diff options
Diffstat (limited to 'src/share/classes/sun/net/www/protocol/http/DigestAuthentication.java')
-rw-r--r-- | src/share/classes/sun/net/www/protocol/http/DigestAuthentication.java | 44 |
1 files changed, 37 insertions, 7 deletions
diff --git a/src/share/classes/sun/net/www/protocol/http/DigestAuthentication.java b/src/share/classes/sun/net/www/protocol/http/DigestAuthentication.java index 8701a7756..f031407f1 100644 --- a/src/share/classes/sun/net/www/protocol/http/DigestAuthentication.java +++ b/src/share/classes/sun/net/www/protocol/http/DigestAuthentication.java @@ -34,8 +34,11 @@ import java.util.StringTokenizer; import java.util.Random; import sun.net.www.HeaderParser; +import sun.net.NetProperties; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; +import java.security.PrivilegedAction; +import java.security.AccessController; import static sun.net.www.protocol.http.HttpURLConnection.HTTP_CONNECT; /** @@ -51,6 +54,23 @@ class DigestAuthentication extends AuthenticationInfo { private String authMethod; + private final static String compatPropName = "http.auth.digest." + + "quoteParameters"; + + // true if http.auth.digest.quoteParameters Net property is true + private static final boolean delimCompatFlag; + + static { + Boolean b = AccessController.doPrivileged( + new PrivilegedAction<Boolean>() { + public Boolean run() { + return NetProperties.getBoolean(compatPropName); + } + } + ); + delimCompatFlag = (b == null) ? false : b.booleanValue(); + } + // Authentication parameters defined in RFC2617. // One instance of these may be shared among several DigestAuthentication // instances as a result of a single authorization (for multiple domains) @@ -357,24 +377,34 @@ class DigestAuthentication extends AuthenticationInfo { ncfield = "\", nc=" + ncstring; } + String algoS, qopS; + + if (delimCompatFlag) { + // Put quotes around these String value parameters + algoS = ", algorithm=\"" + algorithm + "\""; + qopS = ", qop=\"auth\""; + } else { + // Don't put quotes around them, per the RFC + algoS = ", algorithm=" + algorithm; + qopS = ", qop=auth"; + } + String value = authMethod + " username=\"" + pw.getUserName() + "\", realm=\"" + realm + "\", nonce=\"" + nonce + ncfield + ", uri=\"" + uri - + "\", response=\"" + response - + "\", algorithm=" + algorithm; + + "\", response=\"" + response + "\"" + + algoS; if (opaque != null) { - value = value + ", opaque=\"" + opaque; - value = value + "\""; + value += ", opaque=\"" + opaque + "\""; } if (cnonce != null) { - value = value + ", cnonce=\"" + cnonce; - value = value + "\""; + value += ", cnonce=\"" + cnonce + "\""; } if (qop) { - value = value + ", qop=auth"; + value += qopS; } return value; } |