package cn.com.superv.ead.common.httpAuth.comm;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Locale;
import java.util.MissingResourceException;
import java.util.Properties;
import java.util.ResourceBundle;
import cn.com.superv.ead.common.ClientInitConf;
import sun.misc.BASE64Encoder;
/**
* 此类提供一些支撑HttpAuth 认证的工具方法
* @author yang,hualong
*
*/
public class UtilHttpAuth {
public final static int BASIC_AUTHEM=1;
public final static int DIGEST_AUTHEM=2;
public final static String AUTH = "Authorization";
public final static String BASIC = "Basic";
public final static String DIGEST = "Digest";
/*以下是digest请求需要的参数*/
public final static String USERNAME="username";
public final static String REALM="realm";
public final static String QOP="qop";
public final static String NONCE="nonce";
public final static String CNONCE="cnonce";
public final static String NCVALUE="nc";
public final static String RESPONSE="response";
public final static String URI="uri";
/* 以下是配置对其配置文件信息*/
public final static String AUTHENTICATIONMODE = "user.authenticationmode";
public final static String USER_USERNAME = "user.username";
public final static String PASSWORD = "user.password";
public final static String PROPERTIES_FILE_PATH="system";
/**
* 此方法用于加密Str 串
* @author yang,hualong
* @param value
* @return
*/
public static String getBASE64(String value)
{
if(value == null)
return null;
BASE64Encoder BaseEncode = new BASE64Encoder();
return(BaseEncode.encode(value.getBytes()));
}
public static String calcMD5(String str)
{
try {
MessageDigest alga = MessageDigest.getInstance("MD5");
alga.update(str.getBytes());
byte[] digesta = alga.digest();
return byte2hex(digesta);
}
catch (NoSuchAlgorithmException ex) {
//System.out.println("出错了!!");
}
return "NULL";
}
private static String byte2hex(byte[] b)
{
String hs = "";
String stmp = "";
for (int n = 0; n < b.length; n++) {
stmp = (Integer.toHexString(b[n] & 0XFF));
if (stmp.length() == 1)
hs = hs + "0" + stmp;
else
hs = hs + stmp;
if (n < b.length - 1)
hs = hs + "";
}
return hs;
}
/**
* 写一个截取需要Basic认证的字符串的方法
* @param subKeyWord
* @param basic
* @return
* 如果不存在当前子串则直接返回null;
*/
public static String getBasicAuthInfo(String httpAuthKeyWord) {
String basic;
int index1 = httpAuthKeyWord.indexOf(AUTH);
int index2 = httpAuthKeyWord.indexOf("\r\n", index1);
int index = index1 + AUTH.length() + 1;
if (index1 == -1 || index2 == -1||index==-1) {
return null;
}
basic = httpAuthKeyWord.substring(index, index2);
if (basic.indexOf(BASIC) == -1) {
return null;
}
return basic;
}
/**
* 写一个截取需要Digetst认证的字符串的方法
* @param subKeyWord
* @param basic
* @return
* 如果不存在当前子串则直接返回null;
*/
public static String getDigestAuthInfo(String httpAuthKeyWord) {
String digest;
int index1 = httpAuthKeyWord.indexOf(AUTH);
int index2 = httpAuthKeyWord.indexOf("\r\n", index1);
int index = index1 + AUTH.length() + 1;
if (index1 == -1 || index2 == -1) {
return null;
}
if(index==-1){
return null;
}
digest = httpAuthKeyWord.substring(index, index2);
if (digest.indexOf(DIGEST) == -1) {
return null;
}
return digest;
}
/**
* 获取 digest类型请求param
* @author yang,hualong
* @param digestParam 需要查找的字符串
* @param digest digest类型字符串
* @return
*/
public static String getDigestParam(String digest, String digestParam) {
int index1, index2 = 0;
/* 校验username */
if (digest == null || digestParam ==null) {
return null;
}
if ((index1 = digest.indexOf(digestParam + "=\"")) == -1) {
return null;
}
index1 = index1 + new String(digestParam + "=\"").length();
if ((index2 = digest.indexOf("\"", index1)) == -1) {
return null;
}
return digest.substring(index1, index2);
}
/*以下部分用于读取配置文件中的信息*/
public static String getAuthenticationMode(String authenticationMode){
return ClientInitConf.getEcitsConf(authenticationMode);
}
public static String getUsername(String username){
return ClientInitConf.getEcitsConf(username);
}
public static String getPassword(String password){
return ClientInitConf.getEcitsConf(password);
}
public static void main(String[] args) {
//验证Basic信息的方法
System.out.println("javaind\r\n");
