Skip to main content

This CGIT instance is deprecated, and repositories have been moved to Gitlab or Github. See the repository descriptions for specific locations.

summaryrefslogtreecommitdiffstats
path: root/bundles/org.eclipse.wst.wsi/src/org/eclipse/wst/wsi/internal/core/profile/validator/impl/message/BP4103.java
diff options
context:
space:
mode:
Diffstat (limited to 'bundles/org.eclipse.wst.wsi/src/org/eclipse/wst/wsi/internal/core/profile/validator/impl/message/BP4103.java')
-rw-r--r--bundles/org.eclipse.wst.wsi/src/org/eclipse/wst/wsi/internal/core/profile/validator/impl/message/BP4103.java126
1 files changed, 126 insertions, 0 deletions
diff --git a/bundles/org.eclipse.wst.wsi/src/org/eclipse/wst/wsi/internal/core/profile/validator/impl/message/BP4103.java b/bundles/org.eclipse.wst.wsi/src/org/eclipse/wst/wsi/internal/core/profile/validator/impl/message/BP4103.java
new file mode 100644
index 000000000..e63a5cf14
--- /dev/null
+++ b/bundles/org.eclipse.wst.wsi/src/org/eclipse/wst/wsi/internal/core/profile/validator/impl/message/BP4103.java
@@ -0,0 +1,126 @@
+/*******************************************************************************
+ * Copyright (c) 2002-2005 IBM Corporation and others.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ *
+ * Contributors:
+ * IBM - Initial API and implementation
+ *******************************************************************************/
+package org.eclipse.wst.wsi.internal.core.profile.validator.impl.message;
+
+import org.eclipse.wst.wsi.internal.core.WSIException;
+import org.eclipse.wst.wsi.internal.core.log.MessageEntry;
+import org.eclipse.wst.wsi.internal.core.profile.TestAssertion;
+import org.eclipse.wst.wsi.internal.core.profile.validator.EntryContext;
+import org.eclipse.wst.wsi.internal.core.profile.validator.impl.AssertionProcess;
+import org.eclipse.wst.wsi.internal.core.profile.validator.impl.BaseMessageValidator;
+import org.eclipse.wst.wsi.internal.core.report.AssertionResult;
+import org.eclipse.wst.wsi.internal.core.util.HTTPConstants;
+import org.eclipse.wst.wsi.internal.core.util.HTTPUtils;
+
+/**
+ * BP4103
+ *
+ * <context>For a candidate message in the message log file</context>
+ * <assertionDescription>The message contains an HTTP Authentication header field</assertionDescription>
+ */
+public class BP4103 extends AssertionProcess {
+
+ private static final String HTTP_AUTH_SCHEME_BASIC = "Basic";
+ private static final String HTTP_AUTH_SCHEME_DIGEST = "Digest";
+
+ private final BaseMessageValidator validator;
+
+ /**
+ * @param BaseMessageValidator
+ */
+ public BP4103(BaseMessageValidator impl)
+ {
+ super(impl);
+ this.validator = impl;
+ }
+
+ public AssertionResult validate(
+ TestAssertion testAssertion,
+ EntryContext entryContext)
+ throws WSIException
+ {
+ // Getting message headers
+ String headers = entryContext.getMessageEntry().getHTTPHeaders();
+ // If this is a request message
+ if (entryContext.getMessageEntry().getType().equals(MessageEntry.TYPE_REQUEST))
+ {
+ // If the request headers contain authentication scheme "Basic" or "Digest"
+ // or there are no HTTP Authentication headers, the assertion is not applicable
+ if (!containsInvalidAuth(headers, HTTPConstants.HEADER_AUTHORIZATION)
+ && !containsInvalidAuth(headers, HTTPConstants.HEADER_PROXY_AUTHORIZATION))
+ {
+ result = AssertionResult.RESULT_NOT_APPLICABLE;
+ }
+ }
+ // else this is a response
+ else
+ {
+ // If the response headers contain authentication scheme "Basic" or "Digest"
+ // or there are no HTTP Authentication headers, the assertion is not applicable
+ if (!containsInvalidAuth(headers, HTTPConstants.HEADER_WWW_AUTHENTICATE)
+ && !containsInvalidAuth(headers, HTTPConstants.HEADER_PROXY_AUTHENTICATE))
+ {
+ result = AssertionResult.RESULT_NOT_APPLICABLE;
+ }
+ }
+
+ // Assertion result has not been changed, HTTP Authentication headers
+ // does not contain authentication scheme "Basic" or "Digest",
+ // the assertion passed
+ if (result.equals(AssertionResult.RESULT_PASSED))
+ {
+ failureDetail = validator.createFailureDetail(
+ testAssertion.getDetailDescription(), entryContext);
+ }
+
+ // Return assertion result
+ return validator.createAssertionResult(
+ testAssertion, result, failureDetail);
+ }
+
+ /**
+ * Checks whether HTTP headers contain HTTP Authentication headers that uses
+ * authentication scheme other than "Basic" or "Digest".
+ * @param headers HTTP headers.
+ * @param header a header name being retrieved.
+ * @return true if the HTTP Authentication header that uses authentication
+ * scheme other than "Basic" or "Digest" is found, false otherwise.
+ */
+ private boolean containsInvalidAuth(String headers, String header)
+ {
+ // Getting a header value
+ String headerValue = null;
+ try
+ {
+ headerValue = (String) HTTPUtils.getHttpHeaderTokens(headers,":")
+ .get(header.toUpperCase());
+ }
+ catch (Exception e) {}
+
+ // If the header is presented
+ if (headerValue != null)
+ {
+ // Retrieving authentication scheme
+ int idxSP = headerValue.indexOf(" ");
+ if (idxSP > -1)
+ {
+ headerValue = headerValue.substring(0, idxSP);
+ }
+ // If a scheme is neither "Basic" nor "Digest", return true
+ if (!headerValue.equalsIgnoreCase(HTTP_AUTH_SCHEME_BASIC)
+ && !headerValue.equalsIgnoreCase(HTTP_AUTH_SCHEME_DIGEST))
+ {
+ return true;
+ }
+ }
+ return false;
+ }
+} \ No newline at end of file

Back to the top