oglueck 2003/11/24 00:48:25 Modified: httpclient/src/test/org/apache/commons/httpclient Tag: HTTPCLIENT_2_0_BRANCH TestAuthenticator.java httpclient/src/java/org/apache/commons/httpclient/auth Tag: HTTPCLIENT_2_0_BRANCH AuthChallengeParser.java DigestScheme.java Log: The patch changes the behaviour to suppress out optional fields that are not present. DigestScheme now only accepts a challenge if all fields required by RFC 2617 are present. Otherwise an exception is thrown. Test cases have been updated accordingly. The test case also makes sure that there is no "null" string in the response. PR: 24869 Reviewed by: Oleg Kalnichevski Revision Changes Path No revision No revision 1.25.2.5 +22 -23 jakarta-commons/httpclient/src/test/org/apache/commons/httpclient/TestAuthenticator.java Index: TestAuthenticator.java =================================================================== RCS file: /home/cvs/jakarta-commons/httpclient/src/test/org/apache/commons/httpclient/TestAuthenticator.java,v retrieving revision 1.25.2.4 retrieving revision 1.25.2.5 diff -u -r1.25.2.4 -r1.25.2.5 --- TestAuthenticator.java 14 Nov 2003 02:26:16 -0000 1.25.2.4 +++ TestAuthenticator.java 24 Nov 2003 08:48:25 -0000 1.25.2.5 @@ -101,14 +101,17 @@ String value = null; if(tokenizer.hasMoreTokens()) key = tokenizer.nextToken(); - if(tokenizer.hasMoreTokens()) + if(tokenizer.hasMoreTokens()) { value = tokenizer.nextToken(); + assertFalse("Value of "+key+" was \"null\"", "null".equals(value)); + } if(key != null && value != null){ table.put(key.trim(),value.trim()); } } String response = (String) table.get("response"); table.put( "methodname", methodName ); + //System.out.println(auth); String digest = DigestScheme.createDigest(cred.getUserName(),cred.getPassword(), table); assertEquals(response, digest); } @@ -279,7 +282,7 @@ // --------------------------------- Test Methods for DigestScheme Authentication public void testDigestAuthenticationWithNoCreds() { - String challenge = "Digest realm=\"realm1\""; + String challenge = "Digest realm=\"realm1\", nonce=\"ABC123\""; HttpState state = new HttpState(); HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge)); try { @@ -293,32 +296,28 @@ public void testDigestAuthenticationWithNoRealm() { String challenge = "Digest"; - HttpState state = new HttpState(); - HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge)); try { AuthScheme authscheme = new DigestScheme(challenge); - HttpAuthenticator.authenticate(authscheme, method, null, state); + authscheme.hashCode(); //quiet Eclipse compiler fail("Should have thrown HttpException"); - } catch(HttpException e) { + } catch(MalformedChallengeException e) { // expected } } public void testDigestAuthenticationWithNoRealm2() { String challenge = "Digest "; - HttpState state = new HttpState(); - HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge)); try { AuthScheme authscheme = new DigestScheme(challenge); - HttpAuthenticator.authenticate(authscheme, method, null, state); + authscheme.hashCode(); //quiet Eclipse compiler fail("Should have thrown HttpException"); - } catch(HttpException e) { + } catch(MalformedChallengeException e) { // expected } } public void testDigestAuthenticationWithNullHttpState() throws Exception { - String challenge = "Digest realm=\"realm1\""; + String challenge = "Digest realm=\"realm1\", nonce=\"ABC123\""; HttpMethod method = new SimpleHttpMethod(new Header("WWW-Authenticate", challenge)); try { AuthScheme authscheme = new DigestScheme(challenge); @@ -330,7 +329,7 @@ } public void testDigestAuthenticationCaseInsensitivity() throws Exception { - String challenge = "dIgEsT ReAlM=\"realm1\""; + String challenge = "dIgEsT ReAlM=\"realm1\", nONce=\"ABC123\""; HttpState state = new HttpState(); UsernamePasswordCredentials cred = new UsernamePasswordCredentials("username","password"); state.setCredentials(null, null, cred); @@ -342,7 +341,7 @@ public void testDigestAuthenticationWithDefaultCreds() throws Exception { - String challenge = "Digest realm=\"realm1\""; + String challenge = "Digest realm=\"realm1\", nonce=\"ABC123\""; HttpState state = new