tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kkoli...@apache.org
Subject svn commit: r1457362 - in /tomcat/trunk: java/org/apache/tomcat/util/http/parser/HttpParser.java test/org/apache/tomcat/util/http/parser/TestAuthorizationDigest.java
Date Sun, 17 Mar 2013 02:30:49 GMT
Author: kkolinko
Date: Sun Mar 17 02:30:49 2013
New Revision: 1457362

URL: http://svn.apache.org/r1457362
Log:
https://issues.apache.org/bugzilla/show_bug.cgi?id=54707
Review of r1457303:
1) Correct comments.
2) In readLhex(..):
Document lowercase conversion. It was documented before r1457303 and
I think it is in line with support for incorrect values implemented
in response to BZ 54707.
Convert digits to lowercase on the fly, instead of relying on
String.toLowerCase() call. This should generate less garbage for GC.

Modified:
    tomcat/trunk/java/org/apache/tomcat/util/http/parser/HttpParser.java
    tomcat/trunk/test/org/apache/tomcat/util/http/parser/TestAuthorizationDigest.java

Modified: tomcat/trunk/java/org/apache/tomcat/util/http/parser/HttpParser.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/http/parser/HttpParser.java?rev=1457362&r1=1457361&r2=1457362&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/http/parser/HttpParser.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/http/parser/HttpParser.java Sun Mar 17 02:30:49
2013
@@ -150,7 +150,7 @@ public class HttpParser {
                     value = readTokenOrQuotedString(input, false);
                     break;
                 case 3:
-                    // FIELD_TYPE_QUOTED_LHEX
+                    // FIELD_TYPE_LHEX
                     value = readLhex(input);
                     break;
                 case 4:
@@ -380,8 +380,8 @@ public class HttpParser {
      * this parsing method for token permits optional surrounding double quotes.
      * This is not defined in any RFC. It is a special case to handle data from
      * buggy clients (known buggy clients for DIGEST auth include Microsoft IE 8
-     * & 9, Apple Safari for OSX and iOS) that add quotes to values that should
-     * be tokens.
+     * & 9, Apple Safari for OSX and iOS) that add quotes to values that
+     * should be tokens.
      *
      * @return the token if one was found, null if data other than a token or
      *         quoted token was found or null if the end of data was reached
@@ -436,6 +436,11 @@ public class HttpParser {
      * buggy clients (libwww-perl for DIGEST auth) are known to send quoted LHEX
      * when the specification requires just LHEX.
      *
+     * <p>
+     * LHEX are, literally, lower-case hexadecimal digits. This implementation
+     * allows for upper-case digits as well, converting the returned value to
+     * lower-case.
+     *
      * @return  the sequence of LHEX (minus any surrounding quotes) if any was
      *          found, or <code>null</code> if data other LHEX was found
      */
@@ -457,11 +462,17 @@ public class HttpParser {
         } else if (c == -1 || !isHex(c)) {
             return null;
         } else {
+            if ('A' <= c && c <= 'F') {
+                c -= ('A' - 'a');
+            }
             result.append((char) c);
         }
         c = input.read();
 
         while (c != -1 && isHex(c)) {
+            if ('A' <= c && c <= 'F') {
+                c -= ('A' - 'a');
+            }
             result.append((char) c);
             c = input.read();
         }
@@ -471,14 +482,14 @@ public class HttpParser {
                 return null;
             }
         } else {
-            // Skip back so non-token character is available for next read
+            // Skip back so non-hex character is available for next read
             input.skip(-1);
         }
 
         if (c != -1 && result.length() == 0) {
             return null;
         } else {
-            return result.toString().toLowerCase(Locale.US);
+            return result.toString();
         }
     }
 

Modified: tomcat/trunk/test/org/apache/tomcat/util/http/parser/TestAuthorizationDigest.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/http/parser/TestAuthorizationDigest.java?rev=1457362&r1=1457361&r2=1457362&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/tomcat/util/http/parser/TestAuthorizationDigest.java (original)
+++ tomcat/trunk/test/org/apache/tomcat/util/http/parser/TestAuthorizationDigest.java Sun
Mar 17 02:30:49 2013
@@ -127,13 +127,24 @@ public class TestAuthorizationDigest {
 
     @Test
     public void testQuotedLhex() throws Exception {
-        String header = "Digest nc=\"00000001\"";
+        String header = "Digest nc=\"09abcdef\"";
 
         StringReader input = new StringReader(header);
 
         Map<String,String> result = HttpParser.parseAuthorizationDigest(input);
 
-        Assert.assertEquals("00000001", result.get("nc"));
+        Assert.assertEquals("09abcdef", result.get("nc"));
+    }
+
+    @Test
+    public void testQuotedLhexUppercase() throws Exception {
+        String header = "Digest nc=\"00ABCDEF\"";
+
+        StringReader input = new StringReader(header);
+
+        Map<String,String> result = HttpParser.parseAuthorizationDigest(input);
+
+        Assert.assertEquals("00abcdef", result.get("nc"));
     }
 
     @Test



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message