src/main/java/com/squareup/okhttp/internal/http/HttpAuthenticator.java - platform/external/okhttp - Git at Google

 /*
  * Copyright (C) 2012 Square, Inc.
  * Copyright (C) 2011 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package com.squareup.okhttp.internal.http;

 import com.squareup.okhttp.OkAuthenticator;
 import com.squareup.okhttp.OkAuthenticator.Challenge;
 import java.io.IOException;
 import java.net.Authenticator;
 import java.net.InetAddress;
 import java.net.InetSocketAddress;
 import java.net.PasswordAuthentication;
 import java.net.Proxy;
 import java.net.URL;
 import java.util.ArrayList;
 import java.util.List;

 import static com.squareup.okhttp.OkAuthenticator.Credential;
 import static java.net.HttpURLConnection.HTTP_PROXY_AUTH;
 import static java.net.HttpURLConnection.HTTP_UNAUTHORIZED;

 /** Handles HTTP authentication headers from origin and proxy servers. */
 public final class HttpAuthenticator {
   /** Uses the global authenticator to get the password. */
   public static final OkAuthenticator SYSTEM_DEFAULT = new OkAuthenticator() {
     @Override public Credential authenticate(
         Proxy proxy, URL url, List<Challenge> challenges) throws IOException {
       for (Challenge challenge : challenges) {
         if (!"Basic".equalsIgnoreCase(challenge.getScheme())) {
           continue;
         }

         PasswordAuthentication auth = Authenticator.requestPasswordAuthentication(url.getHost(),
             getConnectToInetAddress(proxy, url), url.getPort(), url.getProtocol(),
             challenge.getRealm(), challenge.getScheme(), url, Authenticator.RequestorType.SERVER);
         if (auth != null) {
           return Credential.basic(auth.getUserName(), new String(auth.getPassword()));
         }
       }
       return null;
     }

     @Override public Credential authenticateProxy(
         Proxy proxy, URL url, List<Challenge> challenges) throws IOException {
       for (Challenge challenge : challenges) {
         if (!"Basic".equalsIgnoreCase(challenge.getScheme())) {
           continue;
         }

         InetSocketAddress proxyAddress = (InetSocketAddress) proxy.address();
         PasswordAuthentication auth = Authenticator.requestPasswordAuthentication(
             proxyAddress.getHostName(), getConnectToInetAddress(proxy, url), proxyAddress.getPort(),
             url.getProtocol(), challenge.getRealm(), challenge.getScheme(), url,
             Authenticator.RequestorType.PROXY);
         if (auth != null) {
           return Credential.basic(auth.getUserName(), new String(auth.getPassword()));
         }
       }
       return null;
     }

     private InetAddress getConnectToInetAddress(Proxy proxy, URL url) throws IOException {
       return (proxy != null && proxy.type() != Proxy.Type.DIRECT)
           ? ((InetSocketAddress) proxy.address()).getAddress()
           : InetAddress.getByName(url.getHost());
     }
   };

   private HttpAuthenticator() {
   }

   /**
    * React to a failed authorization response by looking up new credentials.
    *
    * @return true if credentials have been added to successorRequestHeaders
    *         and another request should be attempted.
    */
   public static boolean processAuthHeader(OkAuthenticator authenticator, int responseCode,
       RawHeaders responseHeaders, RawHeaders successorRequestHeaders, Proxy proxy, URL url)
       throws IOException {
     String responseField;
     String requestField;
     if (responseCode == HTTP_UNAUTHORIZED) {
       responseField = "WWW-Authenticate";
       requestField = "Authorization";
     } else if (responseCode == HTTP_PROXY_AUTH) {
       responseField = "Proxy-Authenticate";
       requestField = "Proxy-Authorization";
     } else {
       throw new IllegalArgumentException(); // TODO: ProtocolException?
     }
     List<Challenge> challenges = parseChallenges(responseHeaders, responseField);
     if (challenges.isEmpty()) {
       return false; // Could not find a challenge so end the request cycle.
     }
     Credential credential = responseHeaders.getResponseCode() == HTTP_PROXY_AUTH
         ? authenticator.authenticateProxy(proxy, url, challenges)
         : authenticator.authenticate(proxy, url, challenges);
     if (credential == null) {
       return false; // Could not satisfy the challenge so end the request cycle.
     }
     // Add authorization credentials, bypassing the already-connected check.
     successorRequestHeaders.set(requestField, credential.getHeaderValue());
     return true;
   }

