org.apache.commons.httpclient.auth: public class: DigestScheme

org.apache.commons.httpclient.auth
public class: DigestScheme [javadoc | source]

java.lang.Object
   org.apache.commons.httpclient.auth.RFC2617Scheme
      org.apache.commons.httpclient.auth.DigestScheme

All Implemented Interfaces:
AuthScheme

Digest authentication scheme as defined in RFC 2617. Both MD5 (default) and MD5-sess are supported. Currently only qop=auth or no qop is supported. qop=auth-int is unsupported. If auth and auth-int are provided, auth is used.

Credential charset is configured via the credential charset parameter. Since the digest username is included as clear text in the generated Authentication header, the charset of the username must be compatible with the http element charset .

TODO: make class more stateful regarding repeated authentication requests

author: < - a href="mailto:remm@apache.org">Remy Maucherat

author: Rodney - Waldhoff

author: < - a href="mailto:jsdever@apache.org">Jeff Dever

author: Ortwin - Gl?ck

author: Sean - C. Sullivan

author: < - a href="mailto:adrian@ephox.com">Adrian Sutton

author: < - a href="mailto:mbowler@GargoyleSoftware.com">Mike Bowler

author: < - a href="mailto:oleg@ural.ru">Oleg Kalnichevski

Constructor:

Constructor:
public DigestScheme() { super(); this.complete = false; this.formatter = new ParameterFormatter(); } Default constructor for the digest authetication scheme. since: `3.0` -
public DigestScheme(String challenge) throws MalformedChallengeException { this(); processChallenge(challenge); } Constructor for the digest authetication scheme. Parameters: `challenge` - authentication challenge Throws: `MalformedChallengeException` - is thrown if the authentication challenge is malformed

 public DigestScheme() {
                   
        super();
        this.complete = false;
        this.formatter = new ParameterFormatter();
}

Default constructor for the digest authetication scheme.

since: 3.0 -

 public DigestScheme(String challenge) throws MalformedChallengeException {
        this();
        processChallenge(challenge);
}

Constructor for the digest authetication scheme.

Parameters:

challenge - authentication challenge

Throws:

MalformedChallengeException - is thrown if the authentication challenge is malformed

Method from org.apache.commons.httpclient.auth.DigestScheme Summary:
authenticate, authenticate, createCnonce, getID, getSchemeName, isComplete, isConnectionBased, processChallenge

Methods from org.apache.commons.httpclient.auth.RFC2617Scheme:
getID, getParameter, getParameters, getRealm, processChallenge

