diff options
author | Greg Wilkins | 2013-04-25 00:26:29 +0000 |
---|---|---|
committer | Greg Wilkins | 2013-04-25 00:26:29 +0000 |
commit | 7da94048fae6b3922f0625c05bcdf63d5aa7bfed (patch) | |
tree | 42408a77c71edeadd876660d0d071c30ac8e9c76 /jetty-security/src/test | |
parent | c19642baf4ffdd7ee559141af68410d2ade21949 (diff) | |
download | org.eclipse.jetty.project-7da94048fae6b3922f0625c05bcdf63d5aa7bfed.tar.gz org.eclipse.jetty.project-7da94048fae6b3922f0625c05bcdf63d5aa7bfed.tar.xz org.eclipse.jetty.project-7da94048fae6b3922f0625c05bcdf63d5aa7bfed.zip |
406437 Digest Auth supports out of order nc
Diffstat (limited to 'jetty-security/src/test')
-rw-r--r-- | jetty-security/src/test/java/org/eclipse/jetty/security/ConstraintTest.java | 129 |
1 files changed, 128 insertions, 1 deletions
diff --git a/jetty-security/src/test/java/org/eclipse/jetty/security/ConstraintTest.java b/jetty-security/src/test/java/org/eclipse/jetty/security/ConstraintTest.java index 6ed2800f6e..474b5eafd6 100644 --- a/jetty-security/src/test/java/org/eclipse/jetty/security/ConstraintTest.java +++ b/jetty-security/src/test/java/org/eclipse/jetty/security/ConstraintTest.java @@ -22,17 +22,21 @@ import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertTrue; import java.io.IOException; +import java.security.MessageDigest; import java.util.Arrays; import java.util.HashMap; import java.util.HashSet; import java.util.Map; import java.util.Set; +import java.util.regex.Matcher; +import java.util.regex.Pattern; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.eclipse.jetty.security.authentication.BasicAuthenticator; +import org.eclipse.jetty.security.authentication.DigestAuthenticator; import org.eclipse.jetty.security.authentication.FormAuthenticator; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.LocalConnector; @@ -44,7 +48,10 @@ import org.eclipse.jetty.server.handler.ContextHandler; import org.eclipse.jetty.server.handler.HandlerWrapper; import org.eclipse.jetty.server.session.SessionHandler; import org.eclipse.jetty.util.B64Code; +import org.eclipse.jetty.util.StringUtil; +import org.eclipse.jetty.util.TypeUtil; import org.eclipse.jetty.util.security.Constraint; +import org.eclipse.jetty.util.security.Credential; import org.eclipse.jetty.util.security.Password; import org.junit.After; import org.junit.Before; @@ -222,7 +229,6 @@ public class ConstraintTest "\r\n"); assertTrue(response.startsWith("HTTP/1.1 200 OK")); - // test admin response = _connector.getResponses("GET /ctx/admin/info HTTP/1.0\r\n\r\n"); assertTrue(response.startsWith("HTTP/1.1 401 Unauthorized")); @@ -250,6 +256,127 @@ public class ConstraintTest assertTrue(response.startsWith("HTTP/1.1 200 OK")); } + + private static String CNONCE="1234567890"; + private String digest(String nonce, String username,String password,String uri,String nc) throws Exception + { + MessageDigest md = MessageDigest.getInstance("MD5"); + byte[] ha1; + // calc A1 digest + md.update(username.getBytes(StringUtil.__ISO_8859_1)); + md.update((byte) ':'); + md.update("TestRealm".getBytes(StringUtil.__ISO_8859_1)); + md.update((byte) ':'); + md.update(password.getBytes(StringUtil.__ISO_8859_1)); + ha1 = md.digest(); + // calc A2 digest + md.reset(); + md.update("GET".getBytes(StringUtil.__ISO_8859_1)); + md.update((byte) ':'); + md.update(uri.getBytes(StringUtil.__ISO_8859_1)); + byte[] ha2 = md.digest(); + + // calc digest + // request-digest = <"> < KD ( H(A1), unq(nonce-value) ":" + // nc-value ":" unq(cnonce-value) ":" unq(qop-value) ":" H(A2) ) + // <"> + // request-digest = <"> < KD ( H(A1), unq(nonce-value) ":" H(A2) + // ) > <"> + + md.update(TypeUtil.toString(ha1, 16).getBytes(StringUtil.