262 */
263 String getHeaderValue(String requestURI, String method) {
264 return getHeaderValueImpl(requestURI, method);
265 }
266
267 /**
268 * Check if the header indicates that the current auth. parameters are stale.
269 * If so, then replace the relevant field with the new value
270 * and return true. Otherwise return false.
271 * returning true means the request can be retried with the same userid/password
272 * returning false means we have to go back to the user to ask for a new
273 * username password.
274 */
275 @Override
276 public boolean isAuthorizationStale (String header) {
277 HeaderParser p = new HeaderParser (header);
278 String s = p.findValue ("stale");
279 if (s == null || !s.equals("true"))
280 return false;
281 String newNonce = p.findValue ("nonce");
282 if (newNonce == null || "".equals(newNonce)) {
283 return false;
284 }
285 params.setNonce (newNonce);
286 return true;
287 }
288
289 /**
290 * Set header(s) on the given connection.
291 * @param conn The connection to apply the header(s) to
292 * @param p A source of header values for this connection, if needed.
293 * @param raw Raw header values for this connection, if needed.
294 * @return true if all goes well, false if no headers were set.
295 */
296 @Override
297 public boolean setHeaders(HttpURLConnection conn, HeaderParser p, String raw) {
298 params.setNonce (p.findValue("nonce"));
299 params.setOpaque (p.findValue("opaque"));
300 params.setQop (p.findValue("qop"));
301
302 String uri="";
306 uri = HttpURLConnection.connectRequestURI(conn.getURL());
307 method = HTTP_CONNECT;
308 } else {
309 try {
310 uri = conn.getRequestURI();
311 } catch (IOException e) {}
312 method = conn.getMethod();
313 }
314
315 if (params.nonce == null || authMethod == null || pw == null || realm == null) {
316 return false;
317 }
318 if (authMethod.length() >= 1) {
319 // Method seems to get converted to all lower case elsewhere.
320 // It really does need to start with an upper case letter
321 // here.
322 authMethod = Character.toUpperCase(authMethod.charAt(0))
323 + authMethod.substring(1).toLowerCase();
324 }
325 String algorithm = p.findValue("algorithm");
326 if (algorithm == null || "".equals(algorithm)) {
327 algorithm = "MD5"; // The default, accoriding to rfc2069
328 }
329 params.setAlgorithm (algorithm);
330
331 // If authQop is true, then the server is doing RFC2617 and
332 // has offered qop=auth. We do not support any other modes
333 // and if auth is not offered we fallback to the RFC2069 behavior
334
335 if (params.authQop()) {
336 params.setNewCnonce();
337 }
338
339 String value = getHeaderValueImpl (uri, method);
340 if (value != null) {
341 conn.setAuthenticationProperty(getHeaderName(), value);
342 return true;
343 } else {
344 return false;
345 }
346 }
434
435 if (nccount != -1) {
436 ncstring = Integer.toHexString (nccount).toUpperCase();
437 int len = ncstring.length();
438 if (len < 8)
439 ncstring = zeroPad [len] + ncstring;
440 }
441 try {
442 String expected = computeDigest(false, username,passwd,realm,
443 method, uri, nonce, cnonce, ncstring);
444 HeaderParser p = new HeaderParser (header);
445 String rspauth = p.findValue ("rspauth");
446 if (rspauth == null) {
447 throw new ProtocolException ("No digest in response");
448 }
449 if (!rspauth.equals (expected)) {
450 throw new ProtocolException ("Response digest invalid");
451 }
452 /* Check if there is a nextnonce field */
453 String nextnonce = p.findValue ("nextnonce");
454 if (nextnonce != null && ! "".equals(nextnonce)) {
455 params.setNonce (nextnonce);
456 }
457
458 } catch (NoSuchAlgorithmException ex) {
459 throw new ProtocolException ("Unsupported algorithm in response");
460 }
461 }
462
463 private String computeDigest(
464 boolean isRequest, String userName, char[] password,
465 String realm, String connMethod,
466 String requestURI, String nonceString,
467 String cnonce, String ncValue
468 ) throws NoSuchAlgorithmException
469 {
470
471 String A1, HashA1;
472 String algorithm = params.getAlgorithm ();
473 boolean md5sess = algorithm.equalsIgnoreCase ("MD5-sess");
474
|
262 */
263 String getHeaderValue(String requestURI, String method) {
264 return getHeaderValueImpl(requestURI, method);
265 }
266
267 /**
268 * Check if the header indicates that the current auth. parameters are stale.
