/** * Given the digest, construct the client response value * * @param digest * @param password * @return * @throws FormatException */ public static String calculate(Digest digest, char[] password) { try { MessageDigest messageDigest = getMessageDigest(); byte[] ha1 = calculateA1(digest.getUsername(), digest.getRealm(), password); byte[] ha2 = calculateA2(digest.getMethod(), digest.getUri()); messageDigest.update(convertBytesToHex(ha1).getBytes(UTF8)); messageDigest.update((byte) ':'); messageDigest.update(digest.getNonce().getBytes(UTF8)); messageDigest.update((byte) ':'); messageDigest.update(digest.getNonceCount().getBytes(UTF8)); messageDigest.update((byte) ':'); messageDigest.update(digest.getClientNonce().getBytes(UTF8)); messageDigest.update((byte) ':'); messageDigest.update(digest.getQop().getBytes(UTF8)); messageDigest.update((byte) ':'); messageDigest.update(convertBytesToHex(ha2).getBytes(UTF8)); byte[] digestedValue = messageDigest.digest(); return convertBytesToHex(digestedValue); } catch (Exception e) { throw new RuntimeException(e); } }
@Override protected boolean validateCredential(IdentityContext context, final CredentialStorage credentialStorage, final DigestCredentials credentials, CredentialStore<?> store) { DigestCredentialStorage currentCredential = (DigestCredentialStorage) credentialStorage; Digest digest = credentials.getDigest(); if (currentCredential != null) { String providedDigest = digest.getDigest(); String expectedDigest = null; if (digest.getMethod() != null && digest.getUri() != null) { byte[] storedHA1 = currentCredential.getHa1(); byte[] ha2 = calculateA2(digest.getMethod(), digest.getUri()); expectedDigest = calculateDigest(digest, storedHA1, ha2); } else { expectedDigest = String.valueOf(Base64.encodeBytes(currentCredential.getHa1())); } return expectedDigest.equals(providedDigest); } return false; }
public static String calculateDigest(Digest digest, byte[] ha1, byte[] ha2) { try { MessageDigest messageDigest = getMessageDigest(); messageDigest.update(convertBytesToHex(ha1).getBytes(UTF8)); messageDigest.update((byte) ':'); messageDigest.update(digest.getNonce().getBytes(UTF8)); messageDigest.update((byte) ':'); messageDigest.update(digest.getNonceCount().getBytes(UTF8)); messageDigest.update((byte) ':'); messageDigest.update(digest.getClientNonce().getBytes(UTF8)); messageDigest.update((byte) ':'); messageDigest.update(digest.getQop().getBytes(UTF8)); messageDigest.update((byte) ':'); messageDigest.update(convertBytesToHex(ha2).getBytes(UTF8)); return convertBytesToHex(messageDigest.digest()); } catch (Exception e) { throw new RuntimeException(e); } }
Digest digestHolder = new Digest(); digestHolder.setUsername(username).setRealm(realm).setNonce(nonce).setUri(uri).setQop(qop).setNonceCount(nc).setClientNonce(cnonce) .setDigest(clientResponse).setOpaque(opaque); digestHolder.setStale(stale).setDomain(domain);
byte[] ha1; messageDigest.update(digest.getUsername().getBytes(UTF8)); messageDigest.update((byte) ':'); messageDigest.update(digest.getRealm().getBytes(UTF8)); messageDigest.update((byte) ':'); messageDigest.update(new String(password).getBytes(UTF8)); messageDigest.update(digest.getMethod().getBytes(UTF8)); messageDigest.update((byte) ':'); messageDigest.update(digest.getUri().getBytes(UTF8)); byte[] ha2 = messageDigest.digest(); messageDigest.update(digest.getNonce().getBytes(UTF8)); messageDigest.update((byte) ':'); messageDigest.update(digest.getNc().getBytes(UTF8)); messageDigest.update((byte) ':'); messageDigest.update(digest.getCnonce().getBytes(UTF8)); messageDigest.update((byte) ':'); messageDigest.update(digest.getQop().getBytes(UTF8)); messageDigest.update((byte) ':'); messageDigest.update(convertBytesToHex(ha2).getBytes(UTF8));
