1
/*
2
 * Copyright (c) 2002, 2021, Oracle and/or its affiliates. All rights reserved.
3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4
 *
5
 * This code is free software; you can redistribute it and/or modify it
6
 * under the terms of the GNU General Public License version 2 only, as
7
 * published by the Free Software Foundation.
8
 *
9
 * This code is distributed in the hope that it will be useful, but WITHOUT
10
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
12
 * version 2 for more details (a copy is included in the LICENSE file that
13
 * accompanied this code).
14
 *
15
 * You should have received a copy of the GNU General Public License version
16
 * 2 along with this work; if not, write to the Free Software Foundation,
17
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18
 *
19
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20
 * or visit www.oracle.com if you need additional information or have any
21
 * questions.
22
 */
23

24
/**
25
 * @test
26
 * @bug 4759514
27
 * @library /test/lib
28
 * @run main/othervm B4759514
29
 * @run main/othervm -Djava.net.preferIPv6Addresses=true B4759514
30
 * @summary Digest Authentication is erroniously quoting the nc value, contrary to RFC 2617
31
 */
32

33
import java.io.IOException;
34
import java.io.InputStream;
35
import java.io.PrintWriter;
36
import java.net.Authenticator;
37
import java.net.InetAddress;
38
import java.net.InetSocketAddress;
39
import java.net.PasswordAuthentication;
40
import java.net.ProxySelector;
41
import java.net.URL;
42
import java.net.URLConnection;
43
import java.util.concurrent.Executors;
44

45
import com.sun.net.httpserver.HttpExchange;
46
import com.sun.net.httpserver.HttpHandler;
47
import com.sun.net.httpserver.HttpServer;
48
import jdk.test.lib.net.URIBuilder;
49

50
public class B4759514 implements HttpHandler {
51

52
    static int count = 0;
53
    static String authstring;
54

55
    void errorReply (HttpExchange req, String reply) throws IOException {
56
        req.getResponseHeaders().set("Connection", "close");
57
        req.getResponseHeaders().set("WWW-Authenticate", reply);
58
        req.sendResponseHeaders(401, -1);
59
    }
60

61
    void okReply (HttpExchange req) throws IOException {
62
        req.sendResponseHeaders(200, 0);
63
        try(PrintWriter pw = new PrintWriter(req.getResponseBody())) {
64
            pw.print("Hello .");
65
        }
66
    }
67

68
    public void handle (HttpExchange req) {
69
        try {
70
            if(req.getRequestHeaders().get("Authorization") != null) {
71
                authstring = req.getRequestHeaders().get("Authorization").get(0);
72
                System.out.println(authstring);
73
            }
74
            switch (count) {
75
            case 0:
76
                errorReply (req, "Digest realm=\"wallyworld\", nonce=\"1234\", domain=\"/\"");
77
                break;
78
            case 1:
79
                int n = authstring.indexOf ("nc=");
80
                if (n != -1) {
81
                    if (authstring.charAt (n+3) == '\"') {
82
                        req.sendResponseHeaders(400, -1);
83
                        break;
84
                    }
85
                }
86
                okReply (req);
87
                break;
88
            }
89
            count ++;
90
        } catch (IOException e) {
91
            e.printStackTrace();
92
        }
93
    }
94

95
    static void read (InputStream is) throws IOException {
96
        int c;
97
        while ((c=is.read()) != -1) {
98
            System.out.write (c);
99
        }
100
    }
101

102
    static void client (String u) throws Exception {
103
        URL url = new URL (u);
104
        System.out.println ("client opening connection to: " + u);
105
        URLConnection urlc = url.openConnection ();
106
        InputStream is = urlc.getInputStream ();
107
        read (is);
108
        is.close();
109
    }
110

111
    static HttpServer server;
112

113
    public static void main (String[] args) throws Exception {
114
        B4759514 b4759514 = new B4759514();
115
        MyAuthenticator auth = new MyAuthenticator ();
116
        Authenticator.setDefault (auth);
117
        ProxySelector.setDefault(ProxySelector.of(null)); // no proxy
118
        try {
119
            InetAddress loopback = InetAddress.getLoopbackAddress();
120
            server = HttpServer.create(new InetSocketAddress(loopback, 0), 10);
121
            server.createContext("/", b4759514);
122
            server.setExecutor(Executors.newSingleThreadExecutor());
123
            server.start();
124
            String serverURL = URIBuilder.newBuilder()
125
                    .scheme("http")
126
                    .loopback()
127
                    .port(server.getAddress().getPort())
128
                    .path("/")
129
                    .build()
130
                    .toString();
131
            System.out.println("Server: listening at: " + serverURL);
132
            client(serverURL + "d1/foo.html");
133
        } catch (Exception e) {
134
            if (server != null) {
135
                server.stop(1);
136
            }
137
            throw e;
138
        }
139
        int f = auth.getCount();
140
        if (f != 1) {
141
            except ("Authenticator was called "+f+" times. Should be 1");
142
        }
143
        server.stop(1);
144
    }
145

146
    public static void except (String s) {
147
        server.stop(1);
148
        throw new RuntimeException (s);
149
    }
150

151
    static class MyAuthenticator extends Authenticator {
152
        MyAuthenticator () {
153
            super ();
154
        }
155

156
        int count = 0;
157

158
        public PasswordAuthentication getPasswordAuthentication () {
159
            PasswordAuthentication pw;
160
            pw = new PasswordAuthentication ("user", "pass1".toCharArray());
161
            count ++;
162
            return pw;
163
        }
164

165
        public int getCount () {
166
            return (count);
167
        }
168
    }
169
}
170

171