRequestWrapper>any(),
            Mockito.<HttpClientContext>any())).thenReturn(new HttpRoute(new HttpHost("otherhost", 80)));

    redirectExec.execute(route, request, context, execAware);

    Assert.assertNotNull(context.getTargetAuthState());
    Assert.assertEquals(AuthProtocolState.UNCHALLENGED, context.getTargetAuthState().getState());
    Assert.assertEquals(null, context.getTargetAuthState().getAuthScheme());
    Assert.assertNotNull(context.getProxyAuthState());
    Assert.assertEquals(AuthProtocolState.UNCHALLENGED, context.getProxyAuthState().getState());
    Assert.assertEquals(null, context.getProxyAuthState().getAuthScheme());
}