/* * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. Oracle designates this * particular file as subject to the "Classpath" exception as provided * by Oracle in the LICENSE file that accompanied this code. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. */ package sun.net.www.protocol.http; import java.net.URL; import java.net.URI; import java.net.URISyntaxException; import java.net.PasswordAuthentication; import java.nio.ByteBuffer; import java.nio.CharBuffer; import java.nio.charset.Charset; import java.io.IOException; import java.io.OutputStream; import java.util.Arrays; import java.util.Base64; import java.util.Objects; import sun.net.www.HeaderParser; import static java.nio.charset.StandardCharsets.UTF_8; import static java.nio.charset.StandardCharsets.ISO_8859_1; /** * BasicAuthentication: Encapsulate an http server authentication using * the "basic" scheme. * * @author Bill Foote */ class BasicAuthentication extends AuthenticationInfo { @java.io.Serial private static final long serialVersionUID = 100L; /** The authentication string for this host, port, and realm. This is a simple BASE64 encoding of "login:password". */ final String auth; /** * Create a BasicAuthentication */ public BasicAuthentication(boolean isProxy, String host, int port, String realm, PasswordAuthentication pw, boolean isUTF8, String authenticatorKey) { super(isProxy ? PROXY_AUTHENTICATION : SERVER_AUTHENTICATION, AuthScheme.BASIC, host, port, realm, Objects.requireNonNull(authenticatorKey)); this.auth = authValueFrom(pw, isUTF8); this.pw = pw; } /** * Create a BasicAuthentication */ public BasicAuthentication(boolean isProxy, String host, int port, String realm, String auth, String authenticatorKey) { super(isProxy ? PROXY_AUTHENTICATION : SERVER_AUTHENTICATION, AuthScheme.BASIC, host, port, realm, Objects.requireNonNull(authenticatorKey)); this.auth = "Basic " + auth; } /** * Create a BasicAuthentication */ public BasicAuthentication(boolean isProxy, URL url, String realm, PasswordAuthentication pw, boolean isUTF8, String authenticatorKey) { super(isProxy ? PROXY_AUTHENTICATION : SERVER_AUTHENTICATION, AuthScheme.BASIC, url, realm, Objects.requireNonNull(authenticatorKey)); this.auth = authValueFrom(pw, isUTF8); this.pw = pw; } private static String authValueFrom(PasswordAuthentication pw, boolean isUTF8) { String plain = pw.getUserName() + ":"; char[] password = pw.getPassword(); CharBuffer cbuf = CharBuffer.allocate(plain.length() + password.length); cbuf.put(plain).put(password).flip(); Charset charset = isUTF8 ? UTF_8 : ISO_8859_1; ByteBuffer buf = charset.encode(cbuf); ByteBuffer enc = Base64.getEncoder().encode(buf); String ret = "Basic " + new String(enc.array(), enc.position(), enc.remaining(), ISO_8859_1); Arrays.fill(buf.array(), (byte) 0); Arrays.fill(enc.array(), (byte) 0); Arrays.fill(cbuf.array(), (char) 0); return ret; } /** * Create a BasicAuthentication */ public BasicAuthentication(boolean isProxy, URL url, String realm, String auth, String authenticatorKey) { super(isProxy ? PROXY_AUTHENTICATION : SERVER_AUTHENTICATION, AuthScheme.BASIC, url, realm, Objects.requireNonNull(authenticatorKey)); this.auth = "Basic " + auth; } /** * @return true if this authentication supports preemptive authorization */ @Override public boolean supportsPreemptiveAuthorization() { return true; } /** * Set header(s) on the given connection. This will only be called for * definitive (i.e. non-preemptive) authorization. * @param conn The connection to apply the header(s) to * @param p A source of header values for this connection, if needed. * @param raw The raw header values for this connection, if needed. * @return true if all goes well, false if no headers were set. */ @Override public boolean setHeaders(HttpURLConnection conn, HeaderParser p, String raw) { conn.setAuthenticationProperty(getHeaderName(), getHeaderValue(null,null)); return true; } /** * @return the value of the HTTP header this authentication wants set */ @Override public String getHeaderValue(URL url, String method) { /* For Basic the authorization string does not depend on the request URL * or the request method */ return auth; } /** * For Basic Authentication, the security parameters can never be stale. * In other words there is no possibility to reuse the credentials. * They are always either valid or invalid. */ @Override public boolean isAuthorizationStale (String header) { return false; } /** * @return the common root path between npath and path. * This is used to detect when we have an authentication for two * paths and the root of th authentication space is the common root. */ static String getRootPath(String npath, String opath) { int index = 0; int toindex; /* Must normalize so we don't get confused by ../ and ./ segments */ try { npath = new URI (npath).normalize().getPath(); opath = new URI (opath).normalize().getPath(); } catch (URISyntaxException e) { /* ignore error and use the old value */ } while (index < opath.length()) { toindex = opath.indexOf('/', index+1); if (toindex != -1 && opath.regionMatches(0, npath, 0, toindex+1)) index = toindex; else return opath.substring(0, index+1); } /*should not reach here. If we do simply return npath*/ return npath; } }