1 /*
2 * Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 /**
25 * @test
26 * @bug 4759514
27 * @modules java.base/sun.net.www
28 * @library ../../../sun/net/www/httptest/
29 * @build HttpCallback TestHttpServer ClosedChannelList HttpTransaction
30 * @run main B4759514
31 * @summary Digest Authentication is erroniously quoting the nc value, contrary to RFC 2617
32 */
33
34 import java.io.*;
35 import java.net.*;
36
37 public class B4759514 implements HttpCallback {
38
39 static int count = 0;
40 static String authstring;
41
42 void errorReply (HttpTransaction req, String reply) throws IOException {
43 req.addResponseHeader ("Connection", "close");
44 req.addResponseHeader ("WWW-Authenticate", reply);
45 req.sendResponse (401, "Unauthorized");
46 req.orderlyClose();
47 }
48
49 void okReply (HttpTransaction req) throws IOException {
50 req.setResponseEntityBody ("Hello .");
51 req.sendResponse (200, "Ok");
52 req.orderlyClose();
53 }
54
55 public void request (HttpTransaction req) {
56 try {
57 authstring = req.getRequestHeader ("Authorization");
58 switch (count) {
59 case 0:
60 errorReply (req, "Digest realm=\"wallyworld\", nonce=\"1234\", domain=\"/\"");
61 break;
62 case 1:
63 int n = authstring.indexOf ("nc=");
64 if (n != -1) {
65 if (authstring.charAt (n+3) == '\"') {
66 req.sendResponse (400, "Bad Request");
67 break;
68 }
69 }
70 okReply (req);
71 break;
72 }
73 count ++;
74 } catch (IOException e) {
75 e.printStackTrace();
76 }
77 }
78
79 static void read (InputStream is) throws IOException {
80 int c;
81 while ((c=is.read()) != -1) {
82 System.out.write (c);
83 }
84 }
85
86 static void client (String u) throws Exception {
87 URL url = new URL (u);
88 System.out.println ("client opening connection to: " + u);
89 URLConnection urlc = url.openConnection ();
90 InputStream is = urlc.getInputStream ();
91 read (is);
92 is.close();
93 }
94
95 static TestHttpServer server;
96
97 public static void main (String[] args) throws Exception {
98 MyAuthenticator auth = new MyAuthenticator ();
99 Authenticator.setDefault (auth);
100 try {
101 server = new TestHttpServer (new B4759514(), 1, 10, 0);
102 System.out.println ("Server: listening on port: " + server.getLocalPort());
103 client ("http://localhost:"+server.getLocalPort()+"/d1/foo.html");
104 } catch (Exception e) {
105 if (server != null) {
106 server.terminate();
107 }
108 throw e;
109 }
110 int f = auth.getCount();
111 if (f != 1) {
112 except ("Authenticator was called "+f+" times. Should be 1");
113 }
114 server.terminate();
115 }
116
117 public static void except (String s) {
118 server.terminate();
119 throw new RuntimeException (s);
120 }
121
122 static class MyAuthenticator extends Authenticator {
123 MyAuthenticator () {
124 super ();
125 }
126
127 int count = 0;
128
129 public PasswordAuthentication getPasswordAuthentication () {
130 PasswordAuthentication pw;
131 pw = new PasswordAuthentication ("user", "pass1".toCharArray());
132 count ++;
133 return pw;
134 }
135
136 public int getCount () {
137 return (count);
138 }
139 }
140 }