HTTP Direct Digest Authenticator

-use apache Hex api
-rely on parent equals, hash functions
-use CommonHelper funciton to compose nonce random
-else statement on same line with closing if }
-enhance token parsing in Digest extractor instead of DigestCredentials - this is a better
separation of functionality because the extractor should be in charge with extracting data (same as basic extractor is)
DigestCredentials keep extending TokenCredentials, but now the token is actually the client response instead the full
Digest authorization header

User digest validation changes to: digestCredentials.getToken().equals(digestCredentials.calculateServerDigest(true, pwd))

pac4j-http/src/main/java/org/pac4j/http/client/direct/DirectDigestAuthClient.java

@@ -1,13 +1,11 @@
 package org.pac4j.http.client.direct;
 
 import org.pac4j.core.context.WebContext;
-import org.pac4j.core.exception.CredentialsException;
 import org.pac4j.core.exception.RequiresHttpAction;
+import org.pac4j.core.util.CommonHelper;
 import org.pac4j.http.credentials.CredentialUtil;
 import org.pac4j.http.credentials.DigestCredentials;
 import org.pac4j.http.credentials.authenticator.DigestAuthenticator;
-import org.pac4j.http.credentials.authenticator.UsernamePasswordAuthenticator;
-import org.pac4j.http.credentials.extractor.BasicAuthExtractor;
 import org.pac4j.http.credentials.extractor.DigestAuthExtractor;
 import org.pac4j.http.profile.creator.ProfileCreator;
 
@@ -70,8 +68,6 @@ private String calculateNonce() {
         Date d = new Date();
         SimpleDateFormat f = new SimpleDateFormat("yyyy:MM:dd:hh:mm:ss");
         String fmtDate = f.format(d);
-        Random rand = new Random(100000);
-        Integer randomInt = rand.nextInt();
-        return CredentialUtil.H(fmtDate + randomInt.toString());
+        return CredentialUtil.H(fmtDate + CommonHelper.randomString(10));
     }
 }

pac4j-http/src/main/java/org/pac4j/http/credentials/CredentialUtil.java

@@ -1,5 +1,8 @@
 package org.pac4j.http.credentials;
 
+import static java.lang.String.copyValueOf;
+
+import org.apache.commons.codec.binary.Hex;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 
@@ -11,10 +14,6 @@
  */
 public class CredentialUtil {
 
-    private static final char[] toHex = {
-            '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'
-    };
-
     /**
      * Defined in rfc 2617 as H(data) = MD5(data);
      *
@@ -24,30 +23,13 @@ public class CredentialUtil {
     public static String H(String data) {
         try {
             MessageDigest digest = MessageDigest.getInstance("MD5");
-
-            return toHexString(digest.digest(data.getBytes()));
+            return copyValueOf(Hex.encodeHex(digest.digest(data.getBytes())));
         } catch (NoSuchAlgorithmException ex) {
             // shouldn't happen
             throw new RuntimeException("Failed to instantiate an MD5 algorithm", ex);
         }
     }
 
-    /**
-     * Converts b[] to hex string.
-     *
-     * @param b the bte array to convert
-     * @return a Hex representation of b.
-     */
-    public static String toHexString(byte b[]) {
-        int pos = 0;
-        char[] c = new char[b.length * 2];
-        for (int i = 0; i < b.length; i++) {
-            c[pos++] = toHex[(b[i] >> 4) & 0x0F];
-            c[pos++] = toHex[b[i] & 0x0f];
-        }
-        return new String(c);
-    }
-
     /**
      * Defined in rfc 2617 as KD(secret, data) = H(concat(secret, ":", data))
      *

pac4j-http/src/main/java/org/pac4j/http/credentials/DigestCredentials.java

@@ -20,7 +20,6 @@
 public class DigestCredentials extends TokenCredentials {
 
     private String username;
-    private String response;
 
     private String realm;
     private String nonce;
@@ -31,76 +30,36 @@ public class DigestCredentials extends TokenCredentials {
 
     private String httpMethod;
 
-    public DigestCredentials(final String token, final String httpMethod, final String clientName) {
+    public DigestCredentials(final String token, final String httpMethod, final String clientName, String username, String realm, String nonce, String uri, String cnonce, String nc, String qop) {
+        //the token represents the client response attribute value in digest authorization header
         super(token, clientName);
-        Map<String, String> valueMap = parseTokenValue(token);
 
