|
@ -1,28 +1,28 @@ |
|
|
/* |
|
|
/* |
|
|
* Conditions Of Use |
|
|
* Conditions Of Use |
|
|
* |
|
|
* |
|
|
* This software was developed by employees of the National Institute of |
|
|
* This software was developed by employees of the National Institute of |
|
|
* Standards and Technology (NIST), an agency of the Federal Government. |
|
|
* Standards and Technology (NIST), an agency of the Federal Government. |
|
|
* Pursuant to title 15 Untied States Code Section 105, works of NIST |
|
|
* Pursuant to title 15 Untied States Code Section 105, works of NIST |
|
|
* employees are not subject to copyright protection in the United States |
|
|
* employees are not subject to copyright protection in the United States |
|
|
* and are considered to be in the public domain. As a result, a formal |
|
|
* and are considered to be in the public domain. As a result, a formal |
|
|
* license is not needed to use the software. |
|
|
* license is not needed to use the software. |
|
|
* |
|
|
* |
|
|
* This software is provided by NIST as a service and is expressly |
|
|
* This software is provided by NIST as a service and is expressly |
|
|
* provided "AS IS." NIST MAKES NO WARRANTY OF ANY KIND, EXPRESS, IMPLIED |
|
|
* provided "AS IS." NIST MAKES NO WARRANTY OF ANY KIND, EXPRESS, IMPLIED |
|
|
* OR STATUTORY, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTY OF |
|
|
* OR STATUTORY, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTY OF |
|
|
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT |
|
|
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT |
|
|
* AND DATA ACCURACY. NIST does not warrant or make any representations |
|
|
* AND DATA ACCURACY. NIST does not warrant or make any representations |
|
|
* regarding the use of the software or the results thereof, including but |
|
|
* regarding the use of the software or the results thereof, including but |
|
|
* not limited to the correctness, accuracy, reliability or usefulness of |
|
|
* not limited to the correctness, accuracy, reliability or usefulness of |
|
|
* the software. |
|
|
* the software. |
|
|
* |
|
|
* |
|
|
* Permission to use this software is contingent upon your acceptance |
|
|
* Permission to use this software is contingent upon your acceptance |
|
|
* of the terms of this agreement |
|
|
* of the terms of this agreement |
|
|
* |
|
|
* |
|
|
* . |
|
|
* . |
|
|
* |
|
|
* |
|
|
*/ |
|
|
*/ |
|
|
package com.genersoft.iot.vmp.gb28181.auth; |
|
|
package com.genersoft.iot.vmp.gb28181.auth; |
|
|
|
|
|
|
|
|
import java.security.MessageDigest; |
|
|
import java.security.MessageDigest; |
|
@ -42,18 +42,18 @@ import gov.nist.core.InternalErrorHandler; |
|
|
|
|
|
|
|
|
/** |
|
|
/** |
|
|
* Implements the HTTP digest authentication method server side functionality. |
|
|
* Implements the HTTP digest authentication method server side functionality. |
|
|
* |
|
|
* |
|
|
* @author M. Ranganathan |
|
|
* @author M. Ranganathan |
|
|
* @author Marc Bednarek |
|
|
* @author Marc Bednarek |
|
|
*/ |
|
|
*/ |
|
|
|
|
|
|
|
|
public class DigestServerAuthenticationHelper { |
|
|
public class DigestServerAuthenticationHelper { |
|
|
|
|
|
|
|
|
private MessageDigest messageDigest; |
|
|
private MessageDigest messageDigest; |
|
|
|
|
|
|
|
|
public static final String DEFAULT_ALGORITHM = "MD5"; |
|
|
public static final String DEFAULT_ALGORITHM = "MD5"; |
|
|
public static final String DEFAULT_SCHEME = "Digest"; |
|
|
public static final String DEFAULT_SCHEME = "Digest"; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@ -63,11 +63,11 @@ public class DigestServerAuthenticationHelper { |
|
|
|
|
|
|
|
|
/** |
|
|
/** |
|
|
* Default constructor. |
|
|
* Default constructor. |
|
|
* @throws NoSuchAlgorithmException |
|
|
* @throws NoSuchAlgorithmException |
|
|
*/ |
|
|
*/ |
|
|
public DigestServerAuthenticationHelper() |
|
|
public DigestServerAuthenticationHelper() |
|
|
throws NoSuchAlgorithmException { |
|
|
throws NoSuchAlgorithmException { |
|
|
messageDigest = MessageDigest.getInstance(DEFAULT_ALGORITHM); |
|
|
messageDigest = MessageDigest.getInstance(DEFAULT_ALGORITHM); |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
public static String toHexString(byte b[]) { |
|
|
public static String toHexString(byte b[]) { |
|
@ -79,7 +79,7 @@ public class DigestServerAuthenticationHelper { |
|
|
} |
|
|
} |
|
|
return new String(c); |
|
|
return new String(c); |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
/** |
|
|
/** |
|
|
* Generate the challenge string. |
|
|
* Generate the challenge string. |
|
|
* |
|
|
* |
|
@ -121,34 +121,34 @@ public class DigestServerAuthenticationHelper { |
|
|
* |
|
|
* |
|
|
* @param request - the request to authenticate. |
|
|
* @param request - the request to authenticate. |
|
|
