From a0184188c1a7651e4fdd8d4bd899506be0927e30 Mon Sep 17 00:00:00 2001
From: Carey Lin <careylin1111@gmail.com>
Date: Sat, 20 Feb 2021 10:57:20 -0500
Subject: [PATCH] Fix the issues causing Kerberos/SPNego to fail

1. At the beginning of the negotiate, no token is defined in "WWW-Authenticate: Negotiate".
2. Kerberos expects HTTP.
---
 .../hc/client5/http/impl/auth/GGSSchemeBase.java   | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/GGSSchemeBase.java b/httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/GGSSchemeBase.java
index a8e9dd2c9..86e40a626 100644
--- a/httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/GGSSchemeBase.java
+++ b/httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/GGSSchemeBase.java
@@ -28,7 +28,6 @@ package org.apache.hc.client5.http.impl.auth;
 
 import java.net.UnknownHostException;
 import java.security.Principal;
-import java.util.Locale;
 
 import org.apache.commons.codec.binary.Base64;
 import org.apache.hc.client5.http.DnsResolver;
@@ -73,7 +72,8 @@ public abstract class GGSSchemeBase implements AuthScheme {
     }
 
     private static final Logger LOG = LoggerFactory.getLogger(GGSSchemeBase.class);
-
+    private static final String NO_TOKEN = "";
+    private static final String KERBEROS_SCHEME = "HTTP";
     private final KerberosConfig config;
     private final DnsResolver dnsResolver;
 
@@ -108,10 +108,9 @@ public abstract class GGSSchemeBase implements AuthScheme {
             final AuthChallenge authChallenge,
             final HttpContext context) throws MalformedChallengeException {
         Args.notNull(authChallenge, "AuthChallenge");
-        if (authChallenge.getValue() == null) {
-            throw new MalformedChallengeException("Missing auth challenge");
-        }
-        this.challenge = authChallenge.getValue();
+
+        this.challenge = authChallenge.getValue() != null ? authChallenge.getValue() : NO_TOKEN;
+
         if (state == State.UNINITIATED) {
             token = Base64.decodeBase64(challenge.getBytes());
             state = State.CHALLENGE_RECEIVED;
@@ -222,14 +221,13 @@ public abstract class GGSSchemeBase implements AuthScheme {
                 } else {
                     authServer = hostname + ":" + host.getPort();
                 }
-                final String serviceName = host.getSchemeName().toUpperCase(Locale.ROOT);
 
                 if (LOG.isDebugEnabled()) {
                     final HttpClientContext clientContext = HttpClientContext.adapt(context);
                     final String exchangeId = clientContext.getExchangeId();
                     LOG.debug("{} init {}", exchangeId, authServer);
                 }
-                token = generateToken(token, serviceName, authServer);
+                token = generateToken(token, KERBEROS_SCHEME, authServer);
                 state = State.TOKEN_GENERATED;
             } catch (final GSSException gsse) {
                 state = State.FAILED;