diff options
author | Greg Wilkins | 2013-04-25 00:38:43 +0000 |
---|---|---|
committer | Greg Wilkins | 2013-04-25 00:38:43 +0000 |
commit | 5306c540bf46d72824af4ac5ea25b43d48a99658 (patch) | |
tree | 05f0f97f5b219d1b6c351b9aa5265bbf8c30a9d8 /jetty-security/src/test | |
parent | 006614470bf4403a094ed1d57d502246fe5ba407 (diff) | |
parent | 7da94048fae6b3922f0625c05bcdf63d5aa7bfed (diff) | |
download | org.eclipse.jetty.project-5306c540bf46d72824af4ac5ea25b43d48a99658.tar.gz org.eclipse.jetty.project-5306c540bf46d72824af4ac5ea25b43d48a99658.tar.xz org.eclipse.jetty.project-5306c540bf46d72824af4ac5ea25b43d48a99658.zip |
Merge remote-tracking branch 'origin/jetty-7' into jetty-8
Conflicts:
jetty-security/src/test/java/org/eclipse/jetty/security/ConstraintTest.java
Diffstat (limited to 'jetty-security/src/test')
-rw-r--r-- | jetty-security/src/test/java/org/eclipse/jetty/security/ConstraintTest.java | 135 |
1 files changed, 129 insertions, 6 deletions
diff --git a/jetty-security/src/test/java/org/eclipse/jetty/security/ConstraintTest.java b/jetty-security/src/test/java/org/eclipse/jetty/security/ConstraintTest.java index 2d17e2b7e7..7d4945a9a6 100644 --- a/jetty-security/src/test/java/org/eclipse/jetty/security/ConstraintTest.java +++ b/jetty-security/src/test/java/org/eclipse/jetty/security/ConstraintTest.java @@ -23,18 +23,22 @@ import static org.junit.Assert.assertTrue; import java.io.IOException; import java.util.ArrayList; +import java.security.MessageDigest; import java.util.Arrays; import java.util.HashMap; import java.util.HashSet; import java.util.List; import java.util.Map; import java.util.Set; +import java.util.regex.Matcher; +import java.util.regex.Pattern; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.eclipse.jetty.security.authentication.BasicAuthenticator; +import org.eclipse.jetty.security.authentication.DigestAuthenticator; import org.eclipse.jetty.security.authentication.FormAuthenticator; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.LocalConnector; @@ -46,7 +50,10 @@ import org.eclipse.jetty.server.handler.ContextHandler; import org.eclipse.jetty.server.handler.HandlerWrapper; import org.eclipse.jetty.server.session.SessionHandler; import org.eclipse.jetty.util.B64Code; +import org.eclipse.jetty.util.StringUtil; +import org.eclipse.jetty.util.TypeUtil; import org.eclipse.jetty.util.security.Constraint; +import org.eclipse.jetty.util.security.Credential; import org.eclipse.jetty.util.security.Password; import org.junit.After; import org.junit.Before; @@ -245,14 +252,12 @@ public class ConstraintTest _server.start(); String response; - /* response = _connector.getResponses("GET /ctx/noauth/info HTTP/1.0\r\n\r\n"); assertTrue(response.startsWith("HTTP/1.1 200 OK")); -*/ response = _connector.getResponses("GET /ctx/forbid/info HTTP/1.0\r\n\r\n"); assertTrue(response.startsWith("HTTP/1.1 403 Forbidden")); - /* + response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n\r\n"); assertTrue(response.startsWith("HTTP/1.1 401 Unauthorized")); assertTrue(response.indexOf("WWW-Authenticate: basic realm=\"TestRealm\"") > 0); @@ -267,8 +272,7 @@ public class ConstraintTest "Authorization: Basic " + B64Code.encode("user:password") + "\r\n" + "\r\n"); assertTrue(response.startsWith("HTTP/1.1 200 OK")); -*/ -/* + // test admin response = _connector.getResponses("GET /ctx/admin/info HTTP/1.0\r\n\r\n"); assertTrue(response.startsWith("HTTP/1.1 401 Unauthorized")); @@ -317,11 +321,130 @@ public class ConstraintTest response = _connector.getResponses("HEAD /ctx/omit/x HTTP/1.0\r\n" + "Authorization: Basic " + B64Code.encode("user2:password") + "\r\n" + "\r\n"); - assertTrue(response.startsWith("HTTP/1.1 200 OK"));*/ + assertTrue(response.startsWith("HTTP/1.1 200 OK")); } + private static String CNONCE="1234567890"; + private String digest(String nonce, String username,String password,String uri,String nc) throws Exception + { + MessageDigest md = MessageDigest.getInstance("MD5"); + byte[] ha1; + // calc A1 digest + md.update(username.getBytes(StringUtil.__ISO_8859_1)); + md.update((byte) ':'); + md.update("TestRealm".getBytes(StringUtil.