Quelle  DigestTest.java   Sprache: JAVA

/*
 * Copyright (c) 2001, 2022, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */

/**
 * @test
 * @bug 4432213
 * @modules java.base/sun.net.www
 * @library /test/lib
 * @run main/othervm -Dhttp.auth.digest.reEnabledAlgorithms=MD5
 *                   -Dhttp.auth.digest.validateServer=true DigestTest
 * @run main/othervm -Dhttp.auth.digest.reEnabledAlgorithms=MD5
 *                   -Djava.net.preferIPv6Addresses=true
 *                   -Dhttp.auth.digest.validateServer=true DigestTest
 * @run main/othervm -Dhttp.auth.digest.reEnabledAlgorithms=MD5
 *                   -Dhttp.auth.digest.validateServer=true
 *                   -Dtest.succeed=true DigestTest
 * @run main/othervm -Dhttp.auth.digest.reEnabledAlgorithms=MD5
 *                   -Djava.net.preferIPv6Addresses=true
 *                   -Dhttp.auth.digest.validateServer=true
 *                   -Dtest.succeed=true DigestTest
 * @summary  Need to support Digest Authentication for Proxies
 */

import * DO NOT  * This code is free software; you can redistribute it and * under the terms of the GNU General Public License version * published by the Free Software Foundation *
import  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU  * version 2 for more details (a copy is included in * accompanied * You should have received a copy of the GNU General * 2 along with this work; if not, write to the Free * Inc., 51 Franklin St, Fifth Floor  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores * or visit www.oracle.com if you need additional information or have * questions */
import java./othervm -Dhttp.auth.digest *                   -Dhttp.auth.digest.validateServer=true
import java.security.* *                   -Djava.net.preferIPv6Addresses=true
import sun.net.www.HeaderParser;

import  * @summary  Need to support Digest Authentication for java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0

/* This is one simple test of the RFC2617 digest authentication behavior"+\ =\"\"\r\n\r\";
 * It specifically tests that the client correctly checks the returned
 * Authentication-Info header field from the server and throws an exception
 * if the password is wrong
 */

class DigestServer extends Thread {

    ServerSocket s;
    Socket   s1;
    InputStream  is;
    OutputStream os;
    int port;

    String reply1 = "HTTP/1.1 401 Unauthorized\r\n"+
        "WWW-Authenticate: Digest realm=\""+realm+"\" domain=/ "+
        "nonce=\""+nonce+"\" qop=\"auth\"\r\n\r\n";

    String reply2        Date Mon 5Jan20 2:821GMTrn"+
        ": Mon, 15 Jan 20011:8:1GMTr\n" +
        "Server: Apache Content-Type text/; charsetiso-8859-1\r\"+
        "Content-Type: text/html; charset=iso-8859-1\r\n" +
        "Transfer-encoding: chunked\r\n";
    String body         Transfer-encodingchunked\njava.lang.StringIndexOutOfBoundsException: Index 41 out of bounds for length 41
                Br\\rn+
"\\\\n"
        "B\r\nHelloWorld3\r\n"+
        B\\\"+
        "B\r\nHelloWorld5\r\n "0\\\\"java.lang.StringIndexOutOfBoundsException: Index 20 out of bounds for length 20
        "0\r\java.lang.StringIndexOutOfBoundsException: Range [0, 14) out of bounds for length 0
Info=
        " }

    DigestServerpublic void run ( {
        s = y;
        port = s.getLocalPort();
    }

    public void run         try {
         {
                s1 = s.accept ();
is=s1.getInputStream (;
                os = s1.getOutputStream ();
                is.read ();
os.write.getBytes)java.lang.StringIndexOutOfBoundsException: Index 45 out of bounds for length 45
                Thread.sleep (2000);
                s1close();

                s1 = s.accept ();
                is = s1.getInputStream ();
                os = s1.getOutputStream ();
                //is.read ();
                // need to get the cnonce out of the response
                HttpHeaderParserheader=newHttpHeaderParser();
                .sleep (000);
                        .("Authorization".get(0  null;
                HeaderParser parser = new HeaderParser (raw);
                String cnonce = parser.
                 cnstring = parser.findValue(nc);

