io.milton.http.http11.auth.DigestHelper.java Source code

Java tutorial

  1. HOME
  2. Java
  3. io.milton.http.http11.auth.DigestHelper.java

Introduction

Here is the source code for io.milton.http.http11.auth.DigestHelper.java

Source

/*
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied.  See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */

package io.milton.http.http11.auth;

import io.milton.http.Auth;
import io.milton.http.Request.Method;
import io.milton.http.http11.auth.NonceProvider.NonceValidity;

import java.io.UnsupportedEncodingException;

import org.apache.commons.codec.binary.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/**
 *
 */
public class DigestHelper {

    private static final Logger log = LoggerFactory.getLogger(DigestHelper.class);

    private final NonceProvider nonceProvider;

    public DigestHelper(NonceProvider nonceProvider) {
        this.nonceProvider = nonceProvider;
    }

    public DigestResponse calculateResponse(Auth auth, String expectedRealm, Method method) {
        try {
            // Check all required parameters were supplied (ie RFC 2069)
            if ((auth.getUser() == null) || (auth.getRealm() == null) || (auth.getNonce() == null)
                    || (auth.getUri() == null)) {
                log.warn("missing params");
                return null;
            }

            // Check all required parameters for an "auth" qop were supplied (ie RFC 2617)
            Long nc;
            if ("auth".equals(auth.getQop())) {
                if ((auth.getNc() == null) || (auth.getCnonce() == null)) {
                    log.warn("missing params: nc and/or cnonce");
                    return null;
                }
                nc = Long.parseLong(auth.getNc(), 16); // the nonce-count. hex value, must always increase
            } else {
                nc = null;
            }

            // Check realm name equals what we expected
            if (expectedRealm == null)
                throw new IllegalStateException("realm is null");
            if (!expectedRealm.equals(auth.getRealm())) {
                log.warn("incorrect realm: resource: " + expectedRealm + " given: " + auth.getRealm());
                return null;
            }

            // Check nonce was a Base64 encoded (as sent by DigestProcessingFilterEntryPoint)
            if (!Base64.isArrayByteBase64(auth.getNonce().getBytes("UTF-8"))) {
                log.warn("nonce not base64 encoded");
                return null;
            }

            log.debug("nc: " + auth.getNc());

            // Decode nonce from Base64
            // format of nonce is
            //   base64(expirationTime + "" + md5Hex(expirationTime + "" + key))
            String plainTextNonce = new String(Base64.decodeBase64(auth.getNonce().getBytes("UTF-8")));
            NonceValidity validity = nonceProvider.getNonceValidity(plainTextNonce, nc);
            //        if( NonceValidity.INVALID.equals( validity ) ) {
            //            log.debug( "invalid nonce: " + plainTextNonce );
            //            return null;
            //        } else if( NonceValidity.EXPIRED.equals( validity ) ) {
            //            log.debug( "expired nonce: " + plainTextNonce );
            //            // make this known so that we can add stale field to challenge
            //            auth.setNonceStale( true );
            //            return null;
            //        }

            DigestResponse resp = toDigestResponse(auth, method);
            return resp;
        } catch (UnsupportedEncodingException ex) {
            throw new RuntimeException(ex);
        }
    }

    public String getChallenge(String nonceValue, Auth auth, String actualRealm) {
        try {
            String nonceValueBase64 = new String(Base64.encodeBase64(nonceValue.getBytes("UTF-8")));

            // qop is quality of protection, as defined by RFC 2617.
            // we do not use opaque due to IE violation of RFC 2617 in not
            // representing opaque on subsequent requests in same session.
            String authenticateHeader = "Digest realm=\"" + actualRealm + "\", " + "qop=\"auth\", nonce=\""
                    + nonceValueBase64 + "\"";

            if (auth != null) {
                if (auth.isNonceStale()) {
                    authenticateHeader = authenticateHeader + ", stale=\"true\"";
                }
            }

            return authenticateHeader;
        } catch (UnsupportedEncodingException ex) {
            throw new RuntimeException(ex);
        }
    }

    private DigestResponse toDigestResponse(Auth auth, Method m) {
        DigestResponse dr = new DigestResponse(m, auth.getUser(), auth.getRealm(), auth.getNonce(), auth.getUri(),
                auth.getResponseDigest(), auth.getQop(), auth.getNc(), auth.getCnonce());
        return dr;

    }
}