mirrors
/
jgit
mirror of https://github.com/eclipse/jgit.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 204 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2668 Commits
49 Branches
Tree: 81db591034
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '81db591034'
${ noResults }
jgit/org.eclipse.jgit/src/org/eclipse/jgit/transport/HttpAuthMethod.java

HttpAuthMethod.java 12KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403 
  1. /*

  2.  * Copyright (C) 2010, 2013, Google Inc.

  3.  * and other copyright owners as documented in the project's IP log.

  4.  *

  5.  * This program and the accompanying materials are made available

  6.  * under the terms of the Eclipse Distribution License v1.0 which

  7.  * accompanies this distribution, is reproduced below, and is

  8.  * available at http://www.eclipse.org/org/documents/edl-v10.php

  9.  *

  10.  * All rights reserved.

  11.  *

  12.  * Redistribution and use in source and binary forms, with or

  13.  * without modification, are permitted provided that the following

  14.  * conditions are met:

  15.  *

  16.  * - Redistributions of source code must retain the above copyright

  17.  *   notice, this list of conditions and the following disclaimer.

  18.  *

  19.  * - Redistributions in binary form must reproduce the above

  20.  *   copyright notice, this list of conditions and the following

  21.  *   disclaimer in the documentation and/or other materials provided

  22.  *   with the distribution.

  23.  *

  24.  * - Neither the name of the Eclipse Foundation, Inc. nor the

  25.  *   names of its contributors may be used to endorse or promote

  26.  *   products derived from this software without specific prior

  27.  *   written permission.

  28.  *

  29.  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND

  30.  * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,

  31.  * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES

  32.  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

  33.  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR

  34.  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

  35.  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

  36.  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

  37.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER

  38.  * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

  39.  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

  40.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF

  41.  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

  42.  */

  43. 

  44. package org.eclipse.jgit.transport;

  45. 

  46. import static org.eclipse.jgit.util.HttpSupport.HDR_AUTHORIZATION;

  47. import static org.eclipse.jgit.util.HttpSupport.HDR_WWW_AUTHENTICATE;

  48. 

  49. import java.io.IOException;

  50. import java.io.UnsupportedEncodingException;

  51. import java.net.HttpURLConnection;

  52. import java.net.URL;

  53. import java.security.MessageDigest;

  54. import java.security.NoSuchAlgorithmException;

  55. import java.util.Collections;

  56. import java.util.HashMap;

  57. import java.util.LinkedHashMap;

  58. import java.util.List;

  59. import java.util.Map;

  60. import java.util.Map.Entry;

  61. import java.util.Random;

  62. 

  63. import org.eclipse.jgit.util.Base64;

  64. 

  65. /**

  66.  * Support class to populate user authentication data on a connection.

  67.  * <p>

  68.  * Instances of an HttpAuthMethod are not thread-safe, as some implementations

  69.  * may need to maintain per-connection state information.

  70.  */

  71. abstract class HttpAuthMethod {

  72. 	/** No authentication is configured. */

  73. 	static final HttpAuthMethod NONE = new None();

  74. 	static final String EMPTY_STRING = ""; //$NON-NLS-1$

  75. 	static final String SCHEMA_NAME_SEPARATOR = " "; //$NON-NLS-1$

  76. 

  77. 	/**

  78. 	 * Handle an authentication failure and possibly return a new response.

  79. 	 *

  80. 	 * @param conn

  81. 	 *            the connection that failed.

  82. 	 * @return new authentication method to try.

  83. 	 */

  84. 	static HttpAuthMethod scanResponse(final HttpURLConnection conn) {

  85. 		final Map<String, List<String>> headers = conn.getHeaderFields();

  86. 		HttpAuthMethod authentication = NONE;

  87. 

  88. 		for (final Entry<String, List<String>> entry : headers.entrySet()) {

  89. 			if (HDR_WWW_AUTHENTICATE.equalsIgnoreCase(entry.getKey())) {

  90. 				if (entry.getValue() != null) {

  91. 					for (final String value : entry.getValue()) {

  92. 						if (value != null && value.length() != 0) {

  93. 							final String[] valuePart = value.split(

  94. 									SCHEMA_NAME_SEPARATOR, 2);

  95. 

