public String newNonce(long ts) {
// long ts=request.getTimeStamp();
long sk = nonceSecret;
byte[] nounce = new byte[24];
for (int i = 0; i < 8; i++) {
nounce[i] = (byte) (ts & 0xff);
ts = ts >> 8;
nounce[8 + i] = (byte) (sk & 0xff);
sk = sk >> 8;
}
byte[] hash = null;
try {
MessageDigest md = MessageDigest.getInstance("MD5");
md.reset();
md.update(nounce, 0, 16);
hash = md.digest();
} catch (Exception e) {
LOG.warn(e);
}
for (int i = 0; i < hash.length; i++) {
nounce[8 + i] = hash[i];
if (i == 23) break;
}
return new String(B64Code.encode(nounce));
}
/* ------------------------------------------------------------ */
public String getWeakETag() {
try {
StringBuilder b = new StringBuilder(32);
b.append("W/\"");
String name = getName();
int length = name.length();
long lhash = 0;
for (int i = 0; i < length; i++) lhash = 31 * lhash + name.charAt(i);
B64Code.encode(lastModified() ^ lhash, b);
B64Code.encode(length() ^ lhash, b);
b.append('"');
return b.toString();
} catch (IOException e) {
throw new RuntimeException(e);
}
}
@Override
public Result authenticate(
Request request, ContentResponse response, HeaderInfo headerInfo, Attributes context) {
String value = "Basic " + B64Code.encode(user + ":" + password, StandardCharsets.ISO_8859_1);
return new BasicResult(headerInfo.getHeader(), uri, value);
}
public ProxyAuthorization(String username, String password) throws IOException {
String authenticationString =
"Basic " + B64Code.encode(username + ":" + password, StringUtil.__ISO_8859_1);
_authorization = new ByteArrayBuffer(authenticationString);
}
@Test
public void testBasic() throws Exception {
_security.setAuthenticator(new BasicAuthenticator());
_server.start();
String response;
/*
/star all methods except GET/POST forbidden
/acme/wholesale/star all methods except GET/POST forbidden
/acme/retail/star all methods except GET/POST forbidden
/acme/wholesale/star GET must be in role CONTRACTOR or SALESCLERK
/acme/wholesale/star POST must be in role CONTRACTOR and confidential transport
/acme/retail/star GET must be in role CONTRACTOR or HOMEOWNER
/acme/retail/star POST must be in role CONTRACTOR or HOMEOWNER
*/
// a user in role HOMEOWNER is forbidden HEAD request
response = _connector.getResponses("HEAD /ctx/index.html HTTP/1.0\r\n\r\n");
assertTrue(response.startsWith("HTTP/1.1 403 Forbidden"));
response =
_connector.getResponses(
"HEAD /ctx/index.html HTTP/1.0\r\n"
+ "Authorization: Basic "
+ B64Code.encode("harry:password")
+ "\r\n"
+ "\r\n");
assertThat(response, startsWith("HTTP/1.1 403 Forbidden"));
response =
_connector.getResponses(
"HEAD /ctx/acme/wholesale/index.html HTTP/1.0\r\n"
+ "Authorization: Basic "
+ B64Code.encode("harry:password")
+ "\r\n"
+ "\r\n");
assertThat(response, startsWith("HTTP/1.1 403 Forbidden"));
response =
_connector.getResponses(
"HEAD /ctx/acme/retail/index.html HTTP/1.0\r\n"
+ "Authorization: Basic "
+ B64Code.encode("harry:password")
+ "\r\n"
+ "\r\n");
assertThat(response, startsWith("HTTP/1.1 403 Forbidden"));
// a user in role CONTRACTOR can do a GET
response =
_connector.getResponses(
"GET /ctx/acme/wholesale/index.html HTTP/1.0\r\n"
+ "Authorization: Basic "
+ B64Code.encode("chris:password")
+ "\r\n"
+ "\r\n");
assertThat(response, startsWith("HTTP/1.1 200 OK"));
// a user in role CONTRACTOR can only do a post if confidential
response =
_connector.getResponses(
"POST /ctx/acme/wholesale/index.html HTTP/1.0\r\n"
+ "Authorization: Basic "
+ B64Code.encode("chris:password")
+ "\r\n"
+ "\r\n");
assertThat(response, startsWith("HTTP/1.1 403 !"));
// a user in role HOMEOWNER can do a GET
response =
_connector.getResponses(
"GET /ctx/acme/retail/index.html HTTP/1.0\r\n"
+ "Authorization: Basic "
+ B64Code.encode("harry:password")
+ "\r\n"
+ "\r\n");
assertThat(response, startsWith("HTTP/1.1 200 OK"));
}