Methods from java.lang.Object:
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method from org.apache.commons.httpclient.auth.DigestScheme Detail:
public String authenticate(Credentials credentials, HttpMethod method) throws AuthenticationException { LOG.trace("enter DigestScheme.authenticate(Credentials, HttpMethod)"); UsernamePasswordCredentials usernamepassword = null; try { usernamepassword = (UsernamePasswordCredentials) credentials; } catch (ClassCastException e) { throw new InvalidCredentialsException( "Credentials cannot be used for digest authentication: " + credentials.getClass().getName()); } getParameters().put("methodname", method.getName()); StringBuffer buffer = new StringBuffer(method.getPath()); String query = method.getQueryString(); if (query != null) { if (query.indexOf("?") != 0) { buffer.append("?"); } buffer.append(method.getQueryString()); } getParameters().put("uri", buffer.toString()); String charset = getParameter("charset"); if (charset == null) { getParameters().put("charset", method.getParams().getCredentialCharset()); } String digest = createDigest( usernamepassword.getUserName(), usernamepassword.getPassword()); return "Digest " + createDigestHeader(usernamepassword.getUserName(), digest); } Produces a digest authorization string for the given set of Credentials , method name and URI.
public String authenticate(Credentials credentials, String method, String uri) throws AuthenticationException { LOG.trace("enter DigestScheme.authenticate(Credentials, String, String)"); UsernamePasswordCredentials usernamepassword = null; try { usernamepassword = (UsernamePasswordCredentials) credentials; } catch (ClassCastException e) { throw new InvalidCredentialsException( "Credentials cannot be used for digest authentication: " + credentials.getClass().getName()); } getParameters().put("methodname", method); getParameters().put("uri", uri); String digest = createDigest( usernamepassword.getUserName(), usernamepassword.getPassword()); return "Digest " + createDigestHeader(usernamepassword.getUserName(), digest); } Deprecated! `Use` - #authenticate(Credentials, HttpMethod) Produces a digest authorization string for the given set of Credentials , method name and URI.
public static String createCnonce() { LOG.trace("enter DigestScheme.createCnonce()"); String cnonce; final String digAlg = "MD5"; MessageDigest md5Helper; try { md5Helper = MessageDigest.getInstance(digAlg); } catch (NoSuchAlgorithmException e) { throw new HttpClientError( "Unsupported algorithm in HTTP Digest authentication: " + digAlg); } cnonce = Long.toString(System.currentTimeMillis()); cnonce = encode(md5Helper.digest(EncodingUtil.getAsciiBytes(cnonce))); return cnonce; } Creates a random cnonce value based on the current time.
public String getID() { String id = getRealm(); String nonce = getParameter("nonce"); if (nonce != null) { id += "-" + nonce; } return id; } Deprecated! `no` - longer used Gets an ID based upon the realm and the nonce value. This ensures that requests to the same realm with different nonce values will succeed. This differentiation allows servers to request re-authentication using a fresh nonce value.
public String getSchemeName() { return "digest"; } Returns textual designation of the digest authentication scheme.
public boolean isComplete() { String s = getParameter("stale"); if ("true".equalsIgnoreCase(s)) { return false; } else { return this.complete; } } Tests if the Digest authentication process has been completed.
public boolean isConnectionBased() { return false; } Returns `false`. Digest authentication scheme is request based.
public void processChallenge(String challenge) throws MalformedChallengeException { super.processChallenge(challenge); if (getParameter("realm") == null) { throw new MalformedChallengeException("missing realm in challange"); } if (getParameter("nonce") == null) { throw new MalformedChallengeException("missing nonce in challange"); } boolean unsupportedQop = false; // qop parsing String qop = getParameter("qop"); if (qop != null) { StringTokenizer tok = new StringTokenizer(qop,","); while (tok.hasMoreTokens()) { String variant = tok.nextToken().trim(); if (variant.equals("auth")) { qopVariant = QOP_AUTH; break; //that's our favourite, because auth-int is unsupported } else if (variant.equals("auth-int")) { qopVariant = QOP_AUTH_INT; } else { unsupportedQop = true; LOG.warn("Unsupported qop detected: "+ variant); } } } if (unsupportedQop && (qopVariant == QOP_MISSING)) { throw new MalformedChallengeException("None of the qop methods is supported"); } cnonce = createCnonce(); this.complete = true; } Processes the Digest challenge.

Method from org.apache.commons.httpclient.auth.DigestScheme Detail:

 public String authenticate(Credentials credentials,
    HttpMethod method) throws AuthenticationException {
        LOG.trace("enter DigestScheme.authenticate(Credentials, HttpMethod)");
        UsernamePasswordCredentials usernamepassword = null;
        try {
            usernamepassword = (UsernamePasswordCredentials) credentials;
        } catch (ClassCastException e) {
            throw new InvalidCredentialsException(
                    "Credentials cannot be used for digest authentication: " 
                    + credentials.getClass().getName());
        }
        getParameters().put("methodname", method.getName());
        StringBuffer buffer = new StringBuffer(method.getPath());
        String query = method.getQueryString();
        if (query != null) {
            if (query.indexOf("?") != 0) {
                buffer.append("?");
            }
            buffer.append(method.getQueryString());
        }
        getParameters().put("uri", buffer.toString());
        String charset = getParameter("charset");
        if (charset == null) {
            getParameters().put("charset", method.getParams().getCredentialCharset());
        }
        String digest = createDigest(
            usernamepassword.getUserName(),
            usernamepassword.getPassword());
        return "Digest " + createDigestHeader(usernamepassword.getUserName(),
                digest);
}

