Package org.wildfly.security.http.digest
Class DigestAuthenticationMechanism
- java.lang.Object
-
- org.wildfly.security.http.digest.DigestAuthenticationMechanism
-
- All Implemented Interfaces:
HttpServerAuthenticationMechanism
final class DigestAuthenticationMechanism extends Object implements HttpServerAuthenticationMechanism
Implementation of the HTTP DIGEST authentication mechanism as defined in RFC 7616.- Author:
- Darran Lofthouse
-
-
Field Summary
Fields Modifier and Type Field Description private Stringalgorithmprivate CallbackHandlercallbackHandlerprivate static StringCHALLENGE_PREFIXprivate static byteCOLONprivate StringconfiguredRealmprivate Stringdomainprivate StringmechanismNameprivate NonceManagernonceManagerprivate static StringOPAQUE_VALUEprivate Supplier<Provider[]>providersprivate booleanvalidateUri
-
Constructor Summary
Constructors Constructor Description DigestAuthenticationMechanism(CallbackHandler callbackHandler, NonceManager nonceManager, String configuredRealm, String domain, String mechanismName, String algorithm, Supplier<Provider[]> providers, String validateUri)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description private booleanauthorize(String username)private byte[]calculateResponseDigest(MessageDigest messageDigest, byte[] hA1, String nonce, String method, byte[] digestUri, byte[] qop, byte[] cnonce, byte[] nc)private booleancheckRealm(String realm)Check if realm is offered by the serverprivate StringconvertToken(String name, byte[] value)private static StringdecodeRfc2231(String encoded)private booleandigestUriMatchesRequestUri(HttpServerRequest request, byte[] digestUri)voidevaluateRequest(HttpServerRequest request)Evaluate the current request and attempt to authenticate if appropriate.private voidfail()private String[]getAvailableRealms()private byte[]getH_A1(MessageDigest messageDigest, String username, String messageRealm)StringgetMechanismName()Get the name of this mechanism, where appropriate this should be the IANA registered name.private voidprepareResponse(String realmName, HttpServerResponse response, boolean stale)private StringselectRealm()Select the realm which should be sent to the client in the challenge.private voidsendAuthenticationInfoHeader(HttpServerResponse response, byte[] salt)private voidsucceed()private voidvalidateResponse(HashMap<String,byte[]> responseTokens, HttpServerRequest request)-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.wildfly.security.http.HttpServerAuthenticationMechanism
dispose, getNegotiatedProperty, getNegotiationProperty
-
-
-
-
Field Detail
-
CHALLENGE_PREFIX
private static final String CHALLENGE_PREFIX
- See Also:
- Constant Field Values
-
OPAQUE_VALUE
private static final String OPAQUE_VALUE
- See Also:
- Constant Field Values
-
COLON
private static final byte COLON
- See Also:
- Constant Field Values
-
callbackHandler
private final CallbackHandler callbackHandler
-
nonceManager
private final NonceManager nonceManager
-
configuredRealm
private final String configuredRealm
-
domain
private final String domain
-
mechanismName
private final String mechanismName
-
algorithm
private final String algorithm
-
validateUri
private final boolean validateUri
-
-
Constructor Detail
-
DigestAuthenticationMechanism
DigestAuthenticationMechanism(CallbackHandler callbackHandler, NonceManager nonceManager, String configuredRealm, String domain, String mechanismName, String algorithm, Supplier<Provider[]> providers, String validateUri)
- Parameters:
callbackHandler-nonceManager-configuredRealm-
-
-
Method Detail
-
getMechanismName
public String getMechanismName()
Description copied from interface:HttpServerAuthenticationMechanismGet the name of this mechanism, where appropriate this should be the IANA registered name.- Specified by:
getMechanismNamein interfaceHttpServerAuthenticationMechanism- Returns:
- the name of the mechanism.
-
evaluateRequest
public void evaluateRequest(HttpServerRequest request) throws HttpAuthenticationException
Description copied from interface:HttpServerAuthenticationMechanismEvaluate the current request and attempt to authenticate if appropriate. The mechanism should call the appropriate callback methods on the {link HttpServerResponse} to both indicate the outcome of the evaluation and to register anyHttpServerMechanismsResponderas required.- Specified by:
evaluateRequestin interfaceHttpServerAuthenticationMechanism- Parameters:
request- representation of the HTTP request.- Throws:
HttpAuthenticationException- if there is an internal failure handling the authentication.
-
validateResponse
private void validateResponse(HashMap<String,byte[]> responseTokens, HttpServerRequest request) throws AuthenticationMechanismException, HttpAuthenticationException
-
sendAuthenticationInfoHeader
private void sendAuthenticationInfoHeader(HttpServerResponse response, byte[] salt)
-
digestUriMatchesRequestUri
private boolean digestUriMatchesRequestUri(HttpServerRequest request, byte[] digestUri)
-
checkRealm
private boolean checkRealm(String realm) throws AuthenticationMechanismException
Check if realm is offered by the server- Throws:
AuthenticationMechanismException
-
calculateResponseDigest
private byte[] calculateResponseDigest(MessageDigest messageDigest, byte[] hA1, String nonce, String method, byte[] digestUri, byte[] qop, byte[] cnonce, byte[] nc)
-
getH_A1
private byte[] getH_A1(MessageDigest messageDigest, String username, String messageRealm) throws AuthenticationMechanismException
- Throws:
AuthenticationMechanismException
-
convertToken
private String convertToken(String name, byte[] value) throws AuthenticationMechanismException
- Throws:
AuthenticationMechanismException
-
selectRealm
private String selectRealm() throws HttpAuthenticationException
Select the realm which should be sent to the client in the challenge. If a realm has been configured it takes priority. Next the first available mechanism realm is selected. If no mechanism is available or mechanism configured realm is not offered by the server,IllegalStateExceptionis thrown.- Throws:
HttpAuthenticationException
-
getAvailableRealms
private String[] getAvailableRealms() throws AuthenticationMechanismException
- Throws:
AuthenticationMechanismException
-
prepareResponse
private void prepareResponse(String realmName, HttpServerResponse response, boolean stale) throws HttpAuthenticationException
- Throws:
HttpAuthenticationException
-
authorize
private boolean authorize(String username) throws AuthenticationMechanismException
- Throws:
AuthenticationMechanismException
-
succeed
private void succeed() throws AuthenticationMechanismException- Throws:
AuthenticationMechanismException
-
fail
private void fail() throws AuthenticationMechanismException- Throws:
AuthenticationMechanismException
-
decodeRfc2231
private static String decodeRfc2231(String encoded) throws UnsupportedEncodingException
- Throws:
UnsupportedEncodingException
-
-