001: /*
002: * @(#)AuthenticationHeader.java 1.7 06/10/10
003: *
004: * Copyright 1990-2006 Sun Microsystems, Inc. All Rights Reserved.
005: * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER
006: *
007: * This program is free software; you can redistribute it and/or
008: * modify it under the terms of the GNU General Public License version
009: * 2 only, as published by the Free Software Foundation.
010: *
011: * This program is distributed in the hope that it will be useful, but
012: * WITHOUT ANY WARRANTY; without even the implied warranty of
013: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
014: * General Public License version 2 for more details (a copy is
015: * included at /legal/license.txt).
016: *
017: * You should have received a copy of the GNU General Public License
018: * version 2 along with this work; if not, write to the Free Software
019: * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
020: * 02110-1301 USA
021: *
022: * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa
023: * Clara, CA 95054 or visit www.sun.com if you need additional
024: * information or have any questions.
025: */
026:
027: package sun.net.www.protocol.http;
028:
029: import sun.net.www.*;
030: import java.util.Iterator;
031: import java.util.HashMap;
032:
033: /**
034: * This class is used to parse the information in WWW-Authenticate: and Proxy-Authenticate:
035: * headers. It searches among multiple header lines and within each header line
036: * for the best currently supported scheme. It can also return a HeaderParser
037: * containing the challenge data for that particular scheme.
038: *
039: * Some examples:
040: *
041: * WWW-Authenticate: Basic realm="foo" Digest realm="bar" NTLM
042: * Note the realm parameter must be associated with the particular scheme.
043: *
044: * or
045: *
046: * WWW-Authenticate: Basic realm="foo"
047: * WWW-Authenticate: Digest realm="foo",qop="auth",nonce="thisisanunlikelynonce"
048: * WWW-Authenticate: NTLM
049: *
050: * or
051: *
052: * WWW-Authenticate: Basic realm="foo"
053: * WWW-Authenticate: NTLM ASKAJK9893289889QWQIOIONMNMN
054: *
055: * The last example shows how NTLM breaks the rules of rfc2617 for the structure of
056: * the authentication header. This is the reason why the raw header field is used for ntlm.
057: *
058: * At present, the class chooses schemes in following order :
059: * 1. Digest 2. NTLM (if supported) 3. Basic
060: */
061:
062: public class AuthenticationHeader {
063:
064: MessageHeader rsp; // the response to be parsed
065: HeaderParser preferred;
066: String preferred_r; // raw Strings
067:
068: String hdrname; // Name of the header to look for
069:
070: /**
071: * parse a set of authentication headers and choose the preferred scheme
072: * that we support
073: */
074: public AuthenticationHeader(String hdrname, MessageHeader response) {
075: rsp = response;
076: this .hdrname = hdrname;
077: schemes = new HashMap();
078: parse();
079: }
080:
081: /* we build up a map of scheme names mapped to SchemeMapValue objects */
082: static class SchemeMapValue {
083: SchemeMapValue(HeaderParser h, String r) {
084: raw = r;
085: parser = h;
086: }
087:
088: String raw;
089: HeaderParser parser;
090: }
091:
092: HashMap schemes;
093:
094: /* Iterate through each header line, and then within each line.
095: * If multiple entries exist for a particular scheme (unlikely)
096: * then the last one will be used. The
097: * preferred scheme that we support will be used.
098: */
099: private void parse() {
100: Iterator iter = rsp.multiValueIterator(hdrname);
101: while (iter.hasNext()) {
102: String raw = (String) iter.next();
103: HeaderParser hp = new HeaderParser(raw);
104: Iterator keys = hp.keys();
105: int i, lastSchemeIndex;
106: for (i = 0, lastSchemeIndex = -1; keys.hasNext(); i++) {
107: keys.next();
108: if (hp.findValue(i) == null) { /* found a scheme name */
109: if (lastSchemeIndex != -1) {
110: HeaderParser hpn = hp.subsequence(
111: lastSchemeIndex, i);
112: String scheme = hpn.findKey(0);
113: schemes.put(scheme,
114: new SchemeMapValue(hpn, raw));
115: }
116: lastSchemeIndex = i;
117: }
118: }
119: if (i > lastSchemeIndex) {
120: HeaderParser hpn = hp.subsequence(lastSchemeIndex, i);
121: String scheme = hpn.findKey(0);
122: schemes.put(scheme, new SchemeMapValue(hpn, raw));
123: }
124: }
125:
126: /* choose the best of them */
127: SchemeMapValue v;
128: if ((v = (SchemeMapValue) schemes.get("digest")) == null) {
129: //If !NTLMAuthentication.isSupported()
130: if ((v = (SchemeMapValue) schemes.get("ntlm")) == null) {
131: v = (SchemeMapValue) schemes.get("basic");
132: }
133: }
134: if (v != null) {
135: preferred = v.parser;
136: preferred_r = v.raw;
137: ;
138: }
139: }
140:
141: /**
142: * return a header parser containing the preferred authentication scheme (only).
143: * The preferred scheme is the strongest of the schemes proposed by the server.
144: * The returned HeaderParser will contain the relevant parameters for that scheme
145: */
146: public HeaderParser headerParser() {
147: return preferred;
148: }
149:
150: /**
151: * return the name of the preferred scheme
152: */
153: public String scheme() {
154: if (preferred != null) {
155: return preferred.findKey(0);
156: } else {
157: return null;
158: }
159: }
160:
161: /* return the raw header field for the preferred/chosen scheme */
162:
163: public String raw() {
164: return preferred_r;
165: }
166:
167: /**
168: * returns true is the header exists and contains a recognised scheme
169: */
170: public boolean isPresent() {
171: return preferred != null;
172: }
173: }
|