示例#1
0
 def setUp(self):        # noqa
     self.client = MockClientWrapper(self.run_manager, max_connections=3)
     self.client.httpUserAgent = None
示例#2
0
class HTTP2617Tests(unittest.TestCase):

    def setUp(self):        # noqa
        self.client = MockClientWrapper(self.run_manager, max_connections=3)
        self.client.httpUserAgent = None

    def tearDown(self):     # noqa
        self.client.close()

    def run_domain1(self, sock):
        while True:
            req = sock.recv_request()
            if req is None:
                break
            if req.method == "GET":
                # check the authorization header
                credentials = req.get_authorization()
                if (isinstance(credentials, BasicCredentials) and
                        credentials.userid == "user" and
                        credentials.password == "Password"):
                    response = messages.Response(req, entity_body=TEST_STRING)
                    response.set_status(200, "You got it!")
                else:
                    challenge = BasicChallenge(('realm', "RFC2617", True))
                    response = messages.Response(req)
                    response.set_status(401, "Who are you?")
                    # response.set_content_length(0)
                    response.set_www_authenticate([challenge])
            else:
                response = messages.Response(req)
                response.set_status(400, "Test failed for domain1")
            sock.send_response(response)

    def run_domain2(self, sock):
        while True:
            req = sock.recv_request()
            if req is None:
                break
            if req.method in ("HEAD", "GET"):
                response = messages.Response(req, entity_body=None)
                response.set_status(301, "Moved")
                response.set_location("http://www.domain1.com/")
            else:
                response = messages.Response(req)
                response.set_status(400, "Test failed for domain2")
            sock.send_response(response)

    def run_manager(self, host, port, sock):
        # read some data from sock, and post a response
        if host == "www.domain1.com" and port == 80:
            self.run_domain1(sock)
        elif host == "www.domain2.com" and port == 80:
            self.run_domain2(sock)
        else:
            # connection error
            raise ValueError("run_manager: bad host in connect")

    def test_basic_challenge(self):
        c = BasicChallenge()
        self.assertTrue(c.scheme == "Basic", "Challenge scheme: %s" % c.scheme)
        self.assertTrue(c.protectionSpace is None,
                        "Challenge protection space: %s" % c.protectionSpace)
        self.assertTrue(c["realm"] == b"Default",
                        "Initial challenge realm: %s" % c["realm"])
        c = BasicChallenge.from_str('Basic realm="Firewall"')
        self.assertTrue(
            c["realm"] == b"Firewall", "Parsed realm: %s" % c["realm"])
        self.assertTrue(str(c) == 'Basic realm="Firewall"',
                        "Format challenge: %s" % repr(str(c)))

    def test_basic_credentials(self):
        c = BasicCredentials()
        self.assertTrue(
            c.scheme == "Basic", "Credential scheme: %s" % c.scheme)
        self.assertTrue(c.protectionSpace is None,
                        "Initial credential protected space: %s" %
                        c.protectionSpace)
        self.assertTrue(
            c.realm is None, "Initial credential realm: %s" % c.realm)
        c.set_basic_credentials('dXNlcjpQYXNzd29yZA==')
        self.assertTrue(c.userid == "user", "User name: %s" % c.userid)
        self.assertTrue(c.password == "Password", "Password: %s" % c.userid)
        self.assertTrue(
            str(c) == 'Basic dXNlcjpQYXNzd29yZA==', "Format credentials")

