Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
dragonwell8_jdk
提交
03d3e69d
D
dragonwell8_jdk
项目概览
openanolis
/
dragonwell8_jdk
通知
4
Star
2
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dragonwell8_jdk
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
03d3e69d
编写于
10月 02, 2009
作者:
M
michaelm
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
6870935: DIGEST proxy authentication fails to connect to URLs with no trailing slash
Reviewed-by: chegar
上级
33a0c720
变更
8
隐藏空白更改
内联
并排
Showing
8 changed file
with
314 addition
and
48 deletion
+314
-48
src/share/classes/sun/net/www/protocol/http/AuthenticationInfo.java
...classes/sun/net/www/protocol/http/AuthenticationInfo.java
+0
-7
src/share/classes/sun/net/www/protocol/http/BasicAuthentication.java
...lasses/sun/net/www/protocol/http/BasicAuthentication.java
+0
-7
src/share/classes/sun/net/www/protocol/http/DigestAuthentication.java
...asses/sun/net/www/protocol/http/DigestAuthentication.java
+6
-2
src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java
.../classes/sun/net/www/protocol/http/HttpURLConnection.java
+46
-14
src/share/classes/sun/net/www/protocol/http/NegotiateAuthentication.java
...es/sun/net/www/protocol/http/NegotiateAuthentication.java
+0
-6
src/solaris/classes/sun/net/www/protocol/http/NTLMAuthentication.java
...classes/sun/net/www/protocol/http/NTLMAuthentication.java
+0
-7
src/windows/classes/sun/net/www/protocol/http/NTLMAuthentication.java
...classes/sun/net/www/protocol/http/NTLMAuthentication.java
+0
-5
test/java/net/Authenticator/B6870935.java
test/java/net/Authenticator/B6870935.java
+262
-0
未找到文件。
src/share/classes/sun/net/www/protocol/http/AuthenticationInfo.java
浏览文件 @
03d3e69d
...
...
@@ -398,13 +398,6 @@ abstract class AuthenticationInfo extends AuthCacheValue implements Cloneable {
*/
abstract
boolean
isAuthorizationStale
(
String
header
);
/**
* Check for any expected authentication information in the response
* from the server
*/
abstract
void
checkResponse
(
String
header
,
String
method
,
URL
url
)
throws
IOException
;
/**
* Give a key for hash table lookups.
* @param includeRealm if you want the realm considered. Preemptively
...
...
src/share/classes/sun/net/www/protocol/http/BasicAuthentication.java
浏览文件 @
03d3e69d
...
...
@@ -178,13 +178,6 @@ class BasicAuthentication extends AuthenticationInfo {
return
false
;
}
/**
* For Basic Authentication, there is no security information in the
* response
*/
void
checkResponse
(
String
header
,
String
method
,
URL
url
)
{
}
/**
* @return the common root path between npath and path.
* This is used to detect when we have an authentication for two
...
...
src/share/classes/sun/net/www/protocol/http/DigestAuthentication.java
浏览文件 @
03d3e69d
...
...
@@ -291,7 +291,7 @@ class DigestAuthentication extends AuthenticationInfo {
uri
=
HttpURLConnection
.
connectRequestURI
(
conn
.
getURL
());
method
=
HTTP_CONNECT
;
}
else
{
uri
=
conn
.
get
URL
().
getFile
();
uri
=
conn
.
get
RequestURI
();
method
=
conn
.
getMethod
();
}
...
...
@@ -385,7 +385,11 @@ class DigestAuthentication extends AuthenticationInfo {
public
void
checkResponse
(
String
header
,
String
method
,
URL
url
)
throws
IOException
{
String
uri
=
url
.
getFile
();
checkResponse
(
header
,
method
,
url
.
getFile
());
}
public
void
checkResponse
(
String
header
,
String
method
,
String
uri
)
throws
IOException
{
char
[]
passwd
=
pw
.
getPassword
();
String
username
=
pw
.
getUserName
();
boolean
qop
=
params
.
authQop
();
...
...
src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java
浏览文件 @
03d3e69d
...
...
@@ -390,7 +390,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
* request.
