> On Mar 15, 2023, at 01:45, ma...@apache.org wrote:
>
> This is an automated email from the ASF dual-hosted git repository.
>
> markt pushed a commit to branch main
> in repository https://gitbox.apache.org/repos/asf/tomcat.git
>
>
> The following commit(s) were added to refs/heads/main by this push:
> new 55ad7dbe19 Support RFC 7616. Add support for multiple algorithms.
> 55ad7dbe19 is described below
>
> commit 55ad7dbe196ba35dd16952701890d318e7926c02
> Author: Mark Thomas
> AuthorDate: Fri Mar 3 17:58:05 2023 +
>
>Support RFC 7616. Add support for multiple algorithms.
> ---
> java/org/apache/catalina/Realm.java| 40 +++
> .../authenticator/DigestAuthenticator.java | 213
> .../catalina/authenticator/LocalStrings.properties | 2 +
> java/org/apache/catalina/realm/CombinedRealm.java | 4 +-
> .../apache/catalina/realm/JAASCallbackHandler.java | 7 +-
> .../catalina/realm/JAASMemoryLoginModule.java | 9 +-
> java/org/apache/catalina/realm/JAASRealm.java | 6 +-
> java/org/apache/catalina/realm/JNDIRealm.java | 4 +-
> .../apache/catalina/realm/LocalStrings.properties | 1 +
> java/org/apache/catalina/realm/LockOutRealm.java | 4 +-
> java/org/apache/catalina/realm/RealmBase.java | 48 +++-
> .../tomcat/websocket/DigestAuthenticator.java | 22 +-
> .../TestDigestAuthenticatorAlgorithms.java | 279 +
> test/org/apache/catalina/realm/TestJNDIRealm.java | 6 +-
> webapps/docs/changelog.xml | 6 +
> webapps/docs/config/valve.xml | 7 +
> 16 files changed, 580 insertions(+), 78 deletions(-)
>
> diff --git a/java/org/apache/catalina/Realm.java
> b/java/org/apache/catalina/Realm.java
> index cb27fdd487..e81802965e 100644
> --- a/java/org/apache/catalina/Realm.java
> +++ b/java/org/apache/catalina/Realm.java
> @@ -101,13 +101,53 @@ public interface Realm extends Contained {
> * @param digestA2 Second digest calculated as digest(Method + ":" + uri)
> *
> * @return the associated principal, or {@code null} if there is none.
> + *
> + * @deprecated Unused. Use {@link #authenticate(String, String, String,
> + * String, String, String, String, String, String)}. Will be removed in
> + * Tomcat 11.
> */
> +@Deprecated
> Principal authenticate(String username, String digest,
> String nonce, String nc, String cnonce,
> String qop, String realm,
> String digestA2);
>
>
> +/**
> + * Try to authenticate with the specified username, which
> + * matches the digest calculated using the given parameters using the
> + * method described in RFC 7616.
> + *
> + * The default implementation calls {@link #authenticate(String, String,
> + * String, String, String, String, String, String)} for backwards
> + * compatibility which effectively forces the use of MD5 regardless of
> the
> + * algorithm specified in the call to this method.
> + *
> + * Implementations are expected to override the default implementation
> and
> + * take account of the algorithm parameter.
> + *
> + * @param username Username of the Principal to look up
> + * @param digest Digest which has been submitted by the client
> + * @param nonce Unique (or supposedly unique) token which has been used
> + * for this request
> + * @param nc the nonce counter
> + * @param cnonce the client chosen nonce
> + * @param qop the "quality of protection" ({@code nc} and {@code cnonce}
> + *will only be used, if {@code qop} is not {@code null}).
> + * @param realm Realm name
> + * @param digestA2 Second digest calculated as digest(Method + ":" + uri)
> + * @param algorithm The message digest algorithm to use
> + *
> + * @return the associated principal, or {@code null} if there is none.
> + */
> +default Principal authenticate(String username, String digest,
> + String nonce, String nc, String cnonce,
> + String qop, String realm,
> + String digestA2, String algorithm) {
> +return authenticate(username, digest, nonce, nc, cnonce, qop, realm,
> digestA2);
> +}
> +
> +
> /**
> * Try to authenticate using a {@link GSSContext}.
> *
> diff --git a/java/org/apache/catalina/authenticator/DigestAuthenticator.java
> b/java/org/apache/catalina/authenticator/DigestAuthenticator.java
> index 0d5e681a3f..f80f2181e9 100644
> --- a/java/org/apache/catalina/authenticator/DigestAuthenticator.java
> +++ b/java/org/apache/catalina/authenticator/DigestAuthenticator.java
> @@ -19,8 +19,14 @@ package org.apache.catalina.authenticator;
> import java.io.IOException;
> import java.io.StringReader;
> import java.nio.charset.StandardCharsets;