Ejemplo n.º 1
0
  public String newNonce(long ts) {
    // long ts=request.getTimeStamp();
    long sk = nonceSecret;

    byte[] nounce = new byte[24];
    for (int i = 0; i < 8; i++) {
      nounce[i] = (byte) (ts & 0xff);
      ts = ts >> 8;
      nounce[8 + i] = (byte) (sk & 0xff);
      sk = sk >> 8;
    }

    byte[] hash = null;
    try {
      MessageDigest md = MessageDigest.getInstance("MD5");
      md.reset();
      md.update(nounce, 0, 16);
      hash = md.digest();
    } catch (Exception e) {
      LOG.warn(e);
    }

    for (int i = 0; i < hash.length; i++) {
      nounce[8 + i] = hash[i];
      if (i == 23) break;
    }

    return new String(B64Code.encode(nounce));
  }
Ejemplo n.º 2
0
  /* ------------------------------------------------------------ */
  public String getWeakETag() {
    try {
      StringBuilder b = new StringBuilder(32);
      b.append("W/\"");

      String name = getName();
      int length = name.length();
      long lhash = 0;
      for (int i = 0; i < length; i++) lhash = 31 * lhash + name.charAt(i);

      B64Code.encode(lastModified() ^ lhash, b);
      B64Code.encode(length() ^ lhash, b);
      b.append('"');
      return b.toString();
    } catch (IOException e) {
      throw new RuntimeException(e);
    }
  }
Ejemplo n.º 3
0
 @Override
 public Result authenticate(
     Request request, ContentResponse response, HeaderInfo headerInfo, Attributes context) {
   String value = "Basic " + B64Code.encode(user + ":" + password, StandardCharsets.ISO_8859_1);
   return new BasicResult(headerInfo.getHeader(), uri, value);
 }
Ejemplo n.º 4
0
 public ProxyAuthorization(String username, String password) throws IOException {
   String authenticationString =
       "Basic " + B64Code.encode(username + ":" + password, StringUtil.__ISO_8859_1);
   _authorization = new ByteArrayBuffer(authenticationString);
 }
Ejemplo n.º 5
0
  @Test
  public void testBasic() throws Exception {

    _security.setAuthenticator(new BasicAuthenticator());
    _server.start();

    String response;
    /*
      /star                 all methods except GET/POST forbidden
      /acme/wholesale/star  all methods except GET/POST forbidden
      /acme/retail/star     all methods except GET/POST forbidden
      /acme/wholesale/star  GET must be in role CONTRACTOR or SALESCLERK
      /acme/wholesale/star  POST must be in role CONTRACTOR and confidential transport
      /acme/retail/star     GET must be in role CONTRACTOR or HOMEOWNER
      /acme/retail/star     POST must be in role CONTRACTOR or HOMEOWNER
    */

    // a user in role HOMEOWNER is forbidden HEAD request
    response = _connector.getResponses("HEAD /ctx/index.html HTTP/1.0\r\n\r\n");
    assertTrue(response.startsWith("HTTP/1.1 403 Forbidden"));

    response =
        _connector.getResponses(
            "HEAD /ctx/index.html HTTP/1.0\r\n"
                + "Authorization: Basic "
                + B64Code.encode("harry:password")
                + "\r\n"
                + "\r\n");
    assertThat(response, startsWith("HTTP/1.1 403 Forbidden"));

    response =
        _connector.getResponses(
            "HEAD /ctx/acme/wholesale/index.html HTTP/1.0\r\n"
                + "Authorization: Basic "
                + B64Code.encode("harry:password")
                + "\r\n"
                + "\r\n");
    assertThat(response, startsWith("HTTP/1.1 403 Forbidden"));

    response =
        _connector.getResponses(
            "HEAD /ctx/acme/retail/index.html HTTP/1.0\r\n"
                + "Authorization: Basic "
                + B64Code.encode("harry:password")
                + "\r\n"
                + "\r\n");
    assertThat(response, startsWith("HTTP/1.1 403 Forbidden"));

    // a user in role CONTRACTOR can do a GET
    response =
        _connector.getResponses(
            "GET /ctx/acme/wholesale/index.html HTTP/1.0\r\n"
                + "Authorization: Basic "
                + B64Code.encode("chris:password")
                + "\r\n"
                + "\r\n");

    assertThat(response, startsWith("HTTP/1.1 200 OK"));

    // a user in role CONTRACTOR can only do a post if confidential
    response =
        _connector.getResponses(
            "POST /ctx/acme/wholesale/index.html HTTP/1.0\r\n"
                + "Authorization: Basic "
                + B64Code.encode("chris:password")
                + "\r\n"
                + "\r\n");
    assertThat(response, startsWith("HTTP/1.1 403 !"));

    // a user in role HOMEOWNER can do a GET
    response =
        _connector.getResponses(
            "GET /ctx/acme/retail/index.html HTTP/1.0\r\n"
                + "Authorization: Basic "
                + B64Code.encode("harry:password")
                + "\r\n"
                + "\r\n");
    assertThat(response, startsWith("HTTP/1.1 200 OK"));
  }