This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new d543e8e57b Rename digests to remove reference to specific algorithm
d543e8e57b is described below
commit d543e8e57b77a4e6ce1fa881a28a4cea12366a16
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Mar 9 15:29:10 2023 +0000
Rename digests to remove reference to specific algorithm
This is in preparation for implementing RFC 7616
---
java/org/apache/catalina/Realm.java | 5 ++---
.../catalina/authenticator/DigestAuthenticator.java | 4 ++--
java/org/apache/catalina/realm/CombinedRealm.java | 4 ++--
.../apache/catalina/realm/JAASCallbackHandler.java | 14 +++++++-------
.../catalina/realm/JAASMemoryLoginModule.java | 8 ++++----
java/org/apache/catalina/realm/JAASRealm.java | 4 ++--
java/org/apache/catalina/realm/JNDIRealm.java | 4 ++--
java/org/apache/catalina/realm/LockOutRealm.java | 4 ++--
java/org/apache/catalina/realm/RealmBase.java | 14 +++++++-------
.../authenticator/TestDigestAuthenticator.java | 10 +++++-----
.../TestSSOnonLoginAndDigestAuthenticator.java | 10 +++++-----
.../TesterDigestAuthenticatorPerformance.java | 8 ++++----
test/org/apache/catalina/realm/TestJNDIRealm.java | 21 +++++++++++----------
13 files changed, 55 insertions(+), 55 deletions(-)
diff --git a/java/org/apache/catalina/Realm.java
b/java/org/apache/catalina/Realm.java
index 6c0096b9ac..48985283b7 100644
--- a/java/org/apache/catalina/Realm.java
+++ b/java/org/apache/catalina/Realm.java
@@ -96,15 +96,14 @@ public interface Realm extends Contained {
* @param qop the "quality of protection" ({@code nc} and {@code cnonce}
* will only be used, if {@code qop} is not {@code null}).
* @param realm Realm name
- * @param md5a2 Second MD5 digest used to calculate the digest :
- * MD5(Method + ":" + uri)
+ * @param digestA2 Second digest calculated as digest(Method + ":" + uri)
*
* @return the associated principal, or {@code null} if there is none.
*/
Principal authenticate(String username, String digest,
String nonce, String nc, String cnonce,
String qop, String realm,
- String md5a2);
+ String digestA2);
/**
diff --git a/java/org/apache/catalina/authenticator/DigestAuthenticator.java
b/java/org/apache/catalina/authenticator/DigestAuthenticator.java
index bb2504a9df..74ffdbee67 100644
--- a/java/org/apache/catalina/authenticator/DigestAuthenticator.java
+++ b/java/org/apache/catalina/authenticator/DigestAuthenticator.java
@@ -597,9 +597,9 @@ public class DigestAuthenticator extends AuthenticatorBase {
String a2 = method + ":" + uri;
byte[] buffer =
ConcurrentMessageDigest.digestMD5(a2.getBytes(StandardCharsets.ISO_8859_1));
- String md5a2 = HexUtils.toHexString(buffer);
+ String digestA2 = HexUtils.toHexString(buffer);
- return realm.authenticate(userName, response, nonce, nc, cnonce,
qop, realmName, md5a2);
+ return realm.authenticate(userName, response, nonce, nc, cnonce,
qop, realmName, digestA2);
}
}
diff --git a/java/org/apache/catalina/realm/CombinedRealm.java
b/java/org/apache/catalina/realm/CombinedRealm.java
index 2ed646241e..352a06dac1 100644
--- a/java/org/apache/catalina/realm/CombinedRealm.java
+++ b/java/org/apache/catalina/realm/CombinedRealm.java
@@ -97,7 +97,7 @@ public class CombinedRealm extends RealmBase {
@Override
public Principal authenticate(String username, String clientDigest, String
nonce, String nc, String cnonce,
- String qop, String realmName, String md5a2) {
+ String qop, String realmName, String digestA2) {
Principal authenticatedUser = null;
for (Realm realm : realms) {
@@ -105,7 +105,7 @@ public class CombinedRealm extends RealmBase {
log.debug(sm.getString("combinedRealm.authStart", username,
realm.getClass().getName()));
}
- authenticatedUser = realm.authenticate(username, clientDigest,
nonce, nc, cnonce, qop, realmName, md5a2);
