Class DigestScheme
java.lang.Object
org.apache.hc.client5.http.impl.auth.DigestScheme
- All Implemented Interfaces:
Serializable
,AuthScheme
Digest authentication scheme.
Both MD5 (default) and MD5-sess are supported.
Currently only qop=auth or no qop is supported. qop=auth-int
is unsupported. If auth and auth-int are provided, auth is
used.
Since the digest username is included as clear text in the generated Authentication header, the charset of the username must be compatible with the HTTP element charset used by the connection.
- Since:
- 4.0
- See Also:
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionprivate static enum
Represent the possible values of quality of protection. -
Field Summary
FieldsModifier and TypeFieldDescriptionprivate byte[]
private byte[]
private ByteArrayBuilder
private String
private boolean
private UsernamePasswordCredentials
private Charset
private static final char[]
Hexa values used when creating 32 character long digest in HTTP DigestScheme in case of authentication.private String
private static final org.slf4j.Logger
private long
private static final long
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescription(package private) static byte[]
Creates a random cnonce value based on the current time.private String
createDigestResponse
(org.apache.hc.core5.http.HttpRequest request) private static MessageDigest
createMessageDigest
(String digAlg) (package private) static String
formatHex
(byte[] binaryData) Encodes the 128 bit (16 bytes) MD5 digest into a 32 characters long string.generateAuthResponse
(org.apache.hc.core5.http.HttpHost host, org.apache.hc.core5.http.HttpRequest request, org.apache.hc.core5.http.protocol.HttpContext context) Generates an authorization response based on the current state.(package private) String
getA1()
(package private) String
getA2()
getName()
Returns textual designation of the given authentication scheme.getNonce()
long
ReturnsPrincipal
whose credentials are used to generate an authentication response.getRealm()
Returns authentication realm.void
initPreemptive
(Credentials credentials, String cnonce, String realm) boolean
Authentication process may involve a series of challenge-response exchanges.boolean
Determines if the authentication scheme is expected to provide an authorization response on a per connection basis instead of the standard per request basisboolean
isResponseReady
(org.apache.hc.core5.http.HttpHost host, CredentialsProvider credentialsProvider, org.apache.hc.core5.http.protocol.HttpContext context) Determines whether or not an authorization response can be generated based on the actual authentication state.void
processChallenge
(AuthChallenge authChallenge, org.apache.hc.core5.http.protocol.HttpContext context) Processes the given auth challenge.private void
toString()
private void
-
Field Details
-
serialVersionUID
private static final long serialVersionUID- See Also:
-
LOG
private static final org.slf4j.Logger LOG -
HEXADECIMAL
private static final char[] HEXADECIMALHexa values used when creating 32 character long digest in HTTP DigestScheme in case of authentication.- See Also:
-
defaultCharset
-
paramMap
-
complete
private boolean complete -
buffer
-
lastNonce
-
nounceCount
private long nounceCount -
cnonce
-
a1
private byte[] a1 -
a2
private byte[] a2 -
credentials
-
-
Constructor Details
-
DigestScheme
public DigestScheme() -
DigestScheme
-
-
Method Details
-
initPreemptive
-
getName
Description copied from interface:AuthScheme
Returns textual designation of the given authentication scheme.- Specified by:
getName
in interfaceAuthScheme
- Returns:
- the name of the given authentication scheme
-
isConnectionBased
public boolean isConnectionBased()Description copied from interface:AuthScheme
Determines if the authentication scheme is expected to provide an authorization response on a per connection basis instead of the standard per request basis- Specified by:
isConnectionBased
in interfaceAuthScheme
- Returns:
true
if the scheme is connection based,false
if the scheme is request based.
-
getRealm
Description copied from interface:AuthScheme
Returns authentication realm. If the concept of an authentication realm is not applicable to the given authentication scheme, returnsnull
.- Specified by:
getRealm
in interfaceAuthScheme
- Returns:
- the authentication realm
-
processChallenge
public void processChallenge(AuthChallenge authChallenge, org.apache.hc.core5.http.protocol.HttpContext context) throws MalformedChallengeException Description copied from interface:AuthScheme
Processes the given auth challenge. Some authentication schemes may involve multiple challenge-response exchanges. Such schemes must be able to maintain internal state when dealing with sequential challenges- Specified by:
processChallenge
in interfaceAuthScheme
- Parameters:
authChallenge
- the auth challengecontext
- HTTP context- Throws:
MalformedChallengeException
- in case the auth challenge is incomplete, malformed or otherwise invalid.
-
isChallengeComplete
public boolean isChallengeComplete()Description copied from interface:AuthScheme
Authentication process may involve a series of challenge-response exchanges. This method tests if the authorization process has been fully completed (either successfully or unsuccessfully), that is, all the required authorization challenges have been processed in their entirety.- Specified by:
isChallengeComplete
in interfaceAuthScheme
- Returns:
true
if the authentication process has been completed,false
otherwise.
-
isResponseReady
public boolean isResponseReady(org.apache.hc.core5.http.HttpHost host, CredentialsProvider credentialsProvider, org.apache.hc.core5.http.protocol.HttpContext context) throws AuthenticationException Description copied from interface:AuthScheme
Determines whether or not an authorization response can be generated based on the actual authentication state. Generally the outcome of this method will depend upon availability of user credentials necessary to produce an authorization response.- Specified by:
isResponseReady
in interfaceAuthScheme
- Parameters:
credentialsProvider
- The credentials to be used for authenticationcontext
- HTTP context- Returns:
true
if an authorization response can be generated and the authentication handshake can proceed,false
otherwise.- Throws:
AuthenticationException
- if authorization string cannot be generated due to an authentication failure
-
getPrincipal
Description copied from interface:AuthScheme
ReturnsPrincipal
whose credentials are used to generate an authentication response. Connection based schemes are required to return a userPrincipal
if authorization applies to for the entire life span of connection.- Specified by:
getPrincipal
in interfaceAuthScheme
- Returns:
- user principal
- See Also:
-
generateAuthResponse
public String generateAuthResponse(org.apache.hc.core5.http.HttpHost host, org.apache.hc.core5.http.HttpRequest request, org.apache.hc.core5.http.protocol.HttpContext context) throws AuthenticationException Description copied from interface:AuthScheme
Generates an authorization response based on the current state. Some authentication schemes may need to load user credentials required to generate an authorization response from aCredentialsProvider
prior to this method call.- Specified by:
generateAuthResponse
in interfaceAuthScheme
- Parameters:
request
- The request being authenticatedcontext
- HTTP context- Returns:
- authorization header
- Throws:
AuthenticationException
- if authorization string cannot be generated due to an authentication failure- See Also:
-
createMessageDigest
private static MessageDigest createMessageDigest(String digAlg) throws UnsupportedDigestAlgorithmException -
createDigestResponse
private String createDigestResponse(org.apache.hc.core5.http.HttpRequest request) throws AuthenticationException - Throws:
AuthenticationException
-
getNonce
-
getNounceCount
@Internal public long getNounceCount() -
getCnonce
-
getA1
String getA1() -
getA2
String getA2() -
formatHex
Encodes the 128 bit (16 bytes) MD5 digest into a 32 characters long string.- Parameters:
binaryData
- array containing the digest- Returns:
- encoded MD5, or
null
if encoding failed
-
createCnonce
static byte[] createCnonce()Creates a random cnonce value based on the current time.- Returns:
- The cnonce value as String.
-
writeObject
- Throws:
IOException
-
readObject
- Throws:
IOException
ClassNotFoundException
-
toString
-