View Javadoc

1   /*
2    *  Licensed to the Apache Software Foundation (ASF) under one
3    *  or more contributor license agreements.  See the NOTICE file
4    *  distributed with this work for additional information
5    *  regarding copyright ownership.  The ASF licenses this file
6    *  to you under the Apache License, Version 2.0 (the
7    *  "License"); you may not use this file except in compliance
8    *  with the License.  You may obtain a copy of the License at
9    *
10   *    http://www.apache.org/licenses/LICENSE-2.0
11   *
12   *  Unless required by applicable law or agreed to in writing,
13   *  software distributed under the License is distributed on an
14   *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   *  KIND, either express or implied.  See the License for the
16   *  specific language governing permissions and limitations
17   *  under the License.
18   *
19   */
20  package org.apache.mina.proxy.handlers.http.digest;
21  
22  import java.io.UnsupportedEncodingException;
23  import java.security.MessageDigest;
24  import java.security.NoSuchAlgorithmException;
25  import java.util.HashMap;
26  
27  import javax.security.sasl.AuthenticationException;
28  
29  import org.apache.mina.core.session.IoSession;
30  import org.apache.mina.proxy.session.ProxyIoSession;
31  import org.apache.mina.proxy.utils.ByteUtilities;
32  import org.apache.mina.proxy.utils.StringUtilities;
33  
34  /**
35   * DigestUtilities.java - A class supporting the HTTP DIGEST authentication (see RFC 2617).
36   * 
37   * @author <a href="http://mina.apache.org">Apache MINA Project</a>
38   * @since MINA 2.0.0-M3
39   */
40  public class DigestUtilities {
41  
42      public final static String SESSION_HA1 = DigestUtilities.class
43              + ".SessionHA1";
44  
45      private static MessageDigest md5;
46  
47      static {
48          // Initialize secure random generator 
49          try {
50              md5 = MessageDigest.getInstance("MD5");
51          } catch (NoSuchAlgorithmException e) {
52              throw new RuntimeException(e);
53          }
54      }
55  
56      /**
57       * The supported qualities of protections.
58       */
59      public final static String[] SUPPORTED_QOPS = new String[] { "auth",
60              "auth-int" };
61  
62      /**
63       * Computes the response to the DIGEST challenge.
64       * 
65       * @param session the current session
66       * @param map the map holding the directives sent by the proxy
67       * @param method the HTTP verb
68       * @param pwd the password
69       * @param charsetName the name of the charset used for the challenge
70       * @param body the html body to be hashed for integrity calculations
71       */
72      public static String computeResponseValue(IoSession session,
73              HashMap<String, String> map, String method, String pwd,
74              String charsetName, String body) throws AuthenticationException,
75              UnsupportedEncodingException {
76  
77          byte[] hA1;
78          StringBuilder sb;
79          boolean isMD5Sess = "md5-sess".equalsIgnoreCase(StringUtilities
80                  .getDirectiveValue(map, "algorithm", false));
81  
82          if (!isMD5Sess || (session.getAttribute(SESSION_HA1) == null)) {
83              // Build A1
84              sb = new StringBuilder();
85              sb.append(
86                      StringUtilities.stringTo8859_1(StringUtilities
87                              .getDirectiveValue(map, "username", true))).append(
88                      ':');
89  
90              String realm = StringUtilities.stringTo8859_1(StringUtilities
91                      .getDirectiveValue(map, "realm", false));
92              if (realm != null) {
93                  sb.append(realm);
94              }
95  
96              sb.append(':').append(pwd);
97  
98              if (isMD5Sess) {
99                  byte[] prehA1;
100                 synchronized (md5) {
101                     md5.reset();
102                     prehA1 = md5.digest(sb.toString().getBytes(charsetName));
103                 }
104 
105                 sb = new StringBuilder();
106                 sb.append(ByteUtilities.asHex(prehA1));
107                 sb.append(':').append(
108                         StringUtilities.stringTo8859_1(StringUtilities
109                                 .getDirectiveValue(map, "nonce", true)));
110                 sb.append(':').append(
111                         StringUtilities.stringTo8859_1(StringUtilities
112                                 .getDirectiveValue(map, "cnonce", true)));
113 
114                 synchronized (md5) {
115                     md5.reset();
116                     hA1 = md5.digest(sb.toString().getBytes(charsetName));
117                 }
118 
119                 session.setAttribute(SESSION_HA1, hA1);
120             } else {
121                 synchronized (md5) {
122                     md5.reset();
123                     hA1 = md5.digest(sb.toString().getBytes(charsetName));
124                 }
125             }
126         } else {
127             hA1 = (byte[]) session.getAttribute(SESSION_HA1);
128         }
129 
130         sb = new StringBuilder(method);
131         sb.append(':');
132         sb.append(StringUtilities.getDirectiveValue(map, "uri", false));
133 
134         String qop = StringUtilities.getDirectiveValue(map, "qop", false);
135         if ("auth-int".equalsIgnoreCase(qop)) {
136             ProxyIoSession proxyIoSession = (ProxyIoSession) session
137                     .getAttribute(ProxyIoSession.PROXY_SESSION);
138             byte[] hEntity;
139 
140             synchronized (md5) {
141                 md5.reset();
142                 hEntity = md5.digest(body.getBytes(proxyIoSession
143                         .getCharsetName()));
144             }
145             sb.append(':').append(hEntity);
146         }
147 
148         byte[] hA2;
149         synchronized (md5) {
150             md5.reset();
151             hA2 = md5.digest(sb.toString().getBytes(charsetName));
152         }
153 
154         sb = new StringBuilder();
155         sb.append(ByteUtilities.asHex(hA1));
156         sb.append(':').append(
157                 StringUtilities.getDirectiveValue(map, "nonce", true));
158         sb.append(":00000001:");
159 
160         sb.append(StringUtilities.getDirectiveValue(map, "cnonce", true));
161         sb.append(':').append(qop).append(':');
162         sb.append(ByteUtilities.asHex(hA2));
163 
164         byte[] hFinal;
165         synchronized (md5) {
166             md5.reset();
167             hFinal = md5.digest(sb.toString().getBytes(charsetName));
168         }
169 
170         return ByteUtilities.asHex(hFinal);
171     }
172 }