/*
 * Copyright (c) 2001, 2022, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */

/**
 * @test
 * @bug 6870935
 * @library /test/lib
 * @modules java.base/sun.net.www
 * @run main/othervm -Dhttp.auth.digest.reEnabledAlgorithms=MD5
 *                   -Dhttp.nonProxyHosts="" -Dhttp.auth.digest.validateProxy=true B6870935
 * @run main/othervm -Dhttp.auth.digest.reEnabledAlgorithms=MD5
 *                   -Djava.net.preferIPv6Addresses=true
 *                   -Dhttp.nonProxyHosts="" -Dhttp.auth.digest.validateProxy=true B6870935
 */

import java.io.*;
import java.util.*;
import java.net.*;
import java.security.*;

import jdk.test.lib.net.HttpHeaderParser;
import sun.net.www.*;

/* This is one simple test of the RFC2617 digest authentication behavior
 * It specifically tests that the client correctly checks the returned
 * Authentication-Info header field from the server and throws an exception
 * if the password is wrong
 */

public class B6870935 {

    static char[] passwd = "password".toCharArray();
    static String username = "user";
    static String nonce = "abcdefghijklmnopqrstuvwxyz";
    static String realm = "wallyworld";
    static String uri = "http://www.ibm.com";
    static volatile boolean error = false;

    static class DigestServer extends Thread {

        ServerSocket s;
        InputStream  is;
        OutputStream os;
        int port;

        String reply1 = "HTTP/1.1 407 Proxy Authentication Required\r\n"+
            "Proxy-Authenticate: Digest realm=\""+realm+"\" domain=/ "+
            "nonce=\""+nonce+"\" qop=\"auth\"\r\n\r\n";

        String reply2 = "HTTP/1.1 200 OK\r\n" +
            "Date: Mon, 15 Jan 2001 12:18:21 GMT\r\n" +
            "Server: Apache/1.3.14 (Unix)\r\n" +
            "Content-Type: text/html; charset=iso-8859-1\r\n" +
            "Transfer-encoding: chunked\r\n\r\n"+
            "B\r\nHelloWorld1\r\n"+
            "B\r\nHelloWorld2\r\n"+
            "B\r\nHelloWorld3\r\n"+
            "B\r\nHelloWorld4\r\n"+
            "B\r\nHelloWorld5\r\n"+
            "0\r\n"+
            "Proxy-Authentication-Info: ";

        DigestServer (ServerSocket y) {
            s = y;
            port = s.getLocalPort();
        }

        public void run () {
            try {
                System.out.println("Server started");
                Socket s1 = s.accept ();
                is = s1.getInputStream ();
                os = s1.getOutputStream ();
                is.read ();
                os.write (reply1.getBytes());
                System.out.println("First response sent");
                Thread.sleep (2000);
                s1.close ();
                System.out.println("First connection closed");

                s1 = s.accept ();
                is = s1.getInputStream ();
                os = s1.getOutputStream ();
                // is.read ();
                // need to get the cnonce out of the response
                HttpHeaderParser header = new HttpHeaderParser (is);
                String raw = header.getHeaderValue("Proxy-Authorization") != null ?
                        header.getHeaderValue("Proxy-Authorization").get(0) : null;
                HeaderParser parser = new HeaderParser (raw);
                String cnonce = parser.findValue ("cnonce");
                String cnstring = parser.findValue ("nc");
                String clientrsp = parser.findValue ("response");
                String expected = computeDigest(
                        true, username,passwd,realm,
                        "GET", uri, nonce, cnonce, cnstring
                );
                if (!expected.equals(clientrsp)) {
                    s1.close ();
                    s.close ();
                    error = true;
                    return;
                }

