Annotation of java/classes/org/w3c/jigsaw/acl/DigestAuthPrincipal.java, revision 1.7
1.1 bmahe 1: // DigestAuthPrincipal.java
1.7 ! ylafon 2: // $Id: DigestAuthPrincipal.java,v 1.6 2000/08/16 21:37:33 ylafon Exp $
1.1 bmahe 3: // (c) COPYRIGHT MIT, INRIA and Keio, 1999.
4: // Please first read the full copyright statement in file COPYRIGHT.html
1.6 ylafon 5:
1.1 bmahe 6: package org.w3c.jigsaw.acl;
7:
8: import java.security.Principal;
1.2 bmahe 9: import java.security.MessageDigest;
10: import java.security.NoSuchAlgorithmException;
1.1 bmahe 11:
12: import org.w3c.jigsaw.http.Request;
1.2 bmahe 13: import org.w3c.www.http.HttpCredential;
14: import org.w3c.util.StringUtils;
1.1 bmahe 15:
16: /**
1.7 ! ylafon 17: * @version $Revision: 1.6 $
1.1 bmahe 18: * @author Benoît Mahé (bmahe@w3.org)
1.7 ! ylafon 19: * This algorithm used is based on RFC 2069
1.1 bmahe 20: */
1.5 ylafon 21: public class DigestAuthPrincipal extends HTTPPrincipal {
1.6 ylafon 22:
1.2 bmahe 23: String dac_user = null;
24: String dac_realm = null;
25: String dac_nonce = null;
26: String dac_uri = null;
27: String dac_response = null;
28: String dac_algorithm = null;
29: String dac_method = null;
30: String nonce = null;
31: String old_nonce = null;
32: String algo = null;
33: boolean stale = false;
1.4 bmahe 34: boolean no_user = false;
1.2 bmahe 35:
1.1 bmahe 36: public boolean isStale() {
1.2 bmahe 37: return stale;
1.1 bmahe 38: }
39:
40: public boolean equals(Object another) {
1.4 bmahe 41: if (no_user)
42: return false;
1.2 bmahe 43: if (another instanceof AclPrincipal) {
44: AclPrincipal aclp = (AclPrincipal) another;
45: String username = aclp.getName();
46: String realm = aclp.getRealm();
47: String passwd = aclp.getPassword();
48:
49: if (!dac_user.equals(username))
50: return false;
51: if (!dac_realm.equals(realm))
52: return false;
53: if (dac_algorithm != null && !dac_algorithm.equals(this.algo))
54: return false;
55: if (!dac_nonce.equals(this.nonce)) {
56: if (!dac_nonce.equals(this.old_nonce)) {
57: // check if the user knows the right passwd
58: String a1, a2, ha1, ha2;
59: a1 = username + ":" + realm + ":" + passwd;
60: a2 = dac_method + ":" + dac_uri;
61: MessageDigest md = null;
62: try {
63: md = MessageDigest.getInstance(this.algo);
64: } catch (NoSuchAlgorithmException algex) {
65: // fatal error, can't authenticate
66: return false;
67: }
68: md.update(a1.getBytes());
69: ha1 = StringUtils.toHexString(md.digest());
70: md.reset();
71: md.update(a2.getBytes());
72: ha2 = StringUtils.toHexString(md.digest());
73: md.reset();
74: String kd, hkd;
75: // KD( H(A1), unq(nonce-value) ":" H(A2)
76: kd = ha1 + ":" + dac_nonce + ":" + ha2;
77: md.update(kd.getBytes());
78: hkd = StringUtils.toHexString(md.digest());
79: stale = hkd.equals(dac_response);
80: return false;
81: } else {
82: stale = true;
83: }
84: }
85: // basic things have been checked... now try the real thing
86: String a1, a2, ha1, ha2;
87: a1 = username + ":" + realm + ":" + passwd;
88: a2 = dac_method + ":" + dac_uri;
89: MessageDigest md = null;
90: try {
91: md = MessageDigest.getInstance(this.algo);
92: } catch (NoSuchAlgorithmException algex) {
93: // fatal error, can't authenticate
94: return false;
95: }
96: md.update(a1.getBytes());
97: ha1 = StringUtils.toHexString(md.digest());
98: md.reset();
99: md.update(a2.getBytes());
100: ha2 = StringUtils.toHexString(md.digest());
101: md.reset();
102: String kd, hkd;
103: if (stale) // KD( H(A1), unq(nonce-value) ":" H(A2)
104: kd = ha1 + ":" + old_nonce + ":" + ha2;
105: else
106: kd = ha1 + ":" + nonce + ":" + ha2;
107: md.update(kd.getBytes());
108: hkd = StringUtils.toHexString(md.digest());
109: if (!hkd.equals(dac_response))
110: return false;
111: // yeah!!!
112: return true;
113: } else if (another instanceof DigestAuthPrincipal) {
114: return false;
115: }
1.1 bmahe 116: return false;
117: }
118:
119: public String toString() {
1.4 bmahe 120: if (dac_user != null)
121: return dac_user;
1.1 bmahe 122: return "Digest";
123: }
124:
125: public int hashCode() {
1.4 bmahe 126: if (dac_nonce != null)
127: return dac_nonce.hashCode();
128: else return -1;
1.1 bmahe 129: }
130:
131: public String getName() {
1.4 bmahe 132: return dac_user;
1.1 bmahe 133: }
134:
1.2 bmahe 135: public DigestAuthPrincipal(Request request,
136: String nonce,
137: String old_nonce,
138: String algo)
1.1 bmahe 139: throws InvalidAuthException
140: {
1.5 ylafon 141: super(request);
1.2 bmahe 142: HttpCredential credential = (request.isProxy()
143: ? request.getProxyAuthorization()
144: : request.getAuthorization());
1.4 bmahe 145: if ((credential == null) ||
146: ( ! credential.getScheme().equalsIgnoreCase("Digest"))) {
147: no_user = true;
1.2 bmahe 148: } else {
1.4 bmahe 149: no_user = false;
1.2 bmahe 150: dac_user = credential.getAuthParameter("username");
151: dac_uri = credential.getAuthParameter("uri");
152: dac_response = credential.getAuthParameter("response");
153: dac_realm = credential.getAuthParameter("realm");
154: dac_method = request.getMethod();
155: dac_nonce = credential.getAuthParameter("nonce");
156: this.nonce = nonce;
157: this.old_nonce = old_nonce;
158: this.algo = algo;
159: if (dac_user == null || dac_uri == null || dac_response == null ||
160: dac_realm == null) {
161: String msg = ("Invalid authentication header");
162: throw new InvalidAuthException(msg);
163: }
164: }
1.1 bmahe 165: }
166:
1.5 ylafon 167: public DigestAuthPrincipal(Request request)
168: throws InvalidAuthException
169: {
170: super(request);
171: throw new InvalidAuthException("Bad call for authentification");
172: }
1.1 bmahe 173: }
Webmaster