1
/*
2
 * Copyright (c) 2001, 2009, Oracle and/or its affiliates. All rights reserved.
3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4
 *
5
 * This code is free software; you can redistribute it and/or modify it
6
 * under the terms of the GNU General Public License version 2 only, as
7
 * published by the Free Software Foundation.
8
 *
9
 * This code is distributed in the hope that it will be useful, but WITHOUT
10
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
12
 * version 2 for more details (a copy is included in the LICENSE file that
13
 * accompanied this code).
14
 *
15
 * You should have received a copy of the GNU General Public License version
16
 * 2 along with this work; if not, write to the Free Software Foundation,
17
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18
 *
19
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20
 * or visit www.oracle.com if you need additional information or have any
21
 * questions.
22
 */
23

24
/**
25
 * @test
26
 * @bug 6870935
27
 * @run main/othervm -Dhttp.nonProxyHosts="" -Dhttp.auth.digest.validateProxy=true B6870935
28
 */
29

30
import java.io.*;
31
import java.util.*;
32
import java.net.*;
33
import java.security.*;
34
import sun.net.www.*;
35

36
/* This is one simple test of the RFC2617 digest authentication behavior
37
 * It specifically tests that the client correctly checks the returned
38
 * Authentication-Info header field from the server and throws an exception
39
 * if the password is wrong
40
 */
41

42
public class B6870935 {
43

44
    static char[] passwd = "password".toCharArray();
45
    static String username = "user";
46
    static String nonce = "abcdefghijklmnopqrstuvwxyz";
47
    static String realm = "wallyworld";
48
    static String uri = "http://www.ibm.com";
49
    static volatile boolean error = false;
50

51
    static class DigestServer extends Thread {
52

53
        ServerSocket s;
54
        InputStream  is;
55
        OutputStream os;
56
        int port;
57

58
        String reply1 = "HTTP/1.1 407 Proxy Authentication Required\r\n"+
59
            "Proxy-Authenticate: Digest realm=\""+realm+"\" domain=/ "+
60
            "nonce=\""+nonce+"\" qop=\"auth\"\r\n\r\n";
61

62
        String reply2 = "HTTP/1.1 200 OK\r\n" +
63
            "Date: Mon, 15 Jan 2001 12:18:21 GMT\r\n" +
64
            "Server: Apache/1.3.14 (Unix)\r\n" +
65
            "Content-Type: text/html; charset=iso-8859-1\r\n" +
66
            "Transfer-encoding: chunked\r\n\r\n"+
67
            "B\r\nHelloWorld1\r\n"+
68
            "B\r\nHelloWorld2\r\n"+
69
            "B\r\nHelloWorld3\r\n"+
70
            "B\r\nHelloWorld4\r\n"+
71
            "B\r\nHelloWorld5\r\n"+
72
            "0\r\n"+
73
            "Proxy-Authentication-Info: ";
74

75
        DigestServer (ServerSocket y) {
76
            s = y;
77
            port = s.getLocalPort();
78
        }
79

80
        public void run () {
81
            try {
82
                Socket s1 = s.accept ();
83
                is = s1.getInputStream ();
84
                os = s1.getOutputStream ();
85
                is.read ();
86
                os.write (reply1.getBytes());
87
                Thread.sleep (2000);
88
                s1.close ();
89

90
                s1 = s.accept ();
91
                is = s1.getInputStream ();
92
                os = s1.getOutputStream ();
93
                is.read ();
94
                // need to get the cnonce out of the response
95
                MessageHeader header = new MessageHeader (is);
96
                String raw = header.findValue ("Proxy-Authorization");
97
                HeaderParser parser = new HeaderParser (raw);
98
                String cnonce = parser.findValue ("cnonce");
99
                String cnstring = parser.findValue ("nc");
100
                String clientrsp = parser.findValue ("response");
101
                String expected = computeDigest(
102
                        true, username,passwd,realm,
103
                        "GET", uri, nonce, cnonce, cnstring
104
                );
105
                if (!expected.equals(clientrsp)) {
106
                    s1.close ();
107
                    s.close ();
108
                    error = true;
109
                    return;
110
                }
111

112
                String reply = reply2 + getAuthorization (
113
                        realm, false, uri, "GET", cnonce,
114
                        cnstring, passwd, username
115
                ) +"\r\n";
116
                os.write (reply.getBytes());
117
                Thread.sleep (2000);
118
                s1.close ();
119
            }
120
            catch (Exception e) {
121
                System.out.println (e);
122
                e.printStackTrace();
123
            }
124
        }
125

