2007-12-01 00:00:00 +00:00
|
|
|
/*
|
2021-01-08 21:31:37 +00:00
|
|
|
* Copyright (c) 2001, 2021, Oracle and/or its affiliates. All rights reserved.
|
2007-12-01 00:00:00 +00:00
|
|
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
|
|
|
*
|
|
|
|
* This code is free software; you can redistribute it and/or modify it
|
|
|
|
* under the terms of the GNU General Public License version 2 only, as
|
|
|
|
* published by the Free Software Foundation.
|
|
|
|
*
|
|
|
|
* This code is distributed in the hope that it will be useful, but WITHOUT
|
|
|
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
|
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
|
|
* version 2 for more details (a copy is included in the LICENSE file that
|
|
|
|
* accompanied this code).
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License version
|
|
|
|
* 2 along with this work; if not, write to the Free Software Foundation,
|
|
|
|
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
|
|
*
|
2010-05-25 15:58:33 -07:00
|
|
|
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
|
|
|
* or visit www.oracle.com if you need additional information or have any
|
|
|
|
* questions.
|
2007-12-01 00:00:00 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @test
|
|
|
|
* @bug 4432213
|
2015-05-28 10:54:48 -07:00
|
|
|
* @modules java.base/sun.net.www
|
2022-03-28 13:51:55 +00:00
|
|
|
* @run main/othervm -Dhttp.auth.digest.reEnabledAlgorithms=MD5
|
2019-06-10 11:17:57 +01:00
|
|
|
* -Dhttp.auth.digest.validateServer=true DigestTest
|
2022-03-28 13:51:55 +00:00
|
|
|
* @run main/othervm -Dhttp.auth.digest.reEnabledAlgorithms=MD5
|
|
|
|
* -Djava.net.preferIPv6Addresses=true
|
|
|
|
* -Dhttp.auth.digest.validateServer=true DigestTest
|
|
|
|
* @run main/othervm -Dhttp.auth.digest.reEnabledAlgorithms=MD5
|
|
|
|
* -Dhttp.auth.digest.validateServer=true
|
|
|
|
* -Dtest.succeed=true DigestTest
|
|
|
|
* @run main/othervm -Dhttp.auth.digest.reEnabledAlgorithms=MD5
|
|
|
|
* -Djava.net.preferIPv6Addresses=true
|
2019-06-10 11:17:57 +01:00
|
|
|
* -Dhttp.auth.digest.validateServer=true
|
2022-03-28 13:51:55 +00:00
|
|
|
* -Dtest.succeed=true DigestTest
|
2007-12-01 00:00:00 +00:00
|
|
|
* @summary Need to support Digest Authentication for Proxies
|
|
|
|
*/
|
|
|
|
|
|
|
|
import java.io.*;
|
|
|
|
import java.util.*;
|
|
|
|
import java.net.*;
|
|
|
|
import java.security.*;
|
|
|
|
import sun.net.www.*;
|
|
|
|
|
|
|
|
/* This is one simple test of the RFC2617 digest authentication behavior
|
|
|
|
* It specifically tests that the client correctly checks the returned
|
|
|
|
* Authentication-Info header field from the server and throws an exception
|
|
|
|
* if the password is wrong
|
|
|
|
*/
|
|
|
|
|
|
|
|
class DigestServer extends Thread {
|
|
|
|
|
|
|
|
ServerSocket s;
|
|
|
|
Socket s1;
|
|
|
|
InputStream is;
|
|
|
|
OutputStream os;
|
|
|
|
int port;
|
|
|
|
|
|
|
|
String reply1 = "HTTP/1.1 401 Unauthorized\r\n"+
|
|
|
|
"WWW-Authenticate: Digest realm=\""+realm+"\" domain=/ "+
|
|
|
|
"nonce=\""+nonce+"\" qop=\"auth\"\r\n\r\n";
|
|
|
|
|
|
|
|
String reply2 = "HTTP/1.1 200 OK\r\n" +
|
|
|
|
"Date: Mon, 15 Jan 2001 12:18:21 GMT\r\n" +
|
|
|
|
"Server: Apache/1.3.14 (Unix)\r\n" +
|
|
|
|
"Content-Type: text/html; charset=iso-8859-1\r\n" +
|
2019-06-10 11:17:57 +01:00
|
|
|
"Transfer-encoding: chunked\r\n";
|
|
|
|
String body =
|
2007-12-01 00:00:00 +00:00
|
|
|
"B\r\nHelloWorld1\r\n"+
|
|
|
|
"B\r\nHelloWorld2\r\n"+
|
|
|
|
"B\r\nHelloWorld3\r\n"+