    def test_basicpaths(self):
        c = BasicCredentials()
        self.assertTrue(len(c.path_prefixes) == 0, "No prefixes initially")
        c.add_success_path("/website/private/document")
        self.assertTrue(len(c.path_prefixes) == 1, "One path")
        self.assertTrue(c.test_path("/website/private/document"),
                        "Simple match")
        self.assertTrue(c.test_path("/website/private/undocument"),
                        "Match at same depth")
        self.assertTrue(c.test_path("/website/private/"),
                        "Simple match to directory at same depth")
        self.assertFalse(c.test_path("/website/private"),
                         "Simple match doesn't extend to parent")
        c.add_success_path("/website/private2/document2")
        self.assertTrue(len(c.path_prefixes) == 2, "Two paths, no common root")
        self.assertTrue(
            c.test_path("/website/private/document"), "Simple match")
        self.assertTrue(
            c.test_path("/website/private2/document2"), "Simple match")
        self.assertFalse(c.test_path("/website/private2"),
                         "Simple match doesn't apply to parent")
        c.add_success_path("/internal/~user/secrets")
        self.assertTrue(
            len(c.path_prefixes) == 3, "Three paths, no common root")
        c.add_success_path("/website/private")
        self.assertTrue(
            len(c.path_prefixes) == 2, "Reduced to two paths with common root")
        self.assertTrue(
            c.test_path("/website/private/document"), "Simple match")
        self.assertTrue(
            c.test_path("/website/private2/document2"), "Simple match")
        self.assertFalse(c.test_path("/website"),
                         "Simple match doesn't apply to parent "
                         "(without redirect)")
        c.add_success_path("/website")
        self.assertTrue(len(c.path_prefixes) == 1,
                        "Reduced to one path with common root (no slash)")
        self.assertTrue(
            c.test_path("/website/private/document"), "Simple match")
        self.assertTrue(
            c.test_path("/website/private2/document2"), "Simple match")
        self.assertTrue(c.test_path("/website/"), "Simple match with slash")
        self.assertTrue(c.test_path("/website"), "Simple match without slash")
        self.assertFalse(
            c.test_path(""), "Degenerate case, empty path")

    def test_401(self):
        request1 = client.ClientRequest("http://www.domain1.com/")
        self.client.queue_request(request1)
        # thread_loop will process the queue until it blocks for more
        # than the timeout (default, 60s)
        self.client.thread_loop()
        response1 = request1.response
        self.assertTrue(response1.status == 401,
                        "Status in response1: %i" % response1.status)
        self.assertTrue(response1.reason == "Who are you?",
                        "Reason in response1: %s" % response1.reason)
        self.assertTrue(request1.res_body == b'',
                        "Data in response1: %s" % request1.res_body)
        challenges = response1.get_www_authenticate()
        self.assertTrue(len(challenges) == 1 and isinstance(
            challenges[0], BasicChallenge), "Challenge")
        c = BasicCredentials()
        c.protectionSpace = "http://www.domain1.com"
        c.realm = None		# should match all realms!
        c.userid = 'user'
        c.password = '******'
        self.client.add_credentials(c)
        request2 = client.ClientRequest("http://www.domain1.com/")
        self.client.queue_request(request2)
        self.client.thread_loop()
        response2 = request2.response
        self.assertTrue(str(response2.protocol) == "HTTP/1.1",
                        "Protocol in response1: %s" % response1.protocol)
        self.assertTrue(response2.status == 200,
                        "Status in response1: %i" % response1.status)
        self.assertTrue(response2.reason == "You got it!",
                        "Reason in response1: %s" % response1.reason)
        self.assertTrue(request2.res_body == TEST_STRING,
                        "Data in response1: %s" % request1.res_body)
示例#3
0
 def setUp(self):  # noqa
     self.client = MockClientWrapper(self.run_manager, max_connections=3)
     self.client.httpUserAgent = None
     self.ntlm_state = 1
示例#4
0
class NTLMTests(unittest.TestCase):
    def setUp(self):  # noqa
        self.client = MockClientWrapper(self.run_manager, max_connections=3)
        self.client.httpUserAgent = None
        self.ntlm_state = 1

    def tearDown(self):  # noqa
        self.client.close()

    def run_domain1(self, sock):
        while True:
            req = sock.recv_request()
            if req is None:
                break
            if req.method == "GET":
                # check the authorization header
                logging.debug("Received headers: %s", repr(req.headers))
                credentials = req.get_authorization()
                logging.debug("Parsed Authorization: %s", str(credentials))
                if (isinstance(credentials, NTLMParsedCredentials)):
                    if credentials.msg[8] == byte(1) and self.ntlm_state == 1:
                        # negotiate message
                        data = mock_challenge()
                        challenge = NTLMChallenge(base64.b64encode(data))
                        response = messages.Response(req)
                        response.set_status(401, "Who are you?")
                        # response.set_content_length(0)
                        response.set_www_authenticate([challenge])
                        self.ntlm_state = 3
                    elif credentials.msg[8] == byte(3) and \
                            self.ntlm_state == 3:
                        # authenticate message
                        response = messages.Response(req,
                                                     entity_body=TEST_STRING)
                        response.set_status(200, "You got it!")
                        self.ntlm_state = 0
                    else:
                        response.set_status(403, "Who are you?")
                        # response.set_content_length(0)
                        self.ntlm_state = 0
                else:
                    challenge = NTLMChallenge()
                    response = messages.Response(req)
                    response.set_status(401, "Who are you?")
                    # response.set_content_length(0)
                    response.set_www_authenticate([challenge])
                    self.ntlm_state = 1
            else:
                response = messages.Response(req)
                response.set_status(400, "Test failed for domain1")
                self.ntlm_state = 1
            sock.send_response(response)