Credentials

 public String authenticate(Credentials credentials,
    String method,
    String uri) throws AuthenticationException {
        LOG.trace("enter DigestScheme.authenticate(Credentials, String, String)");
        UsernamePasswordCredentials usernamepassword = null;
        try {
            usernamepassword = (UsernamePasswordCredentials) credentials;
        } catch (ClassCastException e) {
            throw new InvalidCredentialsException(
             "Credentials cannot be used for digest authentication: " 
              + credentials.getClass().getName());
        }
        getParameters().put("methodname", method);
        getParameters().put("uri", uri);
        String digest = createDigest(
            usernamepassword.getUserName(),
            usernamepassword.getPassword());
        return "Digest " + createDigestHeader(usernamepassword.getUserName(), digest);
}

Deprecated! Use - #authenticate(Credentials, HttpMethod)

Credentials

 public static String createCnonce() {
        LOG.trace("enter DigestScheme.createCnonce()");
        String cnonce;
        final String digAlg = "MD5";
        MessageDigest md5Helper;
        try {
            md5Helper = MessageDigest.getInstance(digAlg);
        } catch (NoSuchAlgorithmException e) {
            throw new HttpClientError(
              "Unsupported algorithm in HTTP Digest authentication: "
               + digAlg);
        }
        cnonce = Long.toString(System.currentTimeMillis());
        cnonce = encode(md5Helper.digest(EncodingUtil.getAsciiBytes(cnonce)));
        return cnonce;
}

Creates a random cnonce value based on the current time.

 public String getID() {
        
        String id = getRealm();
        String nonce = getParameter("nonce");
        if (nonce != null) {
            id += "-" + nonce;
        }
        return id;
}

Deprecated! no - longer used

Gets an ID based upon the realm and the nonce value. This ensures that requests to the same realm with different nonce values will succeed. This differentiation allows servers to request re-authentication using a fresh nonce value.

 public String getSchemeName() {
        return "digest";
}

Returns textual designation of the digest authentication scheme.

 public boolean isComplete() {
        String s = getParameter("stale");
        if ("true".equalsIgnoreCase(s)) {
            return false;
        } else {
            return this.complete;
        }
}

Tests if the Digest authentication process has been completed.

 public boolean isConnectionBased() {
        return false;
}

false

 public  void processChallenge(String challenge) throws MalformedChallengeException {
        super.processChallenge(challenge);
        if (getParameter("realm") == null) {
            throw new MalformedChallengeException("missing realm in challange");
        }
        if (getParameter("nonce") == null) {
            throw new MalformedChallengeException("missing nonce in challange");   
        }
        boolean unsupportedQop = false;
        // qop parsing
        String qop = getParameter("qop");
        if (qop != null) {
            StringTokenizer tok = new StringTokenizer(qop,",");
            while (tok.hasMoreTokens()) {
                String variant = tok.nextToken().trim();
                if (variant.equals("auth")) {
                    qopVariant = QOP_AUTH;
                    break; //that's our favourite, because auth-int is unsupported
                } else if (variant.equals("auth-int")) {
                    qopVariant = QOP_AUTH_INT;               
                } else {
                    unsupportedQop = true;
                    LOG.warn("Unsupported qop detected: "+ variant);   
                }     
            }
        }        
        if (unsupportedQop && (qopVariant == QOP_MISSING)) {
            throw new MalformedChallengeException("None of the qop methods is supported");   
        }
        cnonce = createCnonce();   
        this.complete = true;
}

Processes the Digest challenge.