mirrors
/
jgit
mirror of https://github.com/eclipse/jgit.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 204 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2031 Commits
49 Branches
Tree: e251355897
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'e251355897'
${ noResults }
jgit/org.eclipse.jgit/src/org/eclipse/jgit/transport/HttpAuthMethod.java

HttpAuthMethod.java 11KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383 
  1. /*

  2.  * Copyright (C) 2010, Google Inc.

  3.  * and other copyright owners as documented in the project's IP log.

  4.  *

  5.  * This program and the accompanying materials are made available

  6.  * under the terms of the Eclipse Distribution License v1.0 which

  7.  * accompanies this distribution, is reproduced below, and is

  8.  * available at http://www.eclipse.org/org/documents/edl-v10.php

  9.  *

  10.  * All rights reserved.

  11.  *

  12.  * Redistribution and use in source and binary forms, with or

  13.  * without modification, are permitted provided that the following

  14.  * conditions are met:

  15.  *

  16.  * - Redistributions of source code must retain the above copyright

  17.  *   notice, this list of conditions and the following disclaimer.

  18.  *

  19.  * - Redistributions in binary form must reproduce the above

  20.  *   copyright notice, this list of conditions and the following

  21.  *   disclaimer in the documentation and/or other materials provided

  22.  *   with the distribution.

  23.  *

  24.  * - Neither the name of the Eclipse Foundation, Inc. nor the

  25.  *   names of its contributors may be used to endorse or promote

  26.  *   products derived from this software without specific prior

  27.  *   written permission.

  28.  *

  29.  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND

  30.  * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,

  31.  * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES

  32.  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

  33.  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR

  34.  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

  35.  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

  36.  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

  37.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER

  38.  * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

  39.  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

  40.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF

  41.  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

  42.  */

  43. 

  44. package org.eclipse.jgit.transport;

  45. 

  46. import static org.eclipse.jgit.util.HttpSupport.HDR_AUTHORIZATION;

  47. import static org.eclipse.jgit.util.HttpSupport.HDR_WWW_AUTHENTICATE;

  48. 

  49. import java.io.IOException;

  50. import java.io.UnsupportedEncodingException;

  51. import java.net.HttpURLConnection;

  52. import java.net.URL;

  53. import java.security.MessageDigest;

  54. import java.security.NoSuchAlgorithmException;

  55. import java.util.Collections;

  56. import java.util.HashMap;

  57. import java.util.LinkedHashMap;

  58. import java.util.Map;

  59. import java.util.Random;

  60. 

  61. import org.eclipse.jgit.util.Base64;

  62. 

  63. /**

  64.  * Support class to populate user authentication data on a connection.

  65.  * <p>

  66.  * Instances of an HttpAuthMethod are not thread-safe, as some implementations

  67.  * may need to maintain per-connection state information.

  68.  */

  69. abstract class HttpAuthMethod {

  70. 	/** No authentication is configured. */

  71. 	static final HttpAuthMethod NONE = new None();

  72. 

  73. 	/**

  74. 	 * Handle an authentication failure and possibly return a new response.

  75. 	 *

  76. 	 * @param conn

  77. 	 *            the connection that failed.

  78. 	 * @return new authentication method to try.

  79. 	 */

  80. 	static HttpAuthMethod scanResponse(HttpURLConnection conn) {

  81. 		String hdr = conn.getHeaderField(HDR_WWW_AUTHENTICATE);

  82. 		if (hdr == null || hdr.length() == 0)

  83. 			return NONE;

  84. 

  85. 		int sp = hdr.indexOf(' ');

  86. 		if (sp < 0)

  87. 			return NONE;

  88. 

  89. 		String type = hdr.substring(0, sp);

  90. 		if (Basic.NAME.equalsIgnoreCase(type))

  91. 			return new Basic();

  92. 		else if (Digest.NAME.equalsIgnoreCase(type))

  93. 			return new Digest(hdr.substring(sp + 1));

  94. 		else

  95. 			return NONE;

  96. 	}

  97. 

  98. 	/**

  99. 	 * Update this method with the credentials from the URIish.

  100. 	 *

  101. 	 * @param uri

  102. 	 *            the URI used to create the connection.

  103. 	 * @param credentialsProvider

  104. 	 *            the credentials provider, or null. If provided,

  105. 	 *            {@link URIish#getPass() credentials in the URI} are ignored.

  106. 	 *

  107. 	 * @return true if the authentication method is able to provide

  108. 	 *         authorization for the given URI

  109. 	 */

  110. 	boolean authorize(URIish uri, CredentialsProvider credentialsProvider) {

  111. 		String username;

  112. 		String password;

  113. 

  114. 		if (credentialsProvider != null) {

  115. 			CredentialItem.Username u = new CredentialItem.Username();

  116. 			CredentialItem.Password p = new CredentialItem.Password();

  117. 