    def run_domain2(self, sock):
        negotiate = NegotiateChallenge()
        while True:
            req = sock.recv_request()
            if req is None:
                break
            if req.method == "GET":
                # check the authorization header
                logging.debug("Received headers: %s", repr(req.headers))
                credentials = req.get_authorization()
                logging.debug("Parsed Authorization: %s", str(credentials))
                if (isinstance(credentials, NTLMParsedCredentials)):
                    if credentials.msg[8] == byte(1) and self.ntlm_state == 1:
                        # negotiate message
                        data = mock_challenge()
                        challenge = NTLMChallenge(base64.b64encode(data))
                        response = messages.Response(req)
                        response.set_status(401, "Who are you?")
                        # response.set_content_length(0)
                        response.set_www_authenticate([negotiate, challenge])
                        self.ntlm_state = 3
                    elif credentials.msg[8] == byte(3) and \
                            self.ntlm_state == 3:
                        # authenticate message
                        response = messages.Response(req,
                                                     entity_body=TEST_STRING)
                        response.set_status(200, "You got it!")
                        self.ntlm_state = 0
                    else:
                        response.set_status(403, "Who are you?")
                        # response.set_content_length(0)
                        self.ntlm_state = 0
                else:
                    challenge = NTLMChallenge()
                    response = messages.Response(req)
                    response.set_status(401, "Who are you?")
                    # response.set_content_length(0)
                    response.set_www_authenticate([negotiate, challenge])
                    self.ntlm_state = 1
            else:
                response = messages.Response(req)
                response.set_status(400, "Test failed for domain1")
                self.ntlm_state = 1
            sock.send_response(response)

    def run_manager(self, host, port, sock):
        # read some data from sock, and post a response
        if host == "www.domain1.com" and port == 80:
            self.run_domain1(sock)
        elif host == "www.domain2.com" and port == 80:
            self.run_domain2(sock)
        else:
            # connection error
            raise ValueError("run_manager: bad host in connect")

    def test_ntlm_session(self):
        request1 = client.ClientRequest("http://www.domain1.com/")
        self.client.queue_request(request1)
        # thread_loop will process the queue until it blocks for more
        # than the timeout (default, 60s)
        self.client.thread_loop()
        response1 = request1.response
        self.assertTrue(response1.status == 401,
                        "Status in response1: %i" % response1.status)
        challenges = response1.get_www_authenticate()
        self.assertTrue(
            len(challenges) == 1 and isinstance(challenges[0], NTLMChallenge),
            "Challenge")
        c = NTLMCredentials()
        c.set_ntlm_credentials('mydomain\\user', 'Password')
        c.protectionSpace = "http://www.domain1.com"
        self.client.add_credentials(c)
        request2 = client.ClientRequest("http://www.domain1.com/")
        self.client.queue_request(request2)
        self.client.thread_loop()
        response2 = request2.response
        self.assertTrue(
            str(response2.protocol) == "HTTP/1.1",
            "Protocol in response1: %s" % response1.protocol)
        self.assertTrue(response2.status == 200,
                        "Status in response1: %i" % response1.status)
        self.assertTrue(response2.reason == "You got it!",
                        "Reason in response1: %s" % response1.reason)
        self.assertTrue(request2.res_body == TEST_STRING,
                        "Data in response1: %s" % request1.res_body)

