public boolean isRecognizedAuthenticationRequest(HttpServletRequest req) { String authHeader = req.getHeader("Authorization"); if (authHeader == null || !authHeader.startsWith("Digest ")) { return false; } String headerFields = authHeader.substring("Digest: ".length() - 1); String username = HttpUtil.extractHeaderField(headerFields, "username"); if (username == null) { if (this.logger.isDebugEnabled()) { this.logger.debug("Unable to extract field 'username' from header: " + authHeader); } return false; } Principal principal = null; try { principal = principalFactory.getPrincipal(username, Principal.Type.USER); } catch (InvalidPrincipalException e) { return false; } if (this.excludedPrincipals != null && this.excludedPrincipals.contains(principal.getQualifiedName())) { return false; } if (this.recognizedDomains == null || this.recognizedDomains.contains(principal.getDomain())) return true; return false; }
private AuthResult doAuthenticate( HttpServletRequest request, String uri, String response, String nc, String nonce, String cnonce, String qop, String username, String opaque) { StateEntry stateEntry = null; if (this.maintainState) { stateEntry = this.stateMap.get(nonce + ":" + opaque); if (stateEntry != null) { if (!stateEntry.getNonce().equals(nonce)) { stateEntry.setStale(true); throw new AuthenticationException( "Authentication header field 'nonce': " + nonce + " does not match expected value: " + stateEntry.getNonce()); } try { long nonceCount = Long.parseLong(nc, 16); if (nonceCount != stateEntry.getNonceCount()) { throw new AuthenticationException( "Authentication header field 'nc', value " + nc + " did not match expected value " + stateEntry.getNonceCount()); } } catch (NumberFormatException e) { throw new InvalidAuthenticationRequestException( "Authentication header field 'nc' was not a hex number: " + nc); } } } Principal principal = principalFactory.getPrincipal(username, Principal.Type.USER); if (principal == null) { throw new AuthenticationException( "Unable to authenticate principal using HTTP/Digest for request" + request + ": no principal found"); } if (!this.principalStore.validatePrincipal(principal)) { throw new AuthenticationException("Unknown principal in HTTP/Digest request: " + principal); } String componentA1 = this.principalStore.getMD5HashString(principal); if (componentA1 == null) { throw new AuthenticationException("Password hash for principal " + principal + " not found"); } String componentA2 = MD5.md5sum(request.getMethod() + ":" + uri); StringBuffer b = new StringBuffer(); b.append(componentA1); b.append(":").append(nonce); if (nc != null) b.append(":").append(nc); if (cnonce != null) b.append(":").append(cnonce); if (qop != null) b.append(":").append(qop); b.append(":").append(componentA2); String serverDigest = MD5.md5sum(b.toString()); if (this.logger.isDebugEnabled()) { this.logger.debug("client digest: '" + response + "', server digest: '" + serverDigest + "'"); } if (!serverDigest.equals(response)) { throw new AuthenticationException( "Authentication failure for principal " + principal + " (incorrect password)"); } if (this.maintainState && stateEntry == null) { stateEntry = new StateEntry(null, new Date(), nonce, 1, opaque); stateEntry.setStale(true); this.stateMap.put(nonce + ":" + opaque, stateEntry); throw new AuthenticationException("Nothing known about request " + request); } else if (this.maintainState && stateEntry != null && stateEntry.isStale()) { throw new AuthenticationException( "Stale nonce header field in authentication request: " + request); } if (this.logger.isDebugEnabled()) { this.logger.debug("Successfully authenticated principal " + principal); } return new AuthResult(principal.getQualifiedName()); }