io.undertow.security.idm.DigestAlgorithm Java Examples

public DigestAuthenticationMechanism(final List<DigestAlgorithm> supportedAlgorithms, final List<DigestQop> supportedQops,
        final String realmName, final String domain, final NonceManager nonceManager, final String mechanismName, final IdentityManager identityManager) {
    this.supportedAlgorithms = supportedAlgorithms;
    this.supportedQops = supportedQops;
    this.realmName = realmName;
    this.domain = domain;
    this.nonceManager = nonceManager;
    this.mechanismName = mechanismName;
    this.identityManager = identityManager;

    if (!supportedQops.isEmpty()) {
        StringBuilder sb = new StringBuilder();
        Iterator<DigestQop> it = supportedQops.iterator();
        sb.append(it.next().getToken());
        while (it.hasNext()) {
            sb.append(",").append(it.next().getToken());
        }
        qopString = sb.toString();
    } else {
        qopString = null;
    }
}
 

public DigestAuthenticationMechanism(final List<DigestAlgorithm> supportedAlgorithms, final List<DigestQop> supportedQops,
        final String realmName, final String domain, final NonceManager nonceManager, final String mechanismName, final IdentityManager identityManager) {
    this.supportedAlgorithms = supportedAlgorithms;
    this.supportedQops = supportedQops;
    this.realmName = realmName;
    this.domain = domain;
    this.nonceManager = nonceManager;
    this.mechanismName = mechanismName;
    this.identityManager = identityManager;

    if (!supportedQops.isEmpty()) {
        StringBuilder sb = new StringBuilder();
        Iterator<DigestQop> it = supportedQops.iterator();
        sb.append(it.next().getToken());
        while (it.hasNext()) {
            sb.append(",").append(it.next().getToken());
        }
        qopString = sb.toString();
    } else {
        qopString = null;
    }
}
 

private static String createAuthorizationLine(final String userName, final String password, final String method, final String uri,
        final String nonce, final int nonceCount, final String cnonce, final String opaque) throws Exception {
    StringBuilder sb = new StringBuilder(DIGEST.toString());
    sb.append(" ");
    sb.append(DigestAuthorizationToken.USERNAME.getName()).append("=").append("\"userOne\"").append(",");
    sb.append(DigestAuthorizationToken.REALM.getName()).append("=\"").append(REALM_NAME).append("\",");
    sb.append(DigestAuthorizationToken.NONCE.getName()).append("=\"").append(nonce).append("\",");
    sb.append(DigestAuthorizationToken.DIGEST_URI.getName()).append("=\"" + uri + "\",");
    String nonceCountHex = toHex(nonceCount);
    String response = createResponse(userName, REALM_NAME, password, method, uri, nonce, nonceCountHex, cnonce);
    sb.append(DigestAuthorizationToken.RESPONSE.getName()).append("=\"").append(response).append("\",");
    sb.append(DigestAuthorizationToken.ALGORITHM.getName()).append("=\"").append(DigestAlgorithm.MD5.getToken())
            .append("\",");
    sb.append(DigestAuthorizationToken.CNONCE.getName()).append("=\"").append(cnonce).append("\",");
    sb.append(DigestAuthorizationToken.OPAQUE.getName()).append("=\"").append(opaque).append("\",");
    sb.append(DigestAuthorizationToken.MESSAGE_QOP.getName()).append("=\"").append(DigestQop.AUTH.getToken()).append("\",");
    sb.append(DigestAuthorizationToken.NONCE_COUNT.getName()).append("=").append(nonceCountHex);

    return sb.toString();
}
 

@Test
public void testOpera_12() {
    final String header = "username=\"userOne\", realm=\"Digest_Realm\", uri=\"/\", algorithm=MD5, nonce=\"D2floAc+FhkNMTM1MTUyMzY2ODc4Mhbi2Zrcuv1lvdgEaPXa+bg=\", cnonce=\"v722VYJEeG28C3SoXS8BEWThGHPDOlXgUCCts70i7Fc=\", opaque=\"00000000000000000000000000000000\", qop=auth, nc=00000001, response=\"8106a5d19bc67982527cbb576658f9d6\"";

