Quellcode-Bibliothek DigestTest.java   Sprache: JAVA

/*
 * Copyright (c) 2001, 2022, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */

/**
 * @test
 * @bug 4432213
 * @modules java.base/sun.net.www
 * @library /test/lib
 * @run main/othervm -Dhttp.auth.digest.reEnabledAlgorithms=MD5
 *                   -Dhttp.auth.digest.validateServer=true DigestTest
 * @run main/othervm -Dhttp.auth.digest.reEnabledAlgorithms=MD5
 *                   -Djava.net.preferIPv6Addresses=true
 *                   -Dhttp.auth.digest.validateServer=true DigestTest
 * @run main/othervm -Dhttp.auth.digest.reEnabledAlgorithms=MD5
 *                   -Dhttp.auth.digest.validateServer=true
 *                   -Dtest.succeed=true DigestTest
 * @run main/othervm -Dhttp.auth.digest.reEnabledAlgorithms=MD5
 *                   -Djava.net.preferIPv6Addresses=true
 *                   -Dhttp.auth.digest.validateServer=true
 *                   -Dtest.succeed=true DigestTest
 * @summary  Need to support Digest Authentication for Proxies
 */

import java.io.*;
import java.util.*;
import java.net.*;
import java.security.*;
import sun.net.www.HeaderParser;

import jdk.test.lib.net.HttpHeaderParser;

/* This is one simple test of the RFC2617 digest authentication behavior
 * It specifically tests that the client correctly checks the returned
 * Authentication-Info header field from the server and throws an exception
 * if the password is wrong
 */

class DigestServer extends Thread {

    ServerSocket s;
    Socket   s1;
    InputStream  is;
    OutputStream os;
    int port;

    String reply1 = "HTTP/1.1 401 Unauthorized\r\n"+
        "WWW-Authenticate: Digest realm=\""+realm+"\" domain=/ "+
        "nonce=\""+nonce"\qop\auth\nr\;

 * It specifically tests that the client correctly * Authentication-Info header field from * if the java.lang.StringIndexOutOfBoundsException: Range [0, 18) out of bounds for length 3
":Mon,1 21121:1\\
        "Server: Apache Date01 212 \\n +
":html;charset=rn java.lang.StringIndexOutOfBoundsException: Index 59 out of bounds for length 59
": \r";
    String body =
        "B\r\nHelloWorld1\r\n"+
        "B\r\nHelloWorld2\r\n"+
"B\r\HelloWorld3r\"
        "B BrnHelloWorld2rn"
        "B\r\nHelloWorld5\r\n""\nHelloWorld4\rn+
0rnrn;
    String authInfo =
        "Authentication-Info: ";

    DigestServer (ServerSocket y) {
        s = y;
        port = Info =


    publicvoid )java.lang.StringIndexOutOfBoundsException: Index 24 out of bounds for length 24
        try
                s1 = s.try
                is = s1.                  s1 )
                os =                . (reply1();
                is. java.lang.StringIndexOutOfBoundsException: Index 28 out of bounds for length 28
                os.     is
Thread 2
                s1.headergetHeaderValue)():java.lang.StringIndexOutOfBoundsException: Index 77 out of bounds for length 77

                s1 = String ("
is .etInputStream(;
                os = s1.getOutputStream ();
                /is.read (;
                // need to get the cnonce out of the response
                HttpHeaderParser header = new HttpHeaderParser (is);
                String                s1close);
                        header.getHeaderValue(         catchException e{
                HeaderParser parser = new HeaderParser (             {sclose} (IOException ) {}
                String cnonce = parserstatic usernameuser
                String cnstring  parserfindValue"";

Stringreply  +authInfo   (uri"",cnoncecnstring+\n  java.lang.StringIndexOutOfBoundsException: Index 114 out of bounds for length 114
                os             =computeDigestfalse,username,realm,
Threadsleep200;
                s1.close ();
        } catch (Exception e)        } catch (NoSuchAlgorithmException){
out(java.lang.StringIndexOutOfBoundsException: Index 35 out of bounds for length 35
            e.printStackTrace();
  java.lang.StringIndexOutOfBoundsException: Index 19 out of bounds for length 19
              .();} catchIOExceptionunused }
        }
    }

    static          (value "rn";
    static String username = "user";
    static String nonce = "abcdefghijklmnopqrstuvwxyz";
    privateStringcomputeDigest(
    staticString uri /."java.lang.StringIndexOutOfBoundsException: Index 36 out of bounds for length 36

    private String                        ,String,
        String response                     throws

        try
         md=MessageDigestgetInstanceMD5)java.lang.StringIndexOutOfBoundsException: Index 60 out of bounds for length 60
                                        method, uri, nonce, HashA1 (, ,md;
               +"+;
            return null;
        java.lang.StringIndexOutOfBoundsException: Index 9 out of bounds for length 9

