Annotation of java/classes/org/w3c/jigsaw/acl/DigestAuthPrincipal.java, revision 1.4
1.1 bmahe 1: // DigestAuthPrincipal.java
1.4 ! bmahe 2: // $Id: DigestAuthPrincipal.java,v 1.3 1999/04/27 13:36:08 bmahe Exp $
1.1 bmahe 3: // (c) COPYRIGHT MIT, INRIA and Keio, 1999.
4: // Please first read the full copyright statement in file COPYRIGHT.html
5:
6: package org.w3c.jigsaw.acl;
7:
8: import java.security.Principal;
1.2 bmahe 9: import java.security.MessageDigest;
10: import java.security.NoSuchAlgorithmException;
1.1 bmahe 11:
12: import org.w3c.jigsaw.http.Request;
1.2 bmahe 13: import org.w3c.www.http.HttpCredential;
14: import org.w3c.util.StringUtils;
1.1 bmahe 15:
16: /**
1.4 ! bmahe 17: * @version $Revision: 1.3 $
1.1 bmahe 18: * @author Benoît Mahé (bmahe@w3.org)
19: */
20: public class DigestAuthPrincipal implements Principal {
21:
1.2 bmahe 22: String dac_user = null;
23: String dac_realm = null;
24: String dac_nonce = null;
25: String dac_uri = null;
26: String dac_response = null;
27: String dac_algorithm = null;
28: String dac_method = null;
29: String nonce = null;
30: String old_nonce = null;
31: String algo = null;
32: boolean stale = false;
1.4 ! bmahe 33: boolean no_user = false;
1.2 bmahe 34:
1.1 bmahe 35: public boolean isStale() {
1.2 bmahe 36: return stale;
1.1 bmahe 37: }
38:
39: public boolean equals(Object another) {
1.4 ! bmahe 40: if (no_user)
! 41: return false;
1.2 bmahe 42: if (another instanceof AclPrincipal) {
43: AclPrincipal aclp = (AclPrincipal) another;
44: String username = aclp.getName();
45: String realm = aclp.getRealm();
46: String passwd = aclp.getPassword();
47:
48: if (!dac_user.equals(username))
49: return false;
50: if (!dac_realm.equals(realm))
51: return false;
52: if (dac_algorithm != null && !dac_algorithm.equals(this.algo))
53: return false;
54: if (!dac_nonce.equals(this.nonce)) {
55: if (!dac_nonce.equals(this.old_nonce)) {
56: // check if the user knows the right passwd
57: String a1, a2, ha1, ha2;
58: a1 = username + ":" + realm + ":" + passwd;
59: a2 = dac_method + ":" + dac_uri;
60: MessageDigest md = null;
61: try {
62: md = MessageDigest.getInstance(this.algo);
63: } catch (NoSuchAlgorithmException algex) {
64: // fatal error, can't authenticate
65: return false;
66: }
67: md.update(a1.getBytes());
68: ha1 = StringUtils.toHexString(md.digest());
69: md.reset();
70: md.update(a2.getBytes());
71: ha2 = StringUtils.toHexString(md.digest());
72: md.reset();
73: String kd, hkd;
74: // KD( H(A1), unq(nonce-value) ":" H(A2)
75: kd = ha1 + ":" + dac_nonce + ":" + ha2;
76: md.update(kd.getBytes());
77: hkd = StringUtils.toHexString(md.digest());
78: stale = hkd.equals(dac_response);
79: return false;
80: } else {
81: stale = true;
82: }
83: }
84: // basic things have been checked... now try the real thing
85: String a1, a2, ha1, ha2;
86: a1 = username + ":" + realm + ":" + passwd;
87: a2 = dac_method + ":" + dac_uri;
88: MessageDigest md = null;
89: try {
90: md = MessageDigest.getInstance(this.algo);
91: } catch (NoSuchAlgorithmException algex) {
92: // fatal error, can't authenticate
93: return false;
94: }
95: md.update(a1.getBytes());
96: ha1 = StringUtils.toHexString(md.digest());
97: md.reset();
98: md.update(a2.getBytes());
99: ha2 = StringUtils.toHexString(md.digest());
100: md.reset();
101: String kd, hkd;
102: if (stale) // KD( H(A1), unq(nonce-value) ":" H(A2)
103: kd = ha1 + ":" + old_nonce + ":" + ha2;
104: else
105: kd = ha1 + ":" + nonce + ":" + ha2;
106: md.update(kd.getBytes());
107: hkd = StringUtils.toHexString(md.digest());
108: if (!hkd.equals(dac_response))
109: return false;
110: // yeah!!!
111: return true;
112: } else if (another instanceof DigestAuthPrincipal) {
113: return false;
114: }
1.1 bmahe 115: return false;
116: }
117:
118: public String toString() {
1.4 ! bmahe 119: if (dac_user != null)
! 120: return dac_user;
1.1 bmahe 121: return "Digest";
122: }
123:
124: public int hashCode() {
1.4 ! bmahe 125: if (dac_nonce != null)
! 126: return dac_nonce.hashCode();
! 127: else return -1;
1.1 bmahe 128: }
129:
130: public String getName() {
1.4 ! bmahe 131: return dac_user;
1.1 bmahe 132: }
133:
1.2 bmahe 134: public DigestAuthPrincipal(Request request,
135: String nonce,
136: String old_nonce,
137: String algo)
1.1 bmahe 138: throws InvalidAuthException
139: {
1.2 bmahe 140: HttpCredential credential = (request.isProxy()
141: ? request.getProxyAuthorization()
142: : request.getAuthorization());
1.4 ! bmahe 143: if ((credential == null) ||
! 144: ( ! credential.getScheme().equalsIgnoreCase("Digest"))) {
! 145: no_user = true;
1.2 bmahe 146: } else {
1.4 ! bmahe 147: no_user = false;
1.2 bmahe 148: dac_user = credential.getAuthParameter("username");
149: dac_uri = credential.getAuthParameter("uri");
150: dac_response = credential.getAuthParameter("response");
151: dac_realm = credential.getAuthParameter("realm");
152: dac_method = request.getMethod();
153: dac_nonce = credential.getAuthParameter("nonce");
154: this.nonce = nonce;
155: this.old_nonce = old_nonce;
156: this.algo = algo;
157: if (dac_user == null || dac_uri == null || dac_response == null ||
158: dac_realm == null) {
159: String msg = ("Invalid authentication header");
160: throw new InvalidAuthException(msg);
161: }
162: }
1.1 bmahe 163: }
164:
165: }
Webmaster