rev 52979 : 8215281: Use String.isEmpty() when applicable in java.base
Reviewed-by: TBD

   1 /*
   2  * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package sun.net.www.protocol.http;
  27 
  28 import java.io.*;
  29 import java.net.URL;
  30 import java.net.ProtocolException;
  31 import java.net.PasswordAuthentication;
  32 import java.util.Arrays;
  33 import java.util.Random;
  34 
  35 import sun.net.www.HeaderParser;
  36 import sun.net.NetProperties;
  37 import java.security.MessageDigest;
  38 import java.security.NoSuchAlgorithmException;
  39 import java.security.PrivilegedAction;
  40 import java.security.AccessController;
  41 import java.util.Objects;
  42 import static sun.net.www.protocol.http.HttpURLConnection.HTTP_CONNECT;
  43 
  44 /**
  45  * DigestAuthentication: Encapsulate an http server authentication using
  46  * the "Digest" scheme, as described in RFC2069 and updated in RFC2617
  47  *
  48  * @author Bill Foote
  49  */
  50 
  51 class DigestAuthentication extends AuthenticationInfo {
  52 
  53     private static final long serialVersionUID = 100L;
  54 
  55     private String authMethod;
  56 
  57     private static final String compatPropName = "http.auth.digest." +
  58         "quoteParameters";
  59 
  60     // true if http.auth.digest.quoteParameters Net property is true
  61     private static final boolean delimCompatFlag;
  62 
  63     static {
  64         Boolean b = AccessController.doPrivileged(
  65             new PrivilegedAction<>() {
  66                 public Boolean run() {
  67                     return NetProperties.getBoolean(compatPropName);
  68                 }
  69             }
  70         );
  71         delimCompatFlag = (b == null) ? false : b.booleanValue();
  72     }
  73 
  74     // Authentication parameters defined in RFC2617.
  75     // One instance of these may be shared among several DigestAuthentication
  76     // instances as a result of a single authorization (for multiple domains)
  77 
  78     static class Parameters implements java.io.Serializable {
  79         private static final long serialVersionUID = -3584543755194526252L;
  80 
  81         private boolean serverQop; // server proposed qop=auth
  82         private String opaque;
  83         private String cnonce;
  84         private String nonce;
  85         private String algorithm;
  86         private int NCcount=0;
  87 
  88         // The H(A1) string used for MD5-sess
  89         private String  cachedHA1;
  90 
  91         // Force the HA1 value to be recalculated because the nonce has changed
  92         private boolean redoCachedHA1 = true;
  93 
  94         private static final int cnonceRepeat = 5;
  95 
  96         private static final int cnoncelen = 40; /* number of characters in cnonce */
  97 
  98         private static Random   random;
  99 
 100         static {
 101             random = new Random();
 102         }
 103 
 104         Parameters () {
 105             serverQop = false;
 106             opaque = null;
 107             algorithm = null;
 108             cachedHA1 = null;
 109             nonce = null;
 110             setNewCnonce();
 111         }
 112 
 113         boolean authQop () {
 114             return serverQop;
 115         }
 116         synchronized void incrementNC() {
 117             NCcount ++;
 118         }
 119         synchronized int getNCCount () {
 120             return NCcount;
 121         }
 122 
 123         int cnonce_count = 0;
 124 
 125         /* each call increments the counter */
 126         synchronized String getCnonce () {
 127             if (cnonce_count >= cnonceRepeat) {
 128                 setNewCnonce();
 129             }
 130             cnonce_count++;
 131             return cnonce;
 132         }
 133         synchronized void setNewCnonce () {
 134             byte bb[] = new byte [cnoncelen/2];
 135             char cc[] = new char [cnoncelen];
 136             random.nextBytes (bb);
 137             for (int  i=0; i<(cnoncelen/2); i++) {
 138                 int x = bb[i] + 128;
 139                 cc[i*2]= (char) ('A'+ x/16);
 140                 cc[i*2+1]= (char) ('A'+ x%16);
 141             }
 142             cnonce = new String (cc, 0, cnoncelen);
 143             cnonce_count = 0;
 144             redoCachedHA1 = true;
 145         }
 146 
 147         synchronized void setQop (String qop) {
 148             if (qop != null) {
 149                 String items[] = qop.split(",");
 150                 for (String item : items) {
 151                     if ("auth".equalsIgnoreCase(item.trim())) {
 152                         serverQop = true;
 153                         return;
 154                     }
 155                 }
 156             }
 157             serverQop = false;
 158         }
 159 
 160         synchronized String getOpaque () { return opaque;}
 161         synchronized void setOpaque (String s) { opaque=s;}
