/* * Copyright (C) 2010, Google Inc. * and other copyright owners as documented in the project's IP log. * * This program and the accompanying materials are made available * under the terms of the Eclipse Distribution License v1.0 which * accompanies this distribution, is reproduced below, and is * available at http://www.eclipse.org/org/documents/edl-v10.php * * All rights reserved. * * Redistribution and use in source and binary forms, with or * without modification, are permitted provided that the following * conditions are met: * * - Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * - Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * - Neither the name of the Eclipse Foundation, Inc. nor the * names of its contributors may be used to endorse or promote * products derived from this software without specific prior * written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ package org.eclipse.jgit.transport; import static org.eclipse.jgit.util.HttpSupport.HDR_AUTHORIZATION; import static org.eclipse.jgit.util.HttpSupport.HDR_WWW_AUTHENTICATE; import java.io.IOException; import java.io.UnsupportedEncodingException; import java.net.HttpURLConnection; import java.net.URL; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.util.Collections; import java.util.HashMap; import java.util.LinkedHashMap; import java.util.Map; import java.util.Random; import org.eclipse.jgit.util.Base64; /** * Support class to populate user authentication data on a connection. *
* Instances of an HttpAuthMethod are not thread-safe, as some implementations
* may need to maintain per-connection state information.
*/
abstract class HttpAuthMethod {
/** No authentication is configured. */
static final HttpAuthMethod NONE = new None();
/**
* Handle an authentication failure and possibly return a new response.
*
* @param conn
* the connection that failed.
* @return new authentication method to try.
*/
static HttpAuthMethod scanResponse(HttpURLConnection conn) {
String hdr = conn.getHeaderField(HDR_WWW_AUTHENTICATE);
if (hdr == null || hdr.length() == 0)
return NONE;
int sp = hdr.indexOf(' ');
if (sp < 0)
return NONE;
String type = hdr.substring(0, sp);
if (Basic.NAME.equalsIgnoreCase(type))
return new Basic();
else if (Digest.NAME.equalsIgnoreCase(type))
return new Digest(hdr.substring(sp + 1));
else
return NONE;
}
/**
* Update this method with the credentials from the URIish.
*
* @param uri
* the URI used to create the connection.
* @param credentialsProvider
* the credentials provider, or null. If provided,
* {@link URIish#getPass() credentials in the URI} are ignored.
*
* @return true if the authentication method is able to provide
* authorization for the given URI
*/
boolean authorize(URIish uri, CredentialsProvider credentialsProvider) {
String username;
String password;
if (credentialsProvider != null) {
CredentialItem.Username u = new CredentialItem.Username();
CredentialItem.Password p = new CredentialItem.Password();
if (credentialsProvider.supports(u, p)
&& credentialsProvider.get(uri, u, p)) {
username = u.getValue();
password = new String(p.getValue());
p.clear();
} else
return false;
} else {
username = uri.getUser();
password = uri.getPass();
}
if (username != null) {
authorize(username, password);
return true;
}
return false;
}
/**
* Update this method with the given username and password pair.
*
* @param user
* @param pass
*/
abstract void authorize(String user, String pass);
/**
* Update connection properties based on this authentication method.
*
* @param conn
* @throws IOException
*/
abstract void configureRequest(HttpURLConnection conn) throws IOException;
/** Performs no user authentication. */
private static class None extends HttpAuthMethod {
@Override
void authorize(String user, String pass) {
// Do nothing when no authentication is enabled.
}
@Override
void configureRequest(HttpURLConnection conn) throws IOException {
// Do nothing when no authentication is enabled.
}
}
/** Performs HTTP basic authentication (plaintext username/password). */
private static class Basic extends HttpAuthMethod {
static final String NAME = "Basic";
private String user;
private String pass;
@Override
void authorize(final String username, final String password) {
this.user = username;
this.pass = password;
}
@Override
void configureRequest(final HttpURLConnection conn) throws IOException {
String ident = user + ":" + pass;
String enc = Base64.encodeBytes(ident.getBytes("UTF-8"));
conn.setRequestProperty(HDR_AUTHORIZATION, NAME + " " + enc);
}
}
/** Performs HTTP digest authentication. */
private static class Digest extends HttpAuthMethod {
static final String NAME = "Digest";
private static final Random PRNG = new Random();
private final Map