String authBasicInfo=getDigestAuthInfo("AuthorizationjavaabWVhY2hhbHlhbmc6bWVhY2hhbHlhbm\"c=dddddddddddddddddusername=\"fffffff\"fffDigestffff\"ffffffff\"fffff\r\nfffff\"ffffffffffffffffffffffff");
String test="dddddddddddddddddusername=\"fffffff3333333333333\" ";
// getDigestParam(test,"username");
System.out.println(getDigestParam(test,"username"));
}
}
/**
* 此方用于请求的Http鉴权认证
* @author yang,hualong
* @param res
* @param baos
* @param nc
*/
private void httpAuthentication(HttpServletResponse res,
ByteArrayOutputStream baos, int nc) {
// 获取配置文件中的HttpAuth属性
String AuthenticationMode=UtilHttpAuth.getAuthenticationMode(UtilHttpAuth.AUTHENTICATIONMODE);
int intAuthenticationMode=Integer.parseInt(AuthenticationMode);
if (intAuthenticationMode==UtilHttpAuth.BASIC_AUTHEM)
{
if (basicAuth(res, baos) == false)
{
return;
}
}
else if (intAuthenticationMode ==UtilHttpAuth.DIGEST_AUTHEM)
{
if (digestAuth(res, baos, nc) == false)
{
return;
}
}
}
/**
* 此方法用于basic认证校验
* @param rsp
* @param baos
* @return
*/
private boolean basicAuth(HttpServletResponse rsp,ByteArrayOutputStream baos)
{
//String httpKeyWord=baos.toString();
// String httpKeyWord=baos.toString();
// String basic= UtilHttpAuth.getBasicAuthInfo(httpKeyWord);
String basic=UtilHttpAuth.getBasicAuthInfo("AuthorizationjavaabWVhY2hhbHlhbmc6bWVhY2hhbHlhbmc=dddddddddddddddddddddddffffffffffBasicfffffffffffffffff\r\nfffffffffffffffffffffffffffff");
String username=UtilHttpAuth.getAuthenticationMode(UtilHttpAuth.USER_USERNAME);
String password=UtilHttpAuth.getAuthenticationMode(UtilHttpAuth.PASSWORD);
if(basic==null||basic.indexOf(UtilHttpAuth.getBASE64(username + ":" + password)) == -1)
{
sendBasicReq(rsp);
return false;
}
return true;
}
private void sendBasicReq(HttpServletResponse rsp)
{
StringBuffer sb = new StringBuffer();
ServletOutputStream sender = null;
rsp.setStatus(401,"Authorization Required");
sb.append("Basic realm=\"" +UtilHttpAuth.REALM + "\"");
rsp.addHeader("WWW-Authenticate",sb.toString());
try
{
sender = rsp.getOutputStream();
sender.write("".getBytes());
sender.flush();
}
catch(Exception e)
{
System.err.println(e);
}
}
/**
* digest认证方式
* @param rsp
* @param baos
* @param nc
* @return
*/
private boolean digestAuth(HttpServletResponse rsp,ByteArrayOutputStream baos,int nc)
{
int index1 = 0,index2 = 0;
String digest,temp;
String username,realm,qop,nonce,ncValue,cnonce,response,uri;
String MD5A1,MD5A2;
/*检查序列化后的字符串是否包含Auth关键字*/
String httpAuthKeyWord=baos.toString();
digest=UtilHttpAuth.getDigestAuthInfo("AuthorizationjavaabWVhY2hhbHlhbmc6bWVhY2hhbHlhbmc=dddddddddusername=\"meachalyang\"realm=\"realm\"qop=\"auth\"uri=\"uri\"realm=\"realm\"fDigestfffffffffffffffff\r\nfffffffffffffffffffffffffffff");
// digest = UtilHttpAuth.getDigestAuthInfo(httpAuthKeyWord);
if(digest==null){
sendDigestReq(rsp);
return false;
}
/*校验username*/
username=UtilHttpAuth.getDigestParam(digest,UtilHttpAuth.USERNAME);
String conf_username=UtilHttpAuth.getAuthenticationMode(UtilHttpAuth.USER_USERNAME);
if(username==null||!username.equals(conf_username))
{
sendDigestReq(rsp);
return false;
}
realm = UtilHttpAuth.getDigestParam(digest, UtilHttpAuth.REALM);
if(realm==null||!realm.equals(UtilHttpAuth.REALM)){
sendDigestReq(rsp);
return false;
}
/*校验qop*/
qop=UtilHttpAuth.getDigestParam(digest, UtilHttpAuth.QOP);
if(qop==null||!qop.equals("auth"))
{
sendDigestReq(rsp);
return false;
}
/*取得uri*/
uri=UtilHttpAuth.getDigestParam(digest, UtilHttpAuth.URI);
if(uri==null){
sendDigestReq(rsp);
return false;
}
/*校验nonce*/
nonce = UtilHttpAuth.getDigestParam(digest, UtilHttpAuth.NONCE);
if(nonce==null||!nonce.equals(UtilHttpAuth.getBASE64("--NextPart_0_2817_24856")))
{
sendDigestReq(rsp);
return false;
}
/*校验nc*/
if((index1 = digest.indexOf("nc=")) == -1)
{
sendDigestReq(rsp);
return false;
}
index1 = index1 + new String("nc").length()+1;
if((index2 = digest.indexOf(",",index1)) == -1)
{
sendDigestReq(rsp);
return false;
}
ncValue = digest.substring(index1,index2);
if(Integer.parseInt(ncValue) != nc)
