cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator DigestAuthenticator.java

Fri, 12 Nov 2004 02:21:48 -0800 

remm        2004/11/12 02:21:41

  Modified:    catalina/src/share/org/apache/catalina/authenticator
                        DigestAuthenticator.java
  Log:
  - Bug 32137: Use of MessageDigest should be synced.
  
  Revision  Changes    Path
  1.12      +14 -6     
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/DigestAuthenticator.java
  
  Index: DigestAuthenticator.java
  ===================================================================
  RCS file: 
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/DigestAuthenticator.java,v
  retrieving revision 1.11
  retrieving revision 1.12
  diff -u -r1.11 -r1.12
  --- DigestAuthenticator.java  15 Aug 2004 15:48:59 -0000      1.11
  +++ DigestAuthenticator.java  12 Nov 2004 10:21:41 -0000      1.12
  @@ -313,7 +313,11 @@
           String a2 = method + ":" + uri;
           //System.out.println("A2:" + a2);
   
  -        String md5a2 = md5Encoder.encode(md5Helper.digest(a2.getBytes()));
  +        byte[] buffer = null;
  +        synchronized (md5Helper) {
  +            buffer = md5Helper.digest(a2.getBytes());
  +        }
  +        String md5a2 = md5Encoder.encode(buffer);
   
           return (realm.authenticate(userName, response, nOnce, nc, cnonce, 
qop,
                                      realmName, md5a2));
  @@ -396,7 +400,10 @@
           String nOnceValue = request.getRemoteAddr() + ":" +
               currentTime + ":" + key;
   
  -        byte[] buffer = md5Helper.digest(nOnceValue.getBytes());
  +        byte[] buffer = null;
  +        synchronized (md5Helper) {
  +            buffer = md5Helper.digest(nOnceValue.getBytes());
  +        }
           nOnceValue = md5Encoder.encode(buffer);
   
           // Updating the value in the no once hashtable
  @@ -444,13 +451,14 @@
               realmName = request.getServerName() + ":"
                   + request.getServerPort();
   
  -        byte[] buffer = md5Helper.digest(nOnce.getBytes());
  +        byte[] buffer = null;
  +        synchronized (md5Helper) {
  +            buffer = md5Helper.digest(nOnce.getBytes());
  +        }
   
           String authenticateHeader = "Digest realm=\"" + realmName + "\", "
               +  "qop=\"auth\", nonce=\"" + nOnce + "\", " + "opaque=\""
               + md5Encoder.encode(buffer) + "\"";
  -        // System.out.println("Authenticate header value : "
  -        //                   + authenticateHeader);
           response.setHeader("WWW-Authenticate", authenticateHeader);
   
       }
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to