Package com.helger.http.digestauth

Class HttpDigestAuth

java.lang.Object
com.helger.http.digestauth.HttpDigestAuth
@Immutable public final class HttpDigestAuth extends Object
Handling for HTTP Digest Authentication
Author:
Philip Helger

  • Field Details

  • Method Details

    • getDigestAuthParams

      @Nullable public static com.helger.collection.commons.ICommonsOrderedMap<String,String> getDigestAuthParams(@Nullable String sAuthHeader)
      Get the parameters of a Digest authentication string. It may be used for both client and server handling.
      Parameters:
      sAuthHeader - The HTTP header value to be interpreted. May be null.
      Returns:
      null if the passed value cannot be parsed as a HTTP Digest Authentication value, a ICommonsOrderedMap with all parameter name-value pairs in the order they are contained.

    • getDigestAuthClientCredentials

      @Nullable public static DigestAuthClientCredentials getDigestAuthClientCredentials(@Nullable String sAuthHeader)
      Get the Digest authentication credentials from the passed HTTP header value.
      Parameters:
      sAuthHeader - The HTTP header value to be interpreted. May be null.
      Returns:
      null if the passed value is not a correct HTTP Digest Authentication header value.

    • getNonceCountString

      @Nullable public static String getNonceCountString(@CheckForSigned int nNonceCount)

    • createDigestAuthClientCredentials

      @Nonnull public static DigestAuthClientCredentials createDigestAuthClientCredentials(@Nonnull EHttpMethod eMethod, @Nonnull @Nonempty String sDigestURI, @Nonnull @Nonempty String sUserName, @Nonnull String sPassword, @Nonnull @Nonempty String sRealm, @Nonnull @Nonempty String sServerNonce, @Nullable String sAlgorithm, @Nullable String sClientNonce, @Nullable String sOpaque, @Nullable String sMessageQOP, @CheckForSigned int nNonceCount)
      Create HTTP Digest auth credentials for a client
      Parameters:
      eMethod - The HTTP method of the request. May not be null.
      sDigestURI - The URI from Request-URI of the Request-Line; duplicated here because proxies are allowed to change the Request-Line in transit. May neither be null nor empty.
      sUserName - User name to use. May neither be null nor empty.
      sPassword - The user's password. May not be null.
      sRealm - The realm as provided by the server. May neither be null nor empty.
      sServerNonce - The nonce as supplied by the server. May neither be null nor empty.
      sAlgorithm - The algorithm as provided by the server. Currently only ALGORITHM_MD5 and ALGORITHM_MD5_SESS is supported. If it is null than ALGORITHM_MD5 is used as default.
      sClientNonce - The client nonce to be used. Must be present if message QOP is specified or if algorithm is ALGORITHM_MD5_SESS.
      This MUST be specified if a qop directive is sent, and MUST NOT be specified if the server did not send a qop directive in the WWW-Authenticate header field. The cnonce-value is an opaque quoted string value provided by the client and used by both client and server to avoid chosen plain text attacks, to provide mutual authentication, and to provide some message integrity protection. See the descriptions below of the calculation of the response- digest and request-digest values.
      sOpaque - The opaque value as supplied by the server. May be null .
      sMessageQOP - The message QOP. Currently only QOP_AUTH is supported. If null is passed, than QOP_AUTH with backward compatibility handling for RFC 2069 is applied.
      Indicates what "quality of protection" the client has applied to the message. If present, its value MUST be one of the alternatives the server indicated it supports in the WWW-Authenticate header. These values affect the computation of the request-digest. Note that this is a single token, not a quoted list of alternatives as in WWW- Authenticate. This directive is optional in order to preserve backward compatibility with a minimal implementation of RFC 2069 [6], but SHOULD be used if the server indicated that qop is supported by providing a qop directive in the WWW-Authenticate header field.
      nNonceCount - This MUST be specified if a qop directive is sent (see above), and MUST NOT be specified if the server did not send a qop directive in the WWW-Authenticate header field. The nc-value is the hexadecimal count of the number of requests (including the current request) that the client has sent with the nonce value in this request. For example, in the first request sent in response to a given nonce value, the client sends "nc=00000001". The purpose of this directive is to allow the server to detect request replays by maintaining its own copy of this count - if the same nc-value is seen twice, then the request is a replay.
      Returns:
      The created DigestAuthCredentials