io.undertow.security.idm.DigestAlgorithm Java Examples

The following examples show how to use io.undertow.security.idm.DigestAlgorithm. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: DigestAuthenticationMechanism.java    From quarkus-http with Apache License 2.0 6 votes vote down vote up
public DigestAuthenticationMechanism(final List<DigestAlgorithm> supportedAlgorithms, final List<DigestQop> supportedQops,
        final String realmName, final String domain, final NonceManager nonceManager, final String mechanismName, final IdentityManager identityManager) {
    this.supportedAlgorithms = supportedAlgorithms;
    this.supportedQops = supportedQops;
    this.realmName = realmName;
    this.domain = domain;
    this.nonceManager = nonceManager;
    this.mechanismName = mechanismName;
    this.identityManager = identityManager;

    if (!supportedQops.isEmpty()) {
        StringBuilder sb = new StringBuilder();
        Iterator<DigestQop> it = supportedQops.iterator();
        sb.append(it.next().getToken());
        while (it.hasNext()) {
            sb.append(",").append(it.next().getToken());
        }
        qopString = sb.toString();
    } else {
        qopString = null;
    }
}
 
Example #2
Source File: DigestAuthenticationMechanism.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
public DigestAuthenticationMechanism(final List<DigestAlgorithm> supportedAlgorithms, final List<DigestQop> supportedQops,
        final String realmName, final String domain, final NonceManager nonceManager, final String mechanismName, final IdentityManager identityManager) {
    this.supportedAlgorithms = supportedAlgorithms;
    this.supportedQops = supportedQops;
    this.realmName = realmName;
    this.domain = domain;
    this.nonceManager = nonceManager;
    this.mechanismName = mechanismName;
    this.identityManager = identityManager;

    if (!supportedQops.isEmpty()) {
        StringBuilder sb = new StringBuilder();
        Iterator<DigestQop> it = supportedQops.iterator();
        sb.append(it.next().getToken());
        while (it.hasNext()) {
            sb.append(",").append(it.next().getToken());
        }
        qopString = sb.toString();
    } else {
        qopString = null;
    }
}
 
Example #3
Source File: DigestAuthenticationAuthTestCase.java    From quarkus-http with Apache License 2.0 6 votes vote down vote up
private static String createAuthorizationLine(final String userName, final String password, final String method, final String uri,
        final String nonce, final int nonceCount, final String cnonce, final String opaque) throws Exception {
    StringBuilder sb = new StringBuilder(DIGEST.toString());
    sb.append(" ");
    sb.append(DigestAuthorizationToken.USERNAME.getName()).append("=").append("\"userOne\"").append(",");
    sb.append(DigestAuthorizationToken.REALM.getName()).append("=\"").append(REALM_NAME).append("\",");
    sb.append(DigestAuthorizationToken.NONCE.getName()).append("=\"").append(nonce).append("\",");
    sb.append(DigestAuthorizationToken.DIGEST_URI.getName()).append("=\"" + uri + "\",");
    String nonceCountHex = toHex(nonceCount);
    String response = createResponse(userName, REALM_NAME, password, method, uri, nonce, nonceCountHex, cnonce);
    sb.append(DigestAuthorizationToken.RESPONSE.getName()).append("=\"").append(response).append("\",");
    sb.append(DigestAuthorizationToken.ALGORITHM.getName()).append("=\"").append(DigestAlgorithm.MD5.getToken())
            .append("\",");
    sb.append(DigestAuthorizationToken.CNONCE.getName()).append("=\"").append(cnonce).append("\",");
    sb.append(DigestAuthorizationToken.OPAQUE.getName()).append("=\"").append(opaque).append("\",");
    sb.append(DigestAuthorizationToken.MESSAGE_QOP.getName()).append("=\"").append(DigestQop.AUTH.getToken()).append("\",");
    sb.append(DigestAuthorizationToken.NONCE_COUNT.getName()).append("=").append(nonceCountHex);

    return sb.toString();
}
 
Example #4
Source File: ParseDigestAuthorizationTokenTestCase.java    From quarkus-http with Apache License 2.0 6 votes vote down vote up
@Test
public void testOpera_12() {
    final String header = "username=\"userOne\", realm=\"Digest_Realm\", uri=\"/\", algorithm=MD5, nonce=\"D2floAc+FhkNMTM1MTUyMzY2ODc4Mhbi2Zrcuv1lvdgEaPXa+bg=\", cnonce=\"v722VYJEeG28C3SoXS8BEWThGHPDOlXgUCCts70i7Fc=\", opaque=\"00000000000000000000000000000000\", qop=auth, nc=00000001, response=\"8106a5d19bc67982527cbb576658f9d6\"";

