diff options
| author | Alex Rukhlin <arukhlin@microsoft.com> | 2013-03-06 16:35:52 -0500 |
|---|---|---|
| committer | Matthias Sohn <matthias.sohn@sap.com> | 2013-06-23 23:45:42 +0200 |
| commit | 98dd6e6abdba75d05f03b5b073659efe53182dc6 (patch) | |
| tree | a9dfe0edfc9f21f8548224da644b83c01197d0ee /org.eclipse.jgit | |
| parent | 84d2738ff21cfb28f692cfe11e7f1967b53657fb (diff) | |
| download | jgit-98dd6e6abdba75d05f03b5b073659efe53182dc6.tar.gz jgit-98dd6e6abdba75d05f03b5b073659efe53182dc6.zip | |
Fix HTTP response processing for WWW-Authenticate headers
The original code was able to process only one WWW-Authenticate
header in an HTTP response, and if this header was not one of
two expected, authentication failed regardless of that there
could be other headers in the response.
All WWW-Authenticate headers in an HTTP response have to be
browsed to find one of supported, i.e. Basic or Digest.
By that if both are present, the Digest one should be used
as more preferable.
Bug: 357719
Change-Id: Icf601a41fec63f7d40308f3c85aaa4f71a7c095b
Signed-off-by: Alex Rukhlin <arukhlin@microsoft.com>
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
Diffstat (limited to 'org.eclipse.jgit')
| -rw-r--r-- | org.eclipse.jgit/src/org/eclipse/jgit/transport/HttpAuthMethod.java | 55 |
1 files changed, 38 insertions, 17 deletions
diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/transport/HttpAuthMethod.java b/org.eclipse.jgit/src/org/eclipse/jgit/transport/HttpAuthMethod.java index 4ab7998f5c..8acba21bd0 100644 --- a/org.eclipse.jgit/src/org/eclipse/jgit/transport/HttpAuthMethod.java +++ b/org.eclipse.jgit/src/org/eclipse/jgit/transport/HttpAuthMethod.java @@ -1,5 +1,5 @@ /* - * Copyright (C) 2010, Google Inc. + * Copyright (C) 2010, 2013, Google Inc. * and other copyright owners as documented in the project's IP log. * * This program and the accompanying materials are made available @@ -55,7 +55,9 @@ import java.security.NoSuchAlgorithmException; import java.util.Collections; import java.util.HashMap; import java.util.LinkedHashMap; +import java.util.List; import java.util.Map; +import java.util.Map.Entry; import java.util.Random; import org.eclipse.jgit.util.Base64; @@ -69,6 +71,8 @@ import org.eclipse.jgit.util.Base64; abstract class HttpAuthMethod { /** No authentication is configured. */ static final HttpAuthMethod NONE = new None(); + static final String EMPTY_STRING = ""; //$NON-NLS-1$ + static final String SCHEMA_NAME_SEPARATOR = " "; //$NON-NLS-1$ /** * Handle an authentication failure and possibly return a new response. @@ -77,22 +81,39 @@ abstract class HttpAuthMethod { * the connection that failed. * @return new authentication method to try. */ - static HttpAuthMethod scanResponse(HttpURLConnection conn) { - String hdr = conn.getHeaderField(HDR_WWW_AUTHENTICATE); - if (hdr == null || hdr.length() == 0) - return NONE; - - int sp = hdr.indexOf(' '); - if (sp < 0) - return NONE; - - String type = hdr.substring(0, sp); - if (Basic.NAME.equalsIgnoreCase(type)) - return new Basic(); - else if (Digest.NAME.equalsIgnoreCase(type)) - return new Digest(hdr.substring(sp + 1)); - else - return NONE; + static HttpAuthMethod scanResponse(final HttpURLConnection conn) { + final Map<String, List<String>> headers = conn.getHeaderFields(); + HttpAuthMethod authentication = NONE; + + for (final Entry<String, List<String>> entry : headers.entrySet()) { + if (HDR_WWW_AUTHENTICATE.equalsIgnoreCase(entry.getKey())) { + if (entry.getValue() != null) { + for (final String value : entry.getValue()) { + if (value != null && value.length() != 0) { + final String[] valuePart = value.split( + SCHEMA_NAME_SEPARATOR, 2); + + if (Digest.NAME.equalsIgnoreCase(valuePart[0])) { + final String param; + if (valuePart.length == 1) + param = EMPTY_STRING; + else + param = valuePart[1]; + + authentication = new Digest(param); + break; + } + + if (Basic.NAME.equalsIgnoreCase(valuePart[0])) + authentication = new Basic(); + } + } + } + break; + } + } + + return authentication; } /** |