This is an automated email from the ASF dual-hosted git repository.
markt-asf pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new b915c094bd Remove unnecessary code now qop is required
b915c094bd is described below
commit b915c094bd3acbc57a536df9d4c1cbd9d23fdd30
Author: Mark Thomas <[email protected]>
AuthorDate: Wed Jun 24 16:43:24 2026 +0100
Remove unnecessary code now qop is required
---
java/org/apache/catalina/authenticator/DigestAuthenticator.java | 3 +--
java/org/apache/catalina/realm/RealmBase.java | 8 ++------
2 files changed, 3 insertions(+), 8 deletions(-)
diff --git a/java/org/apache/catalina/authenticator/DigestAuthenticator.java
b/java/org/apache/catalina/authenticator/DigestAuthenticator.java
index 09862de339..76b4056de3 100644
--- a/java/org/apache/catalina/authenticator/DigestAuthenticator.java
+++ b/java/org/apache/catalina/authenticator/DigestAuthenticator.java
@@ -670,8 +670,7 @@ public class DigestAuthenticator extends AuthenticatorBase {
* @return {@code true} if validation succeeded
*/
public boolean validate(Request request, List<AuthDigest> algorithms) {
- if ((userName == null) || (realmName == null) || (nonce == null)
|| (uri == null) || (response == null) ||
- qop == null) {
+ if ((userName == null) || (realmName == null) || (nonce == null)
|| (uri == null) || (response == null)) {
return false;
}
diff --git a/java/org/apache/catalina/realm/RealmBase.java
b/java/org/apache/catalina/realm/RealmBase.java
index 6314cba7e3..a4bfd41fe8 100644
--- a/java/org/apache/catalina/realm/RealmBase.java
+++ b/java/org/apache/catalina/realm/RealmBase.java
@@ -432,12 +432,8 @@ public abstract class RealmBase extends LifecycleMBeanBase
implements Realm {
return null;
}
digestA1 = digestA1.toLowerCase(Locale.ENGLISH);
- String serverDigestValue;
- if (qop == null) {
- serverDigestValue = digestA1 + ":" + nonce + ":" + digestA2;
- } else {
- serverDigestValue = digestA1 + ":" + nonce + ":" + nc + ":" +
cnonce + ":" + qop + ":" + digestA2;
- }
+ // No explicit test for qop == null since the digest will fail anyway
in that case
+ String serverDigestValue = digestA1 + ":" + nonce + ":" + nc + ":" +
cnonce + ":" + qop + ":" + digestA2;
byte[] valueBytes;
try {
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