   /**
    * Parse RFC 2617 challenges. This API is only interested in the scheme
    * name and realm.
    */
   private static List<Challenge> parseChallenges(RawHeaders responseHeaders,
       String challengeHeader) {
     // auth-scheme = token
     // auth-param  = token "=" ( token | quoted-string )
     // challenge   = auth-scheme 1*SP 1#auth-param
     // realm       = "realm" "=" realm-value
     // realm-value = quoted-string
     List<Challenge> result = new ArrayList<Challenge>();
     for (int h = 0; h < responseHeaders.length(); h++) {
       if (!challengeHeader.equalsIgnoreCase(responseHeaders.getFieldName(h))) {
         continue;
       }
       String value = responseHeaders.getValue(h);
       int pos = 0;
       while (pos < value.length()) {
         int tokenStart = pos;
         pos = HeaderParser.skipUntil(value, pos, " ");

         String scheme = value.substring(tokenStart, pos).trim();
         pos = HeaderParser.skipWhitespace(value, pos);

         // TODO: This currently only handles schemes with a 'realm' parameter;
         //       It needs to be fixed to handle any scheme and any parameters
         //       http://code.google.com/p/android/issues/detail?id=11140

         if (!value.regionMatches(true, pos, "realm=\"", 0, "realm=\"".length())) {
           break; // Unexpected challenge parameter; give up!
         }

         pos += "realm=\"".length();
         int realmStart = pos;
         pos = HeaderParser.skipUntil(value, pos, "\"");
         String realm = value.substring(realmStart, pos);
         pos++; // Consume '"' close quote.
         pos = HeaderParser.skipUntil(value, pos, ",");
         pos++; // Consume ',' comma.
         pos = HeaderParser.skipWhitespace(value, pos);
         result.add(new Challenge(scheme, realm));
       }
     }
     return result;
   }
 }
	/*
	* Copyright (C) 2012 Square, Inc.
	* Copyright (C) 2011 The Android Open Source Project
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package com.squareup.okhttp.internal.http;

	import com.squareup.okhttp.OkAuthenticator;
	import com.squareup.okhttp.OkAuthenticator.Challenge;
	import java.io.IOException;
	import java.net.Authenticator;
	import java.net.InetAddress;
	import java.net.InetSocketAddress;
	import java.net.PasswordAuthentication;
	import java.net.Proxy;
	import java.net.URL;
	import java.util.ArrayList;
	import java.util.List;

	import static com.squareup.okhttp.OkAuthenticator.Credential;
	import static java.net.HttpURLConnection.HTTP_PROXY_AUTH;
	import static java.net.HttpURLConnection.HTTP_UNAUTHORIZED;

	/** Handles HTTP authentication headers from origin and proxy servers. */
	public final class HttpAuthenticator {
	/** Uses the global authenticator to get the password. */
	public static final OkAuthenticator SYSTEM_DEFAULT = new OkAuthenticator() {
	@Override public Credential authenticate(
	Proxy proxy, URL url, List<Challenge> challenges) throws IOException {
	for (Challenge challenge : challenges) {
	if (!"Basic".equalsIgnoreCase(challenge.getScheme())) {
	continue;
	}

	PasswordAuthentication auth = Authenticator.requestPasswordAuthentication(url.getHost(),
	getConnectToInetAddress(proxy, url), url.getPort(), url.getProtocol(),
	challenge.getRealm(), challenge.getScheme(), url, Authenticator.RequestorType.SERVER);
	if (auth != null) {
	return Credential.basic(auth.getUserName(), new String(auth.getPassword()));
	}
	}
	return null;
	}

	@Override public Credential authenticateProxy(
	Proxy proxy, URL url, List<Challenge> challenges) throws IOException {
	for (Challenge challenge : challenges) {
	if (!"Basic".equalsIgnoreCase(challenge.getScheme())) {
	continue;
	}

