Skip to main content
summaryrefslogtreecommitdiffstats
path: root/bundles/org.eclipse.wst.wsi/src/org/eclipse/wst/wsi/internal/core/profile/validator/impl/message/BP4103.java
blob: e63a5cf145951b6982bcb7559d58e4c1c6ef9741 (plain) (blame) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126

/*******************************************************************************
 * Copyright (c) 2002-2005 IBM Corporation and others.
 * All rights reserved.   This program and the accompanying materials
 * are made available under the terms of the Eclipse Public License v1.0
 * which accompanies this distribution, and is available at
 * http://www.eclipse.org/legal/epl-v10.html
 *
 * Contributors:
 *   IBM - Initial API and implementation
 *******************************************************************************/
package org.eclipse.wst.wsi.internal.core.profile.validator.impl.message;

import org.eclipse.wst.wsi.internal.core.WSIException;
import org.eclipse.wst.wsi.internal.core.log.MessageEntry;
import org.eclipse.wst.wsi.internal.core.profile.TestAssertion;
import org.eclipse.wst.wsi.internal.core.profile.validator.EntryContext;
import org.eclipse.wst.wsi.internal.core.profile.validator.impl.AssertionProcess;
import org.eclipse.wst.wsi.internal.core.profile.validator.impl.BaseMessageValidator;
import org.eclipse.wst.wsi.internal.core.report.AssertionResult;
import org.eclipse.wst.wsi.internal.core.util.HTTPConstants;
import org.eclipse.wst.wsi.internal.core.util.HTTPUtils;

/**
 * BP4103
 *
 * <context>For a candidate message in the message log file</context>
 * <assertionDescription>The message contains an HTTP Authentication header field</assertionDescription>
 */
public class BP4103 extends AssertionProcess {

  private static final String HTTP_AUTH_SCHEME_BASIC = "Basic";
  private static final String HTTP_AUTH_SCHEME_DIGEST = "Digest";

  private final BaseMessageValidator validator;

  /**
   * @param BaseMessageValidator
   */
  public BP4103(BaseMessageValidator impl)
  {
    super(impl);
    this.validator = impl;
  }

  public AssertionResult validate(
    TestAssertion testAssertion,
    EntryContext entryContext)
    throws WSIException
  {
    // Getting message headers
    String headers = entryContext.getMessageEntry().getHTTPHeaders();
    // If this is a request message
    if (entryContext.getMessageEntry().getType().equals(MessageEntry.TYPE_REQUEST))
    {
      // If the request headers contain authentication scheme "Basic" or "Digest"
      // or there are no HTTP Authentication headers, the assertion is not applicable
      if (!containsInvalidAuth(headers, HTTPConstants.HEADER_AUTHORIZATION)
        && !containsInvalidAuth(headers, HTTPConstants.HEADER_PROXY_AUTHORIZATION))
      {
        result = AssertionResult.RESULT_NOT_APPLICABLE;
      }
    }
    // else this is a response
    else
    {
      // If the response headers contain authentication scheme "Basic" or "Digest"
      // or there are no HTTP Authentication headers, the assertion is not applicable
      if (!containsInvalidAuth(headers, HTTPConstants.HEADER_WWW_AUTHENTICATE)
        && !containsInvalidAuth(headers, HTTPConstants.HEADER_PROXY_AUTHENTICATE))
      {
        result = AssertionResult.RESULT_NOT_APPLICABLE;
      }
    }

    // Assertion result has not been changed, HTTP Authentication headers
    // does not contain authentication scheme "Basic" or "Digest",
    // the assertion passed
    if (result.equals(AssertionResult.RESULT_PASSED))
    {
      failureDetail = validator.createFailureDetail(
        testAssertion.getDetailDescription(), entryContext);
    }

    // Return assertion result
    return validator.createAssertionResult(
      testAssertion, result, failureDetail);
  }

  /**
   * Checks whether HTTP headers contain HTTP Authentication headers that uses
   * authentication scheme other than "Basic" or "Digest".
   * @param headers HTTP headers.
   * @param header a header name being retrieved.
   * @return true if the HTTP Authentication header that uses authentication
   * scheme other than "Basic" or "Digest" is found, false otherwise.
   */
  private boolean containsInvalidAuth(String headers, String header)
  {
    // Getting a header value
    String headerValue = null;
    try
    {
      headerValue = (String) HTTPUtils.getHttpHeaderTokens(headers,":")
        .get(header.toUpperCase());
    }
    catch (Exception e) {}

    // If the header is presented
    if (headerValue != null)
    {
      // Retrieving authentication scheme
      int idxSP = headerValue.indexOf(" ");
      if (idxSP > -1)
      {
        headerValue = headerValue.substring(0, idxSP);
      }
      // If a scheme is neither "Basic" nor "Digest", return true
      if (!headerValue.equalsIgnoreCase(HTTP_AUTH_SCHEME_BASIC)
        && !headerValue.equalsIgnoreCase(HTTP_AUTH_SCHEME_DIGEST))
      {
        return true;
      }
    }
    return false;
  }
}

Back to the top