|
|
|
|
"B\r\nHelloWorld4\r\n"+
|
|
|
|
"B\r\nHelloWorld5\r\n"+
|
2019-06-10 11:17:57 +01:00
|
|
|
"0\r\n\r\n";
|
|
|
|
String authInfo =
|
2007-12-01 00:00:00 +00:00
|
|
|
"Authentication-Info: ";
|
|
|
|
|
|
|
|
DigestServer (ServerSocket y) {
|
|
|
|
s = y;
|
|
|
|
port = s.getLocalPort();
|
|
|
|
}
|
|
|
|
|
|
|
|
public void run () {
|
|
|
|
try {
|
|
|
|
s1 = s.accept ();
|
|
|
|
is = s1.getInputStream ();
|
|
|
|
os = s1.getOutputStream ();
|
|
|
|
is.read ();
|
|
|
|
os.write (reply1.getBytes());
|
|
|
|
Thread.sleep (2000);
|
|
|
|
s1.close ();
|
|
|
|
|
|
|
|
s1 = s.accept ();
|
|
|
|
is = s1.getInputStream ();
|
|
|
|
os = s1.getOutputStream ();
|
2019-06-10 11:17:57 +01:00
|
|
|
//is.read ();
|
2007-12-01 00:00:00 +00:00
|
|
|
// need to get the cnonce out of the response
|
|
|
|
MessageHeader header = new MessageHeader (is);
|
|
|
|
String raw = header.findValue ("Authorization");
|
|
|
|
HeaderParser parser = new HeaderParser (raw);
|
|
|
|
String cnonce = parser.findValue ("cnonce");
|
|
|
|
String cnstring = parser.findValue ("nc");
|
|
|
|
|
2019-06-10 11:17:57 +01:00
|
|
|
String reply = reply2 + authInfo + getAuthorization (uri, "GET", cnonce, cnstring) +"\r\n" + body;
|
2007-12-01 00:00:00 +00:00
|
|
|
os.write (reply.getBytes());
|
|
|
|
Thread.sleep (2000);
|
|
|
|
s1.close ();
|
2010-07-21 13:29:26 +01:00
|
|
|
} catch (Exception e) {
|
2007-12-01 00:00:00 +00:00
|
|
|
System.out.println (e);
|
|
|
|
e.printStackTrace();
|
2010-07-21 13:29:26 +01:00
|
|
|
} finally {
|
|
|
|
try { s.close(); } catch (IOException unused) {}
|
2007-12-01 00:00:00 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static char[] passwd = "password".toCharArray();
|
|
|
|
static String username = "user";
|
|
|
|
static String nonce = "abcdefghijklmnopqrstuvwxyz";
|
|
|
|
static String realm = "wallyworld";
|
|
|
|
static String uri = "/foo.html";
|
|
|
|
|
|
|
|
private String getAuthorization (String uri, String method, String cnonce, String cnstring) {
|
|
|
|
String response;
|
|
|
|
|
|
|
|
try {
|
|
|
|
response = computeDigest(false, username,passwd,realm,
|
|
|
|
method, uri, nonce, cnonce, cnstring);
|
|
|
|
} catch (NoSuchAlgorithmException ex) {
|
|
|
|
return null;
|
|
|
|
}
|
|
|
|
|
|
|
|
String value = "Digest"
|
|
|
|
+ " qop=auth\""
|
|
|
|
+ "\", cnonce=\"" + cnonce
|
|
|
|
+ "\", rspauth=\"" + response
|
|
|
|
+ "\", nc=\"" + cnstring + "\"";
|
|
|
|
return (value+ "\r\n");
|
|
|
|
}
|
|
|
|
|
|
|
|
private String computeDigest(
|
|
|
|
boolean isRequest, String userName, char[] password,
|
|
|
|
String realm, String connMethod,
|
|
|
|
String requestURI, String nonceString,
|
|
|
|
String cnonce, String ncValue
|
|
|
|
) throws NoSuchAlgorithmException
|
|
|
|
{
|
|
|
|
|
|
|
|
String A1, HashA1;
|
|
|
|
|
|
|
|
MessageDigest md = MessageDigest.getInstance("MD5");
|
|
|
|
|
|
|
|
{
|
|
|
|
A1 = userName + ":" + realm + ":";
|
|
|
|
HashA1 = encode(A1, password, md);
|
|
|
|
}
|
|
|
|
|
|
|
|
String A2;
|
|
|
|
if (isRequest) {
|
|
|
|
A2 = connMethod + ":" + requestURI;
|
|
|
|
} else {
|
|
|
|
A2 = ":" + requestURI;
|
|
|
|
}
|
|
|
|
String HashA2 = encode(A2, null, md);
|
|
|
|
String combo, finalHash;
|
|
|
|
|
|
|
|
{ /* RRC2617 when qop=auth */
|
|
|
|
combo = HashA1+ ":" + nonceString + ":" + ncValue + ":" +
|
|
|
|
cnonce + ":auth:" +HashA2;
|
|
|
|
|
|
|
|
}
|
|
|
|
finalHash = encode(combo, null, md);
|
|
|
|
return finalHash;
|
|
|
|
}
|
|
|
|
|
|
|
|
private String encode(String src, char[] passwd, MessageDigest md) {
