private static int skipWhiteSpace(byte[] buffer, int startPoint) { int i = startPoint; while (i < buffer.length && isWhiteSpace(buffer[i])) { i++; } return i; }
private byte[] getH_A1(final MessageDigest messageDigest, final String username, final String messageRealm) throws AuthenticationMechanismException { PasswordDigestObtainer obtainer = new PasswordDigestObtainer(callbackHandler, username, messageRealm, httpDigest, DigestPassword.ALGORITHM_DIGEST_MD5, messageDigest, providers, null, true, false); return obtainer.handleUserRealmPasswordCallbacks(); }
byte[] handleUserRealmPasswordCallbacks(String[] realms, boolean readOnlyRealmUsername, boolean skipRealmCallbacks) throws SaslException { try { PasswordDigestObtainer obtainer = new PasswordDigestObtainer(getCallbackHandler(), username, realm, saslDigest, passwordAlgorithm(getMechanismName()), messageDigest, providers, realms, readOnlyRealmUsername, skipRealmCallbacks); byte[] digest = obtainer.handleUserRealmPasswordCallbacks(); username = obtainer.getUsername(); realm = obtainer.getRealm(); return digest; } catch (AuthenticationMechanismException e) { throw e.toSaslException(); } }
public byte[] handleUserRealmPasswordCallbacks() throws AuthenticationMechanismException { realmChoiceCallBack = skipRealmCallbacks || realms == null || realms.length <= 1 ? null : new RealmChoiceCallback("User realm: ", realms, 0, false); realmCallback = skipRealmCallbacks ? null : realm != null ? new RealmCallback("User realm: ", realm) : new RealmCallback("User realm: "); nameCallback = username != null && ! username.isEmpty() ? new NameCallback("User name: ", username) : new NameCallback("User name: "); byte[] digest = getPredigestedSaltedPassword(); if (digest != null) return digest; digest = getSaltedPasswordFromTwoWay(); if (digest != null) return digest; digest = getSaltedPasswordFromPasswordCallback(); if (digest != null) return digest; throw log.mechCallbackHandlerDoesNotSupportCredentialAcquisition(null); }
int i = skipWhiteSpace(challenge, 0); i = skipWhiteSpace(challenge, i + 1); else if (isWhiteSpace(b)) { i = skipWhiteSpace(challenge, i + 1); else if (isWhiteSpace(b) || b == ',') { realmNumber = addToParsedChallenge(response, key, value, realmNumber); key = new StringBuilder(); value = new ByteStringBuilder(); i = skipWhiteSpace(challenge, i); if (i < challenge.length && challenge[i] == ',') { expectSeparator = false; addToParsedChallenge(response, key, value, realmNumber);
private void prepareResponse(String realmName, HttpServerResponse response, boolean stale) throws HttpAuthenticationException { StringBuilder sb = new StringBuilder(CHALLENGE_PREFIX); sb.append(REALM).append("=\"").append(DigestQuote.quote(realmName)).append("\""); if (domain != null) { sb.append(", ").append(DOMAIN).append("=\"").append(domain).append("\""); } sb.append(", ").append(NONCE).append("=\"").append(nonceManager.generateNonce(realmName.getBytes(StandardCharsets.UTF_8))).append("\""); sb.append(", ").append(OPAQUE).append("=\"").append(OPAQUE_VALUE).append("\""); if (stale) { sb.append(", ").append(STALE).append("=true"); } sb.append(", ").append(ALGORITHM).append("=").append(algorithm); sb.append(", ").append(QOP).append("=").append(AUTH); response.addResponseHeader(WWW_AUTHENTICATE, sb.toString()); response.setStatusCode(UNAUTHORIZED); }
@Override public void evaluateRequest(final HttpServerRequest request) throws HttpAuthenticationException { List<String> authorizationValues = request.getRequestHeaderValues(AUTHORIZATION); if (authorizationValues != null) { for (String current : authorizationValues) { if (current.startsWith(CHALLENGE_PREFIX)) { byte[] rawHeader = current.substring(CHALLENGE_PREFIX.length()).getBytes(UTF_8); try { HashMap<String, byte[]> responseTokens = parseResponse(rawHeader, UTF_8, false, httpDigest); validateResponse(responseTokens, request); return; } catch (AuthenticationMechanismException e) { httpDigest.trace("Failed to parse or validate the response", e); request.badRequest(e.toHttpAuthenticationException(), response -> prepareResponse(selectRealm(), response, false)); return; } } } } request.noAuthenticationInProgress(response -> prepareResponse(selectRealm(), response, false)); }
); if (password != null) { passwordChars = getTwoWayPasswordChars(password, passwordFactoryProviders, log); return userRealmPasswordDigest(messageDigest, username, realm, passwordChars);