    Map<DigestAuthorizationToken, String> expected = new EnumMap<>(DigestAuthorizationToken.class);
    expected.put(DigestAuthorizationToken.USERNAME, "userOne");
    expected.put(DigestAuthorizationToken.REALM, "Digest_Realm");
    expected.put(DigestAuthorizationToken.DIGEST_URI, "/");
    expected.put(DigestAuthorizationToken.ALGORITHM, DigestAlgorithm.MD5.getToken());
    expected.put(DigestAuthorizationToken.NONCE, "D2floAc+FhkNMTM1MTUyMzY2ODc4Mhbi2Zrcuv1lvdgEaPXa+bg=");
    expected.put(DigestAuthorizationToken.CNONCE, "v722VYJEeG28C3SoXS8BEWThGHPDOlXgUCCts70i7Fc=");
    expected.put(DigestAuthorizationToken.OPAQUE, "00000000000000000000000000000000");
    expected.put(DigestAuthorizationToken.MESSAGE_QOP, DigestQop.AUTH.getToken());
    expected.put(DigestAuthorizationToken.NONCE_COUNT, "00000001");
    expected.put(DigestAuthorizationToken.RESPONSE, "8106a5d19bc67982527cbb576658f9d6");

    doTest(header, expected);
}
 

@Test
public void testFirefox_16() {
    final String header = "username=\"userOne\", realm=\"Digest_Realm\", nonce=\"nBhFxtSS6rkNMTM1MTUyNjE2MjgyNWA/xW/LOH53vhXGq/2B/yQ=\", uri=\"/\", algorithm=MD5, response=\"b0adb1025da2de0d16f44131858bad6f\", opaque=\"00000000000000000000000000000000\", qop=auth, nc=00000001, cnonce=\"8127726535363b07\"";

    Map<DigestAuthorizationToken, String> expected = new EnumMap<>(DigestAuthorizationToken.class);
    expected.put(DigestAuthorizationToken.USERNAME, "userOne");
    expected.put(DigestAuthorizationToken.REALM, "Digest_Realm");
    expected.put(DigestAuthorizationToken.NONCE, "nBhFxtSS6rkNMTM1MTUyNjE2MjgyNWA/xW/LOH53vhXGq/2B/yQ=");
    expected.put(DigestAuthorizationToken.DIGEST_URI, "/");
    expected.put(DigestAuthorizationToken.ALGORITHM, DigestAlgorithm.MD5.getToken());
    expected.put(DigestAuthorizationToken.RESPONSE, "b0adb1025da2de0d16f44131858bad6f");
    expected.put(DigestAuthorizationToken.OPAQUE, "00000000000000000000000000000000");
    expected.put(DigestAuthorizationToken.MESSAGE_QOP, DigestQop.AUTH.getToken());
    expected.put(DigestAuthorizationToken.NONCE_COUNT, "00000001");
    expected.put(DigestAuthorizationToken.CNONCE, "8127726535363b07");

    doTest(header, expected);
}
 

@Test
public void testCurl_7() {
    final String header = "username=\"userTwo\", realm=\"Digest_Realm\", nonce=\"5CgZ39vhie0NMTM1MTUyNDc4ODkwNMwr6sWKVSGfhXB4jBtkupY=\", uri=\"/\", cnonce=\"MTYwOTQ4\", nc=00000001, qop=\"auth\", response=\"c3c1ce9945a0c36d54860eda7846018b\", opaque=\"00000000000000000000000000000000\", algorithm=\"MD5\"";

    Map<DigestAuthorizationToken, String> expected = new EnumMap<>(DigestAuthorizationToken.class);
    expected.put(DigestAuthorizationToken.USERNAME, "userTwo");
    expected.put(DigestAuthorizationToken.REALM, "Digest_Realm");
    expected.put(DigestAuthorizationToken.NONCE, "5CgZ39vhie0NMTM1MTUyNDc4ODkwNMwr6sWKVSGfhXB4jBtkupY=");
    expected.put(DigestAuthorizationToken.DIGEST_URI, "/");
    expected.put(DigestAuthorizationToken.CNONCE, "MTYwOTQ4");
    expected.put(DigestAuthorizationToken.NONCE_COUNT, "00000001");
    expected.put(DigestAuthorizationToken.MESSAGE_QOP, DigestQop.AUTH.getToken());
    expected.put(DigestAuthorizationToken.RESPONSE, "c3c1ce9945a0c36d54860eda7846018b");
    expected.put(DigestAuthorizationToken.OPAQUE, "00000000000000000000000000000000");
    expected.put(DigestAuthorizationToken.ALGORITHM, DigestAlgorithm.MD5.getToken());

    doTest(header, expected);
}
 

@Test
public void testChrome_22() {
    final String header = "username=\"userTwo\", realm=\"Digest_Realm\", nonce=\"Yxmkh5liIOYNMTM1MTUyNjQzMTE4NJziT7YLEOEJ4QEN1py4Yog=\", uri=\"/\", algorithm=MD5, response=\"5b26e00233607e8a714cd1d910692e08\", opaque=\"00000000000000000000000000000000\", qop=auth, nc=00000001, cnonce=\"8c008c8ce43dc0a7\"";