|
|
|
|
md.update(src.getBytes());
|
|
|
|
if (passwd != null) {
|
|
|
|
byte[] passwdBytes = new byte[passwd.length];
|
|
|
|
for (int i=0; i<passwd.length; i++)
|
|
|
|
passwdBytes[i] = (byte)passwd[i];
|
|
|
|
md.update(passwdBytes);
|
|
|
|
Arrays.fill(passwdBytes, (byte)0x00);
|
|
|
|
}
|
|
|
|
byte[] digest = md.digest();
|
2021-01-08 21:31:37 +00:00
|
|
|
return HexFormat.of().formatHex(digest);
|
2007-12-01 00:00:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
public class DigestTest {
|
|
|
|
|
2019-06-10 11:17:57 +01:00
|
|
|
static final boolean SUCCEED =
|
|
|
|
Boolean.parseBoolean(System.getProperty("test.succeed", "false"));
|
|
|
|
|
2007-12-01 00:00:00 +00:00
|
|
|
static class MyAuthenticator extends Authenticator {
|
|
|
|
public MyAuthenticator () {
|
|
|
|
super ();
|
|
|
|
}
|
|
|
|
|
|
|
|
public PasswordAuthentication getPasswordAuthentication ()
|
|
|
|
{
|
2019-06-10 11:17:57 +01:00
|
|
|
char[] passwd = SUCCEED ? DigestServer.passwd.clone()
|
|
|
|
: "Wrongpassword".toCharArray();
|
|
|
|
return new PasswordAuthentication("user", passwd);
|
2007-12-01 00:00:00 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
public static void main(String[] args) throws Exception {
|
2010-07-21 13:29:26 +01:00
|
|
|
int port;
|
2007-12-01 00:00:00 +00:00
|
|
|
DigestServer server;
|
|
|
|
ServerSocket sock;
|
|
|
|
|
2019-06-10 11:17:57 +01:00
|
|
|
InetAddress loopback = InetAddress.getLoopbackAddress();
|
2007-12-01 00:00:00 +00:00
|
|
|
try {
|
2019-06-10 11:17:57 +01:00
|
|
|
sock = new ServerSocket();
|
|
|
|
sock.bind(new InetSocketAddress(loopback, 0));
|
|
|
|
port = sock.getLocalPort();
|
2007-12-01 00:00:00 +00:00
|
|
|
}
|
|
|
|
catch (Exception e) {
|
|
|
|
System.out.println ("Exception: " + e);
|
2019-06-10 11:17:57 +01:00
|
|
|
throw e;
|
2007-12-01 00:00:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
server = new DigestServer(sock);
|
|
|
|
server.start ();
|
|
|
|
boolean passed = false;
|
2019-06-10 11:17:57 +01:00
|
|
|
ProtocolException exception = null;
|
2007-12-01 00:00:00 +00:00
|
|
|
|
|
|
|
try {
|
|
|
|
Authenticator.setDefault (new MyAuthenticator ());
|
2019-06-10 11:17:57 +01:00
|
|
|
String address = loopback.getHostAddress();
|
|
|
|
if (address.indexOf(':') > -1) address = "[" + address + "]";
|
|
|
|
String s = "http://" + address + ":" + port + DigestServer.uri;
|
2007-12-01 00:00:00 +00:00
|
|
|
URL url = new URL(s);
|
2019-06-10 11:17:57 +01:00
|
|
|
java.net.URLConnection conURL = url.openConnection(Proxy.NO_PROXY);
|
2007-12-01 00:00:00 +00:00
|
|
|
|
|
|
|
InputStream in = conURL.getInputStream();
|
2010-07-21 13:29:26 +01:00
|
|
|
while (in.read () != -1) {}
|
2007-12-01 00:00:00 +00:00
|
|
|
in.close ();
|
2019-06-10 11:17:57 +01:00
|
|
|
if (SUCCEED) passed = true;
|
2010-07-21 13:29:26 +01:00
|
|
|
} catch(ProtocolException e) {
|
2019-06-10 11:17:57 +01:00
|
|
|
exception = e;
|
|
|
|
if (!SUCCEED) passed = true;
|
2007-12-01 00:00:00 +00:00
|
|
|
}
|
2010-07-21 13:29:26 +01:00
|
|
|
|
2007-12-01 00:00:00 +00:00
|
|
|
if (!passed) {
|
2019-06-10 11:17:57 +01:00
|
|
|
if (!SUCCEED) {
|
|
|
|
throw new RuntimeException("Expected a ProtocolException from wrong password");
|
|
|
|
} else {
|
|
|
|
assert exception != null;
|
|
|
|
throw new RuntimeException("Unexpected ProtocolException from correct password: "
|
|
|
|
+ exception, exception);
|
|
|
|
}
|
2007-12-01 00:00:00 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|