    def test_ntlm_negotiate(self):
        request1 = client.ClientRequest("http://www.domain2.com/")
        self.client.queue_request(request1)
        # thread_loop will process the queue until it blocks for more
        # than the timeout (default, 60s)
        self.client.thread_loop()
        response1 = request1.response
        self.assertTrue(response1.status == 401,
                        "Status in response1: %i" % response1.status)
        challenges = response1.get_www_authenticate()
        self.assertTrue(len(challenges) == 2)
        c = NTLMCredentials()
        c.set_ntlm_credentials('mydomain\\user', 'Password')
        c.protectionSpace = "http://www.domain2.com"
        self.client.add_credentials(c)
        request2 = client.ClientRequest("http://www.domain2.com/")
        self.client.queue_request(request2)
        self.client.thread_loop()
        response2 = request2.response
        self.assertTrue(
            str(response2.protocol) == "HTTP/1.1",
            "Protocol in response1: %s" % response1.protocol)
        self.assertTrue(response2.status == 200,
                        "Status in response1: %i" % response1.status)
        self.assertTrue(response2.reason == "You got it!",
                        "Reason in response1: %s" % response1.reason)
        self.assertTrue(request2.res_body == TEST_STRING,
                        "Data in response1: %s" % request1.res_body)
示例#5
0
class HTTP2617Tests(unittest.TestCase):
    def setUp(self):  # noqa
        self.client = MockClientWrapper(self.run_manager, max_connections=3)
        self.client.httpUserAgent = None

    def tearDown(self):  # noqa
        self.client.close()

    def run_domain1(self, sock):
        while True:
            req = sock.recv_request()
            if req is None:
                break
            if req.method == "GET":
                # check the authorization header
                credentials = req.get_authorization()
                if (isinstance(credentials, BasicCredentials)
                        and credentials.userid == "user"
                        and credentials.password == "Password"):
                    response = messages.Response(req, entity_body=TEST_STRING)
                    response.set_status(200, "You got it!")
                else:
                    challenge = BasicChallenge(('realm', b"RFC2617", True))
                    response = messages.Response(req)
                    response.set_status(401, "Who are you?")
                    # response.set_content_length(0)
                    response.set_www_authenticate([challenge])
            else:
                response = messages.Response(req)
                response.set_status(400, "Test failed for domain1")
            sock.send_response(response)

    def run_domain2(self, sock):
        while True:
            req = sock.recv_request()
            if req is None:
                break
            if req.method in ("HEAD", "GET"):
                response = messages.Response(req, entity_body=None)
                response.set_status(301, "Moved")
                response.set_location("http://www.domain1.com/")
            else:
                response = messages.Response(req)
                response.set_status(400, "Test failed for domain2")
            sock.send_response(response)

    def run_manager(self, host, port, sock):
        # read some data from sock, and post a response
        if host == "www.domain1.com" and port == 80:
            self.run_domain1(sock)
        elif host == "www.domain2.com" and port == 80:
            self.run_domain2(sock)
        else:
            # connection error
            raise ValueError("run_manager: bad host in connect")

    def test_basic_challenge(self):
        c = BasicChallenge()
        self.assertTrue(c.scheme == "Basic", "Challenge scheme: %s" % c.scheme)
        self.assertTrue(c.protectionSpace is None,
                        "Challenge protection space: %s" % c.protectionSpace)
        self.assertTrue(c["realm"] == b"Default",
                        "Initial challenge realm: %s" % c["realm"])
        c = BasicChallenge.from_str('Basic realm="Firewall"')
        self.assertTrue(c["realm"] == b"Firewall",
                        "Parsed realm: %s" % c["realm"])
        self.assertTrue(
            str(c) == 'Basic realm="Firewall"',
            "Format challenge: %s" % repr(str(c)))

    def test_basic_credentials(self):
        c = BasicCredentials()
        self.assertTrue(c.scheme == "Basic",
                        "Credential scheme: %s" % c.scheme)
        self.assertTrue(
            c.protectionSpace is None,
            "Initial credential protected space: %s" % c.protectionSpace)
        self.assertTrue(c.realm is None,
                        "Initial credential realm: %s" % c.realm)
        c.set_basic_credentials('dXNlcjpQYXNzd29yZA==')
        self.assertTrue(c.userid == "user", "User name: %s" % c.userid)
        self.assertTrue(c.password == "Password", "Password: %s" % c.userid)
        self.assertTrue(
            str(c) == 'Basic dXNlcjpQYXNzd29yZA==', "Format credentials")