* @param hashedPassword -- the MD5 hashed string of username:realm:plaintext password. |
|
|
* @param hashedPassword -- the MD5 hashed string of username:realm:plaintext password. |
|
|
* |
|
|
* |
|
|
* @return true if authentication succeded and false otherwise. |
|
|
* @return true if authentication succeded and false otherwise. |
|
|
*/ |
|
|
*/ |
|
|
public boolean doAuthenticateHashedPassword(Request request, String hashedPassword) { |
|
|
public boolean doAuthenticateHashedPassword(Request request, String hashedPassword) { |
|
|
AuthorizationHeader authHeader = (AuthorizationHeader) request.getHeader(AuthorizationHeader.NAME); |
|
|
AuthorizationHeader authHeader = (AuthorizationHeader) request.getHeader(AuthorizationHeader.NAME); |
|
|
if ( authHeader == null ) return false; |
|
|
if ( authHeader == null ) return false; |
|
|
String realm = authHeader.getRealm(); |
|
|
String realm = authHeader.getRealm(); |
|
|
String username = authHeader.getUsername(); |
|
|
String username = authHeader.getUsername(); |
|
|
|
|
|
|
|
|
if ( username == null || realm == null ) { |
|
|
if ( username == null || realm == null ) { |
|
|
return false; |
|
|
return false; |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
String nonce = authHeader.getNonce(); |
|
|
String nonce = authHeader.getNonce(); |
|
|
URI uri = authHeader.getURI(); |
|
|
URI uri = authHeader.getURI(); |
|
|
if (uri == null) { |
|
|
if (uri == null) { |
|
|
return false; |
|
|
return false; |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
String A2 = request.getMethod().toUpperCase() + ":" + uri.toString(); |
|
|
String A2 = request.getMethod().toUpperCase() + ":" + uri.toString(); |
|
|
String HA1 = hashedPassword; |
|
|
String HA1 = hashedPassword; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
byte[] mdbytes = messageDigest.digest(A2.getBytes()); |
|
|
byte[] mdbytes = messageDigest.digest(A2.getBytes()); |
|
|
String HA2 = toHexString(mdbytes); |
|
|
String HA2 = toHexString(mdbytes); |
|
|
|
|
|
|
|
|
String cnonce = authHeader.getCNonce(); |
|
|
String cnonce = authHeader.getCNonce(); |
|
|
String KD = HA1 + ":" + nonce; |
|
|
String KD = HA1 + ":" + nonce; |
|
|
if (cnonce != null) { |
|
|
if (cnonce != null) { |
|
@ -158,7 +158,7 @@ public class DigestServerAuthenticationHelper { |
|
|
mdbytes = messageDigest.digest(KD.getBytes()); |
|
|
mdbytes = messageDigest.digest(KD.getBytes()); |
|
|
String mdString = toHexString(mdbytes); |
|
|
String mdString = toHexString(mdbytes); |
|
|
String response = authHeader.getResponse(); |
|
|
String response = authHeader.getResponse(); |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
return mdString.equals(response); |
|
|
return mdString.equals(response); |
|
|
} |
|
|
} |
|
@ -168,11 +168,11 @@ public class DigestServerAuthenticationHelper { |
|
|
* |
|
|
* |
|
|
* @param request - the request to authenticate. |
|
|
* @param request - the request to authenticate. |
|
|
* @param pass -- the plain text password. |
|
|
* @param pass -- the plain text password. |
|
|
* |
|
|
* |
|
|
* @return true if authentication succeded and false otherwise. |
|
|
* @return true if authentication succeded and false otherwise. |
|
|
*/ |
|
|
*/ |
|
|
public boolean doAuthenticatePlainTextPassword(Request request, String pass) { |
|
|
public boolean doAuthenticatePlainTextPassword(Request request, String pass) { |
|
|
AuthorizationHeader authHeader = (AuthorizationHeader) request.getHeader(AuthorizationHeader.NAME); |
|
|
AuthorizationHeader authHeader = (AuthorizationHeader) request.getHeader(AuthorizationHeader.NAME); |
|
|
if ( authHeader == null ) return false; |
|
|
if ( authHeader == null ) return false; |
|
|
String realm = authHeader.getRealm().trim(); |
|
|
String realm = authHeader.getRealm().trim(); |
|
|
String username = authHeader.getUsername().trim(); |
|
|
String username = authHeader.getUsername().trim(); |
|
@ -184,7 +184,7 @@ public class DigestServerAuthenticationHelper { |
|
|
String nonce = authHeader.getNonce(); |
|
|
String nonce = authHeader.getNonce(); |
|
|
URI uri = authHeader.getURI(); |
|
|
URI uri = authHeader.getURI(); |
|
|
if (uri == null) { |
|
|
if (uri == null) { |
|
|
return false; |
|
|
return false; |
|
|
} |
|
|
} |
|
|
// qop 保护质量 包含auth(默认的)和auth-int(增加了报文完整性检测)两种策略
|
|
|
// qop 保护质量 包含auth(默认的)和auth-int(增加了报文完整性检测)两种策略
|
|
|
String qop = authHeader.getQop(); |
|
|
String qop = authHeader.getQop(); |
|
@ -233,6 +233,6 @@ public class DigestServerAuthenticationHelper { |
|
|
String response = authHeader.getResponse(); |
|
|
String response = authHeader.getResponse(); |
|
|
System.out.println("response: " + response); |
|
|
System.out.println("response: " + response); |
|
|
return mdString.equals(response); |
|
|
return mdString.equals(response); |
|
|
|
|
|
|
|
|
} |
|
|
} |
|
|
} |
|
|
} |
|
|