1 /* 2 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 /** 25 * @test 26 * @bug 4759514 27 * @library ../../../sun/net/www/httptest/ 28 * @build HttpCallback HttpServer ClosedChannelList HttpTransaction 29 * @run main B4759514 30 * @summary Digest Authentication is erroniously quoting the nc value, contrary to RFC 2617 31 */ 32 33 import java.io.*; 34 import java.net.*; 35 36 public class B4759514 implements HttpCallback { 37 38 static int count = 0; 39 static String authstring; 40 41 void errorReply (HttpTransaction req, String reply) throws IOException { 42 req.addResponseHeader ("Connection", "close"); 43 req.addResponseHeader ("WWW-Authenticate", reply); 44 req.sendResponse (401, "Unauthorized"); 45 req.orderlyClose(); 46 } 47 48 void okReply (HttpTransaction req) throws IOException { 49 req.setResponseEntityBody ("Hello ."); 50 req.sendResponse (200, "Ok"); 51 req.orderlyClose(); 52 } 53 54 public void request (HttpTransaction req) { 55 try { 56 authstring = req.getRequestHeader ("Authorization"); 57 switch (count) { 58 case 0: 59 errorReply (req, "Digest realm=\"wallyworld\", nonce=\"1234\", domain=\"/\""); 60 break; 61 case 1: 62 int n = authstring.indexOf ("nc="); 63 if (n != -1) { 64 if (authstring.charAt (n+3) == '\"') { 65 req.sendResponse (400, "Bad Request"); 66 break; 67 } 68 } 69 okReply (req); 70 break; 71 } 72 count ++; 73 } catch (IOException e) { 74 e.printStackTrace(); 75 } 76 } 77 78 static void read (InputStream is) throws IOException { 79 int c; 80 while ((c=is.read()) != -1) { 81 System.out.write (c); 82 } 83 } 84 85 static void client (String u) throws Exception { 86 URL url = new URL (u); 87 System.out.println ("client opening connection to: " + u); 88 URLConnection urlc = url.openConnection (); 89 InputStream is = urlc.getInputStream (); 90 read (is); 91 is.close(); 92 } 93 94 static HttpServer server; 95 96 public static void main (String[] args) throws Exception { 97 MyAuthenticator auth = new MyAuthenticator (); 98 Authenticator.setDefault (auth); 99 try { 100 server = new HttpServer (new B4759514(), 1, 10, 0); 101 System.out.println ("Server: listening on port: " + server.getLocalPort()); 102 client ("http://localhost:"+server.getLocalPort()+"/d1/foo.html"); 103 } catch (Exception e) { 104 if (server != null) { 105 server.terminate(); 106 } 107 throw e; 108 } 109 int f = auth.getCount(); 110 if (f != 1) { 111 except ("Authenticator was called "+f+" times. Should be 1"); 112 } 113 server.terminate(); 114 } 115 116 public static void except (String s) { 117 server.terminate(); 118 throw new RuntimeException (s); 119 } 120 121 static class MyAuthenticator extends Authenticator { 122 MyAuthenticator () { 123 super (); 124 } 125 126 int count = 0; 127 128 public PasswordAuthentication getPasswordAuthentication () { 129 PasswordAuthentication pw; 130 pw = new PasswordAuthentication ("user", "pass1".toCharArray()); 131 count ++; 132 return pw; 133 } 134 135 public int getCount () { 136 return (count); 137 } 138 } 139 }