/* ------------------------------------------------------------ */
private int checkNonce(String nonce, Request request) {
try {
byte[] n = B64Code.decode(nonce.toCharArray());
if (n.length != 24) {
return -1;
}
long ts = 0;
long sk = _nonceSecret;
byte[] n2 = new byte[16];
System.arraycopy(n, 0, n2, 0, 8);
for (int i = 0; i < 8; i++) {
n2[8 + i] = (byte) (sk & 0xff);
sk = sk >> 8;
ts = (ts << 8) + (0xff & (long) n[7 - i]);
}
long age = request.getTimeStamp() - ts;
if (Log.isDebugEnabled()) {
Log.debug("age=" + age);
}
byte[] hash = null;
try {
MessageDigest md = MessageDigest.getInstance("MD5");
md.reset();
md.update(n2, 0, 16);
hash = md.digest();
} catch (Exception e) {
Log.warn(e);
}
for (int i = 0; i < 16; i++) {
if (n[i + 8] != hash[i]) {
return -1;
}
}
if (_maxNonceAge > 0 && (age < 0 || age > _maxNonceAge)) {
return 0; // stale
}
return 1;
} catch (Exception e) {
Log.ignore(e);
}
return -1;
}
@Override
public void doFilter(
final ServletRequest request, final ServletResponse response, final FilterChain chain)
throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse resp = (HttpServletResponse) response;
// Request basic auth.
String authHeader64 = req.getHeader(Http.HEADER_AUTHORISATION);
if (authHeader64 == null
|| authHeader64.length() < Http.HEADER_AUTHORISATION_PREFIX.length() + 3
|| !authHeader64.startsWith(Http.HEADER_AUTHORISATION_PREFIX)) {
LOG.info(
"Auth failed: for={} header={} uri={}",
new Object[] {req.getHeader("X-Forwarded-For"), authHeader64, req.getRequestURI()});
send401(resp);
return;
}
// Verify password.
authHeader64 = authHeader64.substring(Http.HEADER_AUTHORISATION_PREFIX.length());
String authHeader = B64Code.decode(authHeader64, (String) null);
int x = authHeader.indexOf(':');
String user = authHeader.substring(0, x);
String pass = authHeader.substring(x + 1);
if (user == null
|| pass == null
|| user.isEmpty()
|| pass.isEmpty()
|| !this.passwdChecker.verifyPasswd(req, user, pass)) {
LOG.info(
"Auth failed: for={} uri={} user={} pass={} check={}.",
req.getHeader("X-Forwarded-For"),
req.getRequestURI(),
user,
pass,
this.passwdChecker);
send401(resp);
return;
}
chain.doFilter(request, response);
}
/**
* @see org.eclipse.jetty.security.Authenticator#validateRequest(javax.servlet.ServletRequest,
* javax.servlet.ServletResponse, boolean)
*/
public Authentication validateRequest(ServletRequest req, ServletResponse res, boolean mandatory)
throws ServerAuthException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
String credentials = request.getHeader(HttpHeaders.AUTHORIZATION);
try {
if (!mandatory) return new DeferredAuthentication(this);
if (credentials != null) {
int space = credentials.indexOf(' ');
if (space > 0) {
String method = credentials.substring(0, space);
if ("basic".equalsIgnoreCase(method)) {
credentials = credentials.substring(space + 1);
credentials = B64Code.decode(credentials, StringUtil.__ISO_8859_1);
int i = credentials.indexOf(':');
if (i > 0) {
String username = credentials.substring(0, i);
String password = credentials.substring(i + 1);
UserIdentity user = login(username, password, request);
if (user != null) {
return new UserAuthentication(getAuthMethod(), user);
}
}
}
}
}
if (DeferredAuthentication.isDeferred(response)) return Authentication.UNAUTHENTICATED;
response.setHeader(
HttpHeaders.WWW_AUTHENTICATE, "basic realm=\"" + _loginService.getName() + '"');
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return Authentication.SEND_CONTINUE;
} catch (IOException e) {
throw new ServerAuthException(e);
}
}