Introduces validation and decoding logic for the 'username*' field in the DigestScheme class. The changes ensure compliance with RFC 7616 and RFC 5987 by handling cases where the 'username' contains characters not allowed in an ABNF quoted-string.
This commit introduces support for the userhash parameter in Digest Authentication, conforming to the specifications outlined in RFC 7616. The userhash parameter enhances security by allowing the client to hash the username before transmission, thereby protecting the username during transport. This implementation ensures that when the server indicates support for username hashing (userhash=true), the client correctly calculates and includes the hashed username in the Authorization header field, adhering to the protocol defined in RFC 7616 for enhanced security in HTTP Digest Access Authentication.
This commit enforces the use of the 'UTF-8' encoding scheme as the sole allowed value for character encoding in Digest Authentication, in alignment with the guidelines specified in RFC 7616.
- Deprecated the constructor in BasicSchemeFactory that allows setting a custom Charset.
- Updated the default constructor to use StandardCharsets.UTF_8, aligning with RFC 7617 which mandates UTF-8 encoding for Basic Authentication.
Introduced a new method, `validatePassword`, in the `BasicScheme` class to enforce password validation in line with RFC 7617 standards. This method includes control character validation for passwords, ensuring they adhere to RFC 7617 by not containing any control characters.
* Updates the RequestIfRange class to utilize DateUtils for parsing standard HTTP dates.
* Optimize time difference check in RequestIfRange with Instant API.
- Add RequestTraceInterceptor class to handle HTTP TRACE requests in compliance with RFC 7231, Section 4.3.8.
- Throw ProtocolException for sensitive headers like 'Authorization' and 'Cookie' in TRACE requests.
- Throw ProtocolException if TRACE request contains a body.
- Ensure the presence of 'Range' header when 'If-Range' is specified.
- Enforce strong validator requirements when 'If-Range' is paired with a Date.
- Exit processing early if 'Last-Modified' header is missing, ensuring strong validation adherence.
- This adheres to RFC 9110, which states: "There is no default port; a client MUST send the port number even if the CONNECT request is based on a URI reference that contains an authority component with an elided port.
- Replaced `synchronized` blocks with `ReentrantLock` in `LeaseRequest` to better support virtual threads introduced in JDK 21.
- Ensured each `LeaseRequest` instance has its own unique lock for maintaining original synchronization semantics.
- Addressed potential performance and deadlock issues with virtual threads by using explicit lock primitives from `java.util.concurrent.locks`.
This commit enhances the ExponentialBackoffManager and TestLinearBackoffManager unit tests by replacing the use of Thread.sleep() with direct manipulation of internal state to simulate the cooldown period. This change improves test reliability and ensures consistent behavior in resource-constrained environments.
This commit improves the reliability of BackoffManager unit tests by replacing the use of Thread.sleep() with a more robust approach that manipulates lastRouteProbes to simulate the cooldown period. This enhancement ensures that the tests run successfully even in resource-constrained environments, making them more resilient and reliable.
Oleg Kalnichevski
Clayton Walker
Philip Helger
dependabot[bot]
Arturo Bernal
nfawcett
Gary Gregory
Cédric Tabin
Carter Kozak
Marcono1234
cachescrubber