Fix Netty provider NTLM type 2 message handling, close #339

Stephane Landelle · Stephane Landelle · commit 3fd63d0f5dbb · 2013-07-23T14:21:11.000+02:00
diff --git a/providers/netty/src/main/java/org/asynchttpclient/providers/netty/NettyAsyncHttpProvider.java b/providers/netty/src/main/java/org/asynchttpclient/providers/netty/NettyAsyncHttpProvider.java
@@ -181,6 +181,10 @@ public boolean remove(Object o) {
     private final Protocol httpProtocol = new HttpProtocol();
     private final Protocol webSocketProtocol = new WebSocketProtocol();
 
+	private static boolean isNTLM(List<String> auth) {
+		return isNonEmpty(auth) && auth.get(0).startsWith("NTLM");
+	}
+
     public NettyAsyncHttpProvider(AsyncHttpClientConfig config) {
 
         if (config.getAsyncHttpProviderConfig() != null && NettyAsyncHttpProviderConfig.class.isAssignableFrom(config.getAsyncHttpProviderConfig().getClass())) {
@@ -632,7 +636,7 @@ else if (uri.getRawQuery() != null)
             }
         } else {
             List<String> auth = request.getHeaders().get(HttpHeaders.Names.PROXY_AUTHORIZATION);
-            if (isNonEmpty(auth) && auth.get(0).startsWith("NTLM")) {
+            if (isNTLM(auth)) {
                 nettyRequest.addHeader(HttpHeaders.Names.PROXY_AUTHORIZATION, auth.get(0));
             }
         }
@@ -706,7 +710,7 @@ else if (uri.getRawQuery() != null)
                 if (isNonEmpty(proxyServer.getNtlmDomain())) {
 
                     List<String> auth = request.getHeaders().get(HttpHeaders.Names.PROXY_AUTHORIZATION);
-                    if (!(isNonEmpty(auth) && auth.get(0).startsWith("NTLM"))) {
+                    if (!isNTLM(auth)) {
                         try {
                             String msg = ntlmEngine.generateType1Msg(proxyServer.getNtlmDomain(), proxyServer.getHost());
                             nettyRequest.setHeader(HttpHeaders.Names.PROXY_AUTHORIZATION, "NTLM " + msg);
@@ -1133,14 +1137,26 @@ private Realm kerberosChallenge(List<String> proxyAuth, Request request, ProxySe
             }
             return realmBuilder.setUri(uri.getRawPath()).setMethodName(request.getMethod()).setScheme(Realm.AuthScheme.KERBEROS).build();
         } catch (Throwable throwable) {
-            if (proxyAuth.contains("NTLM")) {
+            if (isNTLM(proxyAuth)) {
                 return ntlmChallenge(proxyAuth, request, proxyServer, headers, realm, future);
             }
             abort(future, throwable);
             return null;
         }
     }
 
+	private void addType3NTLMAuthorizationHeader(List<String> auth, FluentCaseInsensitiveStringsMap headers, String username, String password, String domain, String workstation)
+	        throws NTLMEngineException {
+		headers.remove(HttpHeaders.Names.AUTHORIZATION);
+
+		if (isNTLM(auth)) {
+			String serverChallenge = auth.get(0).trim().substring("NTLM ".length());
+			String challengeHeader = ntlmEngine.generateType3Msg(username, password, domain, workstation, serverChallenge);
+
+			headers.add(HttpHeaders.Names.AUTHORIZATION, "NTLM " + challengeHeader);
+		}
+	}
+
     private Realm ntlmChallenge(List<String> wwwAuth, Request request, ProxyServer proxyServer, FluentCaseInsensitiveStringsMap headers, Realm realm, NettyResponseFuture<?> future) throws NTLMEngineException {
 
         boolean useRealm = (proxyServer == null && realm != null);
@@ -1159,14 +1175,7 @@ private Realm ntlmChallenge(List<String> wwwAuth, Request request, ProxyServer p
             newRealm = new Realm.RealmBuilder().clone(realm).setScheme(realm.getAuthScheme()).setUri(uri.getRawPath()).setMethodName(request.getMethod()).setNtlmMessageType2Received(true).build();
             future.getAndSetAuth(false);
         } else {
-            headers.remove(HttpHeaders.Names.AUTHORIZATION);
-
-            if (wwwAuth.get(0).startsWith("NTLM ")) {
-                String serverChallenge = wwwAuth.get(0).trim().substring("NTLM ".length());
-                String challengeHeader = ntlmEngine.generateType3Msg(principal, password, ntlmDomain, ntlmHost, serverChallenge);
-
-                headers.add(HttpHeaders.Names.AUTHORIZATION, "NTLM " + challengeHeader);
-            }
+        	addType3NTLMAuthorizationHeader(wwwAuth, headers, principal, password, ntlmDomain, ntlmHost);
 
             Realm.RealmBuilder realmBuilder;
             Realm.AuthScheme authScheme;
@@ -1187,11 +1196,8 @@ private Realm ntlmProxyChallenge(List<String> wwwAuth, Request request, ProxySer
         future.getAndSetAuth(false);
         headers.remove(HttpHeaders.Names.PROXY_AUTHORIZATION);
 
-        if (wwwAuth.get(0).startsWith("NTLM ")) {
-            String serverChallenge = wwwAuth.get(0).trim().substring("NTLM ".length());
-            String challengeHeader = ntlmEngine.generateType3Msg(proxyServer.getPrincipal(), proxyServer.getPassword(), proxyServer.getNtlmDomain(), proxyServer.getHost(), serverChallenge);
-            headers.add(HttpHeaders.Names.PROXY_AUTHORIZATION, "NTLM " + challengeHeader);
-        }
+        addType3NTLMAuthorizationHeader(wwwAuth, headers, proxyServer.getPrincipal(), proxyServer.getPassword(), proxyServer.getNtlmDomain(), proxyServer.getHost());
+
         Realm newRealm;
         Realm.RealmBuilder realmBuilder;
         if (realm != null) {
@@ -2052,7 +2058,7 @@ public void handle(final ChannelHandlerContext ctx, final MessageEvent e) throws
 
                         future.setState(NettyResponseFuture.STATE.NEW);
                         // NTLM
-                        if (!wwwAuth.contains("Kerberos") && (wwwAuth.contains("NTLM") || (wwwAuth.contains("Negotiate")))) {
+                        if (!wwwAuth.contains("Kerberos") && (isNTLM(wwwAuth) || (wwwAuth.contains("Negotiate")))) {
                             newRealm = ntlmChallenge(wwwAuth, request, proxyServer, headers, realm, future);
                             // SPNEGO KERBEROS
                         } else if (wwwAuth.contains("Negotiate")) {
@@ -2097,7 +2103,7 @@ public Object call() throws Exception {
 
                         future.setState(NettyResponseFuture.STATE.NEW);
 
-                        if (!proxyAuth.contains("Kerberos") && (proxyAuth.get(0).contains("NTLM") || (proxyAuth.contains("Negotiate")))) {
+                        if (!proxyAuth.contains("Kerberos") && (isNTLM(proxyAuth) || (proxyAuth.contains("Negotiate")))) {
                             newRealm = ntlmProxyChallenge(proxyAuth, request, proxyServer, headers, realm, future);
                             // SPNEGO KERBEROS
                         } else if (proxyAuth.contains("Negotiate")) {