 162 
 163         synchronized String getNonce () { return nonce;}
 164 
 165         synchronized void setNonce (String s) {
 166             if (nonce == null || !s.equals(nonce)) {
 167                 nonce=s;
 168                 NCcount = 0;
 169                 redoCachedHA1 = true;
 170             }
 171         }
 172 
 173         synchronized String getCachedHA1 () {
 174             if (redoCachedHA1) {
 175                 return null;
 176             } else {
 177                 return cachedHA1;
 178             }
 179         }
 180 
 181         synchronized void setCachedHA1 (String s) {
 182             cachedHA1=s;
 183             redoCachedHA1=false;
 184         }
 185 
 186         synchronized String getAlgorithm () { return algorithm;}
 187         synchronized void setAlgorithm (String s) { algorithm=s;}
 188     }
 189 
 190     Parameters params;
 191 
 192     /**
 193      * Create a DigestAuthentication
 194      */
 195     public DigestAuthentication(boolean isProxy, URL url, String realm,
 196                                 String authMethod, PasswordAuthentication pw,
 197                                 Parameters params, String authenticatorKey) {
 198         super(isProxy ? PROXY_AUTHENTICATION : SERVER_AUTHENTICATION,
 199               AuthScheme.DIGEST,
 200               url,
 201               realm,
 202               Objects.requireNonNull(authenticatorKey));
 203         this.authMethod = authMethod;
 204         this.pw = pw;
 205         this.params = params;
 206     }
 207 
 208     public DigestAuthentication(boolean isProxy, String host, int port, String realm,
 209                                 String authMethod, PasswordAuthentication pw,
 210                                 Parameters params, String authenticatorKey) {
 211         super(isProxy ? PROXY_AUTHENTICATION : SERVER_AUTHENTICATION,
 212               AuthScheme.DIGEST,
 213               host,
 214               port,
 215               realm,
 216               Objects.requireNonNull(authenticatorKey));
 217         this.authMethod = authMethod;
 218         this.pw = pw;
 219         this.params = params;
 220     }
 221 
 222     /**
 223      * @return true if this authentication supports preemptive authorization
 224      */
 225     @Override
 226     public boolean supportsPreemptiveAuthorization() {
 227         return true;
 228     }
 229 
 230     /**
 231      * Recalculates the request-digest and returns it.
 232      *
 233      * <P> Used in the common case where the requestURI is simply the
 234      * abs_path.
 235      *
 236      * @param  url
 237      *         the URL
 238      *
 239      * @param  method
 240      *         the HTTP method
 241      *
 242      * @return the value of the HTTP header this authentication wants set
 243      */
 244     @Override
 245     public String getHeaderValue(URL url, String method) {
 246         return getHeaderValueImpl(url.getFile(), method);
 247     }
 248 
 249     /**
 250      * Recalculates the request-digest and returns it.
 251      *
 252      * <P> Used when the requestURI is not the abs_path. The exact
 253      * requestURI can be passed as a String.
 254      *
 255      * @param  requestURI
 256      *         the Request-URI from the HTTP request line
 257      *
 258      * @param  method
 259      *         the HTTP method
 260      *
 261      * @return the value of the HTTP header this authentication wants set
 262      */
 263     String getHeaderValue(String requestURI, String method) {
 264         return getHeaderValueImpl(requestURI, method);
 265     }
 266 
 267     /**
 268      * Check if the header indicates that the current auth. parameters are stale.
 269      * If so, then replace the relevant field with the new value
 270      * and return true. Otherwise return false.
 271      * returning true means the request can be retried with the same userid/password
 272      * returning false means we have to go back to the user to ask for a new
 273      * username password.
 274      */
 275     @Override
 276     public boolean isAuthorizationStale (String header) {
 277         HeaderParser p = new HeaderParser (header);
 278         String s = p.findValue ("stale");
 279         if (s == null || !s.equals("true"))
 280             return false;
 281         String newNonce = p.findValue ("nonce");
 282         if (newNonce == null || "".equals(newNonce)) {
 283             return false;
 284         }
 285         params.setNonce (newNonce);
 286         return true;
 287     }
 288 
 289     /**
 290      * Set header(s) on the given connection.
 291      * @param conn The connection to apply the header(s) to
 292      * @param p A source of header values for this connection, if needed.
 293      * @param raw Raw header values for this connection, if needed.
 294      * @return true if all goes well, false if no headers were set.
