michael@0: /*
michael@0:  * ====================================================================
michael@0:  *
michael@0:  *  Licensed to the Apache Software Foundation (ASF) under one or more
michael@0:  *  contributor license agreements.  See the NOTICE file distributed with
michael@0:  *  this work for additional information regarding copyright ownership.
michael@0:  *  The ASF licenses this file to You under the Apache License, Version 2.0
michael@0:  *  (the "License"); you may not use this file except in compliance with
michael@0:  *  the License.  You may obtain a copy of the License at
michael@0:  *
michael@0:  *      http://www.apache.org/licenses/LICENSE-2.0
michael@0:  *
michael@0:  *  Unless required by applicable law or agreed to in writing, software
michael@0:  *  distributed under the License is distributed on an "AS IS" BASIS,
michael@0:  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
michael@0:  *  See the License for the specific language governing permissions and
michael@0:  *  limitations under the License.
michael@0:  * ====================================================================
michael@0:  *
michael@0:  * This software consists of voluntary contributions made by many
michael@0:  * individuals on behalf of the Apache Software Foundation.  For more
michael@0:  * information on the Apache Software Foundation, please see
michael@0:  * <http://www.apache.org/>.
michael@0:  *
michael@0:  */
michael@0: 
michael@0: package ch.boye.httpclientandroidlib.impl.client;
michael@0: 
michael@0: import java.security.Principal;
michael@0: 
michael@0: import javax.net.ssl.SSLSession;
michael@0: 
michael@0: import ch.boye.httpclientandroidlib.annotation.Immutable;
michael@0: 
michael@0: import ch.boye.httpclientandroidlib.auth.AuthScheme;
michael@0: import ch.boye.httpclientandroidlib.auth.AuthState;
michael@0: import ch.boye.httpclientandroidlib.auth.Credentials;
michael@0: import ch.boye.httpclientandroidlib.client.UserTokenHandler;
michael@0: import ch.boye.httpclientandroidlib.client.protocol.ClientContext;
michael@0: import ch.boye.httpclientandroidlib.conn.HttpRoutedConnection;
michael@0: import ch.boye.httpclientandroidlib.protocol.ExecutionContext;
michael@0: import ch.boye.httpclientandroidlib.protocol.HttpContext;
michael@0: 
michael@0: /**
michael@0:  * Default implementation of {@link UserTokenHandler}. This class will use
michael@0:  * an instance of {@link Principal} as a state object for HTTP connections,
michael@0:  * if it can be obtained from the given execution context. This helps ensure
michael@0:  * persistent connections created with a particular user identity within
michael@0:  * a particular security context can be reused by the same user only.
michael@0:  * <p>
michael@0:  * DefaultUserTokenHandler will use the user principle of connection
michael@0:  * based authentication schemes such as NTLM or that of the SSL session
michael@0:  * with the client authentication turned on. If both are unavailable,
michael@0:  * <code>null</code> token will be returned.
michael@0:  *
michael@0:  * @since 4.0
michael@0:  */
michael@0: @Immutable
michael@0: public class DefaultUserTokenHandler implements UserTokenHandler {
michael@0: 
michael@0:     public Object getUserToken(final HttpContext context) {
michael@0: 
michael@0:         Principal userPrincipal = null;
michael@0: 
michael@0:         AuthState targetAuthState = (AuthState) context.getAttribute(
michael@0:                 ClientContext.TARGET_AUTH_STATE);
michael@0:         if (targetAuthState != null) {
michael@0:             userPrincipal = getAuthPrincipal(targetAuthState);
michael@0:             if (userPrincipal == null) {
michael@0:                 AuthState proxyAuthState = (AuthState) context.getAttribute(
michael@0:                         ClientContext.PROXY_AUTH_STATE);
michael@0:                 userPrincipal = getAuthPrincipal(proxyAuthState);
michael@0:             }
michael@0:         }
michael@0: 
michael@0:         if (userPrincipal == null) {
michael@0:             HttpRoutedConnection conn = (HttpRoutedConnection) context.getAttribute(
michael@0:                     ExecutionContext.HTTP_CONNECTION);
michael@0:             if (conn.isOpen()) {
michael@0:                 SSLSession sslsession = conn.getSSLSession();
michael@0:                 if (sslsession != null) {
michael@0:                     userPrincipal = sslsession.getLocalPrincipal();
michael@0:                 }
michael@0:             }
michael@0:         }
michael@0: 
michael@0:         return userPrincipal;
michael@0:     }
michael@0: 
michael@0:     private static Principal getAuthPrincipal(final AuthState authState) {
michael@0:         AuthScheme scheme = authState.getAuthScheme();
michael@0:         if (scheme != null && scheme.isComplete() && scheme.isConnectionBased()) {
michael@0:             Credentials creds = authState.getCredentials();
michael@0:             if (creds != null) {
michael@0:                 return creds.getUserPrincipal();
michael@0:             }
michael@0:         }
michael@0:         return null;
michael@0:     }
michael@0: 
michael@0: }