+ authenticatedUser = realm.authenticate(username, clientDigest,
nonce, nc, cnonce, qop, realmName, digestA2);
if (authenticatedUser == null) {
if (log.isDebugEnabled()) {
diff --git a/java/org/apache/catalina/realm/JAASCallbackHandler.java
b/java/org/apache/catalina/realm/JAASCallbackHandler.java
index 17dda364ce..fcacb64537 100644
--- a/java/org/apache/catalina/realm/JAASCallbackHandler.java
+++ b/java/org/apache/catalina/realm/JAASCallbackHandler.java
@@ -76,11 +76,11 @@ public class JAASCallbackHandler implements CallbackHandler
{
* @param cnonce Client generated nonce
* @param qop Quality of protection applied to the message
* @param realmName Realm name
- * @param md5a2 Second MD5 digest used to calculate the digest
MD5(Method + ":" + uri)
+ * @param digestA2 Second digest calculated as digest(Method + ":" + uri)
* @param authMethod The authentication method in use
*/
public JAASCallbackHandler(JAASRealm realm, String username, String
password, String nonce, String nc,
- String cnonce, String qop, String realmName, String md5a2, String
authMethod) {
+ String cnonce, String qop, String realmName, String digestA2,
String authMethod) {
this.realm = realm;
this.username = username;
@@ -94,7 +94,7 @@ public class JAASCallbackHandler implements CallbackHandler {
this.cnonce = cnonce;
this.qop = qop;
this.realmName = realmName;
- this.md5a2 = md5a2;
+ this.digestA2 = digestA2;
this.authMethod = authMethod;
}
@@ -147,9 +147,9 @@ public class JAASCallbackHandler implements CallbackHandler
{
protected final String realmName;
/**
- * Second MD5 digest.
+ * Second digest.
*/
- protected final String md5a2;
+ protected final String digestA2;
/**
* The authentication method to be used. If null, assume BASIC/FORM.
@@ -199,8 +199,8 @@ public class JAASCallbackHandler implements CallbackHandler
{
cb.setText(qop);
} else if (cb.getPrompt().equals("realmName")) {
cb.setText(realmName);
- } else if (cb.getPrompt().equals("md5a2")) {
- cb.setText(md5a2);
+ } else if (cb.getPrompt().equals("digestA2")) {
+ cb.setText(digestA2);
} else if (cb.getPrompt().equals("authMethod")) {
cb.setText(authMethod);
} else if (cb.getPrompt().equals("catalinaBase")) {
diff --git a/java/org/apache/catalina/realm/JAASMemoryLoginModule.java
b/java/org/apache/catalina/realm/JAASMemoryLoginModule.java
index 5be13b7c6b..4e088951c6 100644
--- a/java/org/apache/catalina/realm/JAASMemoryLoginModule.java
+++ b/java/org/apache/catalina/realm/JAASMemoryLoginModule.java
@@ -246,7 +246,7 @@ public class JAASMemoryLoginModule extends MemoryRealm
implements LoginModule {
callbacks[4] = new TextInputCallback("cnonce");
callbacks[5] = new TextInputCallback("qop");
callbacks[6] = new TextInputCallback("realmName");
- callbacks[7] = new TextInputCallback("md5a2");
+ callbacks[7] = new TextInputCallback("digestA2");
callbacks[8] = new TextInputCallback("authMethod");
// Interact with the user to retrieve the username and password
@@ -257,7 +257,7 @@ public class JAASMemoryLoginModule extends MemoryRealm
implements LoginModule {
String cnonce = null;
String qop = null;
String realmName = null;
- String md5a2 = null;
+ String digestA2 = null;
String authMethod = null;
try {
@@ -269,7 +269,7 @@ public class JAASMemoryLoginModule extends MemoryRealm
implements LoginModule {
cnonce = ((TextInputCallback) callbacks[4]).getText();
qop = ((TextInputCallback) callbacks[5]).getText();
realmName = ((TextInputCallback) callbacks[6]).getText();
- md5a2 = ((TextInputCallback) callbacks[7]).getText();
+ digestA2 = ((TextInputCallback) callbacks[7]).getText();
authMethod = ((TextInputCallback) callbacks[8]).getText();
} catch (IOException | UnsupportedCallbackException e) {
throw new LoginException(e.toString());