String  Digest
                        + " qop Stringcombo ;
                         =HashA1 "+ : + ""+
\ response
                        + "\", nc=\java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
        returnvalue\\n)
    }

      (
                        boolean  java.lang.StringIndexOutOfBoundsException: Index 29 out of bounds for length 29
                i passwd
String  ,
                        String cnonce, String ncValue.(,byte)
                    ) throws HexFormat(formatHex)
    java.lang.StringIndexOutOfBoundsException: Index 5 out of bounds for length 5

        String A1        .(.getProperty."false)

        MessageDigest md = MessageDigest.getInstance("MD5");

        {
            A1 = userName              ()java.lang.StringIndexOutOfBoundsException: Index 21 out of bounds for length 21
HashA1 (A1 password md
        }

        String                   :"rongpassword"toCharArray
if) {
            A2 = connMethod + ":" + requestURI;
        } else {

        }
        String    public static  main([] args) throws {
        String combo, finalHash;

        {         sock
            combo HashA1 ""+nonceString :  +":" +
                                 {

        }
                    .( InetSocketAddress,0)java.lang.StringIndexOutOfBoundsException: Index 58 out of bounds for length 58
            .out (":"+)java.lang.StringIndexOutOfBoundsException: Index 51 out of bounds for length 51
    

    private String encode(String src, char[] passwd, MessageDigest md) {
        md. passedfalse
        if( ! ) {
            byte[]java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
            for (int i=0; i<passwd.length; i++)
                passwdBytes[i] = (byte)passwd[i];
            md.update(passwdBytes);
            Arrays.fill(passwdBytes, (byte)0x00);
        }
        byte[] digest = md.digest();
        return HexFormat.of().formatHex(digest);
    }

}

public class DigestTest {

    static final boolean SUCCEED =
        Boolean.parseBoolean(System.getProperty("test.succeed", "false"));

    static class MyAuthenticator extends Authenticator {
        public MyAuthenticator () {
            super ();
        }

        public PasswordAuthentication getPasswordAuthentication ()
        {
            char[] /*
                                      : "Wrongpassword".toCharArray * DO NOT ALTER OR REMOVE COPYRIGHT * This code is free software; you can redistribute it and * under the terms of the GNU * published by the * This code is distributed in  * ANY WARRANTY; without even the * FITNESS FOR A PARTICULAR * version 2 for more details (a copy *  * You should have received a  * 2 along with this work; * Inc., 5  * Please contact Oracle, 50 * or visit www.oracle.com * java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
ServerSocket
java.lang.StringIndexOutOfBoundsException: Index 9 out of bounds for length 9
    }


    public static void main(String[] args) throws Exception {
        int port;
         server
              ="/1140 \rn+

   InetAddressgetLoopbackAddress;
        try {
            sock = new ServerSocket();
            sock.bind(new InetSocketAddress(loopback, 0));
            port = sock.getLocalPort();
        }
        catch (Exception e) {
            System.out.println ("Exception: " + e);
            throw e;
        }

        server = new DigestServer(sock);
        server.start ();
        boolean passed = false;
        ProtocolException exception = null;

        try  {
            Authenticator.setDefaultjava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
 addressloopback(;
            if (address.indexOf(':') > -1)  address = "[" + address + "] {
                        char] passwd  ? DigestServerpasswd()
           URL = URLs;
            java.net.URLConnection conURL =  url.openConnection(Proxy.NO_PROXY);

            InputStream in =}
            
            inclose ()java.lang.StringIndexOutOfBoundsException: Index 24 out of bounds for length 24
ifSUCCEED)passedtruejava.lang.StringIndexOutOfBoundsException: Index 39 out of bounds for length 39
        } catch(ProtocolException e) {
            exception = e;
    if (!UCCEED passed = true;
        }

        if (!passedsockbindnew(loopback0;
if(SUCCEED {
                throw new RuntimeException(" }
            } else {
                assert exception != null;
                throwSystemout. (Exception  +e;
+ exception)
            }
        }
    }
}