Package tech.greenfield.vertx.irked.auth

Class DigestAuthorizationToken

  • public class DigestAuthorizationToken
extends ParameterEncodedAuthorizationToken
    Implementation of the standard RFC 7616 Digest authentication scheme token Complete implementation of token validation and data access is provided, depending on the specified digest algorithm being available from the JVM cryptography provider.
    Author:
    odeda

    • Constructor Detail

      • DigestAuthorizationToken

        public DigestAuthorizationToken()

      • DigestAuthorizationToken

        public DigestAuthorizationToken​(String token)

      • DigestAuthorizationToken

        public DigestAuthorizationToken​(String realm,
                                String method,
                                String uri,
                                io.vertx.core.buffer.Buffer entityBody,
                                String username,
                                String password,
                                String nonce,
                                String cnonce)

      • DigestAuthorizationToken

        public DigestAuthorizationToken​(String realm,
                                String method,
                                String uri,
                                io.vertx.core.buffer.Buffer entityBody,
                                String username,
                                String password,
                                String nonce,
                                String cnonce,
                                String opaque,
                                String algorithm)
        Helper constructor to compute a new Digest authorization header
        Parameters:
        realm - Realm received in the Unauthorized response
        method - HTTP method to authorize
        uri - URI of the request
        entityBody - HTTP body content to authorize
        username - Username to authenticate with
        password - password to authentication with
        nonce - Nonce received in the Unauthorized response
        cnonce - cnonce received in the unauthorized response
        opaque - whether the authorized content is opaque (as per the RFC)
        algorithm - Algorithm to use

    • Method Detail

      • generateAuthrizationHeader

        public String generateAuthrizationHeader()

      • supports

        protected boolean supports​(String type)
        Description copied from class: AuthorizationToken
        Check whether an AuthorizationToken implementation supports the speciefied IANA HTTP Authentication Scheme Name
        Overrides:
        supports in class AuthorizationToken
        Parameters:
        type - IANA HTTP Authentication Scheme Name
        Returns:
        whether this implementation supports the specified name

      • isValid

        public boolean isValid()
        Check if the digest token is valid and additional test operations can work on it. If this method returns false, other validation methods are likely to fail. This method currently only checks that the specified digest algorithm is supported by the JVM. If you want to restrict the algorithm to only specific ones, use getAlgorithm() to check.
        Returns:
        Whether the token is valid

      • getAlgorithm

        public String getAlgorithm()
        Returns the digest algorithm claimed in the authorization token.
        Returns:
        Name of the digest algorithm

      • getOpaque

        public String getOpaque()
        Retrieve the opaque value entrusted to the client in the challenge
        Returns:
        Opaque value if reported by the client, null otherwise

      • hash

        public String hash​(String text)
        Use the digest algorithm specified in the token to hash text according to RFC 7616
        Parameters:
        text - Text to hash
        Returns:
        a lowercased hex encoded hash of the provided text

      • hash

        public String hash​(io.vertx.core.buffer.Buffer buffer)
        Use the digest algorithm specified in the token to hash text according to RFC 7616
        Parameters:
        buffer - data to hash
        Returns:
        a lowercased hex encoded hash of the provided text

      • getUsername

        public String getUsername()
        Retrieve the username claimed in the token
        Returns:
        username value of the token

      • qopIntegrityRequested

        public boolean qopIntegrityRequested()
        Check if the sender requested a body integrity check
        Returns:
        whether the "qop" value of the digest specified "auth-int"

      • validateResponse

        public boolean validateResponse​(String password,
                                Request req)
        Check if the response value provided in the token is valid considering the provided password, method and optional body.
        Parameters:
        password - Password to check against the digest response
        req - HTTP request to verify integrity with. If the token has set "qop" to "auth-int" (as can be verified by qopIntegrityRequested(), and a body is not provided in the request, this method will return false.
        Returns:
        Whether the response value specified in the token is correct according to RFC7616

      • isNonceStale

        public boolean isNonceStale​(int duration)
        Check if the nonce is stale according to the nonce format suggested in RFC7616.
        Parameters:
        duration - seconds to allow for after the value specified in the nonce. IF the nonce was generated by DigestAuthenticate, set this value to 0, as the nonce generated by that helper class already specifies the maximum life of the nonce
        Returns:
        whether the nonce is stale