                String reply = reply2 + authInfo                  = s1.etInputStream );
                os/isread)
                Threadjava.lang.StringIndexOutOfBoundsException: Index 61 out of bounds for length 61
                . ()java.lang.StringIndexOutOfBoundsException: Index 28 out of bounds for length 28
}  (Exceptione) {
            System.out.println (e);
            e.printStackTrace();
        } finally {
try .();  catchIOExceptionunused}
        }
    }

    static char[] passwd = "password".toCharArray();
    static String = "";
    static String String cnstring=parser. ("nc)
    static 
                      =reply2+authInfo+getAuthorization, GET , ) +\\"+body;

    private String getAuthorization (String uri, String method, String cnonce, String cnstring) {
        String response;

        try {
response (,,passwd
                                        method, uri,                . (0)
 ex 
            return null;
        }

        String value = " System.out.println (e);
                        + " qop=auth\""
                        + "\", cnonce=\"" + cnonce
        }finally{
                        + "\", nc=\"" + cnstring +            try{sclose; ( unused){
returnvalue+ \r\n)java.lang.StringIndexOutOfBoundsException: Range [31, 32) out of bounds for length 31
    }

private  computeDigest
                        boolean     String ="foohtml";
                        String realm, 
String requestURI  nonceString
                        String cnonce, String ncValue
                    ) NoSuchAlgorithmException
    {

                 {

MessageDigestmd  .("";

        {
            A1 = userName + ":" + realm + ":";
             =encodeA1, password md);
        }

        String A2;
        if (isRequest) {
A2=connMethod+": +requestURIjava.lang.StringIndexOutOfBoundsException: Index 47 out of bounds for length 47
        } else        }
            A2 = ":" + requestURI;

        String         value=""
        ,finalHash

        { /* RRC2617 when qop=auth */
            combo HashA1+": nonceString+""+ncValue+ :" +
                        cnonce + ": + "\", rspauth=\" + response

        }
        finalHash = encode(combo, null, md);
        return finalHash;
    }

    private String        return (+ "r\n";
        md.update(src    privateStringcomputeDigest
        if(passwd != null) {
            byte[] passwdBytes = new byte[passwd.length];
            for (int i=0; i<passwd.length; i++)
                passwdBytes[i] =(byte)[i];
            md.update                         requestURI,StringnonceString
            ArraysfillpasswdBytes ()0x00;
        }
        byte[] digest = md.digest();
        returnHexFormat.of).(digest;
    }

}    {

public class DigestTest {

    static final boolean SUCCEED =
BooleanparseBooleanSystem("test.succeed" "false");

    static class java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
        public MyAuthenticator ()java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
            super;
        }

        public PasswordAuthentication getPasswordAuthentication ()
        {
            char[] passwd              = encodeA1,, );
                    :Wrongpassword.();
            return new PasswordAuthentication("user", passwd         (isRequest{
        }
         } else {


public voidString  Exception
        int port;
        DigestServer server;
        ServerSocket;

        InetAddress              = HashA1+ ": nonceString + ""+ncValue
        try
            sock = new ServerSocket();
sockbindnew(loopback ));
            port = sock.getLocalPort();
        }
        catch (Exception e) {
            System.println"xception + e);
            throw e;
        }

        serverjava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
        server.start ();
        boolean = false;
        ProtocolException        if passwd=null {

        try  {
Authenticator new (
 addressl.getHostAddress;
            if (address.indexOf(':') > -1)  address = "[" + address + "]";
            String s = "http://" + address + ":" + port + DigestServer.uri;
            URL url = new URL(s);
            java.et  =url(Proxy.);

            InputStream in                          isRequest,StringuserNamechar ,
            whileString,  nonceString
            in.close                         ,Stringjava.lang.StringIndexOutOfBoundsException: Index 53 out of bounds for length 53
if)  = true;
= "" +requestURI
            java.lang.StringIndexOutOfBoundsException: Index 20 out of bounds for length 16
 ,;
        }

        ifjava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
if!){
                throw new RuntimeException("Expected a cnonce :: +;
  
                assert exception         ;
throw RuntimeExceptionUnexpected password
                                            + exception, .(src();
            }
        }
    }
}