HttpState(); UsernamePasswordCredentials cred = new UsernamePasswordCredentials("username","password"); state.setCredentials(null, null, cred); @@ -354,7 +353,7 @@ } public void testDigestAuthentication() throws Exception { - String challenge = "Digest realm=\"realm1\""; + String challenge = "Digest realm=\"realm1\", nonce=\"ABC123\""; HttpState state = new HttpState(); UsernamePasswordCredentials cred = new UsernamePasswordCredentials("username","password"); state.setCredentials(null, null, cred); @@ -399,8 +398,8 @@ } public void testDigestAuthenticationWithMultipleRealms() throws Exception { - String challenge1 = "Digest realm=\"realm1\""; - String challenge2 = "Digest realm=\"realm2\""; + String challenge1 = "Digest realm=\"realm1\", nonce=\"ABC123\""; + String challenge2 = "Digest realm=\"realm2\", nonce=\"ABC123\""; HttpState state = new HttpState(); UsernamePasswordCredentials cred = new UsernamePasswordCredentials("username","password"); state.setCredentials("realm1", null, cred); @@ -434,7 +433,7 @@ String nonce="e273f1776275974f1a120d8b92c5b3cb"; String challenge="Digest realm=\"" + realm + "\", " - + nonce + "\"" + nonce + "\", " + + "nonce=\"" + nonce + "\", " + "opaque=\"SomeString\", " + "stale=false, " + "algorithm=MD5-sess, " @@ -692,7 +691,7 @@ conn.addResponse( "HTTP/1.1 401 Unauthorized\r\n" + "WWW-Authenticate: Unsupported\r\n" + - "WWW-Authenticate: Digest realm=\"Protected\"\r\n" + + "WWW-Authenticate: Digest realm=\"Protected\", nonce=\"ABC123\"\r\n" + "WWW-Authenticate: Basic realm=\"Protected\"\r\n" + "Connection: close\r\n" + "Server: HttpClient Test/2.0\r\n" @@ -745,7 +744,7 @@ conn.addResponse( "HTTP/1.1 407 Proxy Authentication Required\r\n" + "Proxy-Authenticate: Basic realm=\"Protected\"\r\n" + - "Proxy-Authenticate: Digest realm=\"Protected\"\r\n" + + "Proxy-Authenticate: Digest realm=\"Protected\", nonce=\"ABC123\"\r\n" + "Proxy-Authenticate: Unsupported\r\n" + "Connection: close\r\n" + "Server: HttpClient Test/2.0\r\n" No revision No revision 1.4.2.1 +4 -4 jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/auth/AuthChallengeParser.java Index: AuthChallengeParser.java =================================================================== RCS file: /home/cvs/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/auth/AuthChallengeParser.java,v retrieving revision 1.4 retrieving revision 1.4.2.1 diff -u -r1.4 -r1.4.2.1 --- AuthChallengeParser.java 6 Apr 2003 22:31:53 -0000 1.4 +++ AuthChallengeParser.java 24 Nov 2003 08:48:25 -0000 1.4.2.1 @@ -224,7 +224,7 @@ } } - elements.put(name, value); + elements.put(name.toLowerCase(), value); parsingName = true; gotIt = false; } 1.4.2.5 +12 -5 jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/auth/DigestScheme.java Index: DigestScheme.java =================================================================== RCS file: /home/cvs/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/auth/DigestScheme.java,v retrieving revision 1.4.2.4 retrieving revision 1.4.2.5 diff -u -r1.4.2.4 -r1.4.2.5 --- DigestScheme.java 4 Oct 2003 02:31:25 -0000 1.4.2.4 +++ DigestScheme.java 24 Nov 2003 08:48:25 -0000 1.4.2.5 @@ -132,6 +132,12 @@ public DigestScheme(final String challenge) throws MalformedChallengeException { super(challenge); + if (this.getParameter("realm") == null) { + throw new MalformedChallengeException("realm missing"); + } + if (this.getParameter("nonce") == null) { + throw new MalformedChallengeException("nonce missing"); + } this.getParameters().put("nc", "00000001"); } @@ -332,9 +338,10 @@ sb.append("username=\"" + uname + "\"") .append(", realm=\"" + realm + "\"") - .append(", nonce=\"" + nonce + "\"").append(", uri=\"" + uri + "\"") + .append(", nonce=\"" + nonce + "\"") + .append(", uri=\"" + uri + "\"") .append(((qop == null) ? "" : ", qop=\"" + qop + "\"")) - .append(", algorithm=\"" + algorithm + "\"") + .append((algorithm == null) ? "" : ", algorithm=\"" + algorithm + "\"") .append(((qop == null) ? "" : ", nc=" + nc)) .append(((qop == null) ? "" : ", cnonce=\"" + cnonce + "\"")) .append(", response=\"" + response + "\"")
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]