@@ -1,28 +1,28 @@
/*
* Conditions Of Use
*
* This software was developed by employees of the National Institute of
* Standards and Technology (NIST), an agency of the Federal Government.
* Pursuant to title 15 Untied States Code Section 105, works of NIST
* employees are not subject to copyright protection in the United States
* and are considered to be in the public domain. As a result, a formal
* license is not needed to use the software.
*
* This software is provided by NIST as a service and is expressly
* provided "AS IS." NIST MAKES NO WARRANTY OF ANY KIND, EXPRESS, IMPLIED
* OR STATUTORY, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTY OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT
* AND DATA ACCURACY. NIST does not warrant or make any representations
* regarding the use of the software or the results thereof, including but
* not limited to the correctness, accuracy, reliability or usefulness of
* the software.
*
* Permission to use this software is contingent upon your acceptance
* of the terms of this agreement
*
* .
*
*/
* Conditions Of Use
*
* This software was developed by employees of the National Institute of
* Standards and Technology (NIST), an agency of the Federal Government.
* Pursuant to title 15 Untied States Code Section 105, works of NIST
* employees are not subject to copyright protection in the United States
* and are considered to be in the public domain. As a result, a formal
* license is not needed to use the software.
*
* This software is provided by NIST as a service and is expressly
* provided "AS IS." NIST MAKES NO WARRANTY OF ANY KIND, EXPRESS, IMPLIED
* OR STATUTORY, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTY OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT
* AND DATA ACCURACY. NIST does not warrant or make any representations
* regarding the use of the software or the results thereof, including but
* not limited to the correctness, accuracy, reliability or usefulness of
* the software.
*
* Permission to use this software is contingent upon your acceptance
* of the terms of this agreement
*
* .
*
*/
package com.genersoft.iot.vmp.gb28181.auth ;
import java.security.MessageDigest ;
@@ -42,18 +42,18 @@ import gov.nist.core.InternalErrorHandler;
/**
* Implements the HTTP digest authentication method server side functionality.
*
*
* @author M. Ranganathan
* @author Marc Bednarek
*/
public class DigestServerAuthenticationHelper {
private MessageDigest messageDigest ;
public static final String DEFAULT_ALGORITHM = " MD5 " ;
public static final String DEFAULT_SCHEME = " Digest " ;
@@ -63,11 +63,11 @@ public class DigestServerAuthenticationHelper {
/**
* Default constructor.
* @throws NoSuchAlgorithmException
* @throws NoSuchAlgorithmException
*/
public DigestServerAuthenticationHelper ( )
throws NoSuchAlgorithmException {
messageDigest = MessageDigest . getInstance ( DEFAULT_ALGORITHM ) ;
public DigestServerAuthenticationHelper ( )
throws NoSuchAlgorithmException {
messageDigest = MessageDigest . getInstance ( DEFAULT_ALGORITHM ) ;
}
public static String toHexString ( byte b [ ] ) {
@@ -79,7 +79,7 @@ public class DigestServerAuthenticationHelper {
}
return new String ( c ) ;
}
/**
* Generate the challenge string.
*
@@ -121,34 +121,34 @@ public class DigestServerAuthenticationHelper {
*
* @param request - the request to authenticate.
* @param hashedPassword -- the MD5 hashed string of username:realm:plaintext password.
*
*
* @return true if authentication succeded and false otherwise.
*/
public boolean doAuthenticateHashedPassword ( Request request , String hashedPassword ) {
AuthorizationHeader authHeader = ( AuthorizationHeader ) request . getHeader ( AuthorizationHeader . NAME ) ;
AuthorizationHeader authHeader = ( AuthorizationHeader ) request . getHeader ( AuthorizationHeader . NAME ) ;
if ( authHeader = = null ) return false ;
String realm = authHeader . getRealm ( ) ;
String username = authHeader . getUsername ( ) ;
if ( username = = null | | realm = = null ) {
return false ;
}
String nonce = authHeader . getNonce ( ) ;
URI uri = authHeader . getURI ( ) ;
if ( uri = = null ) {
return false ;
}
String A2 = request . getMethod ( ) . toUpperCase ( ) + " : " + uri . toString ( ) ;
String HA1 = hashedPassword ;
byte [ ] mdbytes = messageDigest . digest ( A2 . getBytes ( ) ) ;
String HA2 = toHexString ( mdbytes ) ;
String cnonce = authHeader . getCNonce ( ) ;
String KD = HA1 + " : " + nonce ;
if ( cnonce ! = null ) {
@@ -158,7 +158,7 @@ public class DigestServerAuthenticationHelper {
mdbytes = messageDigest . digest ( KD . getBytes ( ) ) ;
String mdString = toHexString ( mdbytes ) ;
String response = authHeader . getResponse ( ) ;
return mdString . equals ( response ) ;
}
@@ -168,11 +168,11 @@ public class DigestServerAuthenticationHelper {
*
* @param request - the request to authenticate.
* @param pass -- the plain text password.
*
*
* @return true if authentication succeded and false otherwise.
*/
public boolean doAuthenticatePlainTextPassword ( Request request , String pass ) {
AuthorizationHeader authHeader = ( AuthorizationHeader ) request . getHeader ( AuthorizationHeader . NAME ) ;
AuthorizationHeader authHeader = ( AuthorizationHeader ) request . getHeader ( AuthorizationHeader . NAME ) ;
if ( authHeader = = null ) return false ;
String realm = authHeader . getRealm ( ) . trim ( ) ;
String username = authHeader . getUsername ( ) . trim ( ) ;
@@ -184,7 +184,7 @@ public class DigestServerAuthenticationHelper {
String nonce = authHeader . getNonce ( ) ;
URI uri = authHeader . getURI ( ) ;
if ( uri = = null ) {
return false ;
return false ;
}
// qop 保护质量 包含auth( ) ( )
String qop = authHeader . getQop ( ) ;
@@ -233,6 +233,6 @@ public class DigestServerAuthenticationHelper {
String response = authHeader . getResponse ( ) ;
System . out . println ( " response: " + response ) ;
return mdString . equals ( response ) ;
}
}
Lawrence