167 lines
6.5 KiB
Java
167 lines
6.5 KiB
Java
/*
|
|
* Copyright (C) 2012 Square, Inc.
|
|
* Copyright (C) 2011 The Android Open Source Project
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
package com.squareup.okhttp.internal.http;
|
|
|
|
import com.squareup.okhttp.OkAuthenticator;
|
|
import com.squareup.okhttp.OkAuthenticator.Challenge;
|
|
import java.io.IOException;
|
|
import java.net.Authenticator;
|
|
import java.net.InetAddress;
|
|
import java.net.InetSocketAddress;
|
|
import java.net.PasswordAuthentication;
|
|
import java.net.Proxy;
|
|
import java.net.URL;
|
|
import java.util.ArrayList;
|
|
import java.util.List;
|
|
|
|
import static com.squareup.okhttp.OkAuthenticator.Credential;
|
|
import static java.net.HttpURLConnection.HTTP_PROXY_AUTH;
|
|
import static java.net.HttpURLConnection.HTTP_UNAUTHORIZED;
|
|
|
|
/** Handles HTTP authentication headers from origin and proxy servers. */
|
|
public final class HttpAuthenticator {
|
|
/** Uses the global authenticator to get the password. */
|
|
public static final OkAuthenticator SYSTEM_DEFAULT = new OkAuthenticator() {
|
|
@Override public Credential authenticate(
|
|
Proxy proxy, URL url, List<Challenge> challenges) throws IOException {
|
|
for (Challenge challenge : challenges) {
|
|
if (!"Basic".equalsIgnoreCase(challenge.getScheme())) {
|
|
continue;
|
|
}
|
|
|
|
PasswordAuthentication auth = Authenticator.requestPasswordAuthentication(url.getHost(),
|
|
getConnectToInetAddress(proxy, url), url.getPort(), url.getProtocol(),
|
|
challenge.getRealm(), challenge.getScheme(), url, Authenticator.RequestorType.SERVER);
|
|
if (auth != null) {
|
|
return Credential.basic(auth.getUserName(), new String(auth.getPassword()));
|
|
}
|
|
}
|
|
return null;
|
|
}
|
|
|
|
@Override public Credential authenticateProxy(
|
|
Proxy proxy, URL url, List<Challenge> challenges) throws IOException {
|
|
for (Challenge challenge : challenges) {
|
|
if (!"Basic".equalsIgnoreCase(challenge.getScheme())) {
|
|
continue;
|
|
}
|
|
|
|
InetSocketAddress proxyAddress = (InetSocketAddress) proxy.address();
|
|
PasswordAuthentication auth = Authenticator.requestPasswordAuthentication(
|
|
proxyAddress.getHostName(), getConnectToInetAddress(proxy, url), proxyAddress.getPort(),
|
|
url.getProtocol(), challenge.getRealm(), challenge.getScheme(), url,
|
|
Authenticator.RequestorType.PROXY);
|
|
if (auth != null) {
|
|
return Credential.basic(auth.getUserName(), new String(auth.getPassword()));
|
|
}
|
|
}
|
|
return null;
|
|
}
|
|
|
|
private InetAddress getConnectToInetAddress(Proxy proxy, URL url) throws IOException {
|
|
return (proxy != null && proxy.type() != Proxy.Type.DIRECT)
|
|
? ((InetSocketAddress) proxy.address()).getAddress()
|
|
: InetAddress.getByName(url.getHost());
|
|
}
|
|
};
|
|
|
|
private HttpAuthenticator() {
|
|
}
|
|
|
|
/**
|
|
* React to a failed authorization response by looking up new credentials.
|
|
*
|
|
* @return true if credentials have been added to successorRequestHeaders
|
|
* and another request should be attempted.
|
|
*/
|
|
public static boolean processAuthHeader(OkAuthenticator authenticator, int responseCode,
|
|
RawHeaders responseHeaders, RawHeaders successorRequestHeaders, Proxy proxy, URL url)
|
|
throws IOException {
|
|
String responseField;
|
|
String requestField;
|
|
if (responseCode == HTTP_UNAUTHORIZED) {
|
|
responseField = "WWW-Authenticate";
|
|
requestField = "Authorization";
|
|
} else if (responseCode == HTTP_PROXY_AUTH) {
|
|
responseField = "Proxy-Authenticate";
|
|
requestField = "Proxy-Authorization";
|
|
} else {
|
|
throw new IllegalArgumentException(); // TODO: ProtocolException?
|
|
}
|
|
List<Challenge> challenges = parseChallenges(responseHeaders, responseField);
|
|
if (challenges.isEmpty()) {
|
|
return false; // Could not find a challenge so end the request cycle.
|
|
}
|
|
Credential credential = responseHeaders.getResponseCode() == HTTP_PROXY_AUTH
|
|
? authenticator.authenticateProxy(proxy, url, challenges)
|
|
: authenticator.authenticate(proxy, url, challenges);
|
|
if (credential == null) {
|
|
return false; // Could not satisfy the challenge so end the request cycle.
|
|
}
|
|
// Add authorization credentials, bypassing the already-connected check.
|
|
successorRequestHeaders.set(requestField, credential.getHeaderValue());
|
|
return true;
|
|
}
|
|
|
|
/**
|
|
* Parse RFC 2617 challenges. This API is only interested in the scheme
|
|
* name and realm.
|
|
*/
|
|
private static List<Challenge> parseChallenges(RawHeaders responseHeaders,
|
|
String challengeHeader) {
|
|
// auth-scheme = token
|
|
// auth-param = token "=" ( token | quoted-string )
|
|
// challenge = auth-scheme 1*SP 1#auth-param
|
|
// realm = "realm" "=" realm-value
|
|
// realm-value = quoted-string
|
|
List<Challenge> result = new ArrayList<Challenge>();
|
|
for (int h = 0; h < responseHeaders.length(); h++) {
|
|
if (!challengeHeader.equalsIgnoreCase(responseHeaders.getFieldName(h))) {
|
|
continue;
|
|
}
|
|
String value = responseHeaders.getValue(h);
|
|
int pos = 0;
|
|
while (pos < value.length()) {
|
|
int tokenStart = pos;
|
|
pos = HeaderParser.skipUntil(value, pos, " ");
|
|
|
|
String scheme = value.substring(tokenStart, pos).trim();
|
|
pos = HeaderParser.skipWhitespace(value, pos);
|
|
|
|
// TODO: This currently only handles schemes with a 'realm' parameter;
|
|
// It needs to be fixed to handle any scheme and any parameters
|
|
// http://code.google.com/p/android/issues/detail?id=11140
|
|
|
|
if (!value.regionMatches(true, pos, "realm=\"", 0, "realm=\"".length())) {
|
|
break; // Unexpected challenge parameter; give up!
|
|
}
|
|
|
|
pos += "realm=\"".length();
|
|
int realmStart = pos;
|
|
pos = HeaderParser.skipUntil(value, pos, "\"");
|
|
String realm = value.substring(realmStart, pos);
|
|
pos++; // Consume '"' close quote.
|
|
pos = HeaderParser.skipUntil(value, pos, ",");
|
|
pos++; // Consume ',' comma.
|
|
pos = HeaderParser.skipWhitespace(value, pos);
|
|
result.add(new Challenge(scheme, realm));
|
|
}
|
|
}
|
|
return result;
|
|
}
|
|
}
|