/**
* Generate a unique token. The token is generated according to the following pattern. NOnceToken
* = Base64 ( MD5 ( client-IP ":" time-stamp ":" private-key ) ).
*
* @param request HTTP Servlet request
*/
protected String generateNonce(Request request) {
long currentTime = System.currentTimeMillis();
synchronized (lastTimestampLock) {
if (currentTime > lastTimestamp) {
lastTimestamp = currentTime;
} else {
currentTime = ++lastTimestamp;
}
}
String ipTimeKey = request.getRemoteAddr() + ":" + currentTime + ":" + getKey();
byte[] buffer =
ConcurrentMessageDigest.digestMD5(ipTimeKey.getBytes(StandardCharsets.ISO_8859_1));
String nonce = currentTime + ":" + MD5Encoder.encode(buffer);
NonceInfo info = new NonceInfo(currentTime, getNonceCountWindowSize());
synchronized (nonces) {
nonces.put(nonce, info);
}
return nonce;
}
/**
* Log the interesting request parameters, invoke the next Valve in the sequence, and log the
* interesting response parameters.
*
* @param request The servlet request to be processed
* @param response The servlet response to be created
* @exception IOException if an input/output error occurs
* @exception ServletException if a servlet error occurs
*/
public void invoke(Request request, Response response) throws IOException, ServletException {
Log log = container.getLogger();
// Log pre-service information
log.info("REQUEST URI =" + request.getRequestURI());
log.info(" authType=" + request.getAuthType());
log.info(" characterEncoding=" + request.getCharacterEncoding());
log.info(" contentLength=" + request.getContentLength());
log.info(" contentType=" + request.getContentType());
log.info(" contextPath=" + request.getContextPath());
Cookie cookies[] = request.getCookies();
if (cookies != null) {
for (int i = 0; i < cookies.length; i++)
log.info(" cookie=" + cookies[i].getName() + "=" + cookies[i].getValue());
}
Enumeration hnames = request.getHeaderNames();
while (hnames.hasMoreElements()) {
String hname = (String) hnames.nextElement();
Enumeration hvalues = request.getHeaders(hname);
while (hvalues.hasMoreElements()) {
String hvalue = (String) hvalues.nextElement();
log.info(" header=" + hname + "=" + hvalue);
}
}
log.info(" locale=" + request.getLocale());
log.info(" method=" + request.getMethod());
Enumeration pnames = request.getParameterNames();
while (pnames.hasMoreElements()) {
String pname = (String) pnames.nextElement();
String pvalues[] = request.getParameterValues(pname);
StringBuffer result = new StringBuffer(pname);
result.append('=');
for (int i = 0; i < pvalues.length; i++) {
if (i > 0) result.append(", ");
result.append(pvalues[i]);
}
log.info(" parameter=" + result.toString());
}
log.info(" pathInfo=" + request.getPathInfo());
log.info(" protocol=" + request.getProtocol());
log.info(" queryString=" + request.getQueryString());
log.info(" remoteAddr=" + request.getRemoteAddr());
log.info(" remoteHost=" + request.getRemoteHost());
log.info(" remoteUser="******"requestedSessionId=" + request.getRequestedSessionId());
log.info(" scheme=" + request.getScheme());
log.info(" serverName=" + request.getServerName());
log.info(" serverPort=" + request.getServerPort());
log.info(" servletPath=" + request.getServletPath());
log.info(" isSecure=" + request.isSecure());
log.info("---------------------------------------------------------------");
// Perform the request
getNext().invoke(request, response);
// Log post-service information
log.info("---------------------------------------------------------------");
log.info(" authType=" + request.getAuthType());
log.info(" contentLength=" + response.getContentLength());
log.info(" contentType=" + response.getContentType());
Cookie rcookies[] = response.getCookies();
for (int i = 0; i < rcookies.length; i++) {
log.info(
" cookie="
+ rcookies[i].getName()
+ "="
+ rcookies[i].getValue()
+ "; domain="
+ rcookies[i].getDomain()
+ "; path="
+ rcookies[i].getPath());
}
String rhnames[] = response.getHeaderNames();
for (int i = 0; i < rhnames.length; i++) {
String rhvalues[] = response.getHeaderValues(rhnames[i]);
for (int j = 0; j < rhvalues.length; j++)
log.info(" header=" + rhnames[i] + "=" + rhvalues[j]);
}
log.info(" message=" + response.getMessage());
log.info(" remoteUser="******" status=" + response.getStatus());
log.info("===============================================================");
}
public boolean validate(Request request) {
if ((userName == null)
|| (realmName == null)
|| (nonce == null)
|| (uri == null)
|| (response == null)) {
return false;
}
// Validate the URI - should match the request line sent by client
if (validateUri) {
String uriQuery;
String query = request.getQueryString();
if (query == null) {
uriQuery = request.getRequestURI();
} else {
uriQuery = request.getRequestURI() + "?" + query;
}
if (!uri.equals(uriQuery)) {
// Some clients (older Android) use an absolute URI for
// DIGEST but a relative URI in the request line.
// request. 2.3.5 < fixed Android version <= 4.0.3
String host = request.getHeader("host");
String scheme = request.getScheme();
if (host != null && !uriQuery.startsWith(scheme)) {
StringBuilder absolute = new StringBuilder();
absolute.append(scheme);
absolute.append("://");
absolute.append(host);
absolute.append(uriQuery);
if (!uri.equals(absolute.toString())) {
return false;
}
} else {
return false;
}
}
}
// Validate the Realm name
String lcRealm = getRealmName(request.getContext());
if (!lcRealm.equals(realmName)) {
return false;
}
// Validate the opaque string
if (!opaque.equals(opaqueReceived)) {
return false;
}
// Validate nonce
int i = nonce.indexOf(":");
if (i < 0 || (i + 1) == nonce.length()) {
return false;
}
long nonceTime;
try {
nonceTime = Long.parseLong(nonce.substring(0, i));
} catch (NumberFormatException nfe) {
return false;
}
String md5clientIpTimeKey = nonce.substring(i + 1);
long currentTime = System.currentTimeMillis();
if ((currentTime - nonceTime) > nonceValidity) {
nonceStale = true;
synchronized (nonces) {
nonces.remove(nonce);
}
}
String serverIpTimeKey = request.getRemoteAddr() + ":" + nonceTime + ":" + key;
byte[] buffer =
ConcurrentMessageDigest.digestMD5(serverIpTimeKey.getBytes(StandardCharsets.ISO_8859_1));
String md5ServerIpTimeKey = MD5Encoder.encode(buffer);
if (!md5ServerIpTimeKey.equals(md5clientIpTimeKey)) {
return false;
}
// Validate qop
if (qop != null && !QOP.equals(qop)) {
return false;
}
// Validate cnonce and nc
// Check if presence of nc and Cnonce is consistent with presence of qop
if (qop == null) {
if (cnonce != null || nc != null) {
return false;
}
} else {
if (cnonce == null || nc == null) {
return false;
}
// RFC 2617 says nc must be 8 digits long. Older Android clients
// use 6. 2.3.5 < fixed Android version <= 4.0.3
if (nc.length() < 6 || nc.length() > 8) {
return false;
}
long count;
try {
count = Long.parseLong(nc, 16);
} catch (NumberFormatException nfe) {
return false;
}
NonceInfo info;
synchronized (nonces) {
info = nonces.get(nonce);
}
if (info == null) {
// Nonce is valid but not in cache. It must have dropped out
// of the cache - force a re-authentication
nonceStale = true;
} else {
if (!info.nonceCountValid(count)) {
return false;
}
}
}
return true;
}
