HTTPConduitTest.java

dkulp Mon, 02 Nov 2009 10:05:19 -0800

Author: dkulp
Date: Mon Nov  2 18:04:44 2009
New Revision: 831986

URL: http://svn.apache.org/viewvc?rev=831986&view=rev
Log:
[CXF-2370] Switch to StreamTokenizer for digest auth parsing to get
matched quotes working.


Modified:
    
cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/DigestAuthSupplier.java
    
cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/HTTPConduitTest.java

Modified: 
cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/DigestAuthSupplier.java
URL: 
http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/DigestAuthSupplier.java?rev=831986&r1=831985&r2=831986&view=diff
==============================================================================
--- 
cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/DigestAuthSupplier.java
 (original)
+++ 
cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/DigestAuthSupplier.java
 Mon Nov  2 18:04:44 2009
@@ -19,13 +19,15 @@
 
 package org.apache.cxf.transport.http;
 
+import java.io.IOException;
+import java.io.StreamTokenizer;
+import java.io.StringReader;
 import java.io.UnsupportedEncodingException;
 import java.net.URL;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.util.HashMap;
 import java.util.Map;
-import java.util.StringTokenizer;
 import java.util.concurrent.ConcurrentHashMap;
 
 import org.apache.cxf.configuration.security.AuthorizationPolicy;
@@ -60,22 +62,41 @@
         return true;
     }
     
-    @Override
-    public String getAuthorizationForRealm(HTTPConduit conduit, URL currentURL,
-                                           Message message,
-                                           String realm, String fullHeader) {
-        if (fullHeader.startsWith("Digest ")) {
-            Map<String, String> map = new HashMap<String, String>();
-            fullHeader = fullHeader.substring(7);
-            StringTokenizer tok = new StringTokenizer(fullHeader, ",=");
-            while (tok.hasMoreTokens()) {
-                String key = tok.nextToken().trim();
-                String value = tok.nextToken().trim();
+    static Map<String, String> parseHeader(String fullHeader) {
+        
+        Map<String, String> map = new HashMap<String, String>();
+        fullHeader = fullHeader.substring(7);
+        try {
+            StreamTokenizer tok = new StreamTokenizer(new 
StringReader(fullHeader));
+            tok.quoteChar('"');
+            tok.quoteChar('\'');
+            tok.whitespaceChars('=', '=');
+            tok.whitespaceChars(',', ',');
+            
+            while (tok.nextToken() != StreamTokenizer.TT_EOF) {
+                String key = tok.sval;
+                if (tok.nextToken() == StreamTokenizer.TT_EOF) {
+                    map.put(key, null);
+                    return map;
+                }
+                String value = tok.sval;
                 if (value.charAt(0) == '"') {
                     value = value.substring(1, value.length() - 1);
                 }
                 map.put(key, value);
             }
+        } catch (IOException ex) {
+            //ignore
+        }
+        return map;
+    }
+    
+    @Override
+    public String getAuthorizationForRealm(HTTPConduit conduit, URL currentURL,
+                                           Message message,
+                                           String realm, String fullHeader) {
+        if (fullHeader.startsWith("Digest ")) {
+            Map<String, String> map = parseHeader(fullHeader);
             if ("auth".equals(map.get("qop"))
                 || !map.containsKey("qop")) {
                 DigestInfo di = new DigestInfo();

Modified: 
cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/HTTPConduitTest.java
URL: 
http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/HTTPConduitTest.java?rev=831986&r1=831985&r2=831986&view=diff
==============================================================================
--- 
cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/HTTPConduitTest.java
 (original)
+++ 
cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/HTTPConduitTest.java
 Mon Nov  2 18:04:44 2009
@@ -127,6 +127,17 @@
                      conduit.getURL().getPath(),
                      "/bar/foo");
     }
+    
+    @Test
+    public void testCXF2370() throws Exception {
+        String origNonce = 
"MTI0ODg3OTc5NzE2OTplZGUyYTg0Yzk2NTFkY2YyNjc1Y2JjZjU2MTUzZmQyYw==";
+        String fullHeader = "Digest realm=\"MyCompany realm.\", qop=\"auth\","
+            + "nonce=\"" + origNonce + "\"";
+        Map<String, String> map = DigestAuthSupplier.parseHeader(fullHeader);
+        assertEquals(origNonce, map.get("nonce"));
+        assertEquals("auth", map.get("qop"));
+        assertEquals("MyCompany realm.", map.get("realm"));
+    }
 
     /**
      * Verfies one of the tenents of our interface -- the Conduit sets up

svn commit: r831986 - in /cxf/trunk/rt/transports/http/src: main/java/org/apache/cxf/transport/http/DigestAuthSupplier.java test/java/org/apache/cxf/transport/http/HTTPConduitTest.java

Reply via email to