From da589ff03a19d559407a2bcc4eae33dc4c6234e5 Mon Sep 17 00:00:00 2001
From: Oleg Kalnichevski <olegk@apache.org>
Date: Fri, 3 Jun 2016 19:19:39 +0000
Subject: [PATCH] HTTPCLIENT-1736: do not request cred delegation by default
 when using Kerberos auth

git-svn-id: https://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk@1746746 13f79535-47bb-0310-9956-ffa450edef68
---
 .../client5/http/impl/auth/GGSSchemeBase.java | 28 +++++++++++++------
 1 file changed, 19 insertions(+), 9 deletions(-)

diff --git a/httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/GGSSchemeBase.java b/httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/GGSSchemeBase.java
index 8ae7ef0ef..07bcd0de3 100644
--- a/httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/GGSSchemeBase.java
+++ b/httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/GGSSchemeBase.java
@@ -132,20 +132,30 @@ public abstract class GGSSchemeBase implements AuthScheme {
      */
     protected byte[] generateGSSToken(
             final byte[] input, final Oid oid, final String serviceName, final String authServer) throws GSSException {
-        byte[] inputBuff = input;
-        if (inputBuff == null) {
-            inputBuff = new byte[0];
-        }
         final GSSManager manager = getManager();
         final GSSName serverName = manager.createName(serviceName + "@" + authServer, GSSName.NT_HOSTBASED_SERVICE);
 
-        final GSSContext gssContext = manager.createContext(
-                serverName.canonicalize(oid), oid, gssCredential, GSSContext.DEFAULT_LIFETIME);
-        gssContext.requestMutualAuth(true);
-        gssContext.requestCredDeleg(true);
-        return gssContext.initSecContext(inputBuff, 0, inputBuff.length);
+        final GSSContext gssContext = createGSSContext(manager, oid, serverName, gssCredential);
+        if (input != null) {
+            return gssContext.initSecContext(input, 0, input.length);
+        } else {
+            return gssContext.initSecContext(new byte[] {}, 0, 0);
+        }
     }
 
+    /**
+     * @since 5.0
+     */
+    protected GSSContext createGSSContext(
+            final GSSManager manager,
+            final Oid oid,
+            final GSSName serverName,
+            final GSSCredential gssCredential) throws GSSException {
+        final GSSContext gssContext = manager.createContext(serverName.canonicalize(oid), oid, gssCredential,
+                GSSContext.DEFAULT_LIFETIME);
+        gssContext.requestMutualAuth(true);
+        return gssContext;
+    }
     /**
      * @since 4.4
      */