                String reply = reply2 + getAuthorization (
                        realm, false, uri, "GET", cnonce,
                        cnstring, passwd, username
                ) +"\r\n";
                os.write (reply.getBytes());
                System.out.println("Second response sent");
                Thread.sleep (2000);
                s1.close ();
                System.out.println("Second connection closed");
            }
            catch (Exception e) {
                System.out.println (e);
                e.printStackTrace();
            } finally {
                System.out.println("Server finished");
            }
        }

        private String getAuthorization (String realm, boolean isRequest, String uri, String method, String cnonce, String cnstring, char[] password, String username) {
            String response;

            try {
                response = computeDigest(isRequest, username,passwd,realm,
                                            method, uri, nonce, cnonce, cnstring);
            } catch (NoSuchAlgorithmException ex) {
                return null;
            }

            String value = "Digest"
                            + " qop=\"auth"
                            + "\", cnonce=\"" + cnonce
                            + "\", rspauth=\"" + response
                            + "\", nc=\"" + cnstring + "\"";
            return (value+ "\r\n");
        }

        private String computeDigest(
                            boolean isRequest, String userName, char[] password,
                            String realm, String connMethod,
                            String requestURI, String nonceString,
                            String cnonce, String ncValue
                        ) throws NoSuchAlgorithmException
        {

            String A1, HashA1;

            MessageDigest md = MessageDigest.getInstance("MD5");

            {
                A1 = userName + ":" + realm + ":";
                HashA1 = encode(A1, password, md);
            }

            String A2;
            if (isRequest) {
                A2 = connMethod + ":" + requestURI;
            } else {
                A2 = ":" + requestURI;
            }
            String HashA2 = encode(A2, null, md);
            String combo, finalHash;

            { /* RRC2617 when qop=auth */
                combo = HashA1+ ":" + nonceString + ":" + ncValue + ":" +
                            cnonce + ":auth:" +HashA2;

            }
            finalHash = encode(combo, null, md);
            return finalHash;
        }

        private String encode(String src, char[] passwd, MessageDigest md) {
            md.update(src.getBytes());
            if (passwd != null) {
                byte[] passwdBytes = new byte[passwd.length];
                for (int i=0; i<passwd.length; i++)
                    passwdBytes[i] = (byte)passwd[i];
                md.update(passwdBytes);
                Arrays.fill(passwdBytes, (byte)0x00);
            }
            byte[] digest = md.digest();
            return HexFormat.of().formatHex(digest);
        }
    }


    static class MyAuthenticator extends Authenticator {
        public MyAuthenticator () {
            super ();
        }

        public PasswordAuthentication getPasswordAuthentication ()
        {
            return (new PasswordAuthentication (username, passwd));
        }
    }


    public static void main(String[] args) throws Exception {
        int nLoops = 1;
        int nSize = 10;
        int port, n =0;
        byte b[] = new byte[nSize];
        DigestServer server;
        ServerSocket sock;

        InetAddress address = InetAddress.getLoopbackAddress();
        InetAddress resolved = InetAddress.getByName(address.getHostName());
        System.out.println("Lookup: "
                            + address + " -> \"" + address.getHostName() + "\" -> "
                            + resolved);
        String proxyHost = address.equals(resolved)
            ? address.getHostName()
            : address.getHostAddress();
        try {
            sock = new ServerSocket();
            sock.bind(new InetSocketAddress(address, 0));
            port = sock.getLocalPort ();
        }
        catch (Exception e) {
            System.out.println ("Exception: " + e);
            return;
        }

        server = new DigestServer(sock);
        server.start ();

        try  {
            Authenticator.setDefault (new MyAuthenticator ());
            SocketAddress addr = InetSocketAddress.createUnresolved(proxyHost, port);
            Proxy proxy = new Proxy (Proxy.Type.HTTP, addr);
            String s = "http://www.ibm.com";
            URL url = new URL(s);
            System.out.println("opening connection through proxy: " + addr);
            java.net.URLConnection conURL =  url.openConnection(proxy);

            InputStream in = conURL.getInputStream();
            int c;
            while ((c = in.read ()) != -1) {
            }
            in.close ();
        }
        catch(IOException e) {
            e.printStackTrace();
            error = true;
            sock.close();
        } finally {
            server.join();
        }
        if (error) {
            throw new RuntimeException ("Error in test");
        }
    }
}