0N/A/*
3261N/A * Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved.
0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
0N/A *
0N/A * This code is free software; you can redistribute it and/or modify it
0N/A * under the terms of the GNU General Public License version 2 only, as
2362N/A * published by the Free Software Foundation. Oracle designates this
0N/A * particular file as subject to the "Classpath" exception as provided
2362N/A * by Oracle in the LICENSE file that accompanied this code.
0N/A *
0N/A * This code is distributed in the hope that it will be useful, but WITHOUT
0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
0N/A * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
0N/A * version 2 for more details (a copy is included in the LICENSE file that
0N/A * accompanied this code).
0N/A *
0N/A * You should have received a copy of the GNU General Public License version
0N/A * 2 along with this work; if not, write to the Free Software Foundation,
0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
0N/A *
2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
2362N/A * or visit www.oracle.com if you need additional information or have any
2362N/A * questions.
0N/A */
0N/A
0N/Apackage com.sun.net.httpserver;
0N/A
0N/A/**
0N/A * BasicAuthenticator provides an implementation of HTTP Basic
0N/A * authentication. It is an abstract class and must be extended
0N/A * to provide an implementation of {@link #checkCredentials(String,String)}
0N/A * which is called to verify each incoming request.
0N/A */
0N/Apublic abstract class BasicAuthenticator extends Authenticator {
0N/A
0N/A protected String realm;
0N/A
0N/A /**
0N/A * Creates a BasicAuthenticator for the given HTTP realm
0N/A * @param realm The HTTP Basic authentication realm
0N/A * @throws NullPointerException if the realm is an empty string
0N/A */
0N/A public BasicAuthenticator (String realm) {
0N/A this.realm = realm;
0N/A }
0N/A
0N/A /**
0N/A * returns the realm this BasicAuthenticator was created with
0N/A * @return the authenticator's realm string.
0N/A */
0N/A public String getRealm () {
0N/A return realm;
0N/A }
0N/A
0N/A public Result authenticate (HttpExchange t)
0N/A {
0N/A Headers rmap = (Headers) t.getRequestHeaders();
0N/A /*
0N/A * look for auth token
0N/A */
0N/A String auth = rmap.getFirst ("Authorization");
0N/A if (auth == null) {
0N/A Headers map = (Headers) t.getResponseHeaders();
0N/A map.set ("WWW-Authenticate", "Basic realm=" + "\""+realm+"\"");
0N/A return new Authenticator.Retry (401);
0N/A }
0N/A int sp = auth.indexOf (' ');
0N/A if (sp == -1 || !auth.substring(0, sp).equals ("Basic")) {
0N/A return new Authenticator.Failure (401);
0N/A }
0N/A byte[] b = Base64.base64ToByteArray (auth.substring(sp+1));
0N/A String userpass = new String (b);
0N/A int colon = userpass.indexOf (':');
0N/A String uname = userpass.substring (0, colon);
0N/A String pass = userpass.substring (colon+1);
0N/A
0N/A if (checkCredentials (uname, pass)) {
0N/A return new Authenticator.Success (
0N/A new HttpPrincipal (
0N/A uname, realm
0N/A )
0N/A );
0N/A } else {
0N/A /* reject the request again with 401 */
0N/A
0N/A Headers map = (Headers) t.getResponseHeaders();
0N/A map.set ("WWW-Authenticate", "Basic realm=" + "\""+realm+"\"");
0N/A return new Authenticator.Failure(401);
0N/A }
0N/A }
0N/A
0N/A /**
0N/A * called for each incoming request to verify the
0N/A * given name and password in the context of this
0N/A * Authenticator's realm. Any caching of credentials
0N/A * must be done by the implementation of this method
0N/A * @param username the username from the request
0N/A * @param password the password from the request
0N/A * @return <code>true</code> if the credentials are valid,
0N/A * <code>false</code> otherwise.
0N/A */
0N/A public abstract boolean checkCredentials (String username, String password);
0N/A}
0N/A
0N/Aclass Base64 {
0N/A
0N/A /**
0N/A * Translates the specified byte array into a Base64 string as per
0N/A * Preferences.put(byte[]).
0N/A */
0N/A static String byteArrayToBase64(byte[] a) {
0N/A return byteArrayToBase64(a, false);
0N/A }
0N/A
0N/A /**
0N/A * Translates the specified byte array into an "aternate representation"
0N/A * Base64 string. This non-standard variant uses an alphabet that does
0N/A * not contain the uppercase alphabetic characters, which makes it
0N/A * suitable for use in situations where case-folding occurs.