    Map<DigestAuthorizationToken, String> expected = new EnumMap<>(DigestAuthorizationToken.class);
    expected.put(DigestAuthorizationToken.USERNAME, "userTwo");
    expected.put(DigestAuthorizationToken.REALM, "Digest_Realm");
    expected.put(DigestAuthorizationToken.NONCE, "Yxmkh5liIOYNMTM1MTUyNjQzMTE4NJziT7YLEOEJ4QEN1py4Yog=");
    expected.put(DigestAuthorizationToken.DIGEST_URI, "/");
    expected.put(DigestAuthorizationToken.ALGORITHM, DigestAlgorithm.MD5.getToken());
    expected.put(DigestAuthorizationToken.RESPONSE, "5b26e00233607e8a714cd1d910692e08");
    expected.put(DigestAuthorizationToken.OPAQUE, "00000000000000000000000000000000");
    expected.put(DigestAuthorizationToken.MESSAGE_QOP, DigestQop.AUTH.getToken());
    expected.put(DigestAuthorizationToken.NONCE_COUNT, "00000001");
    expected.put(DigestAuthorizationToken.CNONCE, "8c008c8ce43dc0a7");

    doTest(header, expected);
}
 

public LogoutHandler(final String realmName) {
    List<DigestAlgorithm> digestAlgorithms = Collections.singletonList(DigestAlgorithm.MD5);
    List<DigestQop> digestQops = Collections.emptyList();
    digestMechanism = new DigestAuthenticationMechanism(digestAlgorithms, digestQops, realmName, "/management",
            new SimpleNonceManager());
    fakeRealmdigestMechanism = new DigestAuthenticationMechanism(digestAlgorithms, digestQops, HIT_ESCAPE,
            "/management", new SimpleNonceManager());
    basicMechanism = new BasicAuthenticationMechanism(realmName);
    fakeRealmBasicMechanism = new BasicAuthenticationMechanism(HIT_ESCAPE);
}
 

@Override
public ChallengeResult sendChallenge(final HttpServerExchange exchange, final SecurityContext securityContext) {
    DigestContext context = exchange.getAttachment(DigestContext.ATTACHMENT_KEY);
    boolean stale = context == null ? false : context.isStale();

    StringBuilder rb = new StringBuilder(DIGEST_PREFIX);
    rb.append(Headers.REALM.toString()).append("=\"").append(realmName).append("\",");
    rb.append(Headers.DOMAIN.toString()).append("=\"").append(domain).append("\",");
    // based on security constraints.
    rb.append(Headers.NONCE.toString()).append("=\"").append(nonceManager.nextNonce(null, exchange)).append("\",");
    // Not currently using OPAQUE as it offers no integrity, used for session data leaves it vulnerable to
    // session fixation type issues as well.
    rb.append(Headers.OPAQUE.toString()).append("=\"00000000000000000000000000000000\"");
    if (stale) {
        rb.append(",stale=true");
    }
    if (supportedAlgorithms.size() > 0) {
        // This header will need to be repeated once for each algorithm.
        rb.append(",").append(Headers.ALGORITHM.toString()).append("=%s");
    }
    if (qopString != null) {
        rb.append(",").append(Headers.QOP.toString()).append("=\"").append(qopString).append("\"");
    }

    String theChallenge = rb.toString();
    HeaderMap responseHeader = exchange.getResponseHeaders();
    if (supportedAlgorithms.isEmpty()) {
        responseHeader.add(WWW_AUTHENTICATE, theChallenge);
    } else {
        for (DigestAlgorithm current : supportedAlgorithms) {
            responseHeader.add(WWW_AUTHENTICATE, String.format(theChallenge, current.getToken()));
        }
    }

    return new ChallengeResult(true, UNAUTHORIZED);
}
 

@Override
protected List<AuthenticationMechanism> getTestMechanisms() {
    List<DigestQop> qopList = Collections.emptyList();
    AuthenticationMechanism mechanism = new DigestAuthenticationMechanism(Collections.singletonList(DigestAlgorithm.MD5),
            qopList, REALM_NAME, "/", new SimpleNonceManager());

    return Collections.singletonList(mechanism);
}
 

@Override
public ChallengeResult sendChallenge(final HttpServerExchange exchange, final SecurityContext securityContext) {
    DigestContext context = exchange.getAttachment(DigestContext.ATTACHMENT_KEY);
    boolean stale = context == null ? false : context.isStale();