*/
if
(!
failedOnce
)
requests
.
prepend
(
method
+
" "
+
http
.
getURLFile
()+
" "
+
requests
.
prepend
(
method
+
" "
+
getRequestURI
()+
" "
+
httpVersion
,
null
);
if
(!
getUseCaches
())
{
requests
.
setIfNotSet
(
"Cache-Control"
,
"no-cache"
);
...
...
@@ -1546,10 +1546,14 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
if
(
proxyAuthentication
.
isAuthorizationStale
(
raw
))
{
/* we can retry with the current credentials */
String
value
;
if
(
tunnelState
()
==
TunnelState
.
SETUP
&&
proxyAuthentication
instanceof
DigestAuthentication
)
{
value
=
((
DigestAuthentication
)
proxyAuthentication
)
.
getHeaderValue
(
connectRequestURI
(
url
),
HTTP_CONNECT
);
if
(
proxyAuthentication
instanceof
DigestAuthentication
)
{
DigestAuthentication
digestProxy
=
(
DigestAuthentication
)
proxyAuthentication
;
if
(
tunnelState
()
==
TunnelState
.
SETUP
)
{
value
=
digestProxy
.
getHeaderValue
(
connectRequestURI
(
url
),
HTTP_CONNECT
);
}
else
{
value
=
digestProxy
.
getHeaderValue
(
getRequestURI
(),
method
);
}
}
else
{
value
=
proxyAuthentication
.
getHeaderValue
(
url
,
method
);
}
...
...
@@ -1765,10 +1769,14 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
http
.
getProxyPortUsed
());
if
(
pauth
!=
null
&&
pauth
.
supportsPreemptiveAuthorization
())
{
String
value
;
if
(
tunnelState
()
==
TunnelState
.
SETUP
&&
pauth
instanceof
DigestAuthentication
)
{
value
=
((
DigestAuthentication
)
pauth
)
if
(
pauth
instanceof
DigestAuthentication
)
{
DigestAuthentication
digestProxy
=
(
DigestAuthentication
)
pauth
;
if
(
tunnelState
()
==
TunnelState
.
SETUP
)
{
value
=
digestProxy
.
getHeaderValue
(
connectRequestURI
(
url
),
HTTP_CONNECT
);
}
else
{
value
=
digestProxy
.
getHeaderValue
(
getRequestURI
(),
method
);
}
}
else
{
value
=
pauth
.
getHeaderValue
(
url
,
method
);
}
...
...
@@ -2075,17 +2083,23 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
try
{
if
(!
needToCheck
)
return
;
if
(
validateProxy
&&
currentProxyCredentials
!=
null
)
{
if
((
validateProxy
&&
currentProxyCredentials
!=
null
)
&&
(
currentProxyCredentials
instanceof
DigestAuthentication
))
{
String
raw
=
responses
.
findValue
(
"Proxy-Authentication-Info"
);
if
(
inClose
||
(
raw
!=
null
))
{
currentProxyCredentials
.
checkResponse
(
raw
,
method
,
url
);
DigestAuthentication
da
=
(
DigestAuthentication
)
currentProxyCredentials
;
da
.
checkResponse
(
raw
,
method
,
getRequestURI
());
currentProxyCredentials
=
null
;
}
}
if
(
validateServer
&&
currentServerCredentials
!=
null
)
{
if
((
validateServer
&&
currentServerCredentials
!=
null
)
&&
(
currentServerCredentials
instanceof
DigestAuthentication
))
{
String
raw
=
responses
.
findValue
(
"Authentication-Info"
);
if
(
inClose
||
(
raw
!=
null
))
{
currentServerCredentials
.
checkResponse
(
raw
,
method
,
url
);
DigestAuthentication
da
=
(
DigestAuthentication
)
currentServerCredentials
;
da
.
checkResponse
(
raw
,
method
,
url
);
currentServerCredentials
=
null
;
}
}
...
...
@@ -2099,6 +2113,23 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
}
}
/* The request URI used in the request line for this request.
