added digest authentication test method for ElytronHttpClient

wildfly-security · Mar 31, 2023 · 93754d9 · 93754d9
1 parent 29e4fc9
commit 93754d9
Show file tree

Hide file tree

Showing 2 changed files with 69 additions and 11 deletions.
diff --git a/http/client/src/main/java/org/wildfly/security/http/client/ElytronHttpClient.java b/http/client/src/main/java/org/wildfly/security/http/client/ElytronHttpClient.java
@@ -61,17 +61,52 @@ public HttpResponse<String> connect(String uri) throws Exception{
         return response;
     }
 
-    public HttpRequest getRequest2(String uri) throws Exception{
+    public HttpRequest getResponseHeader(String responseHeader) throws Exception{
+
+        Map<String,String> authParams = getHeaderValue(responseHeader);
+
+        String realm = authParams.get("realm");
+        String domain = authParams.get("domain");
+        String nonce = authParams.get("nonce");
+        String opaque = authParams.get("opaque");
+        String algorithm = authParams.get("algorithm");
+        String qop = authParams.get("qop");
+
+        String path = "/test";
+        String uri = "http://localhost:8080"+path;
+
         String username = httpMechClientConfigUtil.getUsername(new URI(uri));
         String password = httpMechClientConfigUtil.getPassword(new URI(uri));
-        HttpClient client = HttpClient.newHttpClient();
-        HttpRequest request = HttpRequest.newBuilder().uri(new URI(uri)).build();
-        HttpResponse<String> response =
-                client.send(request, HttpResponse.BodyHandlers.ofString());
-        String str = response.headers().allValues("www-authenticate").get(0);
 
+        String resp;
+        if(qop==null){
+            resp = computeDigestWithoutQop(path,nonce,username,password,"MD5",realm,"GET");
+        }else{
+            resp = computeDigestWithQop(path,nonce,"0a4f113b","00000001",username,password,"MD5",realm,qop,"GET");
+        }
+
+        HttpRequest request2 = HttpRequest
+                .newBuilder()
+                .uri(new URI(uri))
+                .header("Authorization","Digest " +
+                        "username=\"" + username + "\", " +
+                        "realm=\"" + realm + "\"," +
+                        "nonce=\"" + nonce + "\", " +
+                        "uri=\"" + path + "\", " +
+                        "qop=\"" + qop + "\", " +
+                        "nc=00000001, " +
+                        "cnonce=\"0a4f113b\", " +
+                        "response=\"" + resp + "\", " +
+                        "opaque=\"" + opaque + "\", " +
+                        "algorithm="+algorithm)
+                .build();
+        return request2;
+
+    }
+
+    public Map<String,String> getHeaderValue(String responseHeader){
         Pattern pattern = Pattern.compile("(\\w+)=([^,\\s]+)");
-        Matcher matcher = pattern.matcher(str);
+        Matcher matcher = pattern.matcher(responseHeader);
 
         Map<String, String> authParams = new HashMap<String, String>();
         while (matcher.find()) {
@@ -85,6 +120,18 @@ public HttpRequest getRequest2(String uri) throws Exception{
                 authParams.replace(key,val);
             }
         }
+        return authParams;
+    }
+
+    public String getRequest2(String uri) throws Exception{
+        String username = httpMechClientConfigUtil.getUsername(new URI(uri));
+        String password = httpMechClientConfigUtil.getPassword(new URI(uri));
+        HttpRequest request = HttpRequest.newBuilder().uri(new URI(uri)).build();
+        HttpResponse<String> response =
+                client.send(request, HttpResponse.BodyHandlers.ofString());
+        String str = response.headers().allValues("www-authenticate").get(0);
+
+        Map<String,String> authParams = getHeaderValue(str);
 
         String realm = authParams.get("realm");
         String domain = authParams.get("domain");
@@ -93,6 +140,8 @@ public HttpRequest getRequest2(String uri) throws Exception{
         String algorithm = authParams.get("algorithm");
         String qop = authParams.get("qop");
 
+        System.out.println("nonce : " + nonce);
+
         String uriPath = getUriPath(uri);
 
         String resp;
@@ -117,7 +166,8 @@ public HttpRequest getRequest2(String uri) throws Exception{
                         "opaque=\"" + opaque + "\", " +
                         "algorithm="+algorithm)
                 .build();
-        return request2;
+        HttpResponse<String> response2 = client.send(request2, HttpResponse.BodyHandlers.ofString());
+        return response2.statusCode()+"";
     }
 
     private static String computeDigestWithoutQop(String uri, String nonce, String username, String password, String algorithm, String realm, String method) throws NoSuchAlgorithmException {

diff --git a/tests/base/src/test/java/org/wildfly/security/http/client/ElytronHttpClientTest.java b/tests/base/src/test/java/org/wildfly/security/http/client/ElytronHttpClientTest.java
@@ -20,6 +20,7 @@
 import org.junit.Assert;
 import org.junit.Test;
 import static org.wildfly.security.http.HttpConstants.CONFIG_REALM;
+
 import org.wildfly.security.auth.client.AuthenticationContext;
 import org.wildfly.security.auth.client.AuthenticationContextConfigurationClient;
 import org.wildfly.security.auth.client.ElytronXmlParser;
@@ -49,6 +50,8 @@
  */
 public class ElytronHttpClientTest extends AbstractBaseHttpTest {
 
+    private static final String NAME = ElytronHttpClientTest.class.getSimpleName();
+
     public static Supplier<Provider[]> ELYTRON_PASSWORD_PROVIDERS = () -> new Provider[]{
             WildFlyElytronPasswordProvider.getInstance()
     };
@@ -101,13 +104,18 @@ public void testRequest2() throws Exception{
             try {
                 Map<String, Object> props = new HashMap<>();
                 props.put(CONFIG_REALM, "RealmUsersRoles");
-                props.put("org.wildfly.security.http.validate-digest-uri", "true");
+                props.put("org.wildfly.security.http.validate-digest-uri", "false");
                 HttpServerAuthenticationMechanism mechanism = digestFactory.createAuthenticationMechanism("DIGEST", props,getCallbackHandler("quickstartUser", "RealmUsersRoles", "quickstartPwd1!"));
-                HttpRequest request = elytronHttpClient.getRequest2("http://localhost:8080/servlet-security/SecuredServlet");
+                TestingHttpServerRequest request1 = new TestingHttpServerRequest(null);
+                mechanism.evaluateRequest(request1);
+                TestingHttpServerResponse response = request1.getResponse();
+                HttpRequest request2 = elytronHttpClient.getResponseHeader(response.getAuthenticateHeader());
+                System.out.println(request2.headers());
 
                 //Test successful authentication
-                TestingHttpServerRequest testingHttpServerRequest = new TestingHttpServerRequest(new String[]{request.headers().allValues("Authorization").get(0)});
+                TestingHttpServerRequest testingHttpServerRequest = new TestingHttpServerRequest(new String[]{request2.headers().allValues("Authorization").get(0)});
                 mechanism.evaluateRequest(testingHttpServerRequest);
+                Assert.assertEquals(Status.COMPLETE,testingHttpServerRequest.getResult());
             }catch (Exception e){
                 throw new RuntimeException(e);
             }