renames KerberosCredentials

Author: stoty

httpclient5-testing/src/test/java/org/apache/hc/client5/testing/compatibility/async/HttpAsyncClientCompatibilityTest.java

@@ -37,8 +37,8 @@
 import org.apache.hc.client5.http.async.methods.SimpleRequestBuilder;
 import org.apache.hc.client5.http.auth.AuthScope;
 import org.apache.hc.client5.http.auth.Credentials;
-import org.apache.hc.client5.http.auth.KerberosCredentials;
 import org.apache.hc.client5.http.auth.UsernamePasswordCredentials;
+import org.apache.hc.client5.http.auth.gss.GssCredentials;
 import org.apache.hc.client5.http.impl.async.CloseableHttpAsyncClient;
 import org.apache.hc.client5.http.impl.auth.BasicCredentialsProvider;
 import org.apache.hc.client5.http.protocol.HttpClientContext;
@@ -83,7 +83,7 @@ public HttpAsyncClientCompatibilityTest(
         this.clientResource = new HttpAsyncClientResource(versionPolicy);
         if (targetCreds != null) {
             //this.setCredentials(new AuthScope(target), targetCreds);
-            if (targetCreds instanceof KerberosCredentials) {
+            if (targetCreds instanceof GssCredentials) {
                 secretPath = "/private_spnego/big-secret.txt";
                 this.clientResource.configure(builder -> builder
                     .setTargetAuthenticationStrategy(new SpnegoAuthenticationStrategy())
@@ -94,7 +94,7 @@ public HttpAsyncClientCompatibilityTest(
             this.clientResource.configure(builder -> builder.setProxy(proxy));
             if (proxyCreds != null) {
                 this.setCredentials(new AuthScope(proxy), proxyCreds);
-                if (proxyCreds instanceof KerberosCredentials) {
+                if (proxyCreds instanceof GssCredentials) {
                     // We disable Mutual Auth, because Squid does not support it.
                     // There is no way to set separate scheme registry for target/proxy,
                     // but that's not a problem as SPNEGO cannot be proxied anyway.

httpclient5-testing/src/test/java/org/apache/hc/client5/testing/compatibility/spnego/SpnegoTestUtil.java

@@ -48,9 +48,9 @@
 
 import org.apache.hc.client5.http.SystemDefaultDnsResolver;
 import org.apache.hc.client5.http.auth.AuthSchemeFactory;
-import org.apache.hc.client5.http.auth.KerberosCredentials;
 import org.apache.hc.client5.http.auth.StandardAuthScheme;
 import org.apache.hc.client5.http.auth.gss.GssConfig;
+import org.apache.hc.client5.http.auth.gss.GssCredentials;
 import org.apache.hc.client5.http.impl.auth.BasicSchemeFactory;
 import org.apache.hc.client5.http.impl.auth.BearerSchemeFactory;
 import org.apache.hc.client5.http.impl.auth.DigestSchemeFactory;
@@ -70,11 +70,11 @@ public class SpnegoTestUtil {
     static private final SpnegoSchemeFactory NO_MUTUAL_SCHEME_FACTORY =
             new SpnegoSchemeFactory(NO_MUTUAL_KERBEROS_CONFIG, SystemDefaultDnsResolver.INSTANCE);
 
-    public static KerberosCredentials createCredentials(final Subject subject) {
-        return SecurityUtils.callAs(subject, new Callable<KerberosCredentials>() {
+    public static GssCredentials createCredentials(final Subject subject) {
+        return SecurityUtils.callAs(subject, new Callable<GssCredentials>() {
             @Override
-            public KerberosCredentials call() throws Exception {
-                return new KerberosCredentials(
+            public GssCredentials call() throws Exception {
+                return new GssCredentials(
                     GSSManager.getInstance().createCredential(GSSCredential.INITIATE_ONLY));
             }
         });

httpclient5-testing/src/test/java/org/apache/hc/client5/testing/compatibility/sync/HttpClientCompatibilityTest.java

@@ -31,8 +31,8 @@
 import org.apache.hc.client5.http.auth.AuthScope;
 import org.apache.hc.client5.http.auth.Credentials;
 import org.apache.hc.client5.http.auth.CredentialsStore;
-import org.apache.hc.client5.http.auth.KerberosCredentials;
 import org.apache.hc.client5.http.auth.UsernamePasswordCredentials;
+import org.apache.hc.client5.http.auth.gss.GssCredentials;
 import org.apache.hc.client5.http.classic.methods.HttpGet;
 import org.apache.hc.client5.http.classic.methods.HttpOptions;
 import org.apache.hc.client5.http.impl.auth.BasicCredentialsProvider;
@@ -68,7 +68,7 @@ public HttpClientCompatibilityTest(final HttpHost target, final Credentials targ
         this.clientResource = new HttpClientResource();
         if (targetCreds != null) {
             //this.setCredentials(new AuthScope(target), targetCreds);
-            if (targetCreds instanceof KerberosCredentials) {
+            if (targetCreds instanceof GssCredentials) {
                 secretPath = "/private_spnego/big-secret.txt";
                 this.clientResource.configure(builder -> builder
                     .setTargetAuthenticationStrategy(new SpnegoAuthenticationStrategy())
@@ -79,7 +79,7 @@ public HttpClientCompatibilityTest(final HttpHost target, final Credentials targ
             this.clientResource.configure(builder -> builder.setProxy(proxy));
             if (proxyCreds != null) {
                 this.setCredentials(new AuthScope(proxy), proxyCreds);
-                if (proxyCreds instanceof KerberosCredentials) {
+                if (proxyCreds instanceof GssCredentials) {
                     // We disable Mutual Auth, because Squid does not support it.
                     // There is no way to set separate scheme registry for target/proxy,
                     // but that's not a problem as SPNEGO cannot be proxied anyway.

