NTLM WWW-Authenticate header is not always the first one, close #736

Author: Stephane Landelle

src/main/java/com/ning/http/client/providers/netty/handler/HttpProtocol.java

@@ -13,7 +13,7 @@
  */
 package com.ning.http.client.providers.netty.handler;
 
-import static com.ning.http.client.providers.netty.util.HttpUtils.isNTLM;
+import static com.ning.http.client.providers.netty.util.HttpUtils.getNTLM;
 import static com.ning.http.util.AsyncHttpProviderUtils.getDefaultPort;
 import static com.ning.http.util.MiscUtils.isNonEmpty;
 import static org.jboss.netty.handler.codec.http.HttpResponseStatus.CONTINUE;
@@ -90,8 +90,9 @@ private Realm kerberosChallenge(Channel channel,//
                     .build();
 
         } catch (Throwable throwable) {
-            if (isNTLM(proxyAuth)) {
-                return ntlmChallenge(proxyAuth.get(0), request, proxyServer, headers, realm, future, proxyInd);
+            String ntlmAuthenticate = getNTLM(proxyAuth);
+            if (ntlmAuthenticate != null) {
+                return ntlmChallenge(ntlmAuthenticate, request, proxyServer, headers, realm, future, proxyInd);
             }
             requestSender.abort(channel, future, throwable);
             return null;
@@ -218,9 +219,10 @@ private boolean exitAfterHandling401(//
                 Realm newRealm = null;
 
                 boolean negociate = wwwAuthHeaders.contains("Negotiate");
-                if (!wwwAuthHeaders.contains("Kerberos") && (isNTLM(wwwAuthHeaders) || negociate)) {
+                String ntlmAuthenticate = getNTLM(wwwAuthHeaders);
+                if (!wwwAuthHeaders.contains("Kerberos") && ntlmAuthenticate != null) {
                     // NTLM
-                    newRealm = ntlmChallenge(wwwAuthHeaders.get(0), request, proxyServer, request.getHeaders(), realm, future, false);
+                    newRealm = ntlmChallenge(ntlmAuthenticate, request, proxyServer, request.getHeaders(), realm, future, false);
 
                     // don't forget to reuse channel: NTLM authenticates a connection
                     future.setReuseChannel(true);
@@ -304,8 +306,9 @@ private boolean exitAfterHandling407(//
                 FluentCaseInsensitiveStringsMap requestHeaders = request.getHeaders();
 
                 boolean negociate = proxyAuthHeaders.contains("Negotiate");
-                if (!proxyAuthHeaders.contains("Kerberos") && (isNTLM(proxyAuthHeaders) || negociate)) {
-                    newRealm = ntlmProxyChallenge(proxyAuthHeaders.get(0), request, proxyServer, requestHeaders, realm, future, true);
+                String ntlmAuthenticate = getNTLM(proxyAuthHeaders);
+                if (!proxyAuthHeaders.contains("Kerberos") && ntlmAuthenticate != null) {
+                    newRealm = ntlmProxyChallenge(ntlmAuthenticate, request, proxyServer, requestHeaders, realm, future, true);
                     // SPNEGO KERBEROS
                 } else if (negociate) {
                     newRealm = kerberosChallenge(channel, proxyAuthHeaders, request, proxyServer, requestHeaders, realm, future, true);

src/main/java/com/ning/http/client/providers/netty/request/NettyRequestFactory.java

@@ -13,7 +13,7 @@
  */
 package com.ning.http.client.providers.netty.request;
 
-import static com.ning.http.client.providers.netty.util.HttpUtils.isNTLM;
+import static com.ning.http.client.providers.netty.util.HttpUtils.getNTLM;
 import static com.ning.http.client.providers.netty.util.HttpUtils.isSecure;
 import static com.ning.http.client.providers.netty.util.HttpUtils.isWebSocket;
 import static com.ning.http.client.providers.netty.util.HttpUtils.useProxyConnect;
@@ -157,13 +157,14 @@ public String firstRequestOnlyProxyAuthorizationHeader(Request request, ProxySer
 
         if (method == HttpMethod.CONNECT) {
             List<String> auth = request.getHeaders().get(HttpHeaders.Names.PROXY_AUTHORIZATION);
-            if (isNTLM(auth)) {
-                proxyAuthorization = auth.get(0);
+            String ntlmHeader = getNTLM(auth);
+            if (ntlmHeader != null) {
+                proxyAuthorization = ntlmHeader;
             }
 
         } else if (proxyServer != null && proxyServer.getPrincipal() != null && isNonEmpty(proxyServer.getNtlmDomain())) {
             List<String> auth = request.getHeaders().get(HttpHeaders.Names.PROXY_AUTHORIZATION);
-            if (!isNTLM(auth)) {
+            if (getNTLM(auth) == null) {
                 String msg = NTLMEngine.INSTANCE.generateType1Msg();
                 proxyAuthorization = "NTLM " + msg;
             }

src/main/java/com/ning/http/client/providers/netty/util/HttpUtils.java

@@ -13,8 +13,6 @@
  */
 package com.ning.http.client.providers.netty.util;
 
-import static com.ning.http.util.MiscUtils.isNonEmpty;
-
 import org.jboss.netty.handler.codec.http.HttpHeaders;
 
 import com.ning.http.client.uri.Uri;
@@ -33,8 +31,15 @@ public final class HttpUtils {
     private HttpUtils() {
     }
 
-    public static boolean isNTLM(List<String> auth) {
-        return isNonEmpty(auth) && auth.get(0).startsWith("NTLM");
+    public static String getNTLM(List<String> authenticateHeaders) {
+        if (authenticateHeaders != null) {
+            for (String authenticateHeader: authenticateHeaders) {
+                if (authenticateHeader.startsWith("NTLM"))
+                    return authenticateHeader;
+            }
+        }
+
+        return null;
     }
 
     public static List<String> getNettyHeaderValuesByCaseInsensitiveName(HttpHeaders headers, String name) {