Apache
/
httpcomponents-client
mirror of https://github.com/apache/httpcomponents-client.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add client-side `rspauth` value for Digest auth, verifying server knowledge of shared secret per RFC 7616. (#594)

This commit is contained in:
Arturo Bernal 2024-10-29 18:21:23 +01:00 committed by GitHub
parent 1898dffcdb
commit 28c3ea0fd2
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 22 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/DigestScheme.java
View File

@ -460,6 +460,7 @@ public class DigestScheme implements AuthScheme, Serializable {
params.add(new BasicNameValuePair("qop", qop == QualityOfProtection.AUTH_INT ? "auth-int" : "auth"));
params.add(new BasicNameValuePair("nc", nc));
params.add(new BasicNameValuePair("cnonce", cnonce));
params.add(new BasicNameValuePair("rspauth", hasha2));
}
if (algorithm != null) {
params.add(new BasicNameValuePair("algorithm", algorithm));

21
httpclient5/src/test/java/org/apache/hc/client5/http/impl/auth/TestDigestScheme.java
View File

@ -906,5 +906,26 @@ class TestDigestScheme {
Assertions.assertTrue(authResponse.contains("username*"));
}
@Test
void testRspAuthFieldAndQuoting() throws Exception {
final ClassicHttpRequest request = new BasicClassicHttpRequest("POST", "/");
final HttpHost host = new HttpHost("somehost", 80);
final CredentialsProvider credentialsProvider = CredentialsProviderBuilder.create()
.add(new AuthScope(host, "realm1", null), "username", "password".toCharArray())
.build();
// Challenge with qop set to "auth-int" to trigger rspauth field
final String challenge = StandardAuthScheme.DIGEST + " realm=\"realm1\", nonce=\"f2a3f18799759d4f1a1c068b92b573cb\", qop=\"auth-int\"";
final AuthChallenge authChallenge = parse(challenge);
final DigestScheme authscheme = new DigestScheme();
authscheme.processChallenge(authChallenge, null);
Assertions.assertTrue(authscheme.isResponseReady(host, credentialsProvider, null));
final String authResponse = authscheme.generateAuthResponse(host, request, null);
final Map<String, String> table = parseAuthResponse(authResponse);
Assertions.assertNotNull(table.get("rspauth"));
}
}