* Also, needed for digest authentication
*/
String
requestURI
=
null
;
String
getRequestURI
()
{
if
(
requestURI
==
null
)
{
try
{
requestURI
=
http
.
getURLFile
();
}
catch
(
IOException
e
)
{
requestURI
=
""
;
}
}
return
requestURI
;
}
/* Tells us whether to follow a redirect. If so, it
* closes the connection (break any keep-alive) and
* resets the url, re-connects, and resets the request
...
...
@@ -2160,13 +2191,14 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
}
setProxiedClient
(
url
,
proxyHost
,
proxyPort
);
requests
.
set
(
0
,
method
+
" "
+
http
.
getURLFile
()+
" "
+
requests
.
set
(
0
,
method
+
" "
+
getRequestURI
()+
" "
+
httpVersion
,
null
);
connected
=
true
;
}
else
{
// maintain previous headers, just change the name
// of the file we're getting
url
=
locUrl
;
requestURI
=
null
;
// force it to be recalculated
if
(
method
.
equals
(
"POST"
)
&&
!
Boolean
.
getBoolean
(
"http.strictPostRedirect"
)
&&
(
stat
!=
307
))
{
/* The HTTP/1.1 spec says that a redirect from a POST
* *should not* be immediately turned into a GET, and
...
...
@@ -2204,7 +2236,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
* CacheResponse.
*/
if
(
http
!=
null
)
{
requests
.
set
(
0
,
method
+
" "
+
http
.
getURLFile
()+
" "
+
requests
.
set
(
0
,
method
+
" "
+
getRequestURI
()+
" "
+
httpVersion
,
null
);
int
port
=
url
.
getPort
();
String
host
=
url
.
getHost
();
...
...
src/share/classes/sun/net/www/protocol/http/NegotiateAuthentication.java
浏览文件 @
03d3e69d
...
...
@@ -214,12 +214,6 @@ class NegotiateAuthentication extends AuthenticationInfo {
return
negotiator
.
nextToken
(
token
);
}
/**
* no-use for Negotiate
*/
public
void
checkResponse
(
String
header
,
String
method
,
URL
url
)
throws
IOException
{
}
class
B64Encoder
extends
BASE64Encoder
{
protected
int
bytesPerLine
()
{
return
100000
;
// as big as it can be, maybe INT_MAX
...
...
src/solaris/classes/sun/net/www/protocol/http/NTLMAuthentication.java
浏览文件 @
03d3e69d
...
...
@@ -244,13 +244,6 @@ class NTLMAuthentication extends AuthenticationInfo {
}
}
/* This is a no-op for NTLM, because there is no authentication information
* provided by the server to the client
*/
public
void
checkResponse
(
String
header
,
String
method
,
URL
url
)
throws
IOException
{
}
private
void
copybytes
(
byte
[]
dest
,
int
destpos
,
String
src
,
String
enc
)
{
try
{
byte
[]
x
=
src
.
getBytes
(
enc
);
...
...
src/windows/classes/sun/net/www/protocol/http/NTLMAuthentication.java
浏览文件 @
03d3e69d
...
...
@@ -192,9 +192,4 @@ class NTLMAuthentication extends AuthenticationInfo {
}
}
/* This is a no-op for NTLM, because there is no authentication information
* provided by the server to the client
*/
public
void
checkResponse
(
String
header
,
String
method
,
URL
url
)
throws
IOException
{
}
}
test/java/net/Authenticator/B6870935.java
0 → 100644
浏览文件 @
03d3e69d
/*
* Copyright 2001-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
* CA 95054 USA or visit www.sun.com if you need additional information or
* have any questions.