  96. 							if (Digest.NAME.equalsIgnoreCase(valuePart[0])) {

  97. 								final String param;

  98. 								if (valuePart.length == 1)

  99. 									param = EMPTY_STRING;

  100. 								else

  101. 									param = valuePart[1];

  102. 

  103. 								authentication = new Digest(param);

  104. 								break;

  105. 							}

  106. 

  107. 							if (Basic.NAME.equalsIgnoreCase(valuePart[0]))

  108. 								authentication = new Basic();

  109. 						}

  110. 					}

  111. 				}

  112. 				break;

  113. 			}

  114. 		}

  115. 

  116. 		return authentication;

  117. 	}

  118. 

  119. 	/**

  120. 	 * Update this method with the credentials from the URIish.

  121. 	 *

  122. 	 * @param uri

  123. 	 *            the URI used to create the connection.

  124. 	 * @param credentialsProvider

  125. 	 *            the credentials provider, or null. If provided,

  126. 	 *            {@link URIish#getPass() credentials in the URI} are ignored.

  127. 	 *

  128. 	 * @return true if the authentication method is able to provide

  129. 	 *         authorization for the given URI

  130. 	 */

  131. 	boolean authorize(URIish uri, CredentialsProvider credentialsProvider) {

  132. 		String username;

  133. 		String password;

  134. 

  135. 		if (credentialsProvider != null) {

  136. 			CredentialItem.Username u = new CredentialItem.Username();

  137. 			CredentialItem.Password p = new CredentialItem.Password();

  138. 

  139. 			if (credentialsProvider.supports(u, p)

  140. 					&& credentialsProvider.get(uri, u, p)) {

  141. 				username = u.getValue();

  142. 				password = new String(p.getValue());

  143. 				p.clear();

  144. 			} else

  145. 				return false;

  146. 		} else {

  147. 			username = uri.getUser();

  148. 			password = uri.getPass();

  149. 		}

  150. 		if (username != null) {

  151. 			authorize(username, password);

  152. 			return true;

  153. 		}

  154. 		return false;

  155. 	}

  156. 

  157. 	/**

  158. 	 * Update this method with the given username and password pair.

  159. 	 *

  160. 	 * @param user

  161. 	 * @param pass

  162. 	 */

  163. 	abstract void authorize(String user, String pass);

  164. 

  165. 	/**

  166. 	 * Update connection properties based on this authentication method.

  167. 	 *

  168. 	 * @param conn

  169. 	 * @throws IOException

  170. 	 */

  171. 	abstract void configureRequest(HttpURLConnection conn) throws IOException;

  172. 

  173. 	/** Performs no user authentication. */

  174. 	private static class None extends HttpAuthMethod {

  175. 		@Override

  176. 		void authorize(String user, String pass) {

  177. 			// Do nothing when no authentication is enabled.

  178. 		}

  179. 

  180. 		@Override

  181. 		void configureRequest(HttpURLConnection conn) throws IOException {

  182. 			// Do nothing when no authentication is enabled.

  183. 		}

  184. 	}

  185. 

  186. 	/** Performs HTTP basic authentication (plaintext username/password). */

  187. 	private static class Basic extends HttpAuthMethod {

  188. 		static final String NAME = "Basic"; //$NON-NLS-1$

  189. 

  190. 		private String user;

  191. 

  192. 		private String pass;

  193. 

  194. 		@Override

  195. 		void authorize(final String username, final String password) {

  196. 			this.user = username;

  197. 			this.pass = password;

  198. 		}

  199. 

  200. 		@Override

  201. 		void configureRequest(final HttpURLConnection conn) throws IOException {

  202. 			String ident = user + ":" + pass; //$NON-NLS-1$

  203. 			String enc = Base64.encodeBytes(ident.getBytes("UTF-8")); //$NON-NLS-1$

  204. 			conn.setRequestProperty(HDR_AUTHORIZATION, NAME + " " + enc); //$NON-NLS-1$

  205. 		}

  206. 	}

  207. 

  208. 	/** Performs HTTP digest authentication. */

  209. 	private static class Digest extends HttpAuthMethod {

  210. 		static final String NAME = "Digest"; //$NON-NLS-1$

  211. 

  212. 		private static final Random PRNG = new Random();

  213. 

  214. 		private final Map<String, String> params;

  215. 