@@ -280,7 +280,7 @@ public class JAASMemoryLoginModule extends MemoryRealm
implements LoginModule {
// BASIC or FORM
principal = super.authenticate(username, password);
} else if (authMethod.equals(HttpServletRequest.DIGEST_AUTH)) {
- principal = super.authenticate(username, password, nonce, nc,
cnonce, qop, realmName, md5a2);
+ principal = super.authenticate(username, password, nonce, nc,
cnonce, qop, realmName, digestA2);
} else if (authMethod.equals(HttpServletRequest.CLIENT_CERT_AUTH)) {
principal = super.getPrincipal(username);
} else {
diff --git a/java/org/apache/catalina/realm/JAASRealm.java
b/java/org/apache/catalina/realm/JAASRealm.java
index 705f143db3..6314bb0c21 100644
--- a/java/org/apache/catalina/realm/JAASRealm.java
+++ b/java/org/apache/catalina/realm/JAASRealm.java
@@ -326,9 +326,9 @@ public class JAASRealm extends RealmBase {
@Override
public Principal authenticate(String username, String clientDigest, String
nonce, String nc, String cnonce,
- String qop, String realmName, String md5a2) {
+ String qop, String realmName, String digestA2) {
return authenticate(username, new JAASCallbackHandler(this, username,
clientDigest, nonce, nc, cnonce, qop,
- realmName, md5a2, HttpServletRequest.DIGEST_AUTH));
+ realmName, digestA2, HttpServletRequest.DIGEST_AUTH));
}
diff --git a/java/org/apache/catalina/realm/JNDIRealm.java
b/java/org/apache/catalina/realm/JNDIRealm.java
index a04f4261d2..40dde8bc0a 100644
--- a/java/org/apache/catalina/realm/JNDIRealm.java
+++ b/java/org/apache/catalina/realm/JNDIRealm.java
@@ -1341,7 +1341,7 @@ public class JNDIRealm extends RealmBase {
*/
@Override
public Principal authenticate(String username, String clientDigest, String
nonce, String nc, String cnonce,
- String qop, String realm, String md5a2) {
+ String qop, String realm, String digestA2) {
ClassLoader ocl = null;
Thread currentThread = null;
try {
@@ -1350,7 +1350,7 @@ public class JNDIRealm extends RealmBase {
ocl = currentThread.getContextClassLoader();
currentThread.setContextClassLoader(this.getClass().getClassLoader());
}
- return super.authenticate(username, clientDigest, nonce, nc,
cnonce, qop, realm, md5a2);
+ return super.authenticate(username, clientDigest, nonce, nc,
cnonce, qop, realm, digestA2);
} finally {
if (currentThread != null) {
currentThread.setContextClassLoader(ocl);
diff --git a/java/org/apache/catalina/realm/LockOutRealm.java
b/java/org/apache/catalina/realm/LockOutRealm.java
index 43fad7af5f..c19b83c0c2 100644
--- a/java/org/apache/catalina/realm/LockOutRealm.java
+++ b/java/org/apache/catalina/realm/LockOutRealm.java
@@ -109,10 +109,10 @@ public class LockOutRealm extends CombinedRealm {
@Override
public Principal authenticate(String username, String clientDigest, String
nonce, String nc, String cnonce,
- String qop, String realmName, String md5a2) {
+ String qop, String realmName, String digestA2) {
Principal authenticatedUser = super.authenticate(username,
clientDigest, nonce, nc, cnonce, qop, realmName,
- md5a2);
+ digestA2);
return filterLockedAccounts(username, authenticatedUser);
}
diff --git a/java/org/apache/catalina/realm/RealmBase.java
b/java/org/apache/catalina/realm/RealmBase.java
index e81bad10ac..0f2ac54275 100644
--- a/java/org/apache/catalina/realm/RealmBase.java
+++ b/java/org/apache/catalina/realm/RealmBase.java
@@ -330,19 +330,19 @@ public abstract class RealmBase extends
LifecycleMBeanBase implements org.apache
@Override
public Principal authenticate(String username, String clientDigest, String
nonce, String nc, String cnonce,
- String qop, String realm, String md5a2) {
+ String qop, String realm, String digestA2) {
// In digest auth, digests are always lower case
- String md5a1 = getDigest(username, realm);
- if (md5a1 == null) {