*/
/**
* @test
* @bug 6870935
* @run main/othervm -Dhttp.nonProxyHosts="" -Dhttp.auth.digest.validateProxy=true B6870935
*/
import
java.io.*
;
import
java.util.*
;
import
java.net.*
;
import
java.security.*
;
import
sun.net.www.*
;
/* This is one simple test of the RFC2617 digest authentication behavior
* It specifically tests that the client correctly checks the returned
* Authentication-Info header field from the server and throws an exception
* if the password is wrong
*/
public
class
B6870935
{
static
char
[]
passwd
=
"password"
.
toCharArray
();
static
String
username
=
"user"
;
static
String
nonce
=
"abcdefghijklmnopqrstuvwxyz"
;
static
String
realm
=
"wallyworld"
;
static
String
uri
=
"http://www.ibm.com"
;
static
volatile
boolean
error
=
false
;
static
class
DigestServer
extends
Thread
{
ServerSocket
s
;
InputStream
is
;
OutputStream
os
;
int
port
;
String
reply1
=
"HTTP/1.1 407 Proxy Authentication Required\r\n"
+
"Proxy-Authenticate: Digest realm=\""
+
realm
+
"\" domain=/ "
+
"nonce=\""
+
nonce
+
"\" qop=\"auth\"\r\n\r\n"
;
String
reply2
=
"HTTP/1.1 200 OK\r\n"
+
"Date: Mon, 15 Jan 2001 12:18:21 GMT\r\n"
+
"Server: Apache/1.3.14 (Unix)\r\n"
+
"Content-Type: text/html; charset=iso-8859-1\r\n"
+
"Transfer-encoding: chunked\r\n\r\n"
+
"B\r\nHelloWorld1\r\n"
+
"B\r\nHelloWorld2\r\n"
+
"B\r\nHelloWorld3\r\n"
+
"B\r\nHelloWorld4\r\n"
+
"B\r\nHelloWorld5\r\n"
+
"0\r\n"
+
"Proxy-Authentication-Info: "
;
DigestServer
(
ServerSocket
y
)
{
s
=
y
;
port
=
s
.
getLocalPort
();
}
public
void
run
()
{
try
{
Socket
s1
=
s
.
accept
();
is
=
s1
.
getInputStream
();
os
=
s1
.
getOutputStream
();
is
.
read
();
os
.
write
(
reply1
.
getBytes
());
Thread
.
sleep
(
2000
);
s1
.
close
();
s1
=
s
.
accept
();
is
=
s1
.
getInputStream
();
os
=
s1
.
getOutputStream
();
is
.
read
();
// need to get the cnonce out of the response
MessageHeader
header
=
new
MessageHeader
(
is
);
String
raw
=
header
.
findValue
(
"Proxy-Authorization"
);
HeaderParser
parser
=
new
HeaderParser
(
raw
);
String
cnonce
=
parser
.
findValue
(
"cnonce"
);
String
cnstring
=
parser
.
findValue
(
"nc"
);
String
clientrsp
=
parser
.
findValue
(
"response"
);
String
expected
=
computeDigest
(
true
,
username
,
passwd
,
realm
,
"GET"
,
uri
,
nonce
,
cnonce
,
cnstring
);
if
(!
expected
.
equals
(
clientrsp
))
{
s1
.
close
();
s
.
close
();
error
=
true
;
return
;
}
String
reply
=
reply2
+
getAuthorization
(
realm
,
false
,
uri
,
"GET"
,
cnonce
,
cnstring
,
passwd
,
username
)
+
"\r\n"
;
os
.
write
(
reply
.
getBytes
());
Thread
.
sleep
(
2000
);
s1
.
close
();
}
catch
(
Exception
e
)
{
System
.
out
.
println
(
e
);
e
.
printStackTrace
();
}
}
private
String
getAuthorization
(
String
realm
,
boolean
isRequest
,
String
uri
,
String
method
,
String
cnonce
,
String
cnstring
,
char
[]
password
,
String
username
)
{
String
response
;
try
{
response
=
computeDigest
(
isRequest
,
username
,
passwd
,
realm
,
method
,
uri
,
nonce
,
cnonce
,
cnstring
);
}
catch
(
NoSuchAlgorithmException
ex
)
{
return
null
;
}
String
value
=
"Digest"
+
" qop=\"auth"
+
"\", cnonce=\""
+
cnonce
+
"\", rspauth=\""
+
response
+
"\", nc=\""
+
cnstring
+
"\""
;
return
(
value
+
"\r\n"
);
}
private
String
computeDigest
(
boolean
isRequest
,
String
userName
,
char
[]
password
,
String
realm
,
String
connMethod
,
String
requestURI
,
String
nonceString
,
String
cnonce
,
String
ncValue
)
throws
NoSuchAlgorithmException
{
String
A1
,
HashA1
;
MessageDigest
md
=
MessageDigest
.