httpclient5/src/main/java/org/apache/hc/client5/http/auth/KerberosCredentials.java

@@ -26,9 +26,7 @@
  */
 package org.apache.hc.client5.http.auth;
 
-import java.io.Serializable;
-import java.security.Principal;
-
+import org.apache.hc.client5.http.auth.gss.GssCredentials;
 import org.apache.hc.core5.annotation.Contract;
 import org.apache.hc.core5.annotation.ThreadingBehavior;
 import org.ietf.jgss.GSSCredential;
@@ -38,41 +36,24 @@
  *
  * @since 4.4
  *
+ * The original KerberosCredentials class has been renamed to
+ * org.apache.hc.client5.http.auth.gss.GssCredentials for the new Mutual capable SPNEGO Scheme.
+ * This is an identical child class with the original name to maintain backwards compatibility.
  *
- * Optionally used both by {@link org.apache.hc.client5.http.impl.auth.gss.SpnegoScheme}
- * and the old deprecated GGS based experimental authentication schemes.
- *
+ * @deprecated Do not use. The old GGS based experimental authentication schemes are no longer
+ * supported.
+ * Use org.apache.hc.client5.http.impl.auth.gss.SpnegoScheme, or consider using Basic or Bearer
+ * authentication with TLS instead.
  * @see org.apache.hc.client5.http.impl.auth.gss.SpnegoScheme
+ * @see org.apache.hc.client5.http.auth.gss.GssConfig
+ * @see org.apache.hc.client5.http.auth.gss.GssCredentials
  */
+@Deprecated
 @Contract(threading = ThreadingBehavior.IMMUTABLE)
-public class KerberosCredentials implements Credentials, Serializable {
-
-    private static final long serialVersionUID = 487421613855550713L;
+public class KerberosCredentials extends GssCredentials {
 
-    /** GSSCredential  */
-    private final GSSCredential gssCredential;
-
-    /**
-     * Constructor with GSSCredential argument
-     *
-     * @param gssCredential
-     */
     public KerberosCredentials(final GSSCredential gssCredential) {
-        this.gssCredential = gssCredential;
-    }
-
-    public GSSCredential getGSSCredential() {
-        return gssCredential;
-    }
-
-    @Override
-    public Principal getUserPrincipal() {
-        return null;
-    }
-
-    @Override
-    public char[] getPassword() {
-        return null;
+        super(gssCredential);
     }
 
 }

httpclient5/src/main/java/org/apache/hc/client5/http/auth/gss/GssCredentials.java

@@ -0,0 +1,74 @@
+/*
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation.  For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+package org.apache.hc.client5.http.auth.gss;
+
+import java.io.Serializable;
+import java.security.Principal;
+
+import org.apache.hc.client5.http.auth.Credentials;
+import org.apache.hc.core5.annotation.Contract;
+import org.apache.hc.core5.annotation.ThreadingBehavior;
+import org.ietf.jgss.GSSCredential;
+
+/**
+ * Kerberos specific {@link Credentials} representation based on {@link GSSCredential}.
+ *
+ * @since 5.5
+ *
+ */
+@Contract(threading = ThreadingBehavior.IMMUTABLE)
+public class GssCredentials implements Credentials, Serializable {
+
+    private static final long serialVersionUID = 487421613855550713L;
+
+    /** GSSCredential  */
+    private final GSSCredential gssCredential;
+
+    /**
+     * Constructor with GSSCredential argument
+     *
+     * @param gssCredential
+     */
+    public GssCredentials(final GSSCredential gssCredential) {
+        this.gssCredential = gssCredential;
+    }
+
+    public GSSCredential getGSSCredential() {
+        return gssCredential;
+    }
+
+    @Override
+    public Principal getUserPrincipal() {
+        return null;
+    }
+
+    @Override
+    public char[] getPassword() {
+        return null;
+    }
+
+}

httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/GGSSchemeBase.java

@@ -186,8 +186,8 @@ public boolean isResponseReady(
 
         final Credentials credentials = credentialsProvider.getCredentials(
                 new AuthScope(host, null, getName()), context);
-        if (credentials instanceof org.apache.hc.client5.http.auth.KerberosCredentials) {
-            this.gssCredential = ((org.apache.hc.client5.http.auth.KerberosCredentials) credentials).getGSSCredential();
+        if (credentials instanceof org.apache.hc.client5.http.auth.gss.GssCredentials) {
+            this.gssCredential = ((org.apache.hc.client5.http.auth.gss.GssCredentials) credentials).getGSSCredential();
         } else {
             this.gssCredential = null;
         }

httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/gss/GssSchemeBase.java

@@ -313,9 +313,9 @@ protected void setGssCredential(final CredentialsProvider credentialsProvider,
         }
         final Credentials credentials =
                 credentialsProvider.getCredentials(new AuthScope(host, null, getName()), context);
-        if (credentials instanceof org.apache.hc.client5.http.auth.KerberosCredentials) {
+        if (credentials instanceof org.apache.hc.client5.http.auth.gss.GssCredentials) {
             this.gssCredential =
-                    ((org.apache.hc.client5.http.auth.KerberosCredentials) credentials)
+                    ((org.apache.hc.client5.http.auth.gss.GssCredentials) credentials)
                             .getGSSCredential();
         } else {
             this.gssCredential = null;