126
        private String getAuthorization (String realm, boolean isRequest, String uri, String method, String cnonce, String cnstring, char[] password, String username) {
127
            String response;
128

129
            try {
130
                response = computeDigest(isRequest, username,passwd,realm,
131
                                            method, uri, nonce, cnonce, cnstring);
132
            } catch (NoSuchAlgorithmException ex) {
133
                return null;
134
            }
135

136
            String value = "Digest"
137
                            + " qop=\"auth"
138
                            + "\", cnonce=\"" + cnonce
139
                            + "\", rspauth=\"" + response
140
                            + "\", nc=\"" + cnstring + "\"";
141
            return (value+ "\r\n");
142
        }
143

144
        private String computeDigest(
145
                            boolean isRequest, String userName, char[] password,
146
                            String realm, String connMethod,
147
                            String requestURI, String nonceString,
148
                            String cnonce, String ncValue
149
                        ) throws NoSuchAlgorithmException
150
        {
151

152
            String A1, HashA1;
153

154
            MessageDigest md = MessageDigest.getInstance("MD5");
155

156
            {
157
                A1 = userName + ":" + realm + ":";
158
                HashA1 = encode(A1, password, md);
159
            }
160

161
            String A2;
162
            if (isRequest) {
163
                A2 = connMethod + ":" + requestURI;
164
            } else {
165
                A2 = ":" + requestURI;
166
            }
167
            String HashA2 = encode(A2, null, md);
168
            String combo, finalHash;
169

170
            { /* RRC2617 when qop=auth */
171
                combo = HashA1+ ":" + nonceString + ":" + ncValue + ":" +
172
                            cnonce + ":auth:" +HashA2;
173

174
            }
175
            finalHash = encode(combo, null, md);
176
            return finalHash;
177
        }
178

179
        private final static char charArray[] = {
180
            '0', '1', '2', '3', '4', '5', '6', '7',
181
            '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'
182
        };
183

184
        private String encode(String src, char[] passwd, MessageDigest md) {
185
            md.update(src.getBytes());
186
            if (passwd != null) {
187
                byte[] passwdBytes = new byte[passwd.length];
188
                for (int i=0; i<passwd.length; i++)
189
                    passwdBytes[i] = (byte)passwd[i];
190
                md.update(passwdBytes);
191
                Arrays.fill(passwdBytes, (byte)0x00);
192
            }
193
            byte[] digest = md.digest();
194

195
            StringBuffer res = new StringBuffer(digest.length * 2);
196
            for (int i = 0; i < digest.length; i++) {
197
                int hashchar = ((digest[i] >>> 4) & 0xf);
198
                res.append(charArray[hashchar]);
199
                hashchar = (digest[i] & 0xf);
200
                res.append(charArray[hashchar]);
201
            }
202
            return res.toString();
203
        }
204
    }
205

206

207
    static class MyAuthenticator extends Authenticator {
208
        public MyAuthenticator () {
209
            super ();
210
        }
211

212
        public PasswordAuthentication getPasswordAuthentication ()
213
        {
214
            return (new PasswordAuthentication (username, passwd));
215
        }
216
    }
217

218

219
    public static void main(String[] args) throws Exception {
220
        int nLoops = 1;
221
        int nSize = 10;
222
        int port, n =0;
223
        byte b[] = new byte[nSize];
224
        DigestServer server;
225
        ServerSocket sock;
226

227
        try {
228
            sock = new ServerSocket (0);
229
            port = sock.getLocalPort ();
230
        }
231
        catch (Exception e) {
232
            System.out.println ("Exception: " + e);
233
            return;
234
        }
235

236
        server = new DigestServer(sock);
237
        server.start ();
238

239
        try  {
240

241
            Authenticator.setDefault (new MyAuthenticator ());
242
            SocketAddress addr = new InetSocketAddress ("127.0.0.1", port);
243
            Proxy proxy = new Proxy (Proxy.Type.HTTP, addr);
244
            String s = "http://www.ibm.com";
245
            URL url = new URL(s);
246
            java.net.URLConnection conURL =  url.openConnection(proxy);
247

248
            InputStream in = conURL.getInputStream();
249
            int c;
250
            while ((c = in.read ()) != -1) {
251
            }
252
            in.close ();
253
        }
254
        catch(IOException e) {
255
            e.printStackTrace();
256
            error = true;
257
        }
258
        if (error) {
259
            throw new RuntimeException ("Error in test");
260
        }
261
    }
262
}
263

264