getInstance
(
"MD5"
);
{
A1
=
userName
+
":"
+
realm
+
":"
;
HashA1
=
encode
(
A1
,
password
,
md
);
}
String
A2
;
if
(
isRequest
)
{
A2
=
connMethod
+
":"
+
requestURI
;
}
else
{
A2
=
":"
+
requestURI
;
}
String
HashA2
=
encode
(
A2
,
null
,
md
);
String
combo
,
finalHash
;
{
/* RRC2617 when qop=auth */
combo
=
HashA1
+
":"
+
nonceString
+
":"
+
ncValue
+
":"
+
cnonce
+
":auth:"
+
HashA2
;
}
finalHash
=
encode
(
combo
,
null
,
md
);
return
finalHash
;
}
private
final
static
char
charArray
[]
=
{
'0'
,
'1'
,
'2'
,
'3'
,
'4'
,
'5'
,
'6'
,
'7'
,
'8'
,
'9'
,
'a'
,
'b'
,
'c'
,
'd'
,
'e'
,
'f'
};
private
String
encode
(
String
src
,
char
[]
passwd
,
MessageDigest
md
)
{
md
.
update
(
src
.
getBytes
());
if
(
passwd
!=
null
)
{
byte
[]
passwdBytes
=
new
byte
[
passwd
.
length
];
for
(
int
i
=
0
;
i
<
passwd
.
length
;
i
++)
passwdBytes
[
i
]
=
(
byte
)
passwd
[
i
];
md
.
update
(
passwdBytes
);
Arrays
.
fill
(
passwdBytes
,
(
byte
)
0x00
);
}
byte
[]
digest
=
md
.
digest
();
StringBuffer
res
=
new
StringBuffer
(
digest
.
length
*
2
);
for
(
int
i
=
0
;
i
<
digest
.
length
;
i
++)
{
int
hashchar
=
((
digest
[
i
]
>>>
4
)
&
0xf
);
res
.
append
(
charArray
[
hashchar
]);
hashchar
=
(
digest
[
i
]
&
0xf
);
res
.
append
(
charArray
[
hashchar
]);
}
return
res
.
toString
();
}
}
static
class
MyAuthenticator
extends
Authenticator
{
public
MyAuthenticator
()
{
super
();
}
public
PasswordAuthentication
getPasswordAuthentication
()
{
return
(
new
PasswordAuthentication
(
username
,
passwd
));
}
}
public
static
void
main
(
String
[]
args
)
throws
Exception
{
int
nLoops
=
1
;
int
nSize
=
10
;
int
port
,
n
=
0
;
byte
b
[]
=
new
byte
[
nSize
];
DigestServer
server
;
ServerSocket
sock
;
try
{
sock
=
new
ServerSocket
(
0
);
port
=
sock
.
getLocalPort
();
}
catch
(
Exception
e
)
{
System
.
out
.
println
(
"Exception: "
+
e
);
return
;
}
server
=
new
DigestServer
(
sock
);
server
.
start
();
try
{
Authenticator
.
setDefault
(
new
MyAuthenticator
());
SocketAddress
addr
=
new
InetSocketAddress
(
"127.0.0.1"
,
port
);
Proxy
proxy
=
new
Proxy
(
Proxy
.
Type
.
HTTP
,
addr
);
String
s
=
"http://www.ibm.com"
;
URL
url
=
new
URL
(
s
);
java
.
net
.
URLConnection
conURL
=
url
.
openConnection
(
proxy
);
InputStream
in
=
conURL
.
getInputStream
();
int
c
;
while
((
c
=
in
.
read
())
!=
-
1
)
{
}
in
.
close
();
}
catch
(
IOException
e
)
{
e
.
printStackTrace
();
error
=
true
;
}
if
(
error
)
{
throw
new
RuntimeException
(
"Error in test"
);
}
}
}
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录