tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject svn commit: r1405353 - /tomcat/trunk/java/org/apache/catalina/authenticator/DigestAuthenticator.java
Date Sat, 03 Nov 2012 14:59:13 GMT
Author: markt
Date: Sat Nov  3 14:59:13 2012
New Revision: 1405353

URL: http://svn.apache.org/viewvc?rev=1405353&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=54060
Use new HTTP header parser to address issues in current regular expression based parser.
This roughly twice as fast and generates about a third of the garbage (based on profiling
the load unit test)

Modified:
    tomcat/trunk/java/org/apache/catalina/authenticator/DigestAuthenticator.java

Modified: tomcat/trunk/java/org/apache/catalina/authenticator/DigestAuthenticator.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/DigestAuthenticator.java?rev=1405353&r1=1405352&r2=1405353&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/authenticator/DigestAuthenticator.java (original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/DigestAuthenticator.java Sat Nov 
3 14:59:13 2012
@@ -17,6 +17,7 @@
 package org.apache.catalina.authenticator;
 
 import java.io.IOException;
+import java.io.StringReader;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.security.Principal;
@@ -34,6 +35,7 @@ import org.apache.catalina.util.MD5Encod
 import org.apache.juli.logging.Log;
 import org.apache.juli.logging.LogFactory;
 import org.apache.tomcat.util.buf.B2CConverter;
+import org.apache.tomcat.util.http.parser.HttpParser2;
 
 
 /**
@@ -474,58 +476,25 @@ public class DigestAuthenticator extends
             if (authorization == null) {
                 return false;
             }
-            if (!authorization.startsWith("Digest ")) {
+
+            Map<String,String> directives;
+            try {
+                directives = HttpParser2.parseAuthorizationDigest(
+                        new StringReader(authorization));
+            } catch (IllegalArgumentException | IOException e) {
                 return false;
             }
-            authorization = authorization.substring(7).trim();
-
-            // Bugzilla 37132: http://issues.apache.org/bugzilla/show_bug.cgi?id=37132
-            String[] tokens = authorization.split(",(?=(?:[^\"]*\"[^\"]*\")+$)");
 
             method = request.getMethod();
-
-            for (int i = 0; i < tokens.length; i++) {
-                String currentToken = tokens[i];
-                if (currentToken.length() == 0) {
-                    continue;
-                }
-
-                int equalSign = currentToken.indexOf('=');
-                if (equalSign < 0) {
-                    return false;
-                }
-                String currentTokenName =
-                    currentToken.substring(0, equalSign).trim();
-                String currentTokenValue =
-                    currentToken.substring(equalSign + 1).trim();
-                if ("username".equals(currentTokenName)) {
-                    userName = removeQuotes(currentTokenValue);
-                }
-                if ("realm".equals(currentTokenName)) {
-                    realmName = removeQuotes(currentTokenValue, true);
-                }
-                if ("nonce".equals(currentTokenName)) {
-                    nonce = removeQuotes(currentTokenValue);
-                }
-                if ("nc".equals(currentTokenName)) {
-                    nc = removeQuotes(currentTokenValue);
-                }
-                if ("cnonce".equals(currentTokenName)) {
-                    cnonce = removeQuotes(currentTokenValue);
-                }
-                if ("qop".equals(currentTokenName)) {
-                    qop = removeQuotes(currentTokenValue);
-                }
-                if ("uri".equals(currentTokenName)) {
-                    uri = removeQuotes(currentTokenValue);
-                }
-                if ("response".equals(currentTokenName)) {
-                    response = removeQuotes(currentTokenValue);
-                }
-                if ("opaque".equals(currentTokenName)) {
-                    opaqueReceived = removeQuotes(currentTokenValue);
-                }
-            }
+            userName = directives.get("username");
+            realmName = directives.get("realm");
+            nonce = directives.get("nonce");
+            nc = directives.get("nc");
+            cnonce = directives.get("cnonce");
+            qop = directives.get("qop");
+            uri = directives.get("uri");
+            response = directives.get("response");
+            opaqueReceived = directives.get("opaque");
 
             return true;
         }



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message