  216. 		private int requestCount;

  217. 

  218. 		private String user;

  219. 

  220. 		private String pass;

  221. 

  222. 		Digest(String hdr) {

  223. 			params = parse(hdr);

  224. 

  225. 			final String qop = params.get("qop"); //$NON-NLS-1$

  226. 			if ("auth".equals(qop)) { //$NON-NLS-1$

  227. 				final byte[] bin = new byte[8];

  228. 				PRNG.nextBytes(bin);

  229. 				params.put("cnonce", Base64.encodeBytes(bin)); //$NON-NLS-1$

  230. 			}

  231. 		}

  232. 

  233. 		@Override

  234. 		void authorize(final String username, final String password) {

  235. 			this.user = username;

  236. 			this.pass = password;

  237. 		}

  238. 

  239. 		@SuppressWarnings("boxing")

  240. 		@Override

  241. 		void configureRequest(final HttpURLConnection conn) throws IOException {

  242. 			final Map<String, String> r = new LinkedHashMap<String, String>();

  243. 

  244. 			final String realm = params.get("realm"); //$NON-NLS-1$

  245. 			final String nonce = params.get("nonce"); //$NON-NLS-1$

  246. 			final String cnonce = params.get("cnonce"); //$NON-NLS-1$

  247. 			final String uri = uri(conn.getURL());

  248. 			final String qop = params.get("qop"); //$NON-NLS-1$

  249. 			final String method = conn.getRequestMethod();

  250. 

  251. 			final String A1 = user + ":" + realm + ":" + pass; //$NON-NLS-1$ //$NON-NLS-2$

  252. 			final String A2 = method + ":" + uri; //$NON-NLS-1$

  253. 

  254. 			r.put("username", user); //$NON-NLS-1$

  255. 			r.put("realm", realm); //$NON-NLS-1$

  256. 			r.put("nonce", nonce); //$NON-NLS-1$

  257. 			r.put("uri", uri); //$NON-NLS-1$

  258. 

  259. 			final String response, nc;

  260. 			if ("auth".equals(qop)) { //$NON-NLS-1$

  261. 				nc = String.format("%08x", ++requestCount); //$NON-NLS-1$

  262. 				response = KD(H(A1), nonce + ":" + nc + ":" + cnonce + ":" //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$

  263. 						+ qop + ":" //$NON-NLS-1$

  264. 						+ H(A2));

  265. 			} else {

  266. 				nc = null;

  267. 				response = KD(H(A1), nonce + ":" + H(A2)); //$NON-NLS-1$

  268. 			}

  269. 			r.put("response", response); //$NON-NLS-1$

  270. 			if (params.containsKey("algorithm")) //$NON-NLS-1$

  271. 				r.put("algorithm", "MD5"); //$NON-NLS-1$ //$NON-NLS-2$

  272. 			if (cnonce != null && qop != null)

  273. 				r.put("cnonce", cnonce); //$NON-NLS-1$

  274. 			if (params.containsKey("opaque")) //$NON-NLS-1$

  275. 				r.put("opaque", params.get("opaque")); //$NON-NLS-1$ //$NON-NLS-2$

  276. 			if (qop != null)

  277. 				r.put("qop", qop); //$NON-NLS-1$

  278. 			if (nc != null)

  279. 				r.put("nc", nc); //$NON-NLS-1$

  280. 

  281. 			StringBuilder v = new StringBuilder();

  282. 			for (Map.Entry<String, String> e : r.entrySet()) {

  283. 				if (v.length() > 0)

  284. 					v.append(", "); //$NON-NLS-1$

  285. 				v.append(e.getKey());

  286. 				v.append('=');

  287. 				v.append('"');

  288. 				v.append(e.getValue());

  289. 				v.append('"');

  290. 			}

  291. 			conn.setRequestProperty(HDR_AUTHORIZATION, NAME + " " + v); //$NON-NLS-1$

  292. 		}

  293. 

