RE: [PATCH] Digest Authentication

carlos.quiroz-castro Fri, 21 Mar 2003 06:08:40 -0800

Hmm, something strange with my mail. I'm attaching them again and pasting the body 
just in case :-)



--- 
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/DigestAuthenticator.java.new
        2003-03-21 15:01:54.000000000 +0200
+++ 
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/DigestAuthenticator.java
    2003-03-21 14:34:36.000000000 +0200
@@ -313,14 +313,8 @@
                 nc = currentTokenValue;
             if ("cnonce".equals(currentTokenName))
                 cnonce = removeQuotes(currentTokenValue);
-            if ("qop".equals(currentTokenName)) {
-                // in some cases qop has quotes, and in some not. We'll support both
-                if (currentTokenValue.startsWith("\"") && 
currentTokenValue.endsWith("\"")) {
-                  qop = removeQuotes(currentTokenValue);
-                } else {
-                  qop = currentTokenValue;
-                }
-            }
+            if ("qop".equals(currentTokenName))
+                qop = removeQuotes(currentTokenValue);
             if ("uri".equals(currentTokenName))
                 uri = removeQuotes(currentTokenValue);
             if ("response".equals(currentTokenName))
@@ -331,11 +325,6 @@
              || (uri == null) || (response == null) )
             return null;
 
-        // if qop is present cnonce and nc MUST appear too
-        if (qop != null && (cnonce == null || nc == null))
-            return null;
-
-
         // Second MD5 digest used to calculate the digest :
         // MD5(Method + ":" + uri)
         String a2 = method + ":" + uri;












--- jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/RealmBase.java     
 2003-03-21 14:37:09.000000000 +0200
+++ jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/RealmBase.java.new 
 2003-03-21 15:09:53.000000000 +0200
@@ -336,7 +336,7 @@
     /**
      * Return the Principal associated with the specified username, which
      * matches the digest calculated using the given parameters using the
-     * method described in RFC 2069; otherwise return <code>null</code>.
+     * method described in RFC 2617; otherwise return <code>null</code>.
      *
      * @param username Username of the Principal to look up
      * @param clientDigest Digest which has been submitted by the client
@@ -369,8 +369,14 @@
         String md5a1 = getDigest(username, realm);
         if (md5a1 == null)
             return null;
-        String serverDigestValue = md5a1 + ":" + nOnce + ":" + nc + ":"
-            + cnonce + ":" + qop + ":" + md5a2;
+        String serverDigestValue = "";
+
+        if (!"auth".equals(qop))
+            serverDigestValue = md5a1 + ":" + nOnce + ":" + md5a2;
+        else
+            serverDigestValue = md5a1 + ":" + nOnce + ":" + nc + ":"
+                + cnonce + ":" + qop + ":" + md5a2;
+
         String serverDigest =
             md5Encoder.encode(md5Helper.digest(serverDigestValue.getBytes()));
         //System.out.println("Server digest : " + serverDigest);
@@ -479,7 +485,7 @@
 
 
     /**
-     * Get the lifecycle listeners associated with this lifecycle. If this 
+     * Get the lifecycle listeners associated with this lifecycle. If this
      * Lifecycle has no listeners registered, a zero-length array is returned.
      */
     public LifecycleListener[] findLifecycleListeners() {






-----Original Message-----
From: ext Remy Maucherat [mailto:[EMAIL PROTECTED]
Sent: 21 March, 2003 16:05
To: Tomcat Developers List
Subject: Re: [PATCH] Digest Authentication


[EMAIL PROTECTED] wrote:
> Hi
> 
> Here I attach a patch for DigestAuthentication.java and RealmBase.java that should 
> fix the problems with DIGEST authentication. With this I made it work with Mozilla 
> 1.3, IE 5.0, Opera 7 and my own simple client
> 
> I don't have cvs access so I made the patches against a CVS image I downloaded today 
> via web, so I hope the patch format is ok
> 
> This should fix the bug 9851

The attchement didn't make it, it seems.

Remy


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

--- 
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/DigestAuthenticator.java.new
        2003-03-21 15:01:54.000000000 +0200
+++ 
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/DigestAuthenticator.java
    2003-03-21 14:34:36.000000000 +0200
@@ -313,14 +313,8 @@
                 nc = currentTokenValue;
             if ("cnonce".equals(currentTokenName))
                 cnonce = removeQuotes(currentTokenValue);
-            if ("qop".equals(currentTokenName)) {
-                // in some cases qop has quotes, and in some not. We'll support both
-                if (currentTokenValue.startsWith("\"") && 
currentTokenValue.endsWith("\"")) {
-                  qop = removeQuotes(currentTokenValue);
-                } else {
-                  qop = currentTokenValue;
-                }
-            }
+            if ("qop".equals(currentTokenName))
+                qop = removeQuotes(currentTokenValue);
             if ("uri".equals(currentTokenName))
                 uri = removeQuotes(currentTokenValue);
             if ("response".equals(currentTokenName))
@@ -331,11 +325,6 @@
              || (uri == null) || (response == null) )
             return null;
 
-        // if qop is present cnonce and nc MUST appear too
-        if (qop != null && (cnonce == null || nc == null))
-            return null;
-
-
         // Second MD5 digest used to calculate the digest :
         // MD5(Method + ":" + uri)
         String a2 = method + ":" + uri;

--- jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/RealmBase.java     
 2003-03-21 14:37:09.000000000 +0200
+++ jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/RealmBase.java.new 
 2003-03-21 15:09:53.000000000 +0200
@@ -336,7 +336,7 @@
     /**
      * Return the Principal associated with the specified username, which
      * matches the digest calculated using the given parameters using the
-     * method described in RFC 2069; otherwise return <code>null</code>.
+     * method described in RFC 2617; otherwise return <code>null</code>.
      *
      * @param username Username of the Principal to look up
      * @param clientDigest Digest which has been submitted by the client
@@ -369,8 +369,14 @@
         String md5a1 = getDigest(username, realm);
         if (md5a1 == null)
             return null;
-        String serverDigestValue = md5a1 + ":" + nOnce + ":" + nc + ":"
-            + cnonce + ":" + qop + ":" + md5a2;
+        String serverDigestValue = "";
+
+        if (!"auth".equals(qop))
+            serverDigestValue = md5a1 + ":" + nOnce + ":" + md5a2;
+        else
+            serverDigestValue = md5a1 + ":" + nOnce + ":" + nc + ":"
+                + cnonce + ":" + qop + ":" + md5a2;
+
         String serverDigest =
             md5Encoder.encode(md5Helper.digest(serverDigestValue.getBytes()));
         //System.out.println("Server digest : " + serverDigest);
@@ -479,7 +485,7 @@
 
 
     /**
-     * Get the lifecycle listeners associated with this lifecycle. If this 
+     * Get the lifecycle listeners associated with this lifecycle. If this
      * Lifecycle has no listeners registered, a zero-length array is returned.
      */
     public LifecycleListener[] findLifecycleListeners() {

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [PATCH] Digest Authentication

Reply via email to