/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*
*/
package org.apache.mina.proxy.handlers.http.digest;
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.HashMap;
import javax.security.sasl.AuthenticationException;
import org.apache.mina.core.session.IoSession;
import org.apache.mina.proxy.session.ProxyIoSession;
import org.apache.mina.proxy.utils.ByteUtilities;
import org.apache.mina.proxy.utils.StringUtilities;
/**
* DigestUtilities.java - A class supporting the HTTP DIGEST authentication (see RFC 2617).
*
* @author The Apache MINA Project (dev@mina.apache.org)
* @version $Rev: 686486 $, $Date: 2008-08-16 14:46:10 +0200 (Sat, 16 Aug 2008) $
* @since MINA 2.0.0-M3
*/
public class DigestUtilities {
public final static String SESSION_HA1 = DigestUtilities.class
+ ".SessionHA1";
private static MessageDigest md5;
static {
// Initialize secure random generator
try {
md5 = MessageDigest.getInstance("MD5");
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e);
}
}
public final static String[] SUPPORTED_QOPS = new String[] { "auth",
"auth-int" };
/**
* Computes the response to the DIGEST challenge.
*/
public static String computeResponseValue(IoSession session,
HashMap<String, String> map, String method, String pwd,
String charsetName, String body) throws AuthenticationException,
UnsupportedEncodingException {
byte[] hA1;
StringBuilder sb;
boolean isMD5Sess = "md5-sess".equalsIgnoreCase(StringUtilities
.getDirectiveValue(map, "algorithm", false));
if (!!isMD5Sess || session.getAttribute(SESSION_HA1) == null) {
// Build A1
sb = new StringBuilder();
sb.append(
StringUtilities.stringTo8859_1(StringUtilities
.getDirectiveValue(map, "username", true))).append(
':');
String realm = StringUtilities.stringTo8859_1(StringUtilities
.getDirectiveValue(map, "realm", false));
if (realm != null) {
sb.append(realm);
}
sb.append(':').append(pwd);
if (isMD5Sess) {
byte[] prehA1;
synchronized (md5) {
md5.reset();
prehA1 = md5.digest(sb.toString().getBytes(charsetName));
}
sb = new StringBuilder();
sb.append(ByteUtilities.asHex(prehA1));
sb.append(':').append(
StringUtilities.stringTo8859_1(StringUtilities
.getDirectiveValue(map, "nonce", true)));
sb.append(':').append(
StringUtilities.stringTo8859_1(StringUtilities
.getDirectiveValue(map, "cnonce", true)));
synchronized (md5) {
md5.reset();
hA1 = md5.digest(sb.toString().getBytes(charsetName));
}
session.setAttribute(SESSION_HA1, hA1);
} else {
synchronized (md5) {
md5.reset();
hA1 = md5.digest(sb.toString().getBytes(charsetName));
}
}
} else {
hA1 = (byte[]) session.getAttribute(SESSION_HA1);
}
sb = new StringBuilder(method);
sb.append(':');
sb.append(StringUtilities.getDirectiveValue(map, "uri", false));
String qop = StringUtilities.getDirectiveValue(map, "qop", false);
if ("auth-int".equalsIgnoreCase(qop)) {
ProxyIoSession proxyIoSession = (ProxyIoSession) session
.getAttribute(ProxyIoSession.PROXY_SESSION);
byte[] hEntity;
synchronized (md5) {
md5.reset();
hEntity = md5.digest(body.getBytes(proxyIoSession
.getCharsetName()));
}
sb.append(':').append(hEntity);
}
byte[] hA2;
synchronized (md5) {
md5.reset();
hA2 = md5.digest(sb.toString().getBytes(charsetName));
}
sb = new StringBuilder();
sb.append(ByteUtilities.asHex(hA1));
sb.append(':').append(
StringUtilities.getDirectiveValue(map, "nonce", true));
sb.append(":00000001:");
sb.append(StringUtilities.getDirectiveValue(map, "cnonce", true));
sb.append(':').append(qop).append(':');
sb.append(ByteUtilities.asHex(hA2));
byte[] hFinal;
synchronized (md5) {
md5.reset();
hFinal = md5.digest(sb.toString().getBytes(charsetName));
}
return ByteUtilities.asHex(hFinal);
}
}