Examples with DigestAlgorithm - io.undertow.security.idm.DigestAlgorithm

Example 6 with DigestAlgorithm

use of io.undertow.security.idm.DigestAlgorithm in project undertow by undertow-io.

the class DigestAuthenticationMechanism method sendChallenge.

@Override
public ChallengeResult sendChallenge(final HttpServerExchange exchange, final SecurityContext securityContext) {
    DigestContext context = exchange.getAttachment(DigestContext.ATTACHMENT_KEY);
    boolean stale = context == null ? false : context.isStale();
    StringBuilder rb = new StringBuilder(DIGEST_PREFIX);
    rb.append(Headers.REALM.toString()).append("=\"").append(realmName).append("\",");
    rb.append(Headers.DOMAIN.toString()).append("=\"").append(domain).append("\",");
    // based on security constraints.
    rb.append(Headers.NONCE.toString()).append("=\"").append(nonceManager.nextNonce(null, exchange)).append("\",");
    // Not currently using OPAQUE as it offers no integrity, used for session data leaves it vulnerable to
    // session fixation type issues as well.
    rb.append(Headers.OPAQUE.toString()).append("=\"00000000000000000000000000000000\"");
    if (stale) {
        rb.append(",stale=true");
    }
    if (supportedAlgorithms.size() > 0) {
        // This header will need to be repeated once for each algorithm.
        rb.append(",").append(Headers.ALGORITHM.toString()).append("=%s");
    }
    if (qopString != null) {
        rb.append(",").append(Headers.QOP.toString()).append("=\"").append(qopString).append("\"");
    }
    String theChallenge = rb.toString();
    HeaderMap responseHeader = exchange.getResponseHeaders();
    if (supportedAlgorithms.isEmpty()) {
        responseHeader.add(WWW_AUTHENTICATE, theChallenge);
    } else {
        for (DigestAlgorithm current : supportedAlgorithms) {
            responseHeader.add(WWW_AUTHENTICATE, String.format(theChallenge, current.getToken()));
        }
    }
    return new ChallengeResult(true, UNAUTHORIZED);
}

Also used : HeaderMap(io.undertow.util.HeaderMap) DigestAlgorithm(io.undertow.security.idm.DigestAlgorithm)

Aggregations

DigestAlgorithm (io.undertow.security.idm.DigestAlgorithm)6 DigestQop (io.undertow.security.impl.DigestQop)3 AuthenticationMechanism (io.undertow.security.api.AuthenticationMechanism)2 AuthenticationMode (io.undertow.security.api.AuthenticationMode)2 AuthenticationCallHandler (io.undertow.security.handlers.AuthenticationCallHandler)2 AuthenticationConstraintHandler (io.undertow.security.handlers.AuthenticationConstraintHandler)2 AuthenticationMechanismsHandler (io.undertow.security.handlers.AuthenticationMechanismsHandler)2 SecurityInitialHandler (io.undertow.security.handlers.SecurityInitialHandler)2 Account (io.undertow.security.idm.Account)2 IdentityManager (io.undertow.security.idm.IdentityManager)2 BasicAuthenticationMechanism (io.undertow.security.impl.BasicAuthenticationMechanism)2 CachedAuthenticatedSessionMechanism (io.undertow.security.impl.CachedAuthenticatedSessionMechanism)2 DigestAuthenticationMechanism (io.undertow.security.impl.DigestAuthenticationMechanism)2 SimpleNonceManager (io.undertow.security.impl.SimpleNonceManager)2 HttpHandler (io.undertow.server.HttpHandler)2 HttpServerExchange (io.undertow.server.HttpServerExchange)2 PredicateHandler (io.undertow.server.handlers.PredicateHandler)2 HeaderMap (io.undertow.util.HeaderMap)2 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2 ArrayList (java.util.ArrayList)2