    StringBuilder rb = new StringBuilder(DIGEST_PREFIX);
    rb.append(HttpHeaderNames.REALM.toString()).append("=\"").append(realmName).append("\",");
    rb.append(HttpHeaderNames.DOMAIN.toString()).append("=\"").append(domain).append("\",");
    // based on security constraints.
    rb.append(HttpHeaderNames.NONCE.toString()).append("=\"").append(nonceManager.nextNonce(null, exchange)).append("\",");
    // Not currently using OPAQUE as it offers no integrity, used for session data leaves it vulnerable to
    // session fixation type issues as well.
    rb.append(HttpHeaderNames.OPAQUE.toString()).append("=\"00000000000000000000000000000000\"");
    if (stale) {
        rb.append(",stale=true");
    }
    if (supportedAlgorithms.size() > 0) {
        // This header will need to be repeated once for each algorithm.
        rb.append(",").append(HttpHeaderNames.ALGORITHM.toString()).append("=%s");
    }
    if (qopString != null) {
        rb.append(",").append(HttpHeaderNames.QOP.toString()).append("=\"").append(qopString).append("\"");
    }

    String theChallenge = rb.toString();
    if (supportedAlgorithms.isEmpty()) {
        exchange.addResponseHeader(WWW_AUTHENTICATE, theChallenge);
    } else {
        for (DigestAlgorithm current : supportedAlgorithms) {
            exchange.addResponseHeader(WWW_AUTHENTICATE, String.format(theChallenge, current.getToken()));
        }
    }

    return new ChallengeResult(true, UNAUTHORIZED);
}
 

@Override
public DigestAlgorithm getAlgorithm() {
    return context.getAlgorithm();
}
 

void setAlgorithm(DigestAlgorithm algorithm) throws NoSuchAlgorithmException {
    this.algorithm = algorithm;
    digest = algorithm.getMessageDigest();
}
 

DigestAlgorithm getAlgorithm() {
    return algorithm;
}
 

static AuthenticationMechanism getTestMechanism() {
    return new DigestAuthenticationMechanism(Collections.singletonList(DigestAlgorithm.MD5),
            Collections.singletonList(DigestQop.AUTH), REALM_NAME, "/", new SimpleNonceManager());
}
 

public DigestAuthenticationMechanism(final List<DigestAlgorithm> supportedAlgorithms, final List<DigestQop> supportedQops,
        final String realmName, final String domain, final NonceManager nonceManager) {
    this(supportedAlgorithms, supportedQops, realmName, domain, nonceManager, DEFAULT_NAME);
}
 

public DigestAuthenticationMechanism(final List<DigestAlgorithm> supportedAlgorithms, final List<DigestQop> supportedQops,
        final String realmName, final String domain, final NonceManager nonceManager, final String mechanismName) {
    this(supportedAlgorithms, supportedQops, realmName, domain, nonceManager, mechanismName, null);
}
 

public DigestAuthenticationMechanism(final String realmName, final String domain, final String mechanismName, final IdentityManager identityManager) {
    this(Collections.singletonList(DigestAlgorithm.MD5), Collections.singletonList(DigestQop.AUTH), realmName, domain, new SimpleNonceManager(), DEFAULT_NAME, identityManager);
}
 

public DigestAuthenticationMechanism(final String realmName, final String domain, final String mechanismName, final IdentityManager identityManager) {
    this(Collections.singletonList(DigestAlgorithm.MD5), Collections.singletonList(DigestQop.AUTH), realmName, domain, new SimpleNonceManager(), DEFAULT_NAME, identityManager);
}
 

public DigestAuthenticationMechanism(final List<DigestAlgorithm> supportedAlgorithms, final List<DigestQop> supportedQops,
        final String realmName, final String domain, final NonceManager nonceManager, final String mechanismName) {
    this(supportedAlgorithms, supportedQops, realmName, domain, nonceManager, mechanismName, null);
}
 

DigestAlgorithm getAlgorithm() {
    return algorithm;
}
 

void setAlgorithm(DigestAlgorithm algorithm) throws NoSuchAlgorithmException {
    this.algorithm = algorithm;
    digest = algorithm.getMessageDigest();
}
 

@Override
public DigestAlgorithm getAlgorithm() {
    return context.getAlgorithm();
}
 

public DigestAuthenticationMechanism(final List<DigestAlgorithm> supportedAlgorithms, final List<DigestQop> supportedQops,
        final String realmName, final String domain, final NonceManager nonceManager) {
    this(supportedAlgorithms, supportedQops, realmName, domain, nonceManager, DEFAULT_NAME);
}