Return-Path: Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm Delivered-To: mailing list tomcat-dev@jakarta.apache.org Received: (qmail 44337 invoked from network); 30 May 2000 03:44:35 -0000 Received: from 216-24-42-194.win.net (HELO orange.missiondata.net) (216.24.42.194) by locus.apache.org with SMTP; 30 May 2000 03:44:35 -0000 Received: (qmail 32467 invoked by uid 500); 30 May 2000 04:05:13 -0000 Date: Tue, 30 May 2000 00:05:13 -0400 From: Carson McDonald To: tomcat-dev@jakarta.apache.org Subject: Re: catalina realms Message-ID: <20000530000513.A32312@missiondata.com> References: <3933107C.3A5D9841@eng.sun.com> <00a001bfc9d9$c7b66990$0a2e0c18@animestar.com> <20000529225330.A31971@missiondata.com> <00cd01bfc9e3$098cba00$0a2e0c18@animestar.com> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="lrZ03NoBR/3+SXJZ" X-Mailer: Mutt 1.0pre3us In-Reply-To: <00cd01bfc9e3$098cba00$0a2e0c18@animestar.com> X-Spam-Rating: locus.apache.org 1.6.2 0/1000/N --lrZ03NoBR/3+SXJZ Content-Type: text/plain; charset=us-ascii > > I send that response : > HTTP/1.1 401 Unauthorized > Content-Type: text/plain > Content-Length: 0 > Server: Tomcat (Catalina) 0.1 HTTP/1.1 User Agent > WWW-Authenticate: Digest realm="Catalina DAV Server", > nonce="F4283A394EA4AFC6A72C3236ACAC1817", > opaque="82286F4BB1AECAF691010FBA9405D4AF" > > IE doesn't seem to like my WWW-Authenticate header. Did I miss something ? Hmmm. That seems ok. Without seeing code it might be better to try a test server I made to see how well IE supported digest. I'm going to attach it just remember it was only used for testing... :) Compile it and see if it works. It should be easy to mess around with it if something doesn't seem to work right. --lrZ03NoBR/3+SXJZ Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="TestServer.java" import java.net.*; import java.io.*; import java.security.*; public class TestServer { public static void main( String args[] ) throws java.io.IOException { ServerSocket serverSocket = new ServerSocket( 10080 ); Socket theSocket = serverSocket.accept(); // Pull out the first part BufferedReader in = new BufferedReader( new InputStreamReader(theSocket.getInputStream()) ); String bin = null; do { bin = in.readLine(); System.out.println( "Initial request: " + bin ); } while( bin != null && !bin.equals("") ); // psOut.println("HTTP/1.0 401 Unauthorized"); // psOut.println("Content-Type: text/plain"); // psOut.println("WWW-Authenticate: Basic \"ExampleBasicAuthenticationArea\""); // psOut.println("Server: Tomcat (Catalina)/0.1"); // Respond with a 401 PrintStream psOut = new PrintStream( theSocket.getOutputStream() ); psOut.println("HTTP/1.1 401 Unauthorized"); String test = "WWW-Authenticate: Digest " + "realm=\"ExampleBasicAuthenticationArea\", " + "qop=\"auth\", " + "nonce=\"" + doIt() + "\", " + "opaque=\"whatever\""; System.out.println( "\nSending: " + test + "\n" ); psOut.println( test ); psOut.println("Server: Tomcat (Catalina)/0.1"); theSocket.close(); // // Next request // theSocket = serverSocket.accept(); // Pull out the first part in = new BufferedReader( new InputStreamReader(theSocket.getInputStream()) ); bin = null; do { bin = in.readLine(); if( bin.startsWith( "Authorization:" ) ) { System.out.println( "Second request: " + bin ); AuthObject authData = new AuthObject( bin ); System.out.println( authData ); System.out.println( "isValid: " + authData.isValid("test") ); } else { System.out.println( "Second request: " + bin ); } } while( bin != null && !bin.equals("") ); theSocket.close(); serverSocket.close(); /* AuthObject authData = new AuthObject( "Digest username=\"test\", realm=\"Example Basic Authentication Area\", qop=\"auth\", algorithm=\"MD5\", uri=\"/\", nonce=\"dcd98b7102dd2f0e8b11d0f600bfb0c093\", cnonce=\"df5fa1133da2a098f08b8150fcec8027\", opaque=\"5ccc069c403ebaf9f0171e9517f40e41\", response=\"c8e45dbba6680c932c39c6db24e00d9a\" nc=000001" ); System.out.println( authData ); */ } public static String doIt( ) { String eTag = "ETag"; String privateKey = "PrivateKey"; String timeStamp = String.valueOf( System.currentTimeMillis() ); MessageDigest mdFive = null; try { mdFive = MessageDigest.getInstance( "MD5" ); } catch( java.security.NoSuchAlgorithmException ex ) { System.out.println( "Error: No suction algorithm." ); return null; } mdFive.reset(); String tmpString = timeStamp + ":" + eTag + ":" + privateKey; mdFive.update( tmpString.getBytes() ); return toHex( mdFive.digest() ); } private static String hexits = "0123456789abcdef"; public static String toHex( byte[] block ) { StringBuffer buf = new StringBuffer(); for ( int i = 0; i < block.length; ++i ) { buf.append( hexits.charAt( ( block[i] >>> 4 ) & 0xf ) ); buf.append( hexits.charAt( block[i] & 0xf ) ); } return buf + ""; } } class AuthObject { private String username = null; private String realm = null; private String qop = null; private String algorithm = null; private String uri = null; private String nonce = null; private String nc = null; private String cnonce = null; private String opaque = null; private String response = null; public AuthObject( String authString ) { int index = -1; // Pull the type off index = authString.indexOf("Digest"); if( index == -1 ) return; String subAuth = authString.substring(index); // Find the username index = subAuth.indexOf( "username=\"" ); if( index != -1 ) { username = new String(); for( int i=index+10; i