oglueck     2003/11/24 00:48:25

  Modified:    httpclient/src/test/org/apache/commons/httpclient Tag:
                        HTTPCLIENT_2_0_BRANCH TestAuthenticator.java
               httpclient/src/java/org/apache/commons/httpclient/auth Tag:
                        HTTPCLIENT_2_0_BRANCH AuthChallengeParser.java
                        DigestScheme.java
  Log:
  The patch changes the behaviour to suppress out optional fields that are not
  present.
  DigestScheme now only accepts a challenge if all fields required by RFC 2617 are
  present. Otherwise an exception is thrown. Test cases have been updated
  accordingly. The test case also makes sure that there is no "null" string in the
  response.
  
  PR: 24869
  Reviewed by:  Oleg Kalnichevski
  
  Revision  Changes    Path
  No                   revision
  No                   revision
  1.25.2.5  +22 -23    
jakarta-commons/httpclient/src/test/org/apache/commons/httpclient/TestAuthenticator.java
  
  Index: TestAuthenticator.java
  ===================================================================
  RCS file: 
/home/cvs/jakarta-commons/httpclient/src/test/org/apache/commons/httpclient/TestAuthenticator.java,v
  retrieving revision 1.25.2.4
  retrieving revision 1.25.2.5
  diff -u -r1.25.2.4 -r1.25.2.5
  --- TestAuthenticator.java    14 Nov 2003 02:26:16 -0000      1.25.2.4
  +++ TestAuthenticator.java    24 Nov 2003 08:48:25 -0000      1.25.2.5
  @@ -101,14 +101,17 @@
               String value = null;
               if(tokenizer.hasMoreTokens())
                   key = tokenizer.nextToken();
  -            if(tokenizer.hasMoreTokens())
  +            if(tokenizer.hasMoreTokens()) {
                   value = tokenizer.nextToken();
  +                assertFalse("Value of "+key+" was \"null\"", "null".equals(value));
  +            }
               if(key != null && value != null){
                   table.put(key.trim(),value.trim());
               }
           }
           String response = (String) table.get("response");
           table.put( "methodname", methodName );
  +        //System.out.println(auth);
           String digest = 
DigestScheme.createDigest(cred.getUserName(),cred.getPassword(), table);
           assertEquals(response, digest);
       }
  @@ -279,7 +282,7 @@
       // --------------------------------- Test Methods for DigestScheme 
Authentication
   
       public void testDigestAuthenticationWithNoCreds() {
  -        String challenge = "Digest realm=\"realm1\"";
  +        String challenge = "Digest realm=\"realm1\", nonce=\"ABC123\"";
           HttpState state = new HttpState();
           HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", 
challenge));
           try {
  @@ -293,32 +296,28 @@
   
       public void testDigestAuthenticationWithNoRealm() {
           String challenge = "Digest";
  -        HttpState state = new HttpState();
  -        HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", 
challenge));
           try {
               AuthScheme authscheme = new DigestScheme(challenge);
  -            HttpAuthenticator.authenticate(authscheme, method, null, state);
  +            authscheme.hashCode(); //quiet Eclipse compiler
               fail("Should have thrown HttpException");
  -        } catch(HttpException e) {
  +        } catch(MalformedChallengeException e) {
               // expected
           }
       }
   
       public void testDigestAuthenticationWithNoRealm2() {
           String challenge = "Digest ";
  -        HttpState state = new HttpState();
  -        HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", 
challenge));
           try {
               AuthScheme authscheme = new DigestScheme(challenge);
  -            HttpAuthenticator.authenticate(authscheme, method, null, state);
  +            authscheme.hashCode(); //quiet Eclipse compiler
               fail("Should have thrown HttpException");
  -        } catch(HttpException e) {
  +        } catch(MalformedChallengeException e) {
               // expected
           }
       }
   
       public void testDigestAuthenticationWithNullHttpState() throws Exception {
  -        String challenge = "Digest realm=\"realm1\"";
  +        String challenge = "Digest realm=\"realm1\", nonce=\"ABC123\"";
           HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", 
challenge));
           try {
               AuthScheme authscheme = new DigestScheme(challenge);
  @@ -330,7 +329,7 @@
       }
   
       public void testDigestAuthenticationCaseInsensitivity() throws Exception {
  -        String challenge = "dIgEsT ReAlM=\"realm1\"";
  +        String challenge = "dIgEsT ReAlM=\"realm1\", nONce=\"ABC123\"";
           HttpState state = new HttpState();
           UsernamePasswordCredentials cred = new 
UsernamePasswordCredentials("username","password");
           state.setCredentials(null, null, cred);
  @@ -342,7 +341,7 @@
   
   
       public void testDigestAuthenticationWithDefaultCreds() throws Exception {
  -        String challenge = "Digest realm=\"realm1\"";
  +        String challenge = "Digest realm=\"realm1\", nonce=\"ABC123\"";
           HttpState state = new HttpState();
           UsernamePasswordCredentials cred = new 
UsernamePasswordCredentials("username","password");
           state.setCredentials(null, null, cred);
  @@ -354,7 +353,7 @@
       }
   