 295      */
 296     @Override
 297     public boolean setHeaders(HttpURLConnection conn, HeaderParser p, String raw) {
 298         params.setNonce (p.findValue("nonce"));
 299         params.setOpaque (p.findValue("opaque"));
 300         params.setQop (p.findValue("qop"));
 301 
 302         String uri="";
 303         String method;
 304         if (type == PROXY_AUTHENTICATION &&
 305                 conn.tunnelState() == HttpURLConnection.TunnelState.SETUP) {
 306             uri = HttpURLConnection.connectRequestURI(conn.getURL());
 307             method = HTTP_CONNECT;
 308         } else {
 309             try {
 310                 uri = conn.getRequestURI();
 311             } catch (IOException e) {}
 312             method = conn.getMethod();
 313         }
 314 
 315         if (params.nonce == null || authMethod == null || pw == null || realm == null) {
 316             return false;
 317         }
 318         if (authMethod.length() >= 1) {
 319             // Method seems to get converted to all lower case elsewhere.
 320             // It really does need to start with an upper case letter
 321             // here.
 322             authMethod = Character.toUpperCase(authMethod.charAt(0))
 323                         + authMethod.substring(1).toLowerCase();
 324         }
 325         String algorithm = p.findValue("algorithm");
 326         if (algorithm == null || "".equals(algorithm)) {
 327             algorithm = "MD5";  // The default, accoriding to rfc2069
 328         }
 329         params.setAlgorithm (algorithm);
 330 
 331         // If authQop is true, then the server is doing RFC2617 and
 332         // has offered qop=auth. We do not support any other modes
 333         // and if auth is not offered we fallback to the RFC2069 behavior
 334 
 335         if (params.authQop()) {
 336             params.setNewCnonce();
 337         }
 338 
 339         String value = getHeaderValueImpl (uri, method);
 340         if (value != null) {
 341             conn.setAuthenticationProperty(getHeaderName(), value);
 342             return true;
 343         } else {
 344             return false;
 345         }
 346     }
 347 
 348     /* Calculate the Authorization header field given the request URI
 349      * and based on the authorization information in params
 350      */
 351     private String getHeaderValueImpl (String uri, String method) {
 352         String response;
 353         char[] passwd = pw.getPassword();
 354         boolean qop = params.authQop();
 355         String opaque = params.getOpaque();
 356         String cnonce = params.getCnonce ();
 357         String nonce = params.getNonce ();
 358         String algorithm = params.getAlgorithm ();
 359         params.incrementNC ();
 360         int  nccount = params.getNCCount ();
 361         String ncstring=null;
 362 
 363         if (nccount != -1) {
 364             ncstring = Integer.toHexString (nccount).toLowerCase();
 365             int len = ncstring.length();
 366             if (len < 8)
 367                 ncstring = zeroPad [len] + ncstring;
 368         }
 369 
 370         try {
 371             response = computeDigest(true, pw.getUserName(),passwd,realm,
 372                                         method, uri, nonce, cnonce, ncstring);
 373         } catch (NoSuchAlgorithmException ex) {
 374             return null;
 375         }
 376 
 377         String ncfield = "\"";
 378         if (qop) {
 379             ncfield = "\", nc=" + ncstring;
 380         }
 381 
 382         String algoS, qopS;
 383 
 384         if (delimCompatFlag) {
 385             // Put quotes around these String value parameters
 386             algoS = ", algorithm=\"" + algorithm + "\"";
 387             qopS = ", qop=\"auth\"";
 388         } else {
 389             // Don't put quotes around them, per the RFC
 390             algoS = ", algorithm=" + algorithm;
 391             qopS = ", qop=auth";
 392         }
 393 
 394         String value = authMethod
 395                         + " username=\"" + pw.getUserName()
 396                         + "\", realm=\"" + realm
 397                         + "\", nonce=\"" + nonce
 398                         + ncfield
 399                         + ", uri=\"" + uri
 400                         + "\", response=\"" + response + "\""
 401                         + algoS;
 402         if (opaque != null) {
 403             value += ", opaque=\"" + opaque + "\"";
 404         }
 405         if (cnonce != null) {
 406             value += ", cnonce=\"" + cnonce + "\"";
 407         }
 408         if (qop) {
 409             value += qopS;
 410         }
 411         return value;
 412     }
 413 
 414     public void checkResponse (String header, String method, URL url)
 415                                                         throws IOException {
 416         checkResponse (header, method, url.getFile());
 417     }
 418 
 419     public void checkResponse (String header, String method, String uri)
 420                                                         throws IOException {
 421         char[] passwd = pw.getPassword();
 422         String username = pw.getUserName();