  294. 		private static String uri(URL u) {

  295. 			StringBuilder r = new StringBuilder();

  296. 			r.append(u.getProtocol());

  297. 			r.append("://"); //$NON-NLS-1$

  298. 			r.append(u.getHost());

  299. 			if (0 < u.getPort()) {

  300. 				if (u.getPort() == 80 && "http".equals(u.getProtocol())) { //$NON-NLS-1$

  301. 					/* nothing */

  302. 				} else if (u.getPort() == 443

  303. 						&& "https".equals(u.getProtocol())) { //$NON-NLS-1$

  304. 					/* nothing */

  305. 				} else {

  306. 					r.append(':').append(u.getPort());

  307. 				}

  308. 			}

  309. 			r.append(u.getPath());

  310. 			if (u.getQuery() != null)

  311. 				r.append('?').append(u.getQuery());

  312. 			return r.toString();

  313. 		}

  314. 

  315. 		private static String H(String data) {

  316. 			try {

  317. 				MessageDigest md = newMD5();

  318. 				md.update(data.getBytes("UTF-8")); //$NON-NLS-1$

  319. 				return LHEX(md.digest());

  320. 			} catch (UnsupportedEncodingException e) {

  321. 				throw new RuntimeException("UTF-8 encoding not available", e); //$NON-NLS-1$

  322. 			}

  323. 		}

  324. 

  325. 		private static String KD(String secret, String data) {

  326. 			try {

  327. 				MessageDigest md = newMD5();

  328. 				md.update(secret.getBytes("UTF-8")); //$NON-NLS-1$

  329. 				md.update((byte) ':');

  330. 				md.update(data.getBytes("UTF-8")); //$NON-NLS-1$

  331. 				return LHEX(md.digest());

  332. 			} catch (UnsupportedEncodingException e) {

  333. 				throw new RuntimeException("UTF-8 encoding not available", e); //$NON-NLS-1$

  334. 			}

  335. 		}

  336. 

  337. 		private static MessageDigest newMD5() {

  338. 			try {

  339. 				return MessageDigest.getInstance("MD5"); //$NON-NLS-1$

  340. 			} catch (NoSuchAlgorithmException e) {

  341. 				throw new RuntimeException("No MD5 available", e); //$NON-NLS-1$

  342. 			}

  343. 		}

  344. 

  345. 		private static final char[] LHEX = { '0', '1', '2', '3', '4', '5', '6',

  346. 				'7', '8', '9', //

  347. 				'a', 'b', 'c', 'd', 'e', 'f' };

  348. 

  349. 		private static String LHEX(byte[] bin) {

  350. 			StringBuilder r = new StringBuilder(bin.length * 2);

  351. 			for (int i = 0; i < bin.length; i++) {

  352. 				byte b = bin[i];

  353. 				r.append(LHEX[(b >>> 4) & 0x0f]);

  354. 				r.append(LHEX[b & 0x0f]);

  355. 			}

  356. 			return r.toString();

  357. 		}

  358. 

  359. 		private static Map<String, String> parse(String auth) {

  360. 			Map<String, String> p = new HashMap<String, String>();

  361. 			int next = 0;

  362. 			while (next < auth.length()) {

  363. 				if (next < auth.length() && auth.charAt(next) == ',') {

  364. 					next++;

  365. 				}

  366. 				while (next < auth.length()

  367. 						&& Character.isWhitespace(auth.charAt(next))) {

  368. 					next++;

  369. 				}

  370. 

  371. 				int eq = auth.indexOf('=', next);

  372. 				if (eq < 0 || eq + 1 == auth.length()) {

  373. 					return Collections.emptyMap();

  374. 				}

  375. 

  376. 				final String name = auth.substring(next, eq);

  377. 				final String value;

  378. 				if (auth.charAt(eq + 1) == '"') {

  379. 					int dq = auth.indexOf('"', eq + 2);

  380. 					if (dq < 0) {

  381. 						return Collections.emptyMap();

  382. 					}

  383. 					value = auth.substring(eq + 2, dq);

  384. 					next = dq + 1;

  385. 

  386. 				} else {

  387. 					int space = auth.indexOf(' ', eq + 1);

  388. 					int comma = auth.indexOf(',', eq + 1);

  389. 					if (space < 0)

  390. 						space = auth.length();

  391. 					if (comma < 0)

  392. 						comma = auth.length();

  393. 

  394. 					final int e = Math.min(space, comma);

  395. 					value = auth.substring(eq + 1, e);

  396. 					next = e + 1;

  397. 				}

  398. 				p.put(name, value);

  399. 			}

  400. 			return p;

  401. 		}

  402. 	}

  403. }