  118. 			if (credentialsProvider.supports(u, p)

  119. 					&& credentialsProvider.get(uri, u, p)) {

  120. 				username = u.getValue();

  121. 				password = new String(p.getValue());

  122. 				p.clear();

  123. 			} else

  124. 				return false;

  125. 		} else {

  126. 			username = uri.getUser();

  127. 			password = uri.getPass();

  128. 		}

  129. 		if (username != null) {

  130. 			authorize(username, password);

  131. 			return true;

  132. 		}

  133. 		return false;

  134. 	}

  135. 

  136. 	/**

  137. 	 * Update this method with the given username and password pair.

  138. 	 *

  139. 	 * @param user

  140. 	 * @param pass

  141. 	 */

  142. 	abstract void authorize(String user, String pass);

  143. 

  144. 	/**

  145. 	 * Update connection properties based on this authentication method.

  146. 	 *

  147. 	 * @param conn

  148. 	 * @throws IOException

  149. 	 */

  150. 	abstract void configureRequest(HttpURLConnection conn) throws IOException;

  151. 

  152. 	/** Performs no user authentication. */

  153. 	private static class None extends HttpAuthMethod {

  154. 		@Override

  155. 		void authorize(String user, String pass) {

  156. 			// Do nothing when no authentication is enabled.

  157. 		}

  158. 

  159. 		@Override

  160. 		void configureRequest(HttpURLConnection conn) throws IOException {

  161. 			// Do nothing when no authentication is enabled.

  162. 		}

  163. 	}

  164. 

  165. 	/** Performs HTTP basic authentication (plaintext username/password). */

  166. 	private static class Basic extends HttpAuthMethod {

  167. 		static final String NAME = "Basic";

  168. 

  169. 		private String user;

  170. 

  171. 		private String pass;

  172. 

  173. 		@Override

  174. 		void authorize(final String username, final String password) {

  175. 			this.user = username;

  176. 			this.pass = password;

  177. 		}

  178. 

  179. 		@Override

  180. 		void configureRequest(final HttpURLConnection conn) throws IOException {

  181. 			String ident = user + ":" + pass;

  182. 			String enc = Base64.encodeBytes(ident.getBytes("UTF-8"));

  183. 			conn.setRequestProperty(HDR_AUTHORIZATION, NAME + " " + enc);

  184. 		}

  185. 	}

  186. 

  187. 	/** Performs HTTP digest authentication. */

  188. 	private static class Digest extends HttpAuthMethod {

  189. 		static final String NAME = "Digest";

  190. 

  191. 		private static final Random PRNG = new Random();

  192. 

  193. 		private final Map<String, String> params;

  194. 

  195. 		private int requestCount;

  196. 

  197. 		private String user;

  198. 

  199. 		private String pass;

  200. 

  201. 		Digest(String hdr) {

  202. 			params = parse(hdr);

  203. 

  204. 			final String qop = params.get("qop");

  205. 			if ("auth".equals(qop)) {

  206. 				final byte[] bin = new byte[8];

  207. 				PRNG.nextBytes(bin);

  208. 				params.put("cnonce", Base64.encodeBytes(bin));

  209. 			}

  210. 		}

  211. 

  212. 		@Override

  213. 		void authorize(final String username, final String password) {

  214. 			this.user = username;

  215. 			this.pass = password;

  216. 		}

  217. 

  218. 		@SuppressWarnings("boxing")

  219. 		@Override

  220. 		void configureRequest(final HttpURLConnection conn) throws IOException {

  221. 			final Map<String, String> r = new LinkedHashMap<String, String>();

  222. 

  223. 			final String realm = params.get("realm");

  224. 			final String nonce = params.get("nonce");

  225. 			final String cnonce = params.get("cnonce");

  226. 			final String uri = uri(conn.getURL());

  227. 			final String qop = params.get("qop");

  228. 			final String method = conn.getRequestMethod();

  229. 

  230. 			final String A1 = user + ":" + realm + ":" + pass;

  231. 			final String A2 = method + ":" + uri;

  232. 

  233. 			r.put("username", user);

  234. 			r.put("realm", realm);

  235. 			r.put("nonce", nonce);

  236. 			r.put("uri", uri);

  237. 

  238. 			final String response, nc;

  239. 			if ("auth".equals(qop)) {

  240. 				nc = String.format("%08x", ++requestCount);

  241. 				response = KD(H(A1), nonce + ":" + nc + ":" + cnonce + ":"

  242. 						+ qop

  243. 						+ ":"

  244. 						+ H(A2));

  245. 			} else {

  246. 				nc = null;

  247. 				response = KD(H(A1), nonce + ":" + H(A2));

  248. 			}

  249. 			r.put("response", response);

  250. 			if (params.containsKey("algorithm"))

  251. 				r.put("algorithm", "MD5");

  252. 			if (cnonce != null && qop != null)

  253. 				r.put("cnonce", cnonce);

  254. 			if (params.containsKey("opaque"))

  255. 				r.put("opaque", params.get("opaque"));

  256. 			if (qop != null)

  257. 				r.put("qop", qop);

  258. 			if (nc != null)

  259. 				r.put("nc", nc);

  260. 

