Author: markt
Date: Sat Nov 3 14:59:13 2012
New Revision: 1405353
URL: http://svn.apache.org/viewvc?rev=1405353&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=54060
Use new HTTP header parser to address issues in current regular expression
based parser.
This roughly twice as fast and generates about a third of the garbage (based on
profiling the load unit test)
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/DigestAuthenticator.java
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/DigestAuthenticator.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/DigestAuthenticator.java?rev=1405353&r1=1405352&r2=1405353&view=diff
==============================================================================
---
tomcat/trunk/java/org/apache/catalina/authenticator/DigestAuthenticator.java
(original)
+++
tomcat/trunk/java/org/apache/catalina/authenticator/DigestAuthenticator.java
Sat Nov 3 14:59:13 2012
@@ -17,6 +17,7 @@
package org.apache.catalina.authenticator;
import java.io.IOException;
+import java.io.StringReader;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
@@ -34,6 +35,7 @@ import org.apache.catalina.util.MD5Encod
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.buf.B2CConverter;
+import org.apache.tomcat.util.http.parser.HttpParser2;
/**
@@ -474,58 +476,25 @@ public class DigestAuthenticator extends
if (authorization == null) {
return false;
}
- if (!authorization.startsWith("Digest ")) {
+
+ Map<String,String> directives;
+ try {
+ directives = HttpParser2.parseAuthorizationDigest(
+ new StringReader(authorization));
+ } catch (IllegalArgumentException | IOException e) {
return false;
}
- authorization = authorization.substring(7).trim();
-
- // Bugzilla 37132:
http://issues.apache.org/bugzilla/show_bug.cgi?id=37132
- String[] tokens =
authorization.split(",(?=(?:[^\"]*\"[^\"]*\")+$)");
method = request.getMethod();
-
- for (int i = 0; i < tokens.length; i++) {
- String currentToken = tokens[i];
- if (currentToken.length() == 0) {
- continue;
- }
-
- int equalSign = currentToken.indexOf('=');
- if (equalSign < 0) {
- return false;
- }
- String currentTokenName =
- currentToken.substring(0, equalSign).trim();
- String currentTokenValue =
- currentToken.substring(equalSign + 1).trim();
- if ("username".equals(currentTokenName)) {
- userName = removeQuotes(currentTokenValue);
- }
- if ("realm".equals(currentTokenName)) {
- realmName = removeQuotes(currentTokenValue, true);
- }
- if ("nonce".equals(currentTokenName)) {
- nonce = removeQuotes(currentTokenValue);
- }
- if ("nc".equals(currentTokenName)) {
- nc = removeQuotes(currentTokenValue);
- }
- if ("cnonce".equals(currentTokenName)) {
- cnonce = removeQuotes(currentTokenValue);
- }
- if ("qop".equals(currentTokenName)) {
- qop = removeQuotes(currentTokenValue);
- }
- if ("uri".equals(currentTokenName)) {
- uri = removeQuotes(currentTokenValue);
- }
- if ("response".equals(currentTokenName)) {
- response = removeQuotes(currentTokenValue);
- }
- if ("opaque".equals(currentTokenName)) {
- opaqueReceived = removeQuotes(currentTokenValue);
- }
- }
+ userName = directives.get("username");
+ realmName = directives.get("realm");
+ nonce = directives.get("nonce");
+ nc = directives.get("nc");
+ cnonce = directives.get("cnonce");
+ qop = directives.get("qop");
+ uri = directives.get("uri");
+ response = directives.get("response");
+ opaqueReceived = directives.get("opaque");
return true;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