    Map<DigestAuthorizationToken, String> expected = new EnumMap<>(DigestAuthorizationToken.class);
    expected.put(DigestAuthorizationToken.USERNAME, "userOne");
    expected.put(DigestAuthorizationToken.REALM, "Digest_Realm");
    expected.put(DigestAuthorizationToken.DIGEST_URI, "/");
    expected.put(DigestAuthorizationToken.ALGORITHM, DigestAlgorithm.MD5.getToken());
    expected.put(DigestAuthorizationToken.NONCE, "D2floAc+FhkNMTM1MTUyMzY2ODc4Mhbi2Zrcuv1lvdgEaPXa+bg=");
    expected.put(DigestAuthorizationToken.CNONCE, "v722VYJEeG28C3SoXS8BEWThGHPDOlXgUCCts70i7Fc=");
    expected.put(DigestAuthorizationToken.OPAQUE, "00000000000000000000000000000000");
    expected.put(DigestAuthorizationToken.MESSAGE_QOP, DigestQop.AUTH.getToken());
    expected.put(DigestAuthorizationToken.NONCE_COUNT, "00000001");
    expected.put(DigestAuthorizationToken.RESPONSE, "8106a5d19bc67982527cbb576658f9d6");

    doTest(header, expected);
}
 
Example #5
Source File: ParseDigestAuthorizationTokenTestCase.java    From quarkus-http with Apache License 2.0 6 votes vote down vote up
@Test
public void testFirefox_16() {
    final String header = "username=\"userOne\", realm=\"Digest_Realm\", nonce=\"nBhFxtSS6rkNMTM1MTUyNjE2MjgyNWA/xW/LOH53vhXGq/2B/yQ=\", uri=\"/\", algorithm=MD5, response=\"b0adb1025da2de0d16f44131858bad6f\", opaque=\"00000000000000000000000000000000\", qop=auth, nc=00000001, cnonce=\"8127726535363b07\"";

    Map<DigestAuthorizationToken, String> expected = new EnumMap<>(DigestAuthorizationToken.class);
    expected.put(DigestAuthorizationToken.USERNAME, "userOne");
    expected.put(DigestAuthorizationToken.REALM, "Digest_Realm");
    expected.put(DigestAuthorizationToken.NONCE, "nBhFxtSS6rkNMTM1MTUyNjE2MjgyNWA/xW/LOH53vhXGq/2B/yQ=");
    expected.put(DigestAuthorizationToken.DIGEST_URI, "/");
    expected.put(DigestAuthorizationToken.ALGORITHM, DigestAlgorithm.MD5.getToken());
    expected.put(DigestAuthorizationToken.RESPONSE, "b0adb1025da2de0d16f44131858bad6f");
    expected.put(DigestAuthorizationToken.OPAQUE, "00000000000000000000000000000000");
    expected.put(DigestAuthorizationToken.MESSAGE_QOP, DigestQop.AUTH.getToken());
    expected.put(DigestAuthorizationToken.NONCE_COUNT, "00000001");
    expected.put(DigestAuthorizationToken.CNONCE, "8127726535363b07");

    doTest(header, expected);
}
 
Example #6
Source File: ParseDigestAuthorizationTokenTestCase.java    From quarkus-http with Apache License 2.0 6 votes vote down vote up
@Test
public void testCurl_7() {
    final String header = "username=\"userTwo\", realm=\"Digest_Realm\", nonce=\"5CgZ39vhie0NMTM1MTUyNDc4ODkwNMwr6sWKVSGfhXB4jBtkupY=\", uri=\"/\", cnonce=\"MTYwOTQ4\", nc=00000001, qop=\"auth\", response=\"c3c1ce9945a0c36d54860eda7846018b\", opaque=\"00000000000000000000000000000000\", algorithm=\"MD5\"";