__ISO_8859_1)); + md.update((byte) ':'); + md.update(nonce.getBytes(StringUtil.__ISO_8859_1)); + md.update((byte) ':'); + md.update(nc.getBytes(StringUtil.__ISO_8859_1)); + md.update((byte) ':'); + md.update(CNONCE.getBytes(StringUtil.__ISO_8859_1)); + md.update((byte) ':'); + md.update("auth".getBytes(StringUtil.__ISO_8859_1)); + md.update((byte) ':'); + md.update(TypeUtil.toString(ha2, 16).getBytes(StringUtil.__ISO_8859_1)); + byte[] digest = md.digest(); + + // check digest + return TypeUtil.toString(digest, 16); + } + + @Test + public void testDigest() throws Exception + { + _security.setAuthenticator(new DigestAuthenticator()); + _security.setStrict(false); + _server.start(); + + String response; + response = _connector.getResponses("GET /ctx/noauth/info HTTP/1.0\r\n\r\n"); + assertTrue(response.startsWith("HTTP/1.1 200 OK")); + + response = _connector.getResponses("GET /ctx/forbid/info HTTP/1.0\r\n\r\n"); + assertTrue(response.startsWith("HTTP/1.1 403 Forbidden")); + response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n\r\n"); + assertTrue(response.startsWith("HTTP/1.1 401 Unauthorized")); + assertTrue(response.contains("WWW-Authenticate: Digest realm=\"TestRealm\"")); + + Pattern nonceP = Pattern.compile("nonce=\"([^\"]*)\","); + Matcher matcher = nonceP.matcher(response); + assertTrue(matcher.find()); + String nonce=matcher.group(1); + + + //wrong password + String digest= digest(nonce,"user","WRONG","/ctx/auth/info","1"); + response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n" + + "Authorization: Digest username=\"user\", qop=auth, cnonce=\"1234567890\", uri=\"/ctx/auth/info\", realm=\"TestRealm\", "+ + "nc=1, "+ + "nonce=\""+nonce+"\", "+ + "response=\""+digest+"\"\r\n"+ + "\r\n"); + assertTrue(response.startsWith("HTTP/1.1 401 Unauthorized")); + + // right password + digest= digest(nonce,"user","password","/ctx/auth/info","2"); + response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n" + + "Authorization: Digest username=\"user\", qop=auth, cnonce=\"1234567890\", uri=\"/ctx/auth/info\", realm=\"TestRealm\", "+ + "nc=2, "+ + "nonce=\""+nonce+"\", "+ + "response=\""+digest+"\"\r\n"+ + "\r\n"); + assertTrue(response.startsWith("HTTP/1.1 200 OK")); + + + // once only + digest= digest(nonce,"user","password","/ctx/auth/info","2"); + response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n" + + "Authorization: Digest username=\"user\", qop=auth, cnonce=\"1234567890\", uri=\"/ctx/auth/info\", realm=\"TestRealm\", "+ + "nc=2, "+ + "nonce=\""+nonce+"\", "+ + "response=\""+digest+"\"\r\n"+ + "\r\n"); + assertTrue(response.startsWith("HTTP/1.1 401 Unauthorized")); + + // increasing + digest= digest(nonce,"user","password","/ctx/auth/info","4"); + response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n" + + "Authorization: Digest username=\"user\", qop=auth, cnonce=\"1234567890\", uri=\"/ctx/auth/info\", realm=\"TestRealm\", "+ + "nc=4, "+ + "nonce=\""+nonce+"\", "+ + "response=\""+digest+"\"\r\n"+ + "\r\n"); + assertTrue(response.startsWith("HTTP/1.1 200 OK")); + + // out of order + digest= digest(nonce,"user","password","/ctx/auth/info","3"); + response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n" + + "Authorization: Digest username=\"user\", qop=auth, cnonce=\"1234567890\", uri=\"/ctx/auth/info\", realm=\"TestRealm\", "+ + "nc=3, "+ + "nonce=\""+nonce+"\", "+ + "response=\""+digest+"\"\r\n"+ + "\r\n"); + assertTrue(response.startsWith("HTTP/1.1 200 OK")); + + } + + @Test public void testFormDispatch() throws Exception { |