0N/A */
0N/A static String byteArrayToAltBase64(byte[] a) {
0N/A return byteArrayToBase64(a, true);
0N/A }
0N/A
0N/A private static String byteArrayToBase64(byte[] a, boolean alternate) {
0N/A int aLen = a.length;
0N/A int numFullGroups = aLen/3;
0N/A int numBytesInPartialGroup = aLen - 3*numFullGroups;
0N/A int resultLen = 4*((aLen + 2)/3);
0N/A StringBuffer result = new StringBuffer(resultLen);
0N/A char[] intToAlpha = (alternate ? intToAltBase64 : intToBase64);
0N/A
0N/A // Translate all full groups from byte array elements to Base64
0N/A int inCursor = 0;
0N/A for (int i=0; i<numFullGroups; i++) {
0N/A int byte0 = a[inCursor++] & 0xff;
0N/A int byte1 = a[inCursor++] & 0xff;
0N/A int byte2 = a[inCursor++] & 0xff;
0N/A result.append(intToAlpha[byte0 >> 2]);
0N/A result.append(intToAlpha[(byte0 << 4)&0x3f | (byte1 >> 4)]);
0N/A result.append(intToAlpha[(byte1 << 2)&0x3f | (byte2 >> 6)]);
0N/A result.append(intToAlpha[byte2 & 0x3f]);
0N/A }
0N/A
0N/A // Translate partial group if present
0N/A if (numBytesInPartialGroup != 0) {
0N/A int byte0 = a[inCursor++] & 0xff;
0N/A result.append(intToAlpha[byte0 >> 2]);
0N/A if (numBytesInPartialGroup == 1) {
0N/A result.append(intToAlpha[(byte0 << 4) & 0x3f]);
0N/A result.append("==");
0N/A } else {
0N/A // assert numBytesInPartialGroup == 2;
0N/A int byte1 = a[inCursor++] & 0xff;
0N/A result.append(intToAlpha[(byte0 << 4)&0x3f | (byte1 >> 4)]);
0N/A result.append(intToAlpha[(byte1 << 2)&0x3f]);
0N/A result.append('=');
0N/A }
0N/A }
0N/A // assert inCursor == a.length;
0N/A // assert result.length() == resultLen;
0N/A return result.toString();
0N/A }
0N/A
0N/A /**
0N/A * This array is a lookup table that translates 6-bit positive integer
0N/A * index values into their "Base64 Alphabet" equivalents as specified
0N/A * in Table 1 of RFC 2045.
0N/A */
0N/A private static final char intToBase64[] = {
0N/A 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M',
0N/A 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z',
0N/A 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm',
0N/A 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z',
0N/A '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '+', '/'
0N/A };
0N/A
0N/A /**
0N/A * This array is a lookup table that translates 6-bit positive integer
0N/A * index values into their "Alternate Base64 Alphabet" equivalents.
0N/A * This is NOT the real Base64 Alphabet as per in Table 1 of RFC 2045.
0N/A * This alternate alphabet does not use the capital letters. It is
0N/A * designed for use in environments where "case folding" occurs.
0N/A */
0N/A private static final char intToAltBase64[] = {
0N/A '!', '"', '#', '$', '%', '&', '\'', '(', ')', ',', '-', '.', ':',
0N/A ';', '<', '>', '@', '[', ']', '^', '`', '_', '{', '|', '}', '~',
0N/A 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm',
0N/A 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z',
0N/A '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '+', '?'
0N/A };
0N/A
0N/A /**
0N/A * Translates the specified Base64 string (as per Preferences.get(byte[]))
0N/A * into a byte array.
0N/A *
0N/A * @throw IllegalArgumentException if <tt>s</tt> is not a valid Base64
0N/A * string.
0N/A */
0N/A static byte[] base64ToByteArray(String s) {
0N/A return base64ToByteArray(s, false);
0N/A }
0N/A
0N/A /**
0N/A * Translates the specified "aternate representation" Base64 string
0N/A * into a byte array.
0N/A *
0N/A * @throw IllegalArgumentException or ArrayOutOfBoundsException
0N/A * if <tt>s</tt> is not a valid alternate representation
0N/A * Base64 string.
