/** * Removes the quotes on a string. * * @param quotedString The quoted string * @return The unquoted string */ protected static String removeQuotes(String quotedString) { return removeQuotes(quotedString, false); }
@Override public synchronized void start() throws LifecycleException { super.start(); // Generate a random secret key if (getKey() == null) { setKey(generateSessionId()); } // Generate the opaque string the same way if (getOpaque() == null) { setOpaque(generateSessionId()); } }
boolean isNonceStale) { String realmName = getRealmName(context); authenticateHeader = "Digest realm=\"" + realmName + "\", " + "qop=\"" + QOP + "\", nonce=\"" + nonce + "\", " + "opaque=\"" + getOpaque() + "\", stale=true"; } else { authenticateHeader = "Digest realm=\"" + realmName + "\", " + "qop=\"" + QOP + "\", nonce=\"" + nonce + "\", " + "opaque=\"" + getOpaque() + "\"";
/** * Generate a unique token. The token is generated according to the * following pattern. NOnceToken = Base64 ( MD5 ( client-IP ":" * time-stamp ":" private-key ) ). * * @param request HTTP Servlet request */ protected String generateNonce(HttpServletRequest request) { long currentTime = System.currentTimeMillis(); String ipTimeKey = request.getRemoteAddr() + ":" + currentTime + ":" + getKey(); byte[] buffer = digest(ipTimeKey.getBytes(Charset.defaultCharset())); return currentTime + ":" + new String (digestEncoder.encode(buffer)); }
(HttpServletResponse) response.getResponse(); String authorization = request.getAuthorization(); DigestInfo digestInfo = new DigestInfo(getOpaque(), getNonceValidity(), getKey(), /*cnonces,*/ isValidateUri()); principal = context.getRealm().authenticate(hreq); if (principal != null) { String username = parseUsername(authorization); register(request, response, principal, Constants.DIGEST_METHOD, username, null); Constants.REQ_SSOID_NOTE); if (ssoId != null) { getSession(request, true); String nonce = generateNonce(hreq); setAuthenticateHeader(hreq, hres, config, nonce, digestInfo.isNonceStale()); hres.sendError(HttpServletResponse.SC_UNAUTHORIZED);
associate(ssoId, request.getSessionInternal(true)); return (true); principal = findPrincipal(request, authorization, context.getRealm()); if (principal != null) { String username = parseUsername(authorization); register(request, response, principal, Constants.DIGEST_METHOD, username, null); String nOnce = generateNOnce(request); setAuthenticateHeader(request, response, config, nOnce); response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
if (checkForCachedAuthentication(request, response, false)) { return true; DigestInfo digestInfo = new DigestInfo(getOpaque(), getNonceValidity(), getKey(), nonces, isValidateUri()); if (authorization != null) { if (digestInfo.parse(request, authorization)) { register(request, response, principal, HttpServletRequest.DIGEST_AUTH, digestInfo.getUsername(), null); String nonce = generateNonce(request); setAuthenticateHeader(request, response, nonce, principal != null && digestInfo.isNonceStale()); response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
@Override protected boolean removeEldestEntry( Map.Entry<String,NonceInfo> eldest) { // This is called from a sync so keep it simple long currentTime = System.currentTimeMillis(); if (size() > getNonceCacheSize()) { if (lastLog < currentTime && currentTime - eldest.getValue().getTimestamp() < getNonceValidity()) { // Replay attack is possible CatalinaLogger.AUTH_LOGGER.digestCacheRemove(); lastLog = currentTime + LOG_SUPPRESS_TIME; } return true; } return false; } };
/** * Generate a unique token. The token is generated according to the * following pattern. NOnceToken = Base64 ( MD5 ( client-IP ":" * time-stamp ":" private-key ) ). * * @param request HTTP Servlet request * @return The generated nonce */ protected String generateNonce(Request request) { long currentTime = System.currentTimeMillis(); synchronized (lastTimestampLock) { if (currentTime > lastTimestamp) { lastTimestamp = currentTime; } else { currentTime = ++lastTimestamp; } } String ipTimeKey = request.getRemoteAddr() + ":" + currentTime + ":" + getKey(); byte[] buffer = ConcurrentMessageDigest.digestMD5( ipTimeKey.getBytes(StandardCharsets.ISO_8859_1)); String nonce = currentTime + ":" + MD5Encoder.encode(buffer); NonceInfo info = new NonceInfo(currentTime, getNonceCountWindowSize()); synchronized (nonces) { nonces.put(nonce, info); } return nonce; }
currentToken.substring(equalSign + 1).trim(); if ("username".equals(currentTokenName)) userName = removeQuotes(currentTokenValue); if ("realm".equals(currentTokenName)) realmName = removeQuotes(currentTokenValue, true); if ("nonce".equals(currentTokenName)) nonce = removeQuotes(currentTokenValue); if ("nc".equals(currentTokenName)) nc = removeQuotes(currentTokenValue); if ("cnonce".equals(currentTokenName)) cnonce = removeQuotes(currentTokenValue); if ("qop".equals(currentTokenName)) qop = removeQuotes(currentTokenValue); if ("uri".equals(currentTokenName)) uri = removeQuotes(currentTokenValue); if ("response".equals(currentTokenName)) response = removeQuotes(currentTokenValue); if ("opaque".equals(currentTokenName)) opaque_client = removeQuotes(currentTokenValue); byte[] buffer = digest(serverIpTimeKey.getBytes(Charset.defaultCharset()));