  261. 			StringBuilder v = new StringBuilder();

  262. 			for (Map.Entry<String, String> e : r.entrySet()) {

  263. 				if (v.length() > 0)

  264. 					v.append(", ");

  265. 				v.append(e.getKey());

  266. 				v.append('=');

  267. 				v.append('"');

  268. 				v.append(e.getValue());

  269. 				v.append('"');

  270. 			}

  271. 			conn.setRequestProperty(HDR_AUTHORIZATION, NAME + " " + v);

  272. 		}

  273. 

  274. 		private static String uri(URL u) {

  275. 			StringBuilder r = new StringBuilder();

  276. 			r.append(u.getProtocol());

  277. 			r.append("://");

  278. 			r.append(u.getHost());

  279. 			if (0 < u.getPort()) {

  280. 				if (u.getPort() == 80 && "http".equals(u.getProtocol())) {

  281. 					/* nothing */

  282. 				} else if (u.getPort() == 443

  283. 						&& "https".equals(u.getProtocol())) {

  284. 					/* nothing */

  285. 				} else {

  286. 					r.append(':').append(u.getPort());

  287. 				}

  288. 			}

  289. 			r.append(u.getPath());

  290. 			if (u.getQuery() != null)

  291. 				r.append('?').append(u.getQuery());

  292. 			return r.toString();

  293. 		}

  294. 

  295. 		private static String H(String data) {

  296. 			try {

  297. 				MessageDigest md = newMD5();

  298. 				md.update(data.getBytes("UTF-8"));

  299. 				return LHEX(md.digest());

  300. 			} catch (UnsupportedEncodingException e) {

  301. 				throw new RuntimeException("UTF-8 encoding not available", e);

  302. 			}

  303. 		}

  304. 

  305. 		private static String KD(String secret, String data) {

  306. 			try {

  307. 				MessageDigest md = newMD5();

  308. 				md.update(secret.getBytes("UTF-8"));

  309. 				md.update((byte) ':');

  310. 				md.update(data.getBytes("UTF-8"));

  311. 				return LHEX(md.digest());

  312. 			} catch (UnsupportedEncodingException e) {

  313. 				throw new RuntimeException("UTF-8 encoding not available", e);

  314. 			}

  315. 		}

  316. 

  317. 		private static MessageDigest newMD5() {

  318. 			try {

  319. 				return MessageDigest.getInstance("MD5");

  320. 			} catch (NoSuchAlgorithmException e) {

  321. 				throw new RuntimeException("No MD5 available", e);

  322. 			}

  323. 		}

  324. 

  325. 		private static final char[] LHEX = { '0', '1', '2', '3', '4', '5', '6',

  326. 				'7', '8', '9', //

  327. 				'a', 'b', 'c', 'd', 'e', 'f' };

  328. 

  329. 		private static String LHEX(byte[] bin) {

  330. 			StringBuilder r = new StringBuilder(bin.length * 2);

  331. 			for (int i = 0; i < bin.length; i++) {

  332. 				byte b = bin[i];

  333. 				r.append(LHEX[(b >>> 4) & 0x0f]);

  334. 				r.append(LHEX[b & 0x0f]);

  335. 			}

  336. 			return r.toString();

  337. 		}

  338. 

  339. 		private static Map<String, String> parse(String auth) {

  340. 			Map<String, String> p = new HashMap<String, String>();

  341. 			int next = 0;

  342. 			while (next < auth.length()) {

  343. 				if (next < auth.length() && auth.charAt(next) == ',') {

  344. 					next++;

  345. 				}

  346. 				while (next < auth.length()

  347. 						&& Character.isWhitespace(auth.charAt(next))) {

  348. 					next++;

  349. 				}

  350. 

  351. 				int eq = auth.indexOf('=', next);

  352. 				if (eq < 0 || eq + 1 == auth.length()) {

  353. 					return Collections.emptyMap();

  354. 				}

  355. 

  356. 				final String name = auth.substring(next, eq);

  357. 				final String value;

  358. 				if (auth.charAt(eq + 1) == '"') {

  359. 					int dq = auth.indexOf('"', eq + 2);

  360. 					if (dq < 0) {

  361. 						return Collections.emptyMap();

  362. 					}

  363. 					value = auth.substring(eq + 2, dq);

  364. 					next = dq + 1;

  365. 

  366. 				} else {

  367. 					int space = auth.indexOf(' ', eq + 1);

  368. 					int comma = auth.indexOf(',', eq + 1);

  369. 					if (space < 0)

  370. 						space = auth.length();

  371. 					if (comma < 0)

  372. 						comma = auth.length();

  373. 

  374. 					final int e = Math.min(space, comma);

  375. 					value = auth.substring(eq + 1, e);

  376. 					next = e + 1;

  377. 				}

  378. 				p.put(name, value);

  379. 			}

  380. 			return p;

  381. 		}

  382. 	}

  383. }