    Map<DigestAuthorizationToken, String> expected = new EnumMap<>(DigestAuthorizationToken.class);
    expected.put(DigestAuthorizationToken.USERNAME, "userTwo");
    expected.put(DigestAuthorizationToken.REALM, "Digest_Realm");
    expected.put(DigestAuthorizationToken.NONCE, "5CgZ39vhie0NMTM1MTUyNDc4ODkwNMwr6sWKVSGfhXB4jBtkupY=");
    expected.put(DigestAuthorizationToken.DIGEST_URI, "/");
    expected.put(DigestAuthorizationToken.CNONCE, "MTYwOTQ4");
    expected.put(DigestAuthorizationToken.NONCE_COUNT, "00000001");
    expected.put(DigestAuthorizationToken.MESSAGE_QOP, DigestQop.AUTH.getToken());
    expected.put(DigestAuthorizationToken.RESPONSE, "c3c1ce9945a0c36d54860eda7846018b");
    expected.put(DigestAuthorizationToken.OPAQUE, "00000000000000000000000000000000");
    expected.put(DigestAuthorizationToken.ALGORITHM, DigestAlgorithm.MD5.getToken());

    doTest(header, expected);
}
 
Example #7
Source File: ParseDigestAuthorizationTokenTestCase.java    From quarkus-http with Apache License 2.0 6 votes vote down vote up
@Test
public void testChrome_22() {
    final String header = "username=\"userTwo\", realm=\"Digest_Realm\", nonce=\"Yxmkh5liIOYNMTM1MTUyNjQzMTE4NJziT7YLEOEJ4QEN1py4Yog=\", uri=\"/\", algorithm=MD5, response=\"5b26e00233607e8a714cd1d910692e08\", opaque=\"00000000000000000000000000000000\", qop=auth, nc=00000001, cnonce=\"8c008c8ce43dc0a7\"";

    Map<DigestAuthorizationToken, String> expected = new EnumMap<>(DigestAuthorizationToken.class);
    expected.put(DigestAuthorizationToken.USERNAME, "userTwo");
    expected.put(DigestAuthorizationToken.REALM, "Digest_Realm");
    expected.put(DigestAuthorizationToken.NONCE, "Yxmkh5liIOYNMTM1MTUyNjQzMTE4NJziT7YLEOEJ4QEN1py4Yog=");
    expected.put(DigestAuthorizationToken.DIGEST_URI, "/");
    expected.put(DigestAuthorizationToken.ALGORITHM, DigestAlgorithm.MD5.getToken());
    expected.put(DigestAuthorizationToken.RESPONSE, "5b26e00233607e8a714cd1d910692e08");
    expected.put(DigestAuthorizationToken.OPAQUE, "00000000000000000000000000000000");
    expected.put(DigestAuthorizationToken.MESSAGE_QOP, DigestQop.AUTH.getToken());
    expected.put(DigestAuthorizationToken.NONCE_COUNT, "00000001");
    expected.put(DigestAuthorizationToken.CNONCE, "8c008c8ce43dc0a7");

    doTest(header, expected);
}
 
Example #8
Source File: LogoutHandler.java    From wildfly-core with GNU Lesser General Public License v2.1 5 votes vote down vote up
public LogoutHandler(final String realmName) {
    List<DigestAlgorithm> digestAlgorithms = Collections.singletonList(DigestAlgorithm.MD5);
    List<DigestQop> digestQops = Collections.emptyList();
    digestMechanism = new DigestAuthenticationMechanism(digestAlgorithms, digestQops, realmName, "/management",
            new SimpleNonceManager());
    fakeRealmdigestMechanism = new DigestAuthenticationMechanism(digestAlgorithms, digestQops, HIT_ESCAPE,
            "/management", new SimpleNonceManager());
    basicMechanism = new BasicAuthenticationMechanism(realmName);
    fakeRealmBasicMechanism = new BasicAuthenticationMechanism(HIT_ESCAPE);
}
 
Example #9
Source File: DigestAuthenticationMechanism.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
@Override
public ChallengeResult sendChallenge(final HttpServerExchange exchange, final SecurityContext securityContext) {
    DigestContext context = exchange.getAttachment(DigestContext.ATTACHMENT_KEY);
    boolean stale = context == null ? false : context.isStale();

