stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
9793e73bc1
jdk-24/test/jdk/java/net/Authenticator/B8034170.java
Michael McMahon 7f2a3ca289 8281561: Disable http DIGEST mechanism with MD5 and SHA-1 by default 
Reviewed-by: weijun, dfuchs
2022-03-28 13:51:55 +00:00

205 lines
7.0 KiB
Java
Raw Blame History

/*
* Copyright (c) 2014, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.io.*;
import java.net.*;
import java.util.*;
import jdk.test.lib.net.URIBuilder;
/**
* @test
* @bug 8034170
* @summary Digest authentication interop issue
* @library /test/lib
* @run main/othervm -Dhttp.auth.digest.reEnabledAlgorithms=MD5 B8034170 unquoted
* @run main/othervm -Dhttp.auth.digest.reEnabledAlgorithms=MD5
* -Dhttp.auth.digest.quoteParameters=true B8034170 quoted
* @run main/othervm -Dhttp.auth.digest.reEnabledAlgorithms=MD5
* -Djava.net.preferIPv6Addresses=true B8034170 unquoted
*/
public class B8034170 {
static boolean expectQuotes;
static class BasicServer extends Thread {
ServerSocket server;
Socket s;
InputStream is;
OutputStream os;
static final String realm = "wallyworld";
String reply1 = "HTTP/1.1 401 Unauthorized\r\n"+
"WWW-Authenticate: Digest realm=\""+realm+"\", qop=\"auth\"" +
", nonce=\"8989de95ea2402b64d73cecdb15da255\"" +
", opaque=\"bbfb4c9ee92ddccc73521c3e6e841ba2\"\r\n\r\n";
String OKreply = "HTTP/1.1 200 OK\r\n"+
"Date: Mon, 15 Jan 2001 12:18:21 GMT\r\n" +
"Server: Apache/1.3.14 (Unix)\r\n" +
"Connection: close\r\n" +
"Content-Type: text/plain; charset=iso-8859-1\r\n" +
"Content-Length: 10\r\n\r\n";
String ERRreply = "HTTP/1.1 500 Internal server error\r\n"+
"Date: Mon, 15 Jan 2001 12:18:21 GMT\r\n" +
"Server: Apache/1.3.14 (Unix)\r\n" +
"Connection: close\r\n" +
"Content-Length: 0\r\n\r\n";
BasicServer (ServerSocket s) {
server = s;
}
int readAll (Socket s, byte[] buf) throws IOException {
int pos = 0;
InputStream is = s.getInputStream ();
// wait two seconds for request, as client doesn't close
// the connection
s.setSoTimeout(2000);
try {
int n;
while ((n=is.read(buf, pos, buf.length-pos)) > 0)
pos +=n;
} catch (SocketTimeoutException x) { }
return pos;
}
public void run () {
byte[] buf = new byte[5000];
try {
System.out.println ("Server 1: accept");
s = server.accept ();
System.out.println ("accepted");
os = s.getOutputStream();
os.write (reply1.getBytes());
readAll (s, buf);
s.close ();
System.out.println ("Server 2: accept");
s = server.accept ();
System.out.println ("accepted");
os = s.getOutputStream();
int count = readAll (s, buf);
String reply = new String(buf, 0, count);
boolean error;
if (expectQuotes) {
error = false;
if (!reply.contains("qop=\"auth\"")) {
System.out.println ("Expecting quoted qop. Not found");
error = true;
}
if (!reply.contains("algorithm=\"MD5\"")) {
System.out.println ("Expecting quoted algorithm. Not found");
error = true;
}
} else {
error = false;
if (!reply.contains("qop=auth")) {
System.out.println ("Expecting unquoted qop. Not found");
error = true;
}
if (!reply.contains("algorithm=MD5")) {
System.out.println ("Expecting unquoted algorithm. Not found");
error = true;
}
}
if (error) {
os.write(ERRreply.getBytes());
os.flush();
s.close();
} else {
os.write((OKreply+"HelloWorld").getBytes());
os.flush();
s.close();
}
}
catch (Exception e) {
System.out.println (e);
}
finished ();
}
public synchronized void finished () {
notifyAll();
}
}
static class MyAuthenticator3 extends Authenticator {
PasswordAuthentication pw;
MyAuthenticator3 () {
super ();
pw = new PasswordAuthentication ("user", "passwordNotCheckedAnyway".toCharArray());
}
public PasswordAuthentication getPasswordAuthentication ()
{
System.out.println ("Auth called");
return pw;
}
}
static void read (InputStream is) throws IOException {
int c;
System.out.println ("reading");
while ((c=is.read()) != -1) {
System.out.write (c);
}
System.out.println ("");
System.out.println ("finished reading");
}
public static void main (String args[]) throws Exception {
expectQuotes = args[0].equals("quoted");
MyAuthenticator3 auth = new MyAuthenticator3 ();
Authenticator.setDefault (auth);
InetAddress loopback = InetAddress.getLoopbackAddress();
ServerSocket ss = new ServerSocket();
ss.bind(new InetSocketAddress(loopback, 0));
int port = ss.getLocalPort ();
BasicServer server = new BasicServer (ss);
synchronized (server) {
server.start();
System.out.println ("client 1");
URL url = URIBuilder.newBuilder()
.scheme("http")
.loopback()
.port(port)
.path("/d1/d2/d3/foo.html")
.toURL();
URLConnection urlc = url.openConnection(Proxy.NO_PROXY);
InputStream is = urlc.getInputStream ();
read (is);
is.close ();
}
}
}
Reference in New Issue View Git Blame Copy Permalink