	InetSocketAddress proxyAddress = (InetSocketAddress) proxy.address();
	PasswordAuthentication auth = Authenticator.requestPasswordAuthentication(
	proxyAddress.getHostName(), getConnectToInetAddress(proxy, url), proxyAddress.getPort(),
	url.getProtocol(), challenge.getRealm(), challenge.getScheme(), url,
	Authenticator.RequestorType.PROXY);
	if (auth != null) {
	return Credential.basic(auth.getUserName(), new String(auth.getPassword()));
	}
	}
	return null;
	}

	private InetAddress getConnectToInetAddress(Proxy proxy, URL url) throws IOException {
	return (proxy != null && proxy.type() != Proxy.Type.DIRECT)
	? ((InetSocketAddress) proxy.address()).getAddress()
	: InetAddress.getByName(url.getHost());
	}
	};

	private HttpAuthenticator() {
	}

	/**
	* React to a failed authorization response by looking up new credentials.
	*
	* @return true if credentials have been added to successorRequestHeaders
	* and another request should be attempted.
	*/
	public static boolean processAuthHeader(OkAuthenticator authenticator, int responseCode,
	RawHeaders responseHeaders, RawHeaders successorRequestHeaders, Proxy proxy, URL url)
	throws IOException {
	String responseField;
	String requestField;
	if (responseCode == HTTP_UNAUTHORIZED) {
	responseField = "WWW-Authenticate";
	requestField = "Authorization";
	} else if (responseCode == HTTP_PROXY_AUTH) {
	responseField = "Proxy-Authenticate";
	requestField = "Proxy-Authorization";
	} else {
	throw new IllegalArgumentException(); // TODO: ProtocolException?
	}
	List<Challenge> challenges = parseChallenges(responseHeaders, responseField);
	if (challenges.isEmpty()) {
	return false; // Could not find a challenge so end the request cycle.
	}
	Credential credential = responseHeaders.getResponseCode() == HTTP_PROXY_AUTH
	? authenticator.authenticateProxy(proxy, url, challenges)
	: authenticator.authenticate(proxy, url, challenges);
	if (credential == null) {
	return false; // Could not satisfy the challenge so end the request cycle.
	}
	// Add authorization credentials, bypassing the already-connected check.
	successorRequestHeaders.set(requestField, credential.getHeaderValue());
	return true;
	}

	/**
	* Parse RFC 2617 challenges. This API is only interested in the scheme
	* name and realm.
	*/
	private static List<Challenge> parseChallenges(RawHeaders responseHeaders,
	String challengeHeader) {
	// auth-scheme = token
	// auth-param = token "=" ( token \| quoted-string )
	// challenge = auth-scheme 1*SP 1#auth-param
	// realm = "realm" "=" realm-value
	// realm-value = quoted-string
	List<Challenge> result = new ArrayList<Challenge>();
	for (int h = 0; h < responseHeaders.length(); h++) {
	if (!challengeHeader.equalsIgnoreCase(responseHeaders.getFieldName(h))) {
	continue;
	}
	String value = responseHeaders.getValue(h);
	int pos = 0;
	while (pos < value.length()) {
	int tokenStart = pos;
	pos = HeaderParser.skipUntil(value, pos, " ");

	String scheme = value.substring(tokenStart, pos).trim();
	pos = HeaderParser.skipWhitespace(value, pos);

	// TODO: This currently only handles schemes with a 'realm' parameter;
	// It needs to be fixed to handle any scheme and any parameters
	// http://code.google.com/p/android/issues/detail?id=11140

	if (!value.regionMatches(true, pos, "realm=\"", 0, "realm=\"".length())) {
	break; // Unexpected challenge parameter; give up!
	}

	pos += "realm=\"".length();
	int realmStart = pos;
	pos = HeaderParser.skipUntil(value, pos, "\"");
	String realm = value.substring(realmStart, pos);
	pos++; // Consume '"' close quote.
	pos = HeaderParser.skipUntil(value, pos, ",");
	pos++; // Consume ',' comma.
	pos = HeaderParser.skipWhitespace(value, pos);
	result.add(new Challenge(scheme, realm));
	}
	}
	return result;
	}
	}