| /* |
| * Copyright (C) 2012 Square, Inc. |
| * Copyright (C) 2011 The Android Open Source Project |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| package com.squareup.okhttp.internal.http; |
| |
| import com.squareup.okhttp.internal.Base64; |
| import java.io.IOException; |
| import java.net.Authenticator; |
| import java.net.InetAddress; |
| import java.net.InetSocketAddress; |
| import java.net.PasswordAuthentication; |
| import java.net.Proxy; |
| import java.net.URL; |
| import java.util.ArrayList; |
| import java.util.List; |
| |
| import static java.net.HttpURLConnection.HTTP_PROXY_AUTH; |
| import static java.net.HttpURLConnection.HTTP_UNAUTHORIZED; |
| |
| /** Handles HTTP authentication headers from origin and proxy servers. */ |
| public final class HttpAuthenticator { |
| private HttpAuthenticator() { |
| } |
| |
| /** |
| * React to a failed authorization response by looking up new credentials. |
| * |
| * @return true if credentials have been added to successorRequestHeaders |
| * and another request should be attempted. |
| */ |
| public static boolean processAuthHeader(int responseCode, RawHeaders responseHeaders, |
| RawHeaders successorRequestHeaders, Proxy proxy, URL url) throws IOException { |
| if (responseCode != HTTP_PROXY_AUTH && responseCode != HTTP_UNAUTHORIZED) { |
| throw new IllegalArgumentException(); |
| } |
| |
| // Keep asking for username/password until authorized. |
| String challengeHeader = |
| responseCode == HTTP_PROXY_AUTH ? "Proxy-Authenticate" : "WWW-Authenticate"; |
| String credentials = getCredentials(responseHeaders, challengeHeader, proxy, url); |
| if (credentials == null) { |
| return false; // Could not find credentials so end the request cycle. |
| } |
| |
| // Add authorization credentials, bypassing the already-connected check. |
| String fieldName = responseCode == HTTP_PROXY_AUTH ? "Proxy-Authorization" : "Authorization"; |
| successorRequestHeaders.set(fieldName, credentials); |
| return true; |
| } |
| |
| /** |
| * Returns the authorization credentials that may satisfy the challenge. |
| * Returns null if a challenge header was not provided or if credentials |
| * were not available. |
| */ |
| private static String getCredentials(RawHeaders responseHeaders, String challengeHeader, |
| Proxy proxy, URL url) throws IOException { |
| List<Challenge> challenges = parseChallenges(responseHeaders, challengeHeader); |
| if (challenges.isEmpty()) { |
| return null; |
| } |
| |
| for (Challenge challenge : challenges) { |
| // Use the global authenticator to get the password. |
| PasswordAuthentication auth; |
| if (responseHeaders.getResponseCode() == HTTP_PROXY_AUTH) { |
| InetSocketAddress proxyAddress = (InetSocketAddress) proxy.address(); |
| auth = Authenticator.requestPasswordAuthentication(proxyAddress.getHostName(), |
| getConnectToInetAddress(proxy, url), proxyAddress.getPort(), url.getProtocol(), |
| challenge.realm, challenge.scheme, url, Authenticator.RequestorType.PROXY); |
| } else { |
| auth = Authenticator.requestPasswordAuthentication(url.getHost(), |
| getConnectToInetAddress(proxy, url), url.getPort(), url.getProtocol(), challenge.realm, |
| challenge.scheme, url, Authenticator.RequestorType.SERVER); |
| } |
| if (auth == null) { |
| continue; |
| } |
| |
| // Use base64 to encode the username and password. |
| String usernameAndPassword = auth.getUserName() + ":" + new String(auth.getPassword()); |
| byte[] bytes = usernameAndPassword.getBytes("ISO-8859-1"); |
| String encoded = Base64.encode(bytes); |
| return challenge.scheme + " " + encoded; |
| } |
| |
| return null; |
| } |
| |
| private static InetAddress getConnectToInetAddress(Proxy proxy, URL url) throws IOException { |
| return (proxy != null && proxy.type() != Proxy.Type.DIRECT) |
| ? ((InetSocketAddress) proxy.address()).getAddress() : InetAddress.getByName(url.getHost()); |
| } |
| |
| /** |
| * Parse RFC 2617 challenges. This API is only interested in the scheme |
| * name and realm. |
| */ |
| private static List<Challenge> parseChallenges(RawHeaders responseHeaders, |
| String challengeHeader) { |
| // auth-scheme = token |
| // auth-param = token "=" ( token | quoted-string ) |
| // challenge = auth-scheme 1*SP 1#auth-param |
| // realm = "realm" "=" realm-value |
| // realm-value = quoted-string |
| List<Challenge> result = new ArrayList<Challenge>(); |
| for (int h = 0; h < responseHeaders.length(); h++) { |
| if (!challengeHeader.equalsIgnoreCase(responseHeaders.getFieldName(h))) { |
| continue; |
| } |
| String value = responseHeaders.getValue(h); |
| int pos = 0; |
| while (pos < value.length()) { |
| int tokenStart = pos; |
| pos = HeaderParser.skipUntil(value, pos, " "); |
| |
| String scheme = value.substring(tokenStart, pos).trim(); |
| pos = HeaderParser.skipWhitespace(value, pos); |
| |
| // TODO: This currently only handles schemes with a 'realm' parameter; |
| // It needs to be fixed to handle any scheme and any parameters |
| // http://code.google.com/p/android/issues/detail?id=11140 |
| |
| if (!value.regionMatches(pos, "realm=\"", 0, "realm=\"".length())) { |
| break; // Unexpected challenge parameter; give up! |
| } |
| |
| pos += "realm=\"".length(); |
| int realmStart = pos; |
| pos = HeaderParser.skipUntil(value, pos, "\""); |
| String realm = value.substring(realmStart, pos); |
| pos++; // Consume '"' close quote. |
| pos = HeaderParser.skipUntil(value, pos, ","); |
| pos++; // Consume ',' comma. |
| pos = HeaderParser.skipWhitespace(value, pos); |
| result.add(new Challenge(scheme, realm)); |
| } |
| } |
| return result; |
| } |
| |
| /** An RFC 2617 challenge. */ |
| private static final class Challenge { |
| final String scheme; |
| final String realm; |
| |
| Challenge(String scheme, String realm) { |
| this.scheme = scheme; |
| this.realm = realm; |
| } |
| |
| @Override public boolean equals(Object o) { |
| return o instanceof Challenge |
| && ((Challenge) o).scheme.equals(scheme) |
| && ((Challenge) o).realm.equals(realm); |
| } |
| |
| @Override public int hashCode() { |
| return scheme.hashCode() + 31 * realm.hashCode(); |
| } |
| } |
| } |