From 8ed2196cd7bbd9bc3e402a0dab58bccd3a39fc1d Mon Sep 17 00:00:00 2001
From: Oleg Kalnichevski <olegk@apache.org>
Date: Mon, 30 Jun 2014 11:55:46 +0000
Subject: [PATCH] HTTPCLIENT-1524: RFC 2617 auth schemes (basic and digest)
 cannot handle auth parameters with mixed or upper case

git-svn-id: https://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk@1606699 13f79535-47bb-0310-9956-ffa450edef68
---
 .../org/apache/http/impl/auth/RFC2617Scheme.java |  2 +-
 .../apache/http/impl/auth/TestDigestScheme.java  | 16 ++++++++++++++++
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/httpclient/src/main/java/org/apache/http/impl/auth/RFC2617Scheme.java b/httpclient/src/main/java/org/apache/http/impl/auth/RFC2617Scheme.java
index 2c2210543..8caf1ba3f 100644
--- a/httpclient/src/main/java/org/apache/http/impl/auth/RFC2617Scheme.java
+++ b/httpclient/src/main/java/org/apache/http/impl/auth/RFC2617Scheme.java
@@ -120,7 +120,7 @@ protected void parseChallenge(
         }
         this.params.clear();
         for (final HeaderElement element : elements) {
-            this.params.put(element.getName(), element.getValue());
+            this.params.put(element.getName().toLowerCase(Locale.ROOT), element.getValue());
         }
     }
 
diff --git a/httpclient/src/test/java/org/apache/http/impl/auth/TestDigestScheme.java b/httpclient/src/test/java/org/apache/http/impl/auth/TestDigestScheme.java
index c90c0e7ae..809225dbe 100644
--- a/httpclient/src/test/java/org/apache/http/impl/auth/TestDigestScheme.java
+++ b/httpclient/src/test/java/org/apache/http/impl/auth/TestDigestScheme.java
@@ -607,6 +607,22 @@ public void testDigestAuthenticationQopAuthOrAuthIntNonRepeatableEntity() throws
         Assert.assertEquals("f2a3f18799759d4f1a1c068b92b573cb", table.get("nonce"));
     }
 
+    @Test
+    public void testParameterCaseSensitivity() throws Exception {
+        final String challenge = "Digest Realm=\"-\", " +
+                "nonce=\"YjYuNGYyYmJhMzUuY2I5ZDhlZDE5M2ZlZDM 1Mjk3NGJkNTIyYjgyNTcwMjQ=\", " +
+                "opaque=\"98700A3D9CE17065E2246B41035C6609\", qop=\"auth\"";
+        final Header authChallenge = new BasicHeader(AUTH.PROXY_AUTH, challenge);
+        final HttpRequest request = new BasicHttpRequest("GET", "/");
+        final Credentials cred = new UsernamePasswordCredentials("username","password");
+        final DigestScheme authscheme = new DigestScheme();
+        final HttpContext context = new BasicHttpContext();
+        authscheme.processChallenge(authChallenge);
+        Assert.assertEquals("-", authscheme.getRealm());
+
+        authscheme.authenticate(cred, request, context);
+    }
+
     @Test(expected=AuthenticationException.class)
     public void testDigestAuthenticationQopIntOnlyNonRepeatableEntity() throws Exception {
         final String challenge = "Digest realm=\"realm1\", nonce=\"f2a3f18799759d4f1a1c068b92b573cb\", " +