__ISO_8859_1)); + md.update((byte) ':'); + md.update(password.getBytes(StringUtil.__ISO_8859_1)); + ha1 = md.digest(); + // calc A2 digest + md.reset(); + md.update("GET".getBytes(StringUtil.__ISO_8859_1)); + md.update((byte) ':'); + md.update(uri.getBytes(StringUtil.__ISO_8859_1)); + byte[] ha2 = md.digest(); + + // calc digest + // request-digest = <"> < KD ( H(A1), unq(nonce-value) ":" + // nc-value ":" unq(cnonce-value) ":" unq(qop-value) ":" H(A2) ) + // <"> + // request-digest = <"> < KD ( H(A1), unq(nonce-value) ":" H(A2) + // ) > <"> + + md.update(TypeUtil.toString(ha1, 16).getBytes(StringUtil.__ISO_8859_1)); + md.update((byte) ':'); + md.update(nonce.getBytes(StringUtil.__ISO_8859_1)); + md.update((byte) ':'); + md.update(nc.getBytes(StringUtil.__ISO_8859_1)); + md.update((byte) ':'); + md.update(CNONCE.getBytes(StringUtil.__ISO_8859_1)); + md.update((byte) ':'); + md.update("auth".getBytes(StringUtil.__ISO_8859_1)); + md.update((byte) ':'); + md.update(TypeUtil.toString(ha2, 16).getBytes(StringUtil.__ISO_8859_1)); + byte[] digest = md.digest(); + + // check digest + return TypeUtil.toString(digest, 16); + } + + @Test + public void testDigest() throws Exception + { + _security.setAuthenticator(new DigestAuthenticator()); + _security.setStrict(false); + _server.start(); + String response; + response = _connector.getResponses("GET /ctx/noauth/info HTTP/1.0\r\n\r\n"); + assertTrue(response.startsWith("HTTP/1.1 200 OK")); + + response = _connector.getResponses("GET /ctx/forbid/info HTTP/1.0\r\n\r\n"); + assertTrue(response.startsWith("HTTP/1.1 403 Forbidden")); + response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n\r\n"); + assertTrue(response.startsWith("HTTP/1.1 401 Unauthorized")); + assertTrue(response.contains("WWW-Authenticate: Digest realm=\"TestRealm\"")); + + Pattern nonceP = Pattern.compile("nonce=\"([^\"]*)\","); + Matcher matcher = nonceP.matcher(response); + assertTrue(matcher.find()); + String nonce=matcher.group(1); + + + //wrong password + String digest= digest(nonce,"user","WRONG","/ctx/auth/info","1"); + response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n" + + "Authorization: Digest username=\"user\", qop=auth, cnonce=\"1234567890\", uri=\"/ctx/auth/info\", realm=\"TestRealm\", "+ + "nc=1, "+ + "nonce=\""+nonce+"\", "+ + "response=\""+digest+"\"\r\n"+ + "\r\n"); + assertTrue(response.startsWith("HTTP/1.1 401 Unauthorized")); + + // right password + digest= digest(nonce,"user","password","/ctx/auth/info","2"); + response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n" + + "Authorization: Digest username=\"user\", qop=auth, cnonce=\"1234567890\", uri=\"/ctx/auth/info\", realm=\"TestRealm\", "+ + "nc=2, "+ + "nonce=\""+nonce+"\", "+ + "response=\""+digest+"\"\r\n"+ + "\r\n"); + assertTrue(response.startsWith("HTTP/1.1 200 OK")); + + + // once only + digest= digest(nonce,"user","password","/ctx/auth/info","2"); + response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n" + + "Authorization: Digest username=\"user\", qop=auth, cnonce=\"1234567890\", uri=\"/ctx/auth/info\", realm=\"TestRealm\", "+ + "nc=2, "+ + "nonce=\""+nonce+"\", "+ + "response=\""+digest+"\"\r\n"+ + "\r\n"); + assertTrue(response.startsWith("HTTP/1.1 401 Unauthorized")); + + // increasing + digest= digest(nonce,"user","password","/ctx/auth/info","4"); + response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n" + + "Authorization: Digest username=\"user\", qop=auth, cnonce=\"1234567890\", uri=\"/ctx/auth/info\", realm=\"TestRealm\", "+ + "nc=4, "+ + "nonce=\""+nonce+"\", "+ + "response=\""+digest+"\"\r\n"+ + "\r\n"); + assertTrue(response.startsWith("HTTP/1.1 200 OK")); + + // out of order + digest= digest(nonce,"user","password","/ctx/auth/info","3"); + response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n" + + "Authorization: Digest username=\"user\", qop=auth, cnonce=\"1234567890\", uri=\"/ctx/auth/info\", realm=\"TestRealm\", "+ + "nc=3, "+ + "nonce=\""+nonce+"\", "+ + "response=\""+digest+"\"\r\n"+ + "\r\n"); + assertTrue(response.startsWith("HTTP/1.1 200 OK")); + + } + + @Test public void testFormDispatch() throws Exception { |