Class DigestScheme

java.lang.Object
org.apache.hc.client5.http.impl.auth.DigestScheme
All Implemented Interfaces:
Serializable, AuthScheme

public class DigestScheme extends Object implements AuthScheme, Serializable
Digest authentication scheme. Both MD5 (default) and MD5-sess are supported. Currently only qop=auth or no qop is supported. qop=auth-int is unsupported. If auth and auth-int are provided, auth is used.

Since the digest username is included as clear text in the generated Authentication header, the charset of the username must be compatible with the HTTP element charset used by the connection.

Since:
4.0
See Also:
  • Field Details

    • serialVersionUID

      private static final long serialVersionUID
      See Also:
    • LOG

      private static final org.slf4j.Logger LOG
    • HEXADECIMAL

      private static final char[] HEXADECIMAL
      Hexa values used when creating 32 character long digest in HTTP DigestScheme in case of authentication.
      See Also:
    • defaultCharset

      private transient Charset defaultCharset
    • paramMap

      private final Map<String,String> paramMap
    • complete

      private boolean complete
    • buffer

      private transient ByteArrayBuilder buffer
    • lastNonce

      private String lastNonce
    • nounceCount

      private long nounceCount
    • cnonce

      private String cnonce
    • a1

      private byte[] a1
    • a2

      private byte[] a2
    • credentials

      private UsernamePasswordCredentials credentials
  • Constructor Details

    • DigestScheme

      public DigestScheme()
    • DigestScheme

      public DigestScheme(Charset charset)
  • Method Details

    • initPreemptive

      public void initPreemptive(Credentials credentials, String cnonce, String realm)
    • getName

      public String getName()
      Description copied from interface: AuthScheme
      Returns textual designation of the given authentication scheme.
      Specified by:
      getName in interface AuthScheme
      Returns:
      the name of the given authentication scheme
    • isConnectionBased

      public boolean isConnectionBased()
      Description copied from interface: AuthScheme
      Determines if the authentication scheme is expected to provide an authorization response on a per connection basis instead of the standard per request basis
      Specified by:
      isConnectionBased in interface AuthScheme
      Returns:
      true if the scheme is connection based, false if the scheme is request based.
    • getRealm

      public String getRealm()
      Description copied from interface: AuthScheme
      Returns authentication realm. If the concept of an authentication realm is not applicable to the given authentication scheme, returns null.
      Specified by:
      getRealm in interface AuthScheme
      Returns:
      the authentication realm
    • processChallenge

      public void processChallenge(AuthChallenge authChallenge, org.apache.hc.core5.http.protocol.HttpContext context) throws MalformedChallengeException
      Description copied from interface: AuthScheme
      Processes the given auth challenge. Some authentication schemes may involve multiple challenge-response exchanges. Such schemes must be able to maintain internal state when dealing with sequential challenges
      Specified by:
      processChallenge in interface AuthScheme
      Parameters:
      authChallenge - the auth challenge
      context - HTTP context
      Throws:
      MalformedChallengeException - in case the auth challenge is incomplete, malformed or otherwise invalid.
    • isChallengeComplete

      public boolean isChallengeComplete()
      Description copied from interface: AuthScheme
      Authentication process may involve a series of challenge-response exchanges. This method tests if the authorization process has been fully completed (either successfully or unsuccessfully), that is, all the required authorization challenges have been processed in their entirety.
      Specified by:
      isChallengeComplete in interface AuthScheme
      Returns:
      true if the authentication process has been completed, false otherwise.
    • isResponseReady

      public boolean isResponseReady(org.apache.hc.core5.http.HttpHost host, CredentialsProvider credentialsProvider, org.apache.hc.core5.http.protocol.HttpContext context) throws AuthenticationException
      Description copied from interface: AuthScheme
      Determines whether or not an authorization response can be generated based on the actual authentication state. Generally the outcome of this method will depend upon availability of user credentials necessary to produce an authorization response.
      Specified by:
      isResponseReady in interface AuthScheme
      Parameters:
      credentialsProvider - The credentials to be used for authentication
      context - HTTP context
      Returns:
      true if an authorization response can be generated and the authentication handshake can proceed, false otherwise.
      Throws:
      AuthenticationException - if authorization string cannot be generated due to an authentication failure
    • getPrincipal

      public Principal getPrincipal()
      Description copied from interface: AuthScheme
      Returns Principal whose credentials are used to generate an authentication response. Connection based schemes are required to return a user Principal if authorization applies to for the entire life span of connection.
      Specified by:
      getPrincipal in interface AuthScheme
      Returns:
      user principal
      See Also:
    • generateAuthResponse

      public String generateAuthResponse(org.apache.hc.core5.http.HttpHost host, org.apache.hc.core5.http.HttpRequest request, org.apache.hc.core5.http.protocol.HttpContext context) throws AuthenticationException
      Description copied from interface: AuthScheme
      Generates an authorization response based on the current state. Some authentication schemes may need to load user credentials required to generate an authorization response from a CredentialsProvider prior to this method call.
      Specified by:
      generateAuthResponse in interface AuthScheme
      Parameters:
      request - The request being authenticated
      context - HTTP context
      Returns:
      authorization header
      Throws:
      AuthenticationException - if authorization string cannot be generated due to an authentication failure
      See Also:
    • createMessageDigest

      private static MessageDigest createMessageDigest(String digAlg) throws UnsupportedDigestAlgorithmException
      Throws:
      UnsupportedDigestAlgorithmException
    • createDigestResponse

      private String createDigestResponse(org.apache.hc.core5.http.HttpRequest request) throws AuthenticationException
      Throws:
      AuthenticationException
    • getNonce

      @Internal public String getNonce()
    • getNounceCount

      @Internal public long getNounceCount()
    • getCnonce

      @Internal public String getCnonce()
    • getA1

      String getA1()
    • getA2

      String getA2()
    • formatHex

      static String formatHex(byte[] binaryData)
      Encodes the 128 bit (16 bytes) MD5 digest into a 32 characters long string.
      Parameters:
      binaryData - array containing the digest
      Returns:
      encoded MD5, or null if encoding failed
    • createCnonce

      static byte[] createCnonce()
      Creates a random cnonce value based on the current time.
      Returns:
      The cnonce value as String.
    • writeObject

      private void writeObject(ObjectOutputStream out) throws IOException
      Throws:
      IOException
    • readObject

      private void readObject(ObjectInputStream in) throws IOException, ClassNotFoundException
      Throws:
      IOException
      ClassNotFoundException
    • toString

      public String toString()
      Overrides:
      toString in class Object