Hmm, something strange with my mail. I'm attaching them again and pasting the body just in case :-)
--- jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/DigestAuthenticator.java.new 2003-03-21 15:01:54.000000000 +0200 +++ jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/DigestAuthenticator.java 2003-03-21 14:34:36.000000000 +0200 @@ -313,14 +313,8 @@ nc = currentTokenValue; if ("cnonce".equals(currentTokenName)) cnonce = removeQuotes(currentTokenValue); - if ("qop".equals(currentTokenName)) { - // in some cases qop has quotes, and in some not. We'll support both - if (currentTokenValue.startsWith("\"") && currentTokenValue.endsWith("\"")) { - qop = removeQuotes(currentTokenValue); - } else { - qop = currentTokenValue; - } - } + if ("qop".equals(currentTokenName)) + qop = removeQuotes(currentTokenValue); if ("uri".equals(currentTokenName)) uri = removeQuotes(currentTokenValue); if ("response".equals(currentTokenName)) @@ -331,11 +325,6 @@ || (uri == null) || (response == null) ) return null; - // if qop is present cnonce and nc MUST appear too - if (qop != null && (cnonce == null || nc == null)) - return null; - - // Second MD5 digest used to calculate the digest : // MD5(Method + ":" + uri) String a2 = method + ":" + uri; --- jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/RealmBase.java 2003-03-21 14:37:09.000000000 +0200 +++ jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/RealmBase.java.new 2003-03-21 15:09:53.000000000 +0200 @@ -336,7 +336,7 @@ /** * Return the Principal associated with the specified username, which * matches the digest calculated using the given parameters using the - * method described in RFC 2069; otherwise return <code>null</code>. + * method described in RFC 2617; otherwise return <code>null</code>. * * @param username Username of the Principal to look up * @param clientDigest Digest which has been submitted by the client @@ -369,8 +369,14 @@ String md5a1 = getDigest(username, realm); if (md5a1 == null) return null; - String serverDigestValue = md5a1 + ":" + nOnce + ":" + nc + ":" - + cnonce + ":" + qop + ":" + md5a2; + String serverDigestValue = ""; + + if (!"auth".equals(qop)) + serverDigestValue = md5a1 + ":" + nOnce + ":" + md5a2; + else + serverDigestValue = md5a1 + ":" + nOnce + ":" + nc + ":" + + cnonce + ":" + qop + ":" + md5a2; + String serverDigest = md5Encoder.encode(md5Helper.digest(serverDigestValue.getBytes())); //System.out.println("Server digest : " + serverDigest); @@ -479,7 +485,7 @@ /** - * Get the lifecycle listeners associated with this lifecycle. If this + * Get the lifecycle listeners associated with this lifecycle. If this * Lifecycle has no listeners registered, a zero-length array is returned. */ public LifecycleListener[] findLifecycleListeners() { -----Original Message----- From: ext Remy Maucherat [mailto:[EMAIL PROTECTED] Sent: 21 March, 2003 16:05 To: Tomcat Developers List Subject: Re: [PATCH] Digest Authentication [EMAIL PROTECTED] wrote: > Hi > > Here I attach a patch for DigestAuthentication.java and RealmBase.java that should > fix the problems with DIGEST authentication. With this I made it work with Mozilla > 1.3, IE 5.0, Opera 7 and my own simple client > > I don't have cvs access so I made the patches against a CVS image I downloaded today > via web, so I hope the patch format is ok > > This should fix the bug 9851 The attchement didn't make it, it seems. Remy --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--- jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/DigestAuthenticator.java.new 2003-03-21 15:01:54.000000000 +0200 +++ jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/DigestAuthenticator.java 2003-03-21 14:34:36.000000000 +0200 @@ -313,14 +313,8 @@ nc = currentTokenValue; if ("cnonce".equals(currentTokenName)) cnonce = removeQuotes(currentTokenValue); - if ("qop".equals(currentTokenName)) { - // in some cases qop has quotes, and in some not. We'll support both - if (currentTokenValue.startsWith("\"") && currentTokenValue.endsWith("\"")) { - qop = removeQuotes(currentTokenValue); - } else { - qop = currentTokenValue; - } - } + if ("qop".equals(currentTokenName)) + qop = removeQuotes(currentTokenValue); if ("uri".equals(currentTokenName)) uri = removeQuotes(currentTokenValue); if ("response".equals(currentTokenName)) @@ -331,11 +325,6 @@ || (uri == null) || (response == null) ) return null; - // if qop is present cnonce and nc MUST appear too - if (qop != null && (cnonce == null || nc == null)) - return null; - - // Second MD5 digest used to calculate the digest : // MD5(Method + ":" + uri) String a2 = method + ":" + uri;
--- jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/RealmBase.java 2003-03-21 14:37:09.000000000 +0200 +++ jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/RealmBase.java.new 2003-03-21 15:09:53.000000000 +0200 @@ -336,7 +336,7 @@ /** * Return the Principal associated with the specified username, which * matches the digest calculated using the given parameters using the - * method described in RFC 2069; otherwise return <code>null</code>. + * method described in RFC 2617; otherwise return <code>null</code>. * * @param username Username of the Principal to look up * @param clientDigest Digest which has been submitted by the client @@ -369,8 +369,14 @@ String md5a1 = getDigest(username, realm); if (md5a1 == null) return null; - String serverDigestValue = md5a1 + ":" + nOnce + ":" + nc + ":" - + cnonce + ":" + qop + ":" + md5a2; + String serverDigestValue = ""; + + if (!"auth".equals(qop)) + serverDigestValue = md5a1 + ":" + nOnce + ":" + md5a2; + else + serverDigestValue = md5a1 + ":" + nOnce + ":" + nc + ":" + + cnonce + ":" + qop + ":" + md5a2; + String serverDigest = md5Encoder.encode(md5Helper.digest(serverDigestValue.getBytes())); //System.out.println("Server digest : " + serverDigest); @@ -479,7 +485,7 @@ /** - * Get the lifecycle listeners associated with this lifecycle. If this + * Get the lifecycle listeners associated with this lifecycle. If this * Lifecycle has no listeners registered, a zero-length array is returned. */ public LifecycleListener[] findLifecycleListeners() {
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]