private static String computeDigestAuthentication(Realm realm) { String realmUri = computeRealmURI(realm.getUri(), realm.isUseAbsoluteURI(), realm.isOmitQuery()); StringBuilder builder = new StringBuilder().append("Digest "); append(builder, "username", realm.getPrincipal(), true); append(builder, "realm", realm.getRealmName(), true); append(builder, "nonce", realm.getNonce(), true); append(builder, "uri", realmUri, true); if (isNonEmpty(realm.getAlgorithm())) append(builder, "algorithm", realm.getAlgorithm(), false); append(builder, "response", realm.getResponse(), true); if (realm.getOpaque() != null) append(builder, "opaque", realm.getOpaque(), true); if (realm.getQop() != null) { append(builder, "qop", realm.getQop(), false); // nc and cnonce only sent if server sent qop append(builder, "nc", realm.getNc(), false); append(builder, "cnonce", realm.getCnonce(), true); } builder.setLength(builder.length() - 2); // remove tailing ", " // FIXME isn't there a more efficient way? return new String(StringUtils.charSequence2Bytes(builder, ISO_8859_1)); }
@Test public void testStrongDigest() throws Exception { String user = "user"; String pass = "pass"; String realm = "realm"; String nonce = "nonce"; String method = "GET"; Uri uri = Uri.create("http://ahc.io/foo"); String qop = "auth"; Realm orig = digestAuthRealm(user, pass) .setNonce(nonce) .setUri(uri) .setMethodName(method) .setRealmName(realm) .setQop(qop) .build(); String nc = orig.getNc(); String cnonce = orig.getCnonce(); String ha1 = getMd5(user + ":" + realm + ":" + pass); String ha2 = getMd5(method + ":" + uri.getPath()); String expectedResponse = getMd5(ha1 + ":" + nonce + ":" + nc + ":" + cnonce + ":" + qop + ":" + ha2); assertEquals(orig.getResponse(), expectedResponse); }
private void testOldDigest(String qop) throws Exception { String user = "user"; String pass = "pass"; String realm = "realm"; String nonce = "nonce"; String method = "GET"; Uri uri = Uri.create("http://ahc.io/foo"); Realm orig = digestAuthRealm(user, pass) .setNonce(nonce) .setUri(uri) .setMethodName(method) .setRealmName(realm) .setQop(qop) .build(); String ha1 = getMd5(user + ":" + realm + ":" + pass); String ha2 = getMd5(method + ":" + uri.getPath()); String expectedResponse = getMd5(ha1 + ":" + nonce + ":" + ha2); assertEquals(orig.getResponse(), expectedResponse); }
private static String computeDigestAuthentication(Realm realm) { StringBuilder builder = new StringBuilder().append("Digest "); append(builder, "username", realm.getPrincipal(), true); append(builder, "realm", realm.getRealmName(), true); append(builder, "nonce", realm.getNonce(), true); append(builder, "uri", computeRealmURI(realm), true); if (isNonEmpty(realm.getAlgorithm())) append(builder, "algorithm", realm.getAlgorithm(), false); append(builder, "response", realm.getResponse(), true); if (realm.getOpaque() != null) append(builder, "opaque", realm.getOpaque(), true); if (realm.getQop() != null) { append(builder, "qop", realm.getQop(), false); // nc and cnonce only sent if server sent qop append(builder, "nc", realm.getNc(), false); append(builder, "cnonce", realm.getCnonce(), true); } builder.setLength(builder.length() - 2); // remove tailing ", " // FIXME isn't there a more efficient way? return new String(StringUtils.charSequence2Bytes(builder, ISO_8859_1)); }