    def test_basic_session(self):
        challenge_a = BasicChallenge(("realm", b"TestRealmA", True))
        challenge_b = BasicChallenge(("realm", b"TestRealmB", True))
        challenge_unknown = Challenge("Unknown")
        c = BasicCredentials()
        # any realm
        c.user = "******"
        c.password = "******"
        self.assertTrue(c.base is None)
        # trade base credentials for new credentials (pre-emptive)
        c1 = c.get_response()
        self.assertTrue(c1 is not c)
        self.assertTrue(c1.base is c)
        # still applies to any realm
        self.assertTrue(c1.realm is None)
        self.assertTrue(str(c1) == str(c))
        # no further challenge returns the same credentials
        c2 = c1.get_response()
        self.assertTrue(c2 is c1)
        self.assertTrue(c1.base is c)
        self.assertTrue(c1.realm is None)
        self.assertTrue(str(c1) == str(c))
        # any further challenge means credentials are rejected
        self.assertTrue(c1.get_response(challenge_a) is None)
        self.assertTrue(c1.get_response(challenge_unknown) is None)
        # trade base credentials for new credentials in response to A
        c1 = c.get_response(challenge_a)
        self.assertTrue(c1 is not c)
        self.assertTrue(c1.base is c)
        # now applies specifically to the realm of the challenge
        self.assertTrue(c1.realm == b"TestRealmA", repr(c1.realm))
        self.assertTrue(str(c1) == str(c))
        # no further challenge returns the same credentials
        c2 = c1.get_response()
        self.assertTrue(c2 is c1)
        self.assertTrue(c1.base is c)
        self.assertTrue(c1.realm == b"TestRealmA")
        self.assertTrue(str(c1) == str(c))
        # any further challenge means credentials are rejected
        self.assertTrue(c1.get_response(challenge_a) is None)
        self.assertTrue(c1.get_response(challenge_b) is None)
        self.assertTrue(c1.get_response(challenge_unknown) is None)
        # trade in response to mismatched scheme
        self.assertTrue(c.get_response(challenge_unknown) is None)
        # now upgrade our base credentials to be realm-specific
        c.realm = b"TestRealmA"
        # trade pre-emptively
        c1 = c.get_response()
        self.assertTrue(c1 is not c)
        self.assertTrue(c1.base is c)
        self.assertTrue(c1.realm == b"TestRealmA")
        self.assertTrue(str(c1) == str(c))
        # trade in response to A
        c1 = c.get_response(challenge_a)
        self.assertTrue(c1 is not c)
        self.assertTrue(c1.base is c)
        self.assertTrue(c1.realm == b"TestRealmA")
        self.assertTrue(str(c1) == str(c))
        # trade in response to mismatched realm
        self.assertTrue(c.get_response(challenge_b) is None)
        # trade in response to mismatched scheme
        self.assertTrue(c.get_response(challenge_unknown) is None)

    def test_basicpaths(self):
        c = BasicCredentials()
        self.assertTrue(len(c.path_prefixes) == 0, "No prefixes initially")
        c.add_success_path("/website/private/document")
        self.assertTrue(len(c.path_prefixes) == 1, "One path")
        self.assertTrue(c.test_path("/website/private/document"),
                        "Simple match")
        self.assertTrue(c.test_path("/website/private/undocument"),
                        "Match at same depth")
        self.assertTrue(c.test_path("/website/private/"),
                        "Simple match to directory at same depth")
        self.assertFalse(c.test_path("/website/private"),
                         "Simple match doesn't extend to parent")
        c.add_success_path("/website/private2/document2")
        self.assertTrue(len(c.path_prefixes) == 2, "Two paths, no common root")
        self.assertTrue(c.test_path("/website/private/document"),
                        "Simple match")
        self.assertTrue(c.test_path("/website/private2/document2"),
                        "Simple match")
        self.assertFalse(c.test_path("/website/private2"),
                         "Simple match doesn't apply to parent")
        c.add_success_path("/internal/~user/secrets")
        self.assertTrue(
            len(c.path_prefixes) == 3, "Three paths, no common root")
        c.add_success_path("/website/private")
        self.assertTrue(
            len(c.path_prefixes) == 2, "Reduced to two paths with common root")
        self.assertTrue(c.test_path("/website/private/document"),
                        "Simple match")
        self.assertTrue(c.test_path("/website/private2/document2"),
                        "Simple match")
        self.assertFalse(
            c.test_path("/website"), "Simple match doesn't apply to parent "
            "(without redirect)")
        c.add_success_path("/website")
        self.assertTrue(
            len(c.path_prefixes) == 1,
            "Reduced to one path with common root (no slash)")
        self.assertTrue(c.test_path("/website/private/document"),
                        "Simple match")
        self.assertTrue(c.test_path("/website/private2/document2"),
                        "Simple match")
        self.assertTrue(c.test_path("/website/"), "Simple match with slash")
        self.assertTrue(c.test_path("/website"), "Simple match without slash")
        self.assertFalse(c.test_path(""), "Degenerate case, empty path")