authenticateHeader = "Digest realm=\"" + realmName + "\", " + "qop=\"" + QOP + "\", nonce=\"" + nonce + "\", " + "opaque=\"" + getOpaque() + "\", stale=true"; } else { authenticateHeader = "Digest realm=\"" + realmName + "\", " + "qop=\"" + QOP + "\", nonce=\"" + nonce + "\", " + "opaque=\"" + getOpaque() + "\"";
@Override protected boolean removeEldestEntry( Map.Entry<String,NonceInfo> eldest) { // This is called from a sync so keep it simple long currentTime = System.currentTimeMillis(); if (size() > getCnonceCacheSize()) { if (lastLog < currentTime && currentTime - eldest.getValue().getTimestamp() < getNonceValidity()) { // Replay attack is possible log.warn(sm.getString( "digestAuthenticator.cacheRemove")); lastLog = currentTime + LOG_SUPPRESS_TIME; } return true; } return false; } };
/** * Generate a unique token. The token is generated according to the * following pattern. NOnceToken = Base64 ( MD5 ( client-IP ":" * time-stamp ":" private-key ) ). * * @param request HTTP Servlet request */ protected String generateNonce(Request request) { long currentTime = System.currentTimeMillis(); String ipTimeKey = request.getRemoteAddr() + ":" + currentTime + ":" + getKey(); byte[] buffer; synchronized (md5Helper) { buffer = md5Helper.digest( ipTimeKey.getBytes(Charset.defaultCharset())); } return currentTime + ":" + md5Encoder.encode(buffer); }
associate(ssoId, request.getSessionInternal(true)); return (true); DigestInfo digestInfo = new DigestInfo(getOpaque(), getNonceValidity(), getKey(), cnonces, isValidateUri()); if (authorization != null) { if (digestInfo.validate(request, authorization, config)) { String username = parseUsername(authorization); register(request, response, principal, HttpServletRequest.DIGEST_AUTH, username, null); String nonce = generateNonce(request); setAuthenticateHeader(request, response, config, nonce, digestInfo.isNonceStale()); response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
associate(ssoId, request.getSessionInternal(true)); return (true); principal = findPrincipal(request, authorization, context.getRealm()); if (principal != null) { String username = parseUsername(authorization); register(request, response, principal, HttpServletRequest.DIGEST_AUTH, username, null); String nOnce = generateNOnce(request); setAuthenticateHeader(request, response, config, nOnce); response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
if (checkForCachedAuthentication(request, response, false)) { return true; DigestInfo digestInfo = new DigestInfo(getOpaque(), getNonceValidity(), getKey(), nonces, isValidateUri()); if (authorization != null) { if (digestInfo.parse(request, authorization)) { register(request, response, principal, HttpServletRequest.DIGEST_AUTH, digestInfo.getUsername(), null); String nonce = generateNonce(request); setAuthenticateHeader(request, response, nonce, principal != null && digestInfo.isNonceStale()); response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
@Override protected boolean removeEldestEntry( Map.Entry<String,NonceInfo> eldest) { // This is called from a sync so keep it simple long currentTime = System.currentTimeMillis(); if (size() > getNonceCacheSize()) { if (lastLog < currentTime && currentTime - eldest.getValue().getTimestamp() < getNonceValidity()) { // Replay attack is possible log.warn(sm.getString( "digestAuthenticator.cacheRemove")); lastLog = currentTime + LOG_SUPPRESS_TIME; } return true; } return false; } };
/** * Generate a unique token. The token is generated according to the * following pattern. NOnceToken = Base64 ( MD5 ( client-IP ":" * time-stamp ":" private-key ) ). * * @param request HTTP Servlet request */ protected String generateNonce(Request request) { long currentTime = System.currentTimeMillis(); synchronized (lastTimestampLock) { if (currentTime > lastTimestamp) { lastTimestamp = currentTime; } else { currentTime = ++lastTimestamp; } } String ipTimeKey = request.getRemoteAddr() + ":" + currentTime + ":" + getKey(); byte[] buffer = ConcurrentMessageDigest.digestMD5( ipTimeKey.getBytes(B2CConverter.ISO_8859_1)); String nonce = currentTime + ":" + MD5Encoder.encode(buffer); NonceInfo info = new NonceInfo(currentTime, getNonceCountWindowSize()); synchronized (nonces) { nonces.put(nonce, info); } return nonce; }
boolean isNonceStale) { String realmName = getRealmName(context); authenticateHeader = "Digest realm=\"" + realmName + "\", " + "qop=\"" + QOP + "\", nonce=\"" + nonce + "\", " + "opaque=\"" + getOpaque() + "\", stale=true"; } else { authenticateHeader = "Digest realm=\"" + realmName + "\", " + "qop=\"" + QOP + "\", nonce=\"" + nonce + "\", " + "opaque=\"" + getOpaque() + "\"";
authenticateHeader = "Digest realm=\"" + realmName + "\", " + "qop=\"" + QOP + "\", nonce=\"" + nonce + "\", " + "opaque=\"" + getOpaque() + "\", stale=true"; } else { authenticateHeader = "Digest realm=\"" + realmName + "\", " + "qop=\"" + QOP + "\", nonce=\"" + nonce + "\", " + "opaque=\"" + getOpaque() + "\"";