public void validate(Digest digest, String systemRealm, String key) throws DigestValidationException { if (digest.getRealm() == null) throw new DigestValidationException("Mandatory field 'realm' not specified"); if (digest.getNonce() == null) throw new DigestValidationException("Mandatory field 'nonce' not specified"); if (digest.getUri() == null) throw new DigestValidationException("Mandatory field 'uri' not specified"); if (digest.getClientNonce() == null) throw new DigestValidationException("Mandatory field 'response' not specified"); if ("auth".equals(digest.getQop())) { if (digest.getNonceCount() == null) { throw new DigestValidationException("Mandatory field 'nc' not specified"); if (digest.getClientNonce() == null) { throw new DigestValidationException("Mandatory field 'cnonce' not specified"); String nonceAsText = new String(Base64.decode(digest.getNonce())); throw new DigestValidationException("Nonce should provide two tokens - nonce received: " + digest.getNonce()); if (!systemRealm.equals(digest.getRealm())) { throw new DigestValidationException("Realm name [" + digest.getRealm() + "] does not match system realm name [" + systemRealm + "]");
@Override public CredentialStorage createCredentialStorage(IdentityContext context, Account account, Digest digest, CredentialStore<?> store, Date effectiveDate, Date expiryDate) { if (isNullOrEmpty(digest.getRealm())) { throw MESSAGES.credentialDigestInvalidRealm(); } if (isNullOrEmpty(digest.getPassword())) { throw MESSAGES.credentialInvalidPassword(); } String accountName = (String) getDefaultLoginNameProperty(account.getClass()).getValue(account); byte[] ha1 = DigestUtil.calculateA1(accountName, digest.getRealm(), digest.getPassword().toCharArray()); DigestCredentialStorage storage = new DigestCredentialStorage(ha1, digest.getRealm()); if (effectiveDate != null) { storage.setEffectiveDate(effectiveDate); } storage.setExpiryDate(expiryDate); return storage; }
@Override protected Account getAccount(final IdentityContext context, final DigestCredentials credentials) { return getAccount(context, credentials.getDigest().getUsername()); }
/** * Match the Client Response value with a generated digest based on the password * * @param digest * @param password * @return * @throws FormatException */ public static boolean matchCredential(Digest digest, char[] password) { return calculate(digest, password).equalsIgnoreCase(digest.getDigest()); }
public boolean hasValidNonce(Digest digest, HttpServletRequest request) { String nonce = digest.getNonce(); List<String> storedNonces = this.nonceCache.get(request.getSession().getId()); if (storedNonces == null || !storedNonces.contains(nonce) || hasExpired(nonce, this.nonceMaxValid)) { return false; } return true; }
@Override protected CredentialStorage getCredentialStorage(final IdentityContext context, final Account account, final DigestCredentials credentials, final CredentialStore<?> store) { List<DigestCredentialStorage> storages = store.retrieveCredentials(context, account, DigestCredentialStorage.class); for (DigestCredentialStorage storage : storages) { if (storage.getRealm().equals(credentials.getDigest().getRealm()) && isCurrentCredential(storage)) { return storage; } } return null; }
Digest digestHolder = new Digest(); digestHolder.setUsername(username).setRealm(realm).setNonce(nonce).setUri(uri).setQop(qop).setNonceCount(nc).setClientNonce(cnonce) .setDigest(clientResponse).setOpaque(opaque); digestHolder.setStale(stale).setDomain(domain);
public void validate(Digest digest, String systemRealm, String key) throws DigestValidationException { if (digest.getRealm() == null) throw new DigestValidationException("Mandatory field 'realm' not specified"); if (digest.getNonce() == null) throw new DigestValidationException("Mandatory field 'nonce' not specified"); if (digest.getUri() == null) throw new DigestValidationException("Mandatory field 'uri' not specified"); if (digest.getClientNonce() == null) throw new DigestValidationException("Mandatory field 'response' not specified"); if ("auth".equals(digest.getQop())) { if (digest.getNonceCount() == null) { throw new DigestValidationException("Mandatory field 'nc' not specified"); if (digest.getClientNonce() == null) { throw new DigestValidationException("Mandatory field 'cnonce' not specified"); String nonceAsText = new String(Base64.decode(digest.getNonce())); throw new DigestValidationException("Nonce should provide two tokens - nonce received: " + digest.getNonce()); if (!systemRealm.equals(digest.getRealm())) { throw new DigestValidationException("Realm name [" + digest.getRealm() + "] does not match system realm name [" + systemRealm + "]");