0N/A */
0N/A static byte[] altBase64ToByteArray(String s) {
0N/A return base64ToByteArray(s, true);
0N/A }
0N/A
0N/A private static byte[] base64ToByteArray(String s, boolean alternate) {
0N/A byte[] alphaToInt = (alternate ? altBase64ToInt : base64ToInt);
0N/A int sLen = s.length();
0N/A int numGroups = sLen/4;
0N/A if (4*numGroups != sLen)
0N/A throw new IllegalArgumentException(
0N/A "String length must be a multiple of four.");
0N/A int missingBytesInLastGroup = 0;
0N/A int numFullGroups = numGroups;
0N/A if (sLen != 0) {
0N/A if (s.charAt(sLen-1) == '=') {
0N/A missingBytesInLastGroup++;
0N/A numFullGroups--;
0N/A }
0N/A if (s.charAt(sLen-2) == '=')
0N/A missingBytesInLastGroup++;
0N/A }
0N/A byte[] result = new byte[3*numGroups - missingBytesInLastGroup];
0N/A
0N/A // Translate all full groups from base64 to byte array elements
0N/A int inCursor = 0, outCursor = 0;
0N/A for (int i=0; i<numFullGroups; i++) {
0N/A int ch0 = base64toInt(s.charAt(inCursor++), alphaToInt);
0N/A int ch1 = base64toInt(s.charAt(inCursor++), alphaToInt);
0N/A int ch2 = base64toInt(s.charAt(inCursor++), alphaToInt);
0N/A int ch3 = base64toInt(s.charAt(inCursor++), alphaToInt);
0N/A result[outCursor++] = (byte) ((ch0 << 2) | (ch1 >> 4));
0N/A result[outCursor++] = (byte) ((ch1 << 4) | (ch2 >> 2));
0N/A result[outCursor++] = (byte) ((ch2 << 6) | ch3);
0N/A }
0N/A
0N/A // Translate partial group, if present
0N/A if (missingBytesInLastGroup != 0) {
0N/A int ch0 = base64toInt(s.charAt(inCursor++), alphaToInt);
0N/A int ch1 = base64toInt(s.charAt(inCursor++), alphaToInt);
0N/A result[outCursor++] = (byte) ((ch0 << 2) | (ch1 >> 4));
0N/A
0N/A if (missingBytesInLastGroup == 1) {
0N/A int ch2 = base64toInt(s.charAt(inCursor++), alphaToInt);
0N/A result[outCursor++] = (byte) ((ch1 << 4) | (ch2 >> 2));
0N/A }
0N/A }
0N/A // assert inCursor == s.length()-missingBytesInLastGroup;
0N/A // assert outCursor == result.length;
0N/A return result;
0N/A }
0N/A
0N/A /**
0N/A * Translates the specified character, which is assumed to be in the
0N/A * "Base 64 Alphabet" into its equivalent 6-bit positive integer.
0N/A *
0N/A * @throw IllegalArgumentException or ArrayOutOfBoundsException if
0N/A * c is not in the Base64 Alphabet.
0N/A */
0N/A private static int base64toInt(char c, byte[] alphaToInt) {
0N/A int result = alphaToInt[c];
0N/A if (result < 0)
0N/A throw new IllegalArgumentException("Illegal character " + c);
0N/A return result;
0N/A }
0N/A
0N/A /**
0N/A * This array is a lookup table that translates unicode characters
0N/A * drawn from the "Base64 Alphabet" (as specified in Table 1 of RFC 2045)
0N/A * into their 6-bit positive integer equivalents. Characters that
0N/A * are not in the Base64 alphabet but fall within the bounds of the
0N/A * array are translated to -1.
0N/A */
0N/A private static final byte base64ToInt[] = {
0N/A -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
0N/A -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
0N/A -1, -1, -1, -1, -1, -1, -1, -1, -1, 62, -1, -1, -1, 63, 52, 53, 54,
0N/A 55, 56, 57, 58, 59, 60, 61, -1, -1, -1, -1, -1, -1, -1, 0, 1, 2, 3, 4,
0N/A 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23,
0N/A 24, 25, -1, -1, -1, -1, -1, -1, 26, 27, 28, 29, 30, 31, 32, 33, 34,
0N/A 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51
0N/A };
0N/A
0N/A /**
0N/A * This array is the analogue of base64ToInt, but for the nonstandard
0N/A * variant that avoids the use of uppercase alphabetic characters.
0N/A */
0N/A private static final byte altBase64ToInt[] = {
0N/A -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
0N/A -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 0, 1,
0N/A 2, 3, 4, 5, 6, 7, 8, -1, 62, 9, 10, 11, -1 , 52, 53, 54, 55, 56, 57,
0N/A 58, 59, 60, 61, 12, 13, 14, -1, 15, 63, 16, -1, -1, -1, -1, -1, -1,
0N/A -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
0N/A -1, -1, -1, 17, -1, 18, 19, 21, 20, 26, 27, 28, 29, 30, 31, 32, 33,
0N/A 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50,
0N/A 51, 22, 23, 24, 25
0N/A };
0N/A
0N/A}