1 /* 2 * Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 /** 25 * @test 26 * @bug 4759514 27 * @modules java.base/sun.net.www 28 * @library ../../../sun/net/www/httptest/ 29 * @build HttpCallback TestHttpServer ClosedChannelList HttpTransaction 30 * @run main B4759514 31 * @summary Digest Authentication is erroniously quoting the nc value, contrary to RFC 2617 32 */ 33 34 import java.io.*; 35 import java.net.*; 36 37 public class B4759514 implements HttpCallback { 38 39 static int count = 0; 40 static String authstring; 41 42 void errorReply (HttpTransaction req, String reply) throws IOException { 43 req.addResponseHeader ("Connection", "close"); 44 req.addResponseHeader ("WWW-Authenticate", reply); 45 req.sendResponse (401, "Unauthorized"); 46 req.orderlyClose(); 47 } 48 49 void okReply (HttpTransaction req) throws IOException { 50 req.setResponseEntityBody ("Hello ."); 51 req.sendResponse (200, "Ok"); 52 req.orderlyClose(); 53 } 54 55 public void request (HttpTransaction req) { 56 try { 57 authstring = req.getRequestHeader ("Authorization"); 58 switch (count) { 59 case 0: 60 errorReply (req, "Digest realm=\"wallyworld\", nonce=\"1234\", domain=\"/\""); 61 break; 62 case 1: 63 int n = authstring.indexOf ("nc="); 64 if (n != -1) { 65 if (authstring.charAt (n+3) == '\"') { 66 req.sendResponse (400, "Bad Request"); 67 break; 68 } 69 } 70 okReply (req); 71 break; 72 } 73 count ++; 74 } catch (IOException e) { 75 e.printStackTrace(); 76 } 77 } 78 79 static void read (InputStream is) throws IOException { 80 int c; 81 while ((c=is.read()) != -1) { 82 System.out.write (c); 83 } 84 } 85 86 static void client (String u) throws Exception { 87 URL url = new URL (u); 88 System.out.println ("client opening connection to: " + u); 89 URLConnection urlc = url.openConnection (); 90 InputStream is = urlc.getInputStream (); 91 read (is); 92 is.close(); 93 } 94 95 static TestHttpServer server; 96 97 public static void main (String[] args) throws Exception { 98 MyAuthenticator auth = new MyAuthenticator (); 99 Authenticator.setDefault (auth); 100 try { 101 server = new TestHttpServer (new B4759514(), 1, 10, 0); 102 System.out.println ("Server: listening on port: " + server.getLocalPort()); 103 client ("http://localhost:"+server.getLocalPort()+"/d1/foo.html"); 104 } catch (Exception e) { 105 if (server != null) { 106 server.terminate(); 107 } 108 throw e; 109 } 110 int f = auth.getCount(); 111 if (f != 1) { 112 except ("Authenticator was called "+f+" times. Should be 1"); 113 } 114 server.terminate(); 115 } 116 117 public static void except (String s) { 118 server.terminate(); 119 throw new RuntimeException (s); 120 } 121 122 static class MyAuthenticator extends Authenticator { 123 MyAuthenticator () { 124 super (); 125 } 126 127 int count = 0; 128 129 public PasswordAuthentication getPasswordAuthentication () { 130 PasswordAuthentication pw; 131 pw = new PasswordAuthentication ("user", "pass1".toCharArray()); 132 count ++; 133 return pw; 134 } 135 136 public int getCount () { 137 return (count); 138 } 139 } 140 }