-        username = valueMap.get("username");
-        response = valueMap.get("response");
-
-        if (CommonHelper.isBlank(username) || CommonHelper.isBlank(response)) {
-            throw new CredentialsException("Bad format of the digest auth header");
-        }
-        realm = valueMap.get("realm");
-        nonce = valueMap.get("nonce");
-        uri = valueMap.get("uri");
-        cnonce = valueMap.get("cnonce");
-        nc = valueMap.get("nc");
-        qop = valueMap.get("qop");
+        this.username = username;
+        this.realm = realm;
+        this.nonce = nonce;
+        this.uri = uri;
+        this.cnonce = cnonce;
+        this.nc = nc;
+        this.qop = qop;
         this.httpMethod = httpMethod;
     }
 
     public String getUsername() {
         return username;
     }
 
-    public String getResponse() {
-        return response;
-    }
-
     public String calculateServerDigest(boolean passwordAlreadyEncoded, String password) {
         return generateDigest(passwordAlreadyEncoded, username,
                 realm, password, httpMethod, uri, qop, nonce, nc, cnonce);
     }
 
-    @Override
-    public boolean equals(Object o) {
-        if (this == o) return true;
-        if (o == null || getClass() != o.getClass()) return false;
-
-        DigestCredentials that = (DigestCredentials) o;
-
-        if (username != null ? !username.equals(that.username) : that.username != null) return false;
-        return !(response != null ? !response.equals(that.response) : that.response != null);
-    }
-
-    @Override
-    public int hashCode() {
-        int result = username != null ? username.hashCode() : 0;
-        result = 31 * result + (response != null ? response.hashCode() : 0);
-        return result;
-    }
-
     @Override
     public String toString() {
         return CommonHelper.toString(this.getClass(), "username", this.username, "response", "[PROTECTED]",
                 "clientName", getClientName());
     }
 
-    private Map<String, String> parseTokenValue(String token) {
-        StringTokenizer tokenizer = new StringTokenizer(token, ", ");
-        String keyval;
-        Map map = new HashMap<String, String>();
-        while (tokenizer.hasMoreElements()) {
-            keyval = tokenizer.nextToken();
-            if (keyval.contains("=")) {
-                String key = keyval.substring(0, keyval.indexOf("="));
-                String value = keyval.substring(keyval.indexOf("=") + 1);
-                map.put(key.trim(), value.replaceAll("\"", "").trim());
-            }
-        }
-        return map;
-    }
+
 
     private String generateDigest(boolean passwordAlreadyEncoded, String username,
                                  String realm, String password, String httpMethod, String uri, String qop,
@@ -111,8 +70,7 @@ private String generateDigest(boolean passwordAlreadyEncoded, String username,
 
         if (passwordAlreadyEncoded) {
             ha1 = password;
-        }
-        else {
+        } else {
             ha1 = CredentialUtil.H(username + ":" + realm + ":" +password);
         }
 
@@ -121,12 +79,10 @@ private String generateDigest(boolean passwordAlreadyEncoded, String username,
         if (qop == null) {
             // as per RFC 2069 compliant clients (also reaffirmed by RFC 2617)
             digest = CredentialUtil.KD(ha1, nonce + ":" + ha2);
-        }
-        else if ("auth".equals(qop)) {
+        } else if ("auth".equals(qop)) {
             // As per RFC 2617 compliant clients
             digest = CredentialUtil.KD(ha1, nonce + ":" + nc + ":" + cnonce + ":" + qop + ":" + ha2);
-        }
-        else {
+        } else {
             throw new IllegalArgumentException("Invalid qop: '"
                     + qop + "'");
         }

pac4j-http/src/main/java/org/pac4j/http/credentials/extractor/DigestAuthExtractor.java

@@ -44,9 +44,37 @@ public DigestCredentials extract(WebContext context) {
             return null;
         }
 
-        String value = credentials.getToken();
+        String token = credentials.getToken();
+        Map<String, String> valueMap = parseTokenValue(token);
+        String username = valueMap.get("username");
+        String response = valueMap.get("response");
+
+        if (CommonHelper.isBlank(username) || CommonHelper.isBlank(response)) {
+            throw new CredentialsException("Bad format of the digest auth header");
+        }
+        String realm = valueMap.get("realm");
+        String nonce = valueMap.get("nonce");
+        String uri = valueMap.get("uri");
+        String cnonce = valueMap.get("cnonce");
+        String nc = valueMap.get("nc");
+        String qop = valueMap.get("qop");
         String method = context.getRequestMethod();
 
-        return new DigestCredentials(value, method, clientName);
+        return new DigestCredentials(response, method, clientName, username, realm, nonce, uri, cnonce, nc, qop);
+    }
+
+    private Map<String, String> parseTokenValue(String token) {
+        StringTokenizer tokenizer = new StringTokenizer(token, ", ");
+        String keyval;
+        Map map = new HashMap<String, String>();
+        while (tokenizer.hasMoreElements()) {
+            keyval = tokenizer.nextToken();
+            if (keyval.contains("=")) {
+                String key = keyval.substring(0, keyval.indexOf("="));
+                String value = keyval.substring(keyval.indexOf("=") + 1);
+                map.put(key.trim(), value.replaceAll("\"", "").trim());
+            }
+        }
+        return map;
     }
 }