Apache
/
httpcomponents-client
mirror of https://github.com/apache/httpcomponents-client.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enforce Support for UTF-8 Encoding Scheme in Digest Authentication as per RFC 7616 (#508) 

This commit enforces the use of the 'UTF-8' encoding scheme as the sole allowed value for character encoding in Digest Authentication, in alignment with the guidelines specified in RFC 7616.
This commit is contained in:
Arturo Bernal 2023-12-03 21:48:43 +01:00 committed by Oleg Kalnichevski
parent 7b761fb2c3
commit 6976ab58f2
2 changed files with 20 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/DigestScheme.java
View File

@ -122,15 +122,22 @@ public class DigestScheme implements AuthScheme, Serializable {
private UsernamePasswordCredentials credentials; private UsernamePasswordCredentials credentials;
public DigestScheme() { public DigestScheme() {
this(StandardCharsets.ISO_8859_1); this.defaultCharset = StandardCharsets.UTF_8;
}
public DigestScheme(final Charset charset) {
this.defaultCharset = charset != null ? charset : StandardCharsets.ISO_8859_1;
this.paramMap = new HashMap<>(); this.paramMap = new HashMap<>();
this.complete = false; this.complete = false;
} }
/**
* @deprecated This constructor is deprecated to enforce the use of {@link StandardCharsets#UTF_8} encoding
* in compliance with RFC 7616 for HTTP Digest Access Authentication. Use the default constructor {@link #DigestScheme()} instead.
*
* @param charset the {@link Charset} set to be used for encoding credentials. This parameter is ignored as UTF-8 is always used.
*/
@Deprecated
public DigestScheme(final Charset charset) {
this();
}
public void initPreemptive(final Credentials credentials, final String cnonce, final String realm) { public void initPreemptive(final Credentials credentials, final String cnonce, final String realm) {
Args.notNull(credentials, "Credentials"); Args.notNull(credentials, "Credentials");
Args.check(credentials instanceof UsernamePasswordCredentials, Args.check(credentials instanceof UsernamePasswordCredentials,

13
httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/DigestSchemeFactory.java
View File

@ -28,6 +28,7 @@
package org.apache.hc.client5.http.impl.auth; package org.apache.hc.client5.http.impl.auth;
import java.nio.charset.Charset; import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import org.apache.hc.client5.http.auth.AuthScheme; import org.apache.hc.client5.http.auth.AuthScheme;
import org.apache.hc.client5.http.auth.AuthSchemeFactory; import org.apache.hc.client5.http.auth.AuthSchemeFactory;
@ -49,22 +50,24 @@ public class DigestSchemeFactory implements AuthSchemeFactory {
*/ */
public static final DigestSchemeFactory INSTANCE = new DigestSchemeFactory(); public static final DigestSchemeFactory INSTANCE = new DigestSchemeFactory();
private final Charset charset;
/** /**
* @since 5.1 * @param charset the {@link Charset} set to be used for encoding credentials. This parameter is ignored as UTF-8 is always used.
* @deprecated This constructor is deprecated to enforce the use of {@link StandardCharsets#UTF_8} encoding
* in compliance with RFC 7616 for HTTP Digest Access Authentication. Use the default constructor {@link #DigestSchemeFactory()} instead.
*/ */
@Deprecated
public DigestSchemeFactory(final Charset charset) { public DigestSchemeFactory(final Charset charset) {
this.charset = charset; super();
} }
public DigestSchemeFactory() { public DigestSchemeFactory() {
this(null);
} }
@Override @Override
public AuthScheme create(final HttpContext context) { public AuthScheme create(final HttpContext context) {
return new DigestScheme(charset); return new DigestScheme();
} }
} }