 423         boolean qop = params.authQop();
 424         String opaque = params.getOpaque();
 425         String cnonce = params.cnonce;
 426         String nonce = params.getNonce ();
 427         String algorithm = params.getAlgorithm ();
 428         int  nccount = params.getNCCount ();
 429         String ncstring=null;
 430 
 431         if (header == null) {
 432             throw new ProtocolException ("No authentication information in response");
 433         }
 434 
 435         if (nccount != -1) {
 436             ncstring = Integer.toHexString (nccount).toUpperCase();
 437             int len = ncstring.length();
 438             if (len < 8)
 439                 ncstring = zeroPad [len] + ncstring;
 440         }
 441         try {
 442             String expected = computeDigest(false, username,passwd,realm,
 443                                         method, uri, nonce, cnonce, ncstring);
 444             HeaderParser p = new HeaderParser (header);
 445             String rspauth = p.findValue ("rspauth");
 446             if (rspauth == null) {
 447                 throw new ProtocolException ("No digest in response");
 448             }
 449             if (!rspauth.equals (expected)) {
 450                 throw new ProtocolException ("Response digest invalid");
 451             }
 452             /* Check if there is a nextnonce field */
 453             String nextnonce = p.findValue ("nextnonce");
 454             if (nextnonce != null && ! "".equals(nextnonce)) {
 455                 params.setNonce (nextnonce);
 456             }
 457 
 458         } catch (NoSuchAlgorithmException ex) {
 459             throw new ProtocolException ("Unsupported algorithm in response");
 460         }
 461     }
 462 
 463     private String computeDigest(
 464                         boolean isRequest, String userName, char[] password,
 465                         String realm, String connMethod,
 466                         String requestURI, String nonceString,
 467                         String cnonce, String ncValue
 468                     ) throws NoSuchAlgorithmException
 469     {
 470 
 471         String A1, HashA1;
 472         String algorithm = params.getAlgorithm ();
 473         boolean md5sess = algorithm.equalsIgnoreCase ("MD5-sess");
 474 
 475         MessageDigest md = MessageDigest.getInstance(md5sess?"MD5":algorithm);
 476 
 477         if (md5sess) {
 478             if ((HashA1 = params.getCachedHA1 ()) == null) {
 479                 String s = userName + ":" + realm + ":";
 480                 String s1 = encode (s, password, md);
 481                 A1 = s1 + ":" + nonceString + ":" + cnonce;
 482                 HashA1 = encode(A1, null, md);
 483                 params.setCachedHA1 (HashA1);
 484             }
 485         } else {
 486             A1 = userName + ":" + realm + ":";
 487             HashA1 = encode(A1, password, md);
 488         }
 489 
 490         String A2;
 491         if (isRequest) {
 492             A2 = connMethod + ":" + requestURI;
 493         } else {
 494             A2 = ":" + requestURI;
 495         }
 496         String HashA2 = encode(A2, null, md);
 497         String combo, finalHash;
 498 
 499         if (params.authQop()) { /* RRC2617 when qop=auth */
 500             combo = HashA1+ ":" + nonceString + ":" + ncValue + ":" +
 501                         cnonce + ":auth:" +HashA2;
 502 
 503         } else { /* for compatibility with RFC2069 */
 504             combo = HashA1 + ":" +
 505                        nonceString + ":" +
 506                        HashA2;
 507         }
 508         finalHash = encode(combo, null, md);
 509         return finalHash;
 510     }
 511 
 512     private static final char charArray[] = {
 513         '0', '1', '2', '3', '4', '5', '6', '7',
 514         '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'
 515     };
 516 
 517     private static final String zeroPad[] = {
 518         // 0         1          2         3        4       5      6     7
 519         "00000000", "0000000", "000000", "00000", "0000", "000", "00", "0"
 520     };
 521 
 522     private String encode(String src, char[] passwd, MessageDigest md) {
 523         try {
 524             md.update(src.getBytes("ISO-8859-1"));
 525         } catch (java.io.UnsupportedEncodingException uee) {
 526             assert false;
 527         }
 528         if (passwd != null) {
 529             byte[] passwdBytes = new byte[passwd.length];
 530             for (int i=0; i<passwd.length; i++)
 531                 passwdBytes[i] = (byte)passwd[i];
 532             md.update(passwdBytes);
 533             Arrays.fill(passwdBytes, (byte)0x00);
 534         }
 535         byte[] digest = md.digest();
 536 
 537         StringBuilder res = new StringBuilder(digest.length * 2);
 538         for (int i = 0; i < digest.length; i++) {
 539             int hashchar = ((digest[i] >>> 4) & 0xf);
 540             res.append(charArray[hashchar]);
 541             hashchar = (digest[i] & 0xf);
 542             res.append(charArray[hashchar]);
 543         }
 544         return res.toString();
 545     }
 546 }
--- EOF ---