public class DigestAuthHandler extends java.lang.Object implements Handler
Future enhancements
WWW-Authenticate: Digest realm="myrealm", qop="auth", [req'd for IE] nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", opaque="5ccc069c403ebaf9f0171e9517f40e41", [optional] domain="/foo" [optional]Sample client return header
Authorization: Digest username="name", realm="foo@bar", nonce="mynonce10", uri="/da.html", response="d58f3f9fa7554da651d3f1901d22ea04", qop=auth, nc=00000001, cnonce="b6ac242cb324c38a" response algorithm: A1 = md5(user:realm:pass) A2 = md5(method:uri) response=md5(A1:nonce:nonceCount:cnonce:qop:A2) - all MD5's are represented as hex: [0-9a-f] - all quotes (") are removed before digesting
Constructor and Description |
---|
DigestAuthHandler() |
Modifier and Type | Method and Description |
---|---|
static java.lang.String |
computeA1(java.lang.String user,
java.lang.String realm,
java.lang.String pass)
Compute the A1 parameter as per the RFC.
|
static java.lang.String |
computeA2(java.lang.String method,
java.lang.String uri)
Compute the A2 parameter as per the RFC.
|
static java.lang.String |
computeResponse(java.lang.String A1,
java.lang.String A2,
java.lang.String nonce,
java.lang.String nc,
java.lang.String cnonce,
java.lang.String qop)
Compute the expected client response attribute value.
|
static java.util.Properties |
extractAuth(java.lang.String header)
Parse an auth header, placing the results into a Properties object.
|
static java.lang.String |
genResponseHeader(java.lang.String request,
java.lang.String user,
java.lang.String pass,
java.lang.String method,
java.lang.String uri,
java.lang.String nc,
java.lang.String cnonce)
Given the "WWW-Authenticate" header value and additional client info,
generate the value of the "Authorization" header.
|
boolean |
init(Server server,
java.lang.String propsPrefix)
Initializes the handler.
|
static boolean |
isMd5Digest(java.lang.String s)
See if a string is a valid md5 digest.
|
static void |
main(java.lang.String[] args)
Convert a "plain text" password file into a digested one.
|
static java.lang.String |
md5Digest(java.lang.String s)
Compute the md5 digest of a string, returning the
digest as a hex string.
|
boolean |
respond(Request request)
Responds to an HTTP request.
|
static boolean |
responseOk(java.lang.String A1,
java.lang.String method,
java.util.Properties h)
Check the digest response string.
|
public boolean init(Server server, java.lang.String propsPrefix)
Handler
init
in interface Handler
server
- The HTTP server that created this Handler
.
Typical Handler
s will use Server.props
to obtain run-time configuration information.propsPrefix
- The handlers name.
The string this Handler
may prepend to all
of the keys that it uses to extract configuration information
from Server.props
. This is set (by the Server
and ChainHandler
) to help avoid configuration parameter
namespace collisions.true
if this Handler
initialized
successfully, false
otherwise. If
false
is returned, this Handler
should not be used.public boolean respond(Request request) throws java.io.IOException
Handler
respond
in interface Handler
request
- The Request
object that represents the HTTP
request.true
if the request was handled. A request was
handled if a response was supplied to the client, typically
by calling Request.sendResponse()
or
Request.sendError
.java.io.IOException
- if there was an I/O error while sending the response to
the client. Typically, in that case, the Server
will (try to) send an error message to the client and then
close the client's connection.
The IOException
should not be used to silently
ignore problems such as being unable to access some
server-side resource (for example getting a
FileNotFoundException
due to not being able
to open a file). In that case, the Handler
's
duty is to turn that IOException
into a
HTTP response indicating, in this case, that a file could
not be found.
public static boolean responseOk(java.lang.String A1, java.lang.String method, java.util.Properties h)
A1
- The "A1" hash from the RFCmethod
- The http request method.h
- Properties containing all the name=value options
from the http authentiation header field
(see extractAuth(String)
).public static java.lang.String computeA1(java.lang.String user, java.lang.String realm, java.lang.String pass)
public static java.lang.String computeA2(java.lang.String method, java.lang.String uri)
public static java.lang.String computeResponse(java.lang.String A1, java.lang.String A2, java.lang.String nonce, java.lang.String nc, java.lang.String cnonce, java.lang.String qop)
public static java.lang.String genResponseHeader(java.lang.String request, java.lang.String user, java.lang.String pass, java.lang.String method, java.lang.String uri, java.lang.String nc, java.lang.String cnonce)
request
- The string value of the "WWW-Authenticate" header from the serveruser
- The useridpass
- The password associated with this usermethod
- "GET", "POST", etc.uri
- The requested url (e.g. "/index.html")nc
- The "nonce count", or number of times the client has used
The "nonce" presented by the server (e.g. "0000001").cnonce
- An opaque value provided by the clientpublic static java.lang.String md5Digest(java.lang.String s)
public static boolean isMd5Digest(java.lang.String s)
public static java.util.Properties extractAuth(java.lang.String header)
public static void main(java.lang.String[] args) throws java.lang.Exception
Usage: DigestAuthHandler [realm]The stdin, in Properties format, is emitted on stdout with all plain-text passwords digested. If an entry is already digested, it is left alone.
Note, this handler will except either plaintext or digested passwords in the credentials file.
java.lang.Exception