269 * If so, then replace the relevant field with the new value
270 * and return true. Otherwise return false.
271 * returning true means the request can be retried with the same userid/password
272 * returning false means we have to go back to the user to ask for a new
273 * username password.
274 */
275 @Override
276 public boolean isAuthorizationStale (String header) {
277 HeaderParser p = new HeaderParser (header);
278 String s = p.findValue ("stale");
279 if (s == null || !s.equals("true"))
280 return false;
281 String newNonce = p.findValue ("nonce");
282 if (newNonce == null || newNonce.isEmpty()) {
283 return false;
284 }
285 params.setNonce (newNonce);
286 return true;
287 }
288
289 /**
290 * Set header(s) on the given connection.
291 * @param conn The connection to apply the header(s) to
292 * @param p A source of header values for this connection, if needed.
293 * @param raw Raw header values for this connection, if needed.
294 * @return true if all goes well, false if no headers were set.
295 */
296 @Override
297 public boolean setHeaders(HttpURLConnection conn, HeaderParser p, String raw) {
298 params.setNonce (p.findValue("nonce"));
299 params.setOpaque (p.findValue("opaque"));
300 params.setQop (p.findValue("qop"));
301
302 String uri="";
306 uri = HttpURLConnection.connectRequestURI(conn.getURL());
307 method = HTTP_CONNECT;
308 } else {
309 try {
310 uri = conn.getRequestURI();
311 } catch (IOException e) {}
312 method = conn.getMethod();
313 }
314
315 if (params.nonce == null || authMethod == null || pw == null || realm == null) {
316 return false;
317 }
318 if (authMethod.length() >= 1) {
319 // Method seems to get converted to all lower case elsewhere.
320 // It really does need to start with an upper case letter
321 // here.
322 authMethod = Character.toUpperCase(authMethod.charAt(0))
323 + authMethod.substring(1).toLowerCase();
324 }
325 String algorithm = p.findValue("algorithm");
326 if (algorithm == null || algorithm.isEmpty()) {
327 algorithm = "MD5"; // The default, accoriding to rfc2069
328 }
329 params.setAlgorithm (algorithm);
330
331 // If authQop is true, then the server is doing RFC2617 and
332 // has offered qop=auth. We do not support any other modes
333 // and if auth is not offered we fallback to the RFC2069 behavior
334
335 if (params.authQop()) {
336 params.setNewCnonce();
337 }
338
339 String value = getHeaderValueImpl (uri, method);
340 if (value != null) {
341 conn.setAuthenticationProperty(getHeaderName(), value);
342 return true;
343 } else {
344 return false;
345 }
346 }
434
435 if (nccount != -1) {
436 ncstring = Integer.toHexString (nccount).toUpperCase();
437 int len = ncstring.length();
438 if (len < 8)
439 ncstring = zeroPad [len] + ncstring;
440 }
441 try {
442 String expected = computeDigest(false, username,passwd,realm,
443 method, uri, nonce, cnonce, ncstring);
444 HeaderParser p = new HeaderParser (header);
445 String rspauth = p.findValue ("rspauth");
446 if (rspauth == null) {
447 throw new ProtocolException ("No digest in response");
448 }
449 if (!rspauth.equals (expected)) {
450 throw new ProtocolException ("Response digest invalid");
451 }
452 /* Check if there is a nextnonce field */
453 String nextnonce = p.findValue ("nextnonce");
454 if (nextnonce != null && !nextnonce.isEmpty()) {
455 params.setNonce (nextnonce);
456 }
457
458 } catch (NoSuchAlgorithmException ex) {
459 throw new ProtocolException ("Unsupported algorithm in response");
460 }
461 }
462
463 private String computeDigest(
464 boolean isRequest, String userName, char[] password,
465 String realm, String connMethod,
466 String requestURI, String nonceString,
467 String cnonce, String ncValue
468 ) throws NoSuchAlgorithmException
469 {
470
471 String A1, HashA1;
472 String algorithm = params.getAlgorithm ();
473 boolean md5sess = algorithm.equalsIgnoreCase ("MD5-sess");
474
|