    def test_401(self):
        request1 = client.ClientRequest("http://www.domain1.com/")
        self.client.queue_request(request1)
        # thread_loop will process the queue until it blocks for more
        # than the timeout (default, 60s)
        self.client.thread_loop()
        response1 = request1.response
        self.assertTrue(response1.status == 401,
                        "Status in response1: %i" % response1.status)
        self.assertTrue(response1.reason == "Who are you?",
                        "Reason in response1: %s" % response1.reason)
        self.assertTrue(request1.res_body == b'',
                        "Data in response1: %s" % request1.res_body)
        challenges = response1.get_www_authenticate()
        self.assertTrue(
            len(challenges) == 1 and isinstance(challenges[0], BasicChallenge),
            "Challenge")
        c = BasicCredentials()
        c.protectionSpace = "http://www.domain1.com"
        c.realm = None  # should match all realms!
        c.userid = 'user'
        c.password = '******'
        self.client.add_credentials(c)
        request2 = client.ClientRequest("http://www.domain1.com/")
        self.client.queue_request(request2)
        self.client.thread_loop()
        response2 = request2.response
        self.assertTrue(
            str(response2.protocol) == "HTTP/1.1",
            "Protocol in response1: %s" % response1.protocol)
        self.assertTrue(response2.status == 200,
                        "Status in response1: %i" % response1.status)
        self.assertTrue(response2.reason == "You got it!",
                        "Reason in response1: %s" % response1.reason)
        self.assertTrue(request2.res_body == TEST_STRING,
                        "Data in response1: %s" % request1.res_body)
示例#6
0
文件: test_ntlm.py 项目: swl10/pyslet
class NTLMTests(unittest.TestCase):

    def setUp(self):        # noqa
        self.client = MockClientWrapper(self.run_manager, max_connections=3)
        self.client.httpUserAgent = None
        self.ntlm_state = 1

    def tearDown(self):     # noqa
        self.client.close()

    def run_domain1(self, sock):
        while True:
            req = sock.recv_request()
            if req is None:
                break
            if req.method == "GET":
                # check the authorization header
                logging.debug("Received headers: %s", repr(req.headers))
                credentials = req.get_authorization()
                logging.debug("Parsed Authorization: %s", str(credentials))
                if (isinstance(credentials, NTLMParsedCredentials)):
                    if credentials.msg[8] == byte(1) and self.ntlm_state == 1:
                        # negotiate message
                        data = mock_challenge()
                        challenge = NTLMChallenge(base64.b64encode(data))
                        response = messages.Response(req)
                        response.set_status(401, "Who are you?")
                        # response.set_content_length(0)
                        response.set_www_authenticate([challenge])
                        self.ntlm_state = 3
                    elif credentials.msg[8] == byte(3) and \
                            self.ntlm_state == 3:
                        # authenticate message
                        response = messages.Response(
                            req, entity_body=TEST_STRING)
                        response.set_status(200, "You got it!")
                        self.ntlm_state = 0
                    else:
                        response.set_status(403, "Who are you?")
                        # response.set_content_length(0)
                        self.ntlm_state = 0
                else:
                    challenge = NTLMChallenge()
                    response = messages.Response(req)
                    response.set_status(401, "Who are you?")
                    # response.set_content_length(0)
                    response.set_www_authenticate([challenge])
                    self.ntlm_state = 1
            else:
                response = messages.Response(req)
                response.set_status(400, "Test failed for domain1")
                self.ntlm_state = 1
            sock.send_response(response)

