equal
deleted
inserted
replaced
139 private String specifiedQops; |
139 private String specifiedQops; |
140 private byte[] myCiphers; |
140 private byte[] myCiphers; |
141 private List<String> serverRealms; |
141 private List<String> serverRealms; |
142 |
142 |
143 DigestMD5Server(String protocol, String serverName, Map<String, ?> props, |
143 DigestMD5Server(String protocol, String serverName, Map<String, ?> props, |
144 CallbackHandler cbh) throws SaslException { |
144 CallbackHandler cbh) throws SaslException { |
145 super(props, MY_CLASS_NAME, 1, protocol + "/" + serverName, cbh); |
145 super(props, MY_CLASS_NAME, 1, |
|
146 protocol + "/" + (serverName==null?"*":serverName), |
|
147 cbh); |
146 |
148 |
147 serverRealms = new ArrayList<String>(); |
149 serverRealms = new ArrayList<String>(); |
148 |
150 |
149 useUTF8 = true; // default |
151 useUTF8 = true; // default |
150 |
152 |
171 |
173 |
172 encoding = (useUTF8 ? "UTF8" : "8859_1"); |
174 encoding = (useUTF8 ? "UTF8" : "8859_1"); |
173 |
175 |
174 // By default, use server name as realm |
176 // By default, use server name as realm |
175 if (serverRealms.isEmpty()) { |
177 if (serverRealms.isEmpty()) { |
176 serverRealms.add(serverName); |
178 if (serverName == null) { |
|
179 throw new SaslException( |
|
180 "A realm must be provided in props or serverName"); |
|
181 } else { |
|
182 serverRealms.add(serverName); |
|
183 } |
177 } |
184 } |
178 } |
185 } |
179 |
186 |
180 public byte[] evaluateResponse(byte[] response) throws SaslException { |
187 public byte[] evaluateResponse(byte[] response) throws SaslException { |
181 if (response.length > MAX_RESPONSE_LENGTH) { |
188 if (response.length > MAX_RESPONSE_LENGTH) { |
537 // e.g.: ldap/ldapserver.example.com |
544 // e.g.: ldap/ldapserver.example.com |
538 |
545 |
539 // host should match one of service's configured service names |
546 // host should match one of service's configured service names |
540 // Check against digest URI that mech was created with |
547 // Check against digest URI that mech was created with |
541 |
548 |
542 if (digestUri.equalsIgnoreCase(digestUriFromResponse)) { |
549 if (uriMatches(digestUri, digestUriFromResponse)) { |
543 digestUri = digestUriFromResponse; // account for case-sensitive diffs |
550 digestUri = digestUriFromResponse; // account for case-sensitive diffs |
544 } else { |
551 } else { |
545 throw new SaslException("DIGEST-MD5: digest response format " + |
552 throw new SaslException("DIGEST-MD5: digest response format " + |
546 "violation. Mismatched URI: " + digestUriFromResponse + |
553 "violation. Mismatched URI: " + digestUriFromResponse + |
547 "; expecting: " + digestUri); |
554 "; expecting: " + digestUri); |
649 // Clear password |
656 // Clear password |
650 for (int i = 0; i < passwd.length; i++) { |
657 for (int i = 0; i < passwd.length; i++) { |
651 passwd[i] = 0; |
658 passwd[i] = 0; |
652 } |
659 } |
653 } |
660 } |
|
661 } |
|
662 |
|
663 private static boolean uriMatches(String thisUri, String incomingUri) { |
|
664 // Full match |
|
665 if (thisUri.equalsIgnoreCase(incomingUri)) { |
|
666 return true; |
|
667 } |
|
668 // Unbound match |
|
669 if (thisUri.endsWith("/*")) { |
|
670 int protoAndSlash = thisUri.length() - 1; |
|
671 String thisProtoAndSlash = thisUri.substring(0, protoAndSlash); |
|
672 String incomingProtoAndSlash = incomingUri.substring(0, protoAndSlash); |
|
673 return thisProtoAndSlash.equalsIgnoreCase(incomingProtoAndSlash); |
|
674 } |
|
675 return false; |
654 } |
676 } |
655 |
677 |
656 /** |
678 /** |
657 * Server sends a message formatted as follows: |
679 * Server sends a message formatted as follows: |
658 * response-auth = "rspauth" "=" response-value |
680 * response-auth = "rspauth" "=" response-value |