    StringBuilder rb = new StringBuilder(DIGEST_PREFIX);
    rb.append(Headers.REALM.toString()).append("=\"").append(realmName).append("\",");
    rb.append(Headers.DOMAIN.toString()).append("=\"").append(domain).append("\",");
    // based on security constraints.
    rb.append(Headers.NONCE.toString()).append("=\"").append(nonceManager.nextNonce(null, exchange)).append("\",");
    // Not currently using OPAQUE as it offers no integrity, used for session data leaves it vulnerable to
    // session fixation type issues as well.
    rb.append(Headers.OPAQUE.toString()).append("=\"00000000000000000000000000000000\"");
    if (stale) {
        rb.append(",stale=true");
    }
    if (supportedAlgorithms.size() > 0) {
        // This header will need to be repeated once for each algorithm.
        rb.append(",").append(Headers.ALGORITHM.toString()).append("=%s");
    }
    if (qopString != null) {
        rb.append(",").append(Headers.QOP.toString()).append("=\"").append(qopString).append("\"");
    }

    String theChallenge = rb.toString();
    HeaderMap responseHeader = exchange.getResponseHeaders();
    if (supportedAlgorithms.isEmpty()) {
        responseHeader.add(WWW_AUTHENTICATE, theChallenge);
    } else {
        for (DigestAlgorithm current : supportedAlgorithms) {
            responseHeader.add(WWW_AUTHENTICATE, String.format(theChallenge, current.getToken()));
        }
    }

    return new ChallengeResult(true, UNAUTHORIZED);
}
 
Example #10
Source File: DigestAuthentication2069TestCase.java    From quarkus-http with Apache License 2.0 5 votes vote down vote up
@Override
protected List<AuthenticationMechanism> getTestMechanisms() {
    List<DigestQop> qopList = Collections.emptyList();
    AuthenticationMechanism mechanism = new DigestAuthenticationMechanism(Collections.singletonList(DigestAlgorithm.MD5),
            qopList, REALM_NAME, "/", new SimpleNonceManager());

    return Collections.singletonList(mechanism);
}
 
Example #11
Source File: DigestAuthenticationMechanism.java    From quarkus-http with Apache License 2.0 5 votes vote down vote up
@Override
public ChallengeResult sendChallenge(final HttpServerExchange exchange, final SecurityContext securityContext) {
    DigestContext context = exchange.getAttachment(DigestContext.ATTACHMENT_KEY);
    boolean stale = context == null ? false : context.isStale();

    StringBuilder rb = new StringBuilder(DIGEST_PREFIX);
    rb.append(HttpHeaderNames.REALM.toString()).append("=\"").append(realmName).append("\",");
    rb.append(HttpHeaderNames.DOMAIN.toString()).append("=\"").append(domain).append("\",");
    // based on security constraints.
    rb.append(HttpHeaderNames.NONCE.toString()).append("=\"").append(nonceManager.nextNonce(null, exchange)).append("\",");
    // Not currently using OPAQUE as it offers no integrity, used for session data leaves it vulnerable to
    // session fixation type issues as well.
    rb.append(HttpHeaderNames.OPAQUE.toString()).append("=\"00000000000000000000000000000000\"");
    if (stale) {
        rb.append(",stale=true");
    }
    if (supportedAlgorithms.size() > 0) {
        // This header will need to be repeated once for each algorithm.
        rb.append(",").append(HttpHeaderNames.ALGORITHM.toString()).append("=%s");
    }
    if (qopString != null) {
        rb.append(",").append(HttpHeaderNames.QOP.toString()).append("=\"").append(qopString).append("\"");
    }

    String theChallenge = rb.toString();
    if (supportedAlgorithms.isEmpty()) {
        exchange.addResponseHeader(WWW_AUTHENTICATE, theChallenge);
    } else {
        for (DigestAlgorithm current : supportedAlgorithms) {
            exchange.addResponseHeader(WWW_AUTHENTICATE, String.format(theChallenge, current.getToken()));
        }
    }

    return new ChallengeResult(true, UNAUTHORIZED);
}
 
Example #12
Source File: DigestAuthenticationMechanism.java    From quarkus-http with Apache License 2.0 4 votes vote down vote up
@Override
public DigestAlgorithm getAlgorithm() {
    return context.getAlgorithm();
}
 
Example #13
Source File: DigestAuthenticationMechanism.java    From quarkus-http with Apache License 2.0 4 votes vote down vote up
void setAlgorithm(DigestAlgorithm algorithm) throws NoSuchAlgorithmException {
    this.algorithm = algorithm;
    digest = algorithm.getMessageDigest();
}
 