@Override boolean verify(char[] guess) throws InvalidKeyException { try { byte[] guessDigest = userRealmPasswordDigest(getMessageDigest(algorithm), username, realm, guess); return Arrays.equals(digest, guessDigest); } catch (NoSuchAlgorithmException e) { throw log.invalidKeyNoSuchMessageDigestAlgorithm(algorithm); } }
/** * Creates new String quoted by SASL rules. * * @param inputStr String to be quoted * @return */ public static String quote(String inputStr) { int len = inputStr.length(); StringBuilder sb = new StringBuilder(len); for (int i = 0; i < len; i++) { char ch = inputStr.charAt(i); if (quoteNeeded(ch)) { sb.append(QUOTE).append(ch); } else { sb.append(ch); } } return sb.toString(); }
sb.append("realm=\"").append(DigestQuote.quote(realm)).append("\"").append(DELIMITER); nonce = generateNonce(); challenge.append("nonce=\""); challenge.append(DigestQuote.quote(nonce)); challenge.append("\"").append(DELIMITER); if(!first) challenge.append(DELIMITER); first = false; challenge.append(DigestQuote.quote(qop));
@Override protected byte[] evaluateMessage(int state, final byte[] message) throws SaslException { HashMap<String, byte[]> parsedChallenge; try { parsedChallenge = parseResponse(message, charset, true, saslDigest); } catch (AuthenticationMechanismException e) { throw e.toSaslException(); } while(true) { switch (state) { case STEP_TWO: noteChallengeData(parsedChallenge); setNegotiationState(STEP_FOUR); return createResponse(parsedChallenge); case STEP_FOUR: if (parsedChallenge.containsKey("nonce")) { saslDigest.trace("Server requested re-authentication"); state = STEP_TWO; continue; } checkResponseAuth(parsedChallenge); negotiationComplete(); return null; } throw Assert.impossibleSwitchCase(state); } } }
private static int skipWhiteSpace(byte[] buffer, int startPoint) { int i = startPoint; while (i < buffer.length && isWhiteSpace(buffer[i])) { i++; } return i; }
DigestPasswordImpl(final String algorithm, final char[] password, final DigestPasswordAlgorithmSpec spec) throws InvalidKeySpecException { this.algorithm = algorithm; this.username = spec.getUsername(); this.realm = spec.getRealm(); try { this.digest = userRealmPasswordDigest(getMessageDigest(algorithm), spec.getUsername(), spec.getRealm(), password); } catch (NoSuchAlgorithmException e) { throw log.invalidKeySpecNoSuchMessageDigestAlgorithm(algorithm); } }
public static byte[] quote(byte[] input) { ByteStringBuilder bsb = new ByteStringBuilder(); for (int i = 0; i < input.length; i++) { if (quoteNeeded((char)input[i])) { bsb.append(QUOTE); bsb.append(input, i, 1); } else { bsb.append(input, i, 1); } } return bsb.toArray(); }
digestResponse.append(DigestQuote.quote(username).getBytes(serverHashedURPUsingcharset)); digestResponse.append("\"").append(DELIMITER); digestResponse.append(DigestQuote.quote(realm).getBytes(serverHashedURPUsingcharset)); digestResponse.append("\"").append(DELIMITER); digestResponse.append(DELIMITER); digestResponse.append("authzid=\""); digestResponse.append(DigestQuote.quote(authorizationId).getBytes(serverHashedURPUsingcharset)); digestResponse.append("\"");
@Override protected byte[] evaluateMessage(int state, final byte[] message) throws SaslException { switch (state) { case STEP_ONE: if (message != null && message.length != 0) { throw saslDigest.mechInitialChallengeMustBeEmpty().toSaslException(); } setNegotiationState(STEP_THREE); return generateChallenge(); case STEP_THREE: if (message == null || message.length == 0) { throw saslDigest.mechClientRefusesToInitiateAuthentication().toSaslException(); } // parse digest response HashMap<String, byte[]> parsedDigestResponse; try { parsedDigestResponse = parseResponse(message, charset, false, saslDigest); } catch (AuthenticationMechanismException e) { throw e.toSaslException(); } noteDigestResponseData(parsedDigestResponse); // validate byte[] response = validateDigestResponse(parsedDigestResponse); negotiationComplete(); return response; } throw Assert.impossibleSwitchCase(state); }
private static int skipWhiteSpace(byte[] buffer, int startPoint) { int i = startPoint; while (i < buffer.length && isWhiteSpace(buffer[i])) { i++; } return i; }
throw log.mechNoPasswordGiven(); byte[] digest_urp = userRealmPasswordDigest(messageDigest, username, realm, passwordChars); Arrays.fill(passwordChars, (char) 0); return digest_urp;
private static int skipWhiteSpace(byte[] buffer, int startPoint) { int i = startPoint; while (i < buffer.length && isWhiteSpace(buffer[i])) { i++; } return i; }