1 files changed, 37 insertions, 7 deletions

diff --git a/src/share/classes/sun/net/www/protocol/http/DigestAuthentication.java b/src/share/classes/sun/net/www/protocol/http/DigestAuthentication.java
index 8701a7756..f031407f1 100644
--- a/src/share/classes/sun/net/www/protocol/http/DigestAuthentication.java
+++ b/src/share/classes/sun/net/www/protocol/http/DigestAuthentication.java
@@ -34,8 +34,11 @@ import java.util.StringTokenizer;
 import java.util.Random;
 
 import sun.net.www.HeaderParser;
+import sun.net.NetProperties;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
+import java.security.PrivilegedAction;
+import java.security.AccessController;
 import static sun.net.www.protocol.http.HttpURLConnection.HTTP_CONNECT;
 
 /**
@@ -51,6 +54,23 @@ class DigestAuthentication extends AuthenticationInfo {
 
     private String authMethod;
 
+    private final static String compatPropName = "http.auth.digest." +
+                "quoteParameters";
+
+    // true if http.auth.digest.quoteParameters Net property is true
+    private static final boolean delimCompatFlag;
+
+    static {
+        Boolean b = AccessController.doPrivileged(
+            new PrivilegedAction<Boolean>() {
+                public Boolean run() {
+                    return NetProperties.getBoolean(compatPropName);
+                }
+            }
+        );
+        delimCompatFlag = (b == null) ? false : b.booleanValue();
+    }
+
     // Authentication parameters defined in RFC2617.
     // One instance of these may be shared among several DigestAuthentication
     // instances as a result of a single authorization (for multiple domains)
@@ -357,24 +377,34 @@ class DigestAuthentication extends AuthenticationInfo {
             ncfield = "\", nc=" + ncstring;
         }
 
+        String algoS, qopS;
+
+        if (delimCompatFlag) {
+            // Put quotes around these String value parameters
+            algoS = ", algorithm=\"" + algorithm + "\"";
+            qopS = ", qop=\"auth\"";
+        } else {
+            // Don't put quotes around them, per the RFC
+            algoS = ", algorithm=" + algorithm;
+            qopS = ", qop=auth";
+        }
+
         String value = authMethod
                         + " username=\"" + pw.getUserName()
                         + "\", realm=\"" + realm
                         + "\", nonce=\"" + nonce
                         + ncfield
                         + ", uri=\"" + uri
-                        + "\", response=\"" + response
-                        + "\", algorithm=" + algorithm;
+                        + "\", response=\"" + response + "\""
+                        + algoS;
         if (opaque != null) {
-            value = value + ", opaque=\"" + opaque;
-            value = value + "\"";
+            value += ", opaque=\"" + opaque + "\"";
         }
         if (cnonce != null) {
-            value = value + ", cnonce=\"" + cnonce;
-            value = value + "\"";
+            value += ", cnonce=\"" + cnonce + "\"";
         }
         if (qop) {
-            value = value + ", qop=auth";
+            value += qopS;
         }
         return value;
     }