       public void testDigestAuthentication() throws Exception {
  -        String challenge = "Digest realm=\"realm1\"";
  +        String challenge = "Digest realm=\"realm1\", nonce=\"ABC123\"";
           HttpState state = new HttpState();
           UsernamePasswordCredentials cred = new 
UsernamePasswordCredentials("username","password");
           state.setCredentials(null, null, cred);
  @@ -399,8 +398,8 @@
       }
   
       public void testDigestAuthenticationWithMultipleRealms() throws Exception {
  -        String challenge1 = "Digest realm=\"realm1\"";
  -        String challenge2 = "Digest realm=\"realm2\"";
  +        String challenge1 = "Digest realm=\"realm1\", nonce=\"ABC123\"";
  +        String challenge2 = "Digest realm=\"realm2\", nonce=\"ABC123\"";
           HttpState state = new HttpState();
           UsernamePasswordCredentials cred = new 
UsernamePasswordCredentials("username","password");
           state.setCredentials("realm1", null, cred);
  @@ -434,7 +433,7 @@
           String nonce="e273f1776275974f1a120d8b92c5b3cb";
   
           String challenge="Digest realm=\"" + realm + "\", "
  -            + nonce + "\"" + nonce + "\", "
  +            + "nonce=\"" + nonce + "\", "
               + "opaque=\"SomeString\", "
               + "stale=false, "
               + "algorithm=MD5-sess, "
  @@ -692,7 +691,7 @@
           conn.addResponse(
               "HTTP/1.1 401 Unauthorized\r\n" + 
               "WWW-Authenticate: Unsupported\r\n" +
  -            "WWW-Authenticate: Digest realm=\"Protected\"\r\n" +
  +            "WWW-Authenticate: Digest realm=\"Protected\", nonce=\"ABC123\"\r\n" +
               "WWW-Authenticate: Basic realm=\"Protected\"\r\n" +
               "Connection: close\r\n" +
               "Server: HttpClient Test/2.0\r\n"
  @@ -745,7 +744,7 @@
           conn.addResponse(
               "HTTP/1.1 407 Proxy Authentication Required\r\n" + 
               "Proxy-Authenticate: Basic realm=\"Protected\"\r\n" +
  -            "Proxy-Authenticate: Digest realm=\"Protected\"\r\n" +
  +            "Proxy-Authenticate: Digest realm=\"Protected\", nonce=\"ABC123\"\r\n" +
               "Proxy-Authenticate: Unsupported\r\n" +
               "Connection: close\r\n" +
               "Server: HttpClient Test/2.0\r\n"
  
  
  
  No                   revision
  No                   revision
  1.4.2.1   +4 -4      
jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/auth/AuthChallengeParser.java
  
  Index: AuthChallengeParser.java
  ===================================================================
  RCS file: 
/home/cvs/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/auth/AuthChallengeParser.java,v
  retrieving revision 1.4
  retrieving revision 1.4.2.1
  diff -u -r1.4 -r1.4.2.1
  --- AuthChallengeParser.java  6 Apr 2003 22:31:53 -0000       1.4
  +++ AuthChallengeParser.java  24 Nov 2003 08:48:25 -0000      1.4.2.1
  @@ -224,7 +224,7 @@
                        }
                   }
                   
  -                elements.put(name, value);
  +                elements.put(name.toLowerCase(), value);
                   parsingName = true;
                   gotIt = false;
               }
  
  
  
  1.4.2.5   +12 -5     
jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/auth/DigestScheme.java
  
  Index: DigestScheme.java
  ===================================================================
  RCS file: 
/home/cvs/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/auth/DigestScheme.java,v
  retrieving revision 1.4.2.4
  retrieving revision 1.4.2.5
  diff -u -r1.4.2.4 -r1.4.2.5
  --- DigestScheme.java 4 Oct 2003 02:31:25 -0000       1.4.2.4
  +++ DigestScheme.java 24 Nov 2003 08:48:25 -0000      1.4.2.5
  @@ -132,6 +132,12 @@
       public DigestScheme(final String challenge) 
         throws MalformedChallengeException {
           super(challenge);
  +        if (this.getParameter("realm") == null) {
  +            throw new MalformedChallengeException("realm missing");
  +        }
  +        if (this.getParameter("nonce") == null) {
  +            throw new MalformedChallengeException("nonce missing");
  +        }
           this.getParameters().put("nc", "00000001");
       }
   
  @@ -332,9 +338,10 @@
   
           sb.append("username=\"" + uname + "\"")
             .append(", realm=\"" + realm + "\"")
  -          .append(", nonce=\"" + nonce + "\"").append(", uri=\"" + uri + "\"")
  +          .append(", nonce=\"" + nonce + "\"")
  +          .append(", uri=\"" + uri + "\"")
             .append(((qop == null) ? "" : ", qop=\"" + qop + "\""))
  -          .append(", algorithm=\"" + algorithm + "\"")
  +          .append((algorithm == null) ? "" : ", algorithm=\"" + algorithm + "\"")
             .append(((qop == null) ? "" : ", nc=" + nc))
             .append(((qop == null) ? "" : ", cnonce=\"" + cnonce + "\""))
             .append(", response=\"" + response + "\"")
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to