public static String calculateDigest(Digest digest, byte[] ha1, byte[] ha2) { try { MessageDigest messageDigest = getMessageDigest(); messageDigest.update(convertBytesToHex(ha1).getBytes(UTF8)); messageDigest.update((byte) ':'); messageDigest.update(digest.getNonce().getBytes(UTF8)); messageDigest.update((byte) ':'); messageDigest.update(digest.getNonceCount().getBytes(UTF8)); messageDigest.update((byte) ':'); messageDigest.update(digest.getClientNonce().getBytes(UTF8)); messageDigest.update((byte) ':'); messageDigest.update(digest.getQop().getBytes(UTF8)); messageDigest.update((byte) ':'); messageDigest.update(convertBytesToHex(ha2).getBytes(UTF8)); return convertBytesToHex(messageDigest.digest()); } catch (Exception e) { throw new RuntimeException(e); } }
@Override public CredentialStorage createCredentialStorage(IdentityContext context, Account account, Digest digest, CredentialStore<?> store, Date effectiveDate, Date expiryDate) { if (isNullOrEmpty(digest.getRealm())) { throw MESSAGES.credentialDigestInvalidRealm(); } if (isNullOrEmpty(digest.getPassword())) { throw MESSAGES.credentialInvalidPassword(); } String accountName = (String) getDefaultLoginNameProperty(account.getClass()).getValue(account); byte[] ha1 = DigestUtil.calculateA1(accountName, digest.getRealm(), digest.getPassword().toCharArray()); DigestCredentialStorage storage = new DigestCredentialStorage(ha1, digest.getRealm()); if (effectiveDate != null) { storage.setEffectiveDate(effectiveDate); } storage.setExpiryDate(expiryDate); return storage; }
@Override protected Account getAccount(final IdentityContext context, final DigestCredentials credentials) { return getAccount(context, credentials.getDigest().getUsername()); }
/** * Match the Client Response value with a generated digest based on the password * * @param digest * @param password * @return * @throws FormatException */ public static boolean matchCredential(Digest digest, char[] password) { return calculate(digest, password).equalsIgnoreCase(digest.getDigest()); }
public boolean hasValidNonce(Digest digest, HttpServletRequest request) { String nonce = digest.getNonce(); List<String> storedNonces = this.nonceCache.get(request.getSession().getId()); if (storedNonces == null || !storedNonces.contains(nonce) || hasExpired(nonce, this.nonceMaxValid)) { return false; } return true; }
@Override protected CredentialStorage getCredentialStorage(final IdentityContext context, final Account account, final DigestCredentials credentials, final CredentialStore<?> store) { List<DigestCredentialStorage> storages = store.retrieveCredentials(context, account, DigestCredentialStorage.class); for (DigestCredentialStorage storage : storages) { if (storage.getRealm().equals(credentials.getDigest().getRealm()) && isCurrentCredential(storage)) { return storage; } } return null; }
/** * Given the digest, construct the client response value * * @param digest * @param password * @return * @throws FormatException */ public static String calculate(Digest digest, char[] password) { try { MessageDigest messageDigest = getMessageDigest(); byte[] ha1 = calculateA1(digest.getUsername(), digest.getRealm(), password); byte[] ha2 = calculateA2(digest.getMethod(), digest.getUri()); messageDigest.update(convertBytesToHex(ha1).getBytes(UTF8)); messageDigest.update((byte) ':'); messageDigest.update(digest.getNonce().getBytes(UTF8)); messageDigest.update((byte) ':'); messageDigest.update(digest.getNonceCount().getBytes(UTF8)); messageDigest.update((byte) ':'); messageDigest.update(digest.getClientNonce().getBytes(UTF8)); messageDigest.update((byte) ':'); messageDigest.update(digest.getQop().getBytes(UTF8)); messageDigest.update((byte) ':'); messageDigest.update(convertBytesToHex(ha2).getBytes(UTF8)); byte[] digestedValue = messageDigest.digest(); return convertBytesToHex(digestedValue); } catch (Exception e) { throw new RuntimeException(e); } }