    def run_domain2(self, sock):
        negotiate = NegotiateChallenge()
        while True:
            req = sock.recv_request()
            if req is None:
                break
            if req.method == "GET":
                # check the authorization header
                logging.debug("Received headers: %s", repr(req.headers))
                credentials = req.get_authorization()
                logging.debug("Parsed Authorization: %s", str(credentials))
                if (isinstance(credentials, NTLMParsedCredentials)):
                    if credentials.msg[8] == byte(1) and self.ntlm_state == 1:
                        # negotiate message
                        data = mock_challenge()
                        challenge = NTLMChallenge(base64.b64encode(data))
                        response = messages.Response(req)
                        response.set_status(401, "Who are you?")
                        # response.set_content_length(0)
                        response.set_www_authenticate([negotiate, challenge])
                        self.ntlm_state = 3
                    elif credentials.msg[8] == byte(3) and \
                            self.ntlm_state == 3:
                        # authenticate message
                        response = messages.Response(
                            req, entity_body=TEST_STRING)
                        response.set_status(200, "You got it!")
                        self.ntlm_state = 0
                    else:
                        response.set_status(403, "Who are you?")
                        # response.set_content_length(0)
                        self.ntlm_state = 0
                else:
                    challenge = NTLMChallenge()
                    response = messages.Response(req)
                    response.set_status(401, "Who are you?")
                    # response.set_content_length(0)
                    response.set_www_authenticate([negotiate, challenge])
                    self.ntlm_state = 1
            else:
                response = messages.Response(req)
                response.set_status(400, "Test failed for domain1")
                self.ntlm_state = 1
            sock.send_response(response)

    def run_manager(self, host, port, sock):
        # read some data from sock, and post a response
        if host == "www.domain1.com" and port == 80:
            self.run_domain1(sock)
        elif host == "www.domain2.com" and port == 80:
            self.run_domain2(sock)
        else:
            # connection error
            raise ValueError("run_manager: bad host in connect")

    def test_ntlm_session(self):
        request1 = client.ClientRequest("http://www.domain1.com/")
        self.client.queue_request(request1)
        # thread_loop will process the queue until it blocks for more
        # than the timeout (default, 60s)
        self.client.thread_loop()
        response1 = request1.response
        self.assertTrue(response1.status == 401,
                        "Status in response1: %i" % response1.status)
        challenges = response1.get_www_authenticate()
        self.assertTrue(len(challenges) == 1 and isinstance(
            challenges[0], NTLMChallenge), "Challenge")
        c = NTLMCredentials()
        c.set_ntlm_credentials('mydomain\\user', 'Password')
        c.protectionSpace = "http://www.domain1.com"
        self.client.add_credentials(c)
        request2 = client.ClientRequest("http://www.domain1.com/")
        self.client.queue_request(request2)
        self.client.thread_loop()
        response2 = request2.response
        self.assertTrue(str(response2.protocol) == "HTTP/1.1",
                        "Protocol in response1: %s" % response1.protocol)
        self.assertTrue(response2.status == 200,
                        "Status in response1: %i" % response1.status)
        self.assertTrue(response2.reason == "You got it!",
                        "Reason in response1: %s" % response1.reason)
        self.assertTrue(request2.res_body == TEST_STRING,
                        "Data in response1: %s" % request1.res_body)

    def test_ntlm_negotiate(self):
        request1 = client.ClientRequest("http://www.domain2.com/")
        self.client.queue_request(request1)
        # thread_loop will process the queue until it blocks for more
        # than the timeout (default, 60s)
        self.client.thread_loop()
        response1 = request1.response
        self.assertTrue(response1.status == 401,
                        "Status in response1: %i" % response1.status)
        challenges = response1.get_www_authenticate()
        self.assertTrue(len(challenges) == 2)
        c = NTLMCredentials()
        c.set_ntlm_credentials('mydomain\\user', 'Password')
        c.protectionSpace = "http://www.domain2.com"
        self.client.add_credentials(c)
        request2 = client.ClientRequest("http://www.domain2.com/")
        self.client.queue_request(request2)
        self.client.thread_loop()
        response2 = request2.response
        self.assertTrue(str(response2.protocol) == "HTTP/1.1",
                        "Protocol in response1: %s" % response1.protocol)
        self.assertTrue(response2.status == 200,
                        "Status in response1: %i" % response1.status)
        self.assertTrue(response2.reason == "You got it!",
                        "Reason in response1: %s" % response1.reason)
        self.assertTrue(request2.res_body == TEST_STRING,
                        "Data in response1: %s" % request1.res_body)