From f492a000e7ed67691d73b106806f4aeb471c2cde Mon Sep 17 00:00:00 2001
From: Oleg Kalnichevski <olegk@apache.org>
Date: Thu, 20 Dec 2012 13:04:50 +0000
Subject: [PATCH] Kerberos and SPNego auth schemes use incorrect authorization
 header name when authenticating with a proxy

git-svn-id: https://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk@1424447 13f79535-47bb-0310-9956-ffa450edef68
---
 RELEASE_NOTES.txt                                   |  4 ++++
 .../org/apache/http/impl/auth/GGSSchemeBase.java    | 13 +++++++++++--
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/RELEASE_NOTES.txt b/RELEASE_NOTES.txt
index fe49c72ed..d4e5216c3 100644
--- a/RELEASE_NOTES.txt
+++ b/RELEASE_NOTES.txt
@@ -1,6 +1,10 @@
 Changes in trunk
 -------------------
 
+* Kerberos and SPNego auth schemes use incorrect authorization header name when authenticating
+  with a proxy.
+  Contributed by Oleg Kalnichevski <olegk at apache.org>
+
 * [HTTPCLIENT-1283] NTLM needs to use Locale-independent form of
   toUpperCase().
   Contributed by Karl Wright <DaddyWri at gmail.com>  
diff --git a/httpclient/src/main/java/org/apache/http/impl/auth/GGSSchemeBase.java b/httpclient/src/main/java/org/apache/http/impl/auth/GGSSchemeBase.java
index a6f8974b2..4dda612a1 100644
--- a/httpclient/src/main/java/org/apache/http/impl/auth/GGSSchemeBase.java
+++ b/httpclient/src/main/java/org/apache/http/impl/auth/GGSSchemeBase.java
@@ -31,6 +31,7 @@ import org.apache.commons.logging.LogFactory;
 import org.apache.http.Header;
 import org.apache.http.HttpHost;
 import org.apache.http.HttpRequest;
+import org.apache.http.auth.AUTH;
 import org.apache.http.auth.AuthenticationException;
 import org.apache.http.auth.ContextAwareAuthScheme;
 import org.apache.http.auth.Credentials;
@@ -38,7 +39,7 @@ import org.apache.http.auth.InvalidCredentialsException;
 import org.apache.http.auth.MalformedChallengeException;
 import org.apache.http.client.protocol.ClientContext;
 import org.apache.http.conn.routing.HttpRoute;
-import org.apache.http.message.BasicHeader;
+import org.apache.http.message.BufferedHeader;
 import org.apache.http.protocol.HttpContext;
 import org.apache.http.util.Args;
 import org.apache.http.util.CharArrayBuffer;
@@ -175,7 +176,15 @@ public abstract class GGSSchemeBase extends AuthSchemeBase {
             if (log.isDebugEnabled()) {
                 log.debug("Sending response '" + tokenstr + "' back to the auth server");
             }
-            return new BasicHeader("Authorization", "Negotiate " + tokenstr);
+            CharArrayBuffer buffer = new CharArrayBuffer(32);
+            if (isProxy()) {
+                buffer.append(AUTH.PROXY_AUTH_RESP);
+            } else {
+                buffer.append(AUTH.WWW_AUTH_RESP);
+            }
+            buffer.append(": Negotiate ");
+            buffer.append(tokenstr);
+            return new BufferedHeader(buffer);
         default:
             throw new IllegalStateException("Illegal state: " + state);
         }