Example #14
Source File: DigestAuthenticationMechanism.java    From quarkus-http with Apache License 2.0 4 votes vote down vote up
DigestAlgorithm getAlgorithm() {
    return algorithm;
}
 
Example #15
Source File: DigestAuthenticationAuthTestCase.java    From quarkus-http with Apache License 2.0 4 votes vote down vote up
static AuthenticationMechanism getTestMechanism() {
    return new DigestAuthenticationMechanism(Collections.singletonList(DigestAlgorithm.MD5),
            Collections.singletonList(DigestQop.AUTH), REALM_NAME, "/", new SimpleNonceManager());
}
 
Example #16
Source File: DigestAuthenticationMechanism.java    From lams with GNU General Public License v2.0 4 votes vote down vote up
public DigestAuthenticationMechanism(final List<DigestAlgorithm> supportedAlgorithms, final List<DigestQop> supportedQops,
        final String realmName, final String domain, final NonceManager nonceManager) {
    this(supportedAlgorithms, supportedQops, realmName, domain, nonceManager, DEFAULT_NAME);
}
 
Example #17
Source File: DigestAuthenticationMechanism.java    From lams with GNU General Public License v2.0 4 votes vote down vote up
public DigestAuthenticationMechanism(final List<DigestAlgorithm> supportedAlgorithms, final List<DigestQop> supportedQops,
        final String realmName, final String domain, final NonceManager nonceManager, final String mechanismName) {
    this(supportedAlgorithms, supportedQops, realmName, domain, nonceManager, mechanismName, null);
}
 
Example #18
Source File: DigestAuthenticationMechanism.java    From quarkus-http with Apache License 2.0 4 votes vote down vote up
public DigestAuthenticationMechanism(final String realmName, final String domain, final String mechanismName, final IdentityManager identityManager) {
    this(Collections.singletonList(DigestAlgorithm.MD5), Collections.singletonList(DigestQop.AUTH), realmName, domain, new SimpleNonceManager(), DEFAULT_NAME, identityManager);
}
 
Example #19
Source File: DigestAuthenticationMechanism.java    From lams with GNU General Public License v2.0 4 votes vote down vote up
public DigestAuthenticationMechanism(final String realmName, final String domain, final String mechanismName, final IdentityManager identityManager) {
    this(Collections.singletonList(DigestAlgorithm.MD5), Collections.singletonList(DigestQop.AUTH), realmName, domain, new SimpleNonceManager(), DEFAULT_NAME, identityManager);
}
 
Example #20
Source File: DigestAuthenticationMechanism.java    From quarkus-http with Apache License 2.0 4 votes vote down vote up
public DigestAuthenticationMechanism(final List<DigestAlgorithm> supportedAlgorithms, final List<DigestQop> supportedQops,
        final String realmName, final String domain, final NonceManager nonceManager, final String mechanismName) {
    this(supportedAlgorithms, supportedQops, realmName, domain, nonceManager, mechanismName, null);
}
 
Example #21
Source File: DigestAuthenticationMechanism.java    From lams with GNU General Public License v2.0 4 votes vote down vote up
DigestAlgorithm getAlgorithm() {
    return algorithm;
}
 
Example #22
Source File: DigestAuthenticationMechanism.java    From lams with GNU General Public License v2.0 4 votes vote down vote up
void setAlgorithm(DigestAlgorithm algorithm) throws NoSuchAlgorithmException {
    this.algorithm = algorithm;
    digest = algorithm.getMessageDigest();
}
 
Example #23
Source File: DigestAuthenticationMechanism.java    From lams with GNU General Public License v2.0 4 votes vote down vote up
@Override
public DigestAlgorithm getAlgorithm() {
    return context.getAlgorithm();
}
 
Example #24
Source File: DigestAuthenticationMechanism.java    From quarkus-http with Apache License 2.0 4 votes vote down vote up
public DigestAuthenticationMechanism(final List<DigestAlgorithm> supportedAlgorithms, final List<DigestQop> supportedQops,
        final String realmName, final String domain, final NonceManager nonceManager) {
    this(supportedAlgorithms, supportedQops, realmName, domain, nonceManager, DEFAULT_NAME);
}