Skip to content

Commit

Permalink
Regression: incorrect hash calculation (missing realm component)
Browse files Browse the repository at this point in the history
  • Loading branch information
ok2c committed Dec 26, 2023
1 parent 7769a7e commit 4e43daf
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 7 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -373,13 +373,13 @@ private String createDigestResponse(final HttpRequest request) throws Authentica
// ":" unq(cnonce-value)

// calculated one per session
buffer.append(username).append(":").append(credentials.getUserPassword());
buffer.append(username).append(":").append(realm).append(":").append(credentials.getUserPassword());
final String checksum = formatHex(digester.digest(this.buffer.toByteArray()));
buffer.reset();
buffer.append(checksum).append(":").append(nonce).append(":").append(cnonce);
} else {
// unq(username-value) ":" unq(realm-value) ":" passwd
buffer.append(username).append(":").append(credentials.getUserPassword());
buffer.append(username).append(":").append(realm).append(":").append(credentials.getUserPassword());
}
a1 = buffer.toByteArray();

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -114,7 +114,7 @@ public void testDigestAuthenticationWithDefaultCreds() throws Exception {
Assertions.assertEquals("realm1", table.get("realm"));
Assertions.assertEquals("/", table.get("uri"));
Assertions.assertEquals("f2a3f18799759d4f1a1c068b92b573cb", table.get("nonce"));
Assertions.assertEquals("da46708e64b8380f1c5afa63e8ccd586", table.get("response"));
Assertions.assertEquals("e95a7ddf37c2eab009568b1ed134f89a", table.get("response"));
}

@Test
Expand All @@ -138,7 +138,7 @@ public void testDigestAuthentication() throws Exception {
Assertions.assertEquals("realm1", table.get("realm"));
Assertions.assertEquals("/", table.get("uri"));
Assertions.assertEquals("f2a3f18799759d4f1a1c068b92b573cb", table.get("nonce"));
Assertions.assertEquals("da46708e64b8380f1c5afa63e8ccd586", table.get("response"));
Assertions.assertEquals("e95a7ddf37c2eab009568b1ed134f89a", table.get("response"));
}

@Test
Expand Down Expand Up @@ -184,7 +184,7 @@ public void testDigestAuthenticationWithSHA() throws Exception {
Assertions.assertEquals("realm1", table.get("realm"));
Assertions.assertEquals("/", table.get("uri"));
Assertions.assertEquals("f2a3f18799759d4f1a1c068b92b573cb", table.get("nonce"));
Assertions.assertEquals("aa400f3841ebbf39469d9be939a37b86258bd289", table.get("response"));
Assertions.assertEquals("8769e82e4e28ecc040b969562b9050580c6d186d", table.get("response"));
}

@Test
Expand All @@ -208,7 +208,7 @@ public void testDigestAuthenticationWithQueryStringInDigestURI() throws Exceptio
Assertions.assertEquals("realm1", table.get("realm"));
Assertions.assertEquals("/?param=value", table.get("uri"));
Assertions.assertEquals("f2a3f18799759d4f1a1c068b92b573cb", table.get("nonce"));
Assertions.assertEquals("c15c577938f7f1228cdb6e8ca51b9140", table.get("response"));
Assertions.assertEquals("a847f58f5fef0bc087bcb9c3eb30e042", table.get("response"));
}

@Test
Expand Down Expand Up @@ -775,7 +775,7 @@ public void testDigestAuthenticationWithUserHash() throws Exception {
Assertions.assertEquals("realm1", table.get("realm"));
Assertions.assertEquals("/", table.get("uri"));
Assertions.assertEquals("f2a3f18799759d4f1a1c068b92b573cb", table.get("nonce"));
Assertions.assertEquals("75f7ede943dc401264d236546e49c1df", table.get("response"));
Assertions.assertEquals("3b6561ceb73e5ffe9314a695179f23f9", table.get("response"));
}

private static String bytesToHex(final byte[] bytes) {
Expand Down

0 comments on commit 4e43daf

Please sign in to comment.