+ String digestA1 = getDigest(username, realm);
+ if (digestA1 == null) {
return null;
}
- md5a1 = md5a1.toLowerCase(Locale.ENGLISH);
+ digestA1 = digestA1.toLowerCase(Locale.ENGLISH);
String serverDigestValue;
if (qop == null) {
- serverDigestValue = md5a1 + ":" + nonce + ":" + md5a2;
+ serverDigestValue = digestA1 + ":" + nonce + ":" + digestA2;
} else {
- serverDigestValue = md5a1 + ":" + nonce + ":" + nc + ":" + cnonce
+ ":" + qop + ":" + md5a2;
+ serverDigestValue = digestA1 + ":" + nonce + ":" + nc + ":" +
cnonce + ":" + qop + ":" + digestA2;
}
byte[] valueBytes = null;
@@ -358,7 +358,7 @@ public abstract class RealmBase extends LifecycleMBeanBase
implements org.apache
if (log.isDebugEnabled()) {
log.debug("Digest : " + clientDigest + " Username:" + username + "
ClientDigest:" + clientDigest +
" nonce:" + nonce + " nc:" + nc + " cnonce:" + cnonce + "
qop:" + qop + " realm:" + realm +
- "md5a2:" + md5a2 + " Server digest:" + serverDigest);
+ "digestA2:" + digestA2 + " Server digest:" + serverDigest);
}
if (serverDigest.equals(clientDigest)) {
diff --git
a/test/org/apache/catalina/authenticator/TestDigestAuthenticator.java
b/test/org/apache/catalina/authenticator/TestDigestAuthenticator.java
index 79e1e59e09..19921b257e 100644
--- a/test/org/apache/catalina/authenticator/TestDigestAuthenticator.java
+++ b/test/org/apache/catalina/authenticator/TestDigestAuthenticator.java
@@ -336,15 +336,15 @@ public class TestDigestAuthenticator extends
TomcatBaseTest {
String a1 = user + ":" + realm + ":" + pwd;
String a2 = "GET:" + uri;
- String md5a1 = digest(a1);
- String md5a2 = digest(a2);
+ String digestA1 = digest(a1);
+ String digestA2 = digest(a2);
String response;
if (qop == null) {
- response = md5a1 + ":" + nonce + ":" + md5a2;
+ response = digestA1 + ":" + nonce + ":" + digestA2;
} else {
- response = md5a1 + ":" + nonce + ":" + nc + ":" + cnonce + ":" +
- qop + ":" + md5a2;
+ response = digestA1 + ":" + nonce + ":" + nc + ":" + cnonce + ":" +
+ qop + ":" + digestA2;
}
String md5response = digest(response);
diff --git
a/test/org/apache/catalina/authenticator/TestSSOnonLoginAndDigestAuthenticator.java
b/test/org/apache/catalina/authenticator/TestSSOnonLoginAndDigestAuthenticator.java
index 01ee1b457a..478e35f9df 100644
---
a/test/org/apache/catalina/authenticator/TestSSOnonLoginAndDigestAuthenticator.java
+++
b/test/org/apache/catalina/authenticator/TestSSOnonLoginAndDigestAuthenticator.java
@@ -411,15 +411,15 @@ public class TestSSOnonLoginAndDigestAuthenticator
extends TomcatBaseTest {
String a1 = user + ":" + realm + ":" + pwd;
String a2 = "GET:" + uri;
- String md5a1 = digest(a1);
- String md5a2 = digest(a2);
+ String digestA1 = digest(a1);
+ String digestA2 = digest(a2);
String response;
if (qop == null) {
- response = md5a1 + ":" + nonce + ":" + md5a2;
+ response = digestA1 + ":" + nonce + ":" + digestA2;
} else {
- response = md5a1 + ":" + nonce + ":" + nc + ":" + cnonce + ":" +
- qop + ":" + md5a2;
+ response = digestA1 + ":" + nonce + ":" + nc + ":" + cnonce + ":" +
+ qop + ":" + digestA2;
}
String md5response = digest(response);
diff --git
a/test/org/apache/catalina/authenticator/TesterDigestAuthenticatorPerformance.java
b/test/org/apache/catalina/authenticator/TesterDigestAuthenticatorPerformance.java
index 78516ffc96..dd672ed6ac 100644
---
a/test/org/apache/catalina/authenticator/TesterDigestAuthenticatorPerformance.java
+++
b/test/org/apache/catalina/authenticator/TesterDigestAuthenticatorPerformance.java
@@ -144,9 +144,9 @@ public class TesterDigestAuthenticatorPerformance {
private static final String A1 = USER + ":" + REALM + ":" + PWD;
private static final String A2 = METHOD + ":" + CONTEXT_PATH + URI;
- private static final String MD5A1 = HexUtils.toHexString(
+ private static final String DIGEST_A1 = HexUtils.toHexString(
ConcurrentMessageDigest.digest("MD5", A1.getBytes()));
- private static final String MD5A2 = HexUtils.toHexString(
+ private static final String DIGEST_A2 = HexUtils.toHexString(
ConcurrentMessageDigest.digest("MD5", A2.getBytes()));
@@ -196,8 +196,8 @@ public class TesterDigestAuthenticatorPerformance {
Integer.valueOf(nonceCount.incrementAndGet()));
String cnonce = "cnonce";
- String response = MD5A1 + ":" + nonce + ":" + ncString + ":" +
- cnonce + ":" + QOP + ":" + MD5A2;
+ String response = DIGEST_A1 + ":" + nonce + ":" + ncString + ":" +
+ cnonce + ":" + QOP + ":" + DIGEST_A2;
String md5response = HexUtils.toHexString(
ConcurrentMessageDigest.digest("MD5",
response.getBytes()));
diff --git a/test/org/apache/catalina/realm/TestJNDIRealm.java
b/test/org/apache/catalina/realm/TestJNDIRealm.java
index cee5eb4c95..ff72bd2ff5 100644
--- a/test/org/apache/catalina/realm/TestJNDIRealm.java
+++ b/test/org/apache/catalina/realm/TestJNDIRealm.java
@@ -54,7 +54,8 @@ public class TestJNDIRealm {
private static final String REALM = "test-realm";
private static final String NONCE = "test-nonce";
- private static final String HA2 = "test-md5a2";
+ // Not digested but doesn't matter for the purposes of the test
+ private static final String DIGEST_A2 = "method:request-uri";
public static final String USER_PASSWORD_ATTR = "test-pwd";
private static MessageDigest md5Helper;
@@ -71,9 +72,9 @@ public class TestJNDIRealm {
// WHEN
String expectedResponse =
- HexUtils.toHexString(md5Helper.digest((ha1() + ":" + NONCE +
":" + HA2).getBytes()));
+ HexUtils.toHexString(md5Helper.digest((digestA1() + ":" +
NONCE + ":" + DIGEST_A2).getBytes()));
Principal principal =
- realm.authenticate(USER, expectedResponse, NONCE, null, null,
null, REALM, HA2);
+ realm.authenticate(USER, expectedResponse, NONCE, null, null,
null, REALM, DIGEST_A2);
// THEN
Assert.assertNull(principal);
@@ -87,9 +88,9 @@ public class TestJNDIRealm {
// WHEN
String expectedResponse =
- HexUtils.toHexString(md5Helper.digest((ha1() + ":" + NONCE +
":" + HA2).getBytes()));
+ HexUtils.toHexString(md5Helper.digest((digestA1() + ":" +
NONCE + ":" + DIGEST_A2).getBytes()));
Principal principal =
- realm.authenticate(USER, expectedResponse, NONCE, null, null,
null, REALM, HA2);
+ realm.authenticate(USER, expectedResponse, NONCE, null, null,
null, REALM, DIGEST_A2);
// THEN
assertThat(principal, instanceOf(GenericPrincipal.class));
@@ -99,19 +100,19 @@ public class TestJNDIRealm {
@Test
public void testAuthenticateWithUserPasswordAndCredentialHandler() throws
Exception {
// GIVEN
- JNDIRealm realm = buildRealm(ha1());
+ JNDIRealm realm = buildRealm(digestA1());
realm.setCredentialHandler(buildCredentialHandler());
realm.setUserPassword(USER_PASSWORD_ATTR);
// WHEN
String expectedResponse =
- HexUtils.toHexString(md5Helper.digest((ha1() + ":" + NONCE +
":" + HA2).getBytes()));
+ HexUtils.toHexString(md5Helper.digest((digestA1() + ":" +
NONCE + ":" + DIGEST_A2).getBytes()));
Principal principal =
- realm.authenticate(USER, expectedResponse, NONCE, null, null,
null, REALM, HA2);
+ realm.authenticate(USER, expectedResponse, NONCE, null, null,
null, REALM, DIGEST_A2);
// THEN
assertThat(principal, instanceOf(GenericPrincipal.class));
- Assert.assertEquals(ha1(),
((GenericPrincipal)principal).getPassword());
+ Assert.assertEquals(digestA1(),
((GenericPrincipal)principal).getPassword());
}
@Test
@@ -199,7 +200,7 @@ public class TestJNDIRealm {
return dirContext;
}
- private String ha1() {
+ private String digestA1() {
String a1 = USER + ":" + REALM + ":" + PASSWORD;
return HexUtils.toHexString(md5Helper.digest(a1.getBytes()));
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
