1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121
| private boolean b(HttpServletRequest var1, HttpServletResponse var2, String var3, boolean var4) throws IOException, ServletException { Map var5; String var6 = (String)(var5 = a(a(var3 = var3.substring(7), ','), "=", "\"")).get("username"); String var7 = (String)var5.get("realm"); String var8 = (String)var5.get("nonce"); String var9 = (String)var5.get("uri"); String var10 = (String)var5.get("response"); String var11 = (String)var5.get("qop"); String var12 = (String)var5.get("nc"); String var25 = (String)var5.get("cnonce"); if (var6 != null && var7 != null && var8 != null && var9 != null && var2 != null) { if (!"auth".equals(var11) || var12 != null && var25 != null) { if (!var7.equals(this.getAuthenticationEntryPoint().getRealmName())) { this.a((HttpServletRequest)var1, (HttpServletResponse)var2, (AuthenticationException)(new BadCredentialsException(this.messages.getMessage("DigestAuthenticationFilter.incorrectRealm", new Object[]{var7, this.getAuthenticationEntryPoint().getRealmName()}, "Response realm name '{0}' does not match system realm name of '{1}'")))); return false; } else if (!Base64.isBase64(var8.getBytes())) { this.a((HttpServletRequest)var1, (HttpServletResponse)var2, (AuthenticationException)(new BadCredentialsException(this.messages.getMessage("DigestAuthenticationFilter.nonceEncoding", new Object[]{var8}, "Nonce is not encoded in Base64; received nonce {0}")))); return false; } else { String[] var13; if ((var13 = StringUtils.delimitedListToStringArray(var3 = new String(Base64.decode(var8.getBytes())), ":")).length != 2) { this.a((HttpServletRequest)var1, (HttpServletResponse)var2, (AuthenticationException)(new BadCredentialsException(this.messages.getMessage("DigestAuthenticationFilter.nonceNotTwoTokens", new Object[]{var3}, "Nonce should have yielded two tokens but was {0}")))); return false; } else { long var18; try { var18 = new Long(var13[0]); } catch (NumberFormatException var22) { this.a((HttpServletRequest)var1, (HttpServletResponse)var2, (AuthenticationException)(new BadCredentialsException(this.messages.getMessage("DigestAuthenticationFilter.nonceNotNumeric", new Object[]{var3}, "Nonce token should have yielded a numeric first token, but was {0}")))); return false; }
if (!a(var18 + ":" + this.getAuthenticationEntryPoint().getKey()).equals(var13[1])) { this.a((HttpServletRequest)var1, (HttpServletResponse)var2, (AuthenticationException)(new BadCredentialsException(this.messages.getMessage("DigestAuthenticationFilter.nonceCompromised", new Object[]{var3}, "Nonce token compromised {0}")))); return false; } else { boolean var24 = false; UserDetails var26; if ((var26 = this.e.getUserFromCache(var6)) == null) { var24 = true;
try { var26 = this.f.loadUserByUsername(var6); } catch (UsernameNotFoundException var21) { this.a((HttpServletRequest)var1, (HttpServletResponse)var2, (AuthenticationException)(new BadCredentialsException(this.messages.getMessage("DigestAuthenticationFilter.usernameNotFound", new Object[]{var6}, "Username {0} not found")))); return false; }
if (var26 == null) { throw new AuthenticationServiceException("AuthenticationDao returned null, which is an interface contract violation"); }
this.e.putUserInCache(var26); }
String var14; if (!(var14 = a(this.g, var6, var7, var26.getPassword(), var1.getMethod(), var9, var11, var8, var12, var25)).equals(var10) && !var24 && !var4) { if (a.isDebugEnabled()) { a.debug("Digest comparison failure; trying to refresh user from DAO in case password had changed"); }
try { var26 = this.f.loadUserByUsername(var6); } catch (UsernameNotFoundException var20) { this.a((HttpServletRequest)var1, (HttpServletResponse)var2, (AuthenticationException)(new BadCredentialsException(this.messages.getMessage("DigestAuthenticationFilter.usernameNotFound", new Object[]{var6}, "Username {0} not found")))); }
this.e.putUserInCache(var26); var14 = a(this.g, var6, var7, var26.getPassword(), var1.getMethod(), var9, var11, var8, var12, var25); }
if (!var14.equals(var10) && !var4) { if (a.isDebugEnabled()) { a.debug("Expected response: '" + var14 + "' but received: '" + var10 + "'; is AuthenticationDao returning clear text passwords?"); }
this.a((HttpServletRequest)var1, (HttpServletResponse)var2, (AuthenticationException)(new BadCredentialsException(this.messages.getMessage("DigestAuthenticationFilter.incorrectResponse", "Incorrect response")))); return false; } else if (var18 < System.currentTimeMillis()) { this.a((HttpServletRequest)var1, (HttpServletResponse)var2, (AuthenticationException)(new NonceExpiredException(this.messages.getMessage("DigestAuthenticationFilter.nonceExpired", "Nonce has expired/timed out")))); return false; } else { if (a.isDebugEnabled()) { a.debug("Authentication success for user: '" + var6 + "' with response: '" + var10 + "'"); }
UsernamePasswordAuthenticationToken var23; if (this.h) { var23 = new UsernamePasswordAuthenticationToken(var26, var26.getPassword(), var26.getAuthorities()); } else { var23 = new UsernamePasswordAuthenticationToken(var26, var26.getPassword()); }
var23.setDetails(this.c.buildDetails(var1)); SecurityContextHolder.getContext().setAuthentication(var23); if (var1.getSession() != null) { var1.getSession().setAttribute("loginName", var6); }
return true; } } } } } else { if (a.isDebugEnabled()) { a.debug("extracted nc: '" + var12 + "'; cnonce: '" + var25 + "'"); }
this.a((HttpServletRequest)var1, (HttpServletResponse)var2, (AuthenticationException)(new BadCredentialsException(this.messages.getMessage("DigestAuthenticationFilter.missingAuth", new Object[]{var3}, "Missing mandatory digest value; received header {0}")))); return false; } } else { if (a.isDebugEnabled()) { a.debug("extracted username: '" + var6 + "'; realm: '" + var6 + "'; nonce: '" + var6 + "'; uri: '" + var6 + "'; response: '" + var6 + "'"); }
this.a((HttpServletRequest)var1, (HttpServletResponse)var2, (AuthenticationException)(new BadCredentialsException(this.messages.getMessage("DigestAuthenticationFilter.missingMandatory", new Object[]{var3}, "Missing mandatory digest value; received header {0}")))); return false; } }
|