Comment vous authentifiez-vous par programme sur un serveur Web à l'aide de l'authentification NTLM avec httpclient d'apache?

Question

J'utilise ce code, et j'obtiens la trace de pile qui est listée ci-dessous. J'ai ce travail avec juste https et avec l'authentification de base, mais pas NTLM.

HttpClient client = null; 
HttpMethod get = null; 
try 
{ 
    Protocol myhttps = new Protocol("https", ((ProtocolSocketFactory) new EasySSLProtocolSocketFactory()), 443); 
    Protocol.registerProtocol("https", myhttps); 
    client = new HttpClient(); 
    get = new GetMethod("https://tt.dummycorp.com/tmtrack/"); 
    Credentials creds = new NTCredentials("dummy", "dummy123", "host", "DUMMYDOMAIN"); 
    client.getState().setCredentials(AuthScope.ANY, creds); 
    get.setDoAuthentication(true); 
    int resultCode = client.executeMethod(get); 
    System.out.println(get.getResponseBodyAsString()); 
} 

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed 
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174) 
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1591) 
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187) 
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181) 
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:975) 
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:123) 
    at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516) 
    at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454) 
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884) 
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096) 
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:623) 
    at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59) 
    at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65) 
    at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123) 
    at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:828) 
    at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2116) 
    at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096) 
    at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398) 
    at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171) 
    at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397) 
    at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323) 
    at com.dummycorp.teamtrack.TeamTrackHack.main(TeamTrackHack.java:38) 
Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed 
    at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:251) 
    at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:234) 
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:158) 
    at sun.security.validator.Validator.validate(Validator.java:218) 
    at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126) 
    at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209) 
    at org.apache.commons.httpclient.contrib.ssl.EasyX509TrustManager.checkServerTrusted(EasyX509TrustManager.java:104) 
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:967) 
    ... 17 more 
Caused by: java.security.cert.CertPathValidatorException: signature check failed 
    at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:139) 
    at sun.security.provider.certpath.PKIXCertPathValidator.doValidate(PKIXCertPathValidator.java:316) 
    at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:178) 
    at java.security.cert.CertPathValidator.validate(CertPathValidator.java:250) 
    at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:246) 
    ... 24 more 
Caused by: java.security.SignatureException: Signature does not match. 
    at sun.security.x509.X509CertImpl.verify(X509CertImpl.java:446) 
    at sun.security.provider.certpath.BasicChecker.verifySignature(BasicChecker.java:133) 
    at sun.security.provider.certpath.BasicChecker.check(BasicChecker.java:112) 
    at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:117) 
    ... 28 more 

Answer 1

HttpClient ne prend pas complètement en charge NTLM. S'il vous plaît jeter un oeil à Known limitations and problems. La documentation HttpClient concernant NTLM est un peu confuse, mais l'essentiel est qu'ils ne supportent pas NTLMv2 ce qui le rend peu utilisable à cet égard. NTLM est supporté par le standard java HttpURLConnection (link), mais HttpClient présente certains avantages par rapport à la connexion HttpURLC de jdk.

Answer 2

Jetez un oeil à l'utilitaire affiché here.

Il résout différents problèmes, à savoir l'absence du certificat, alors que vous avez un certificat invalide installé, mais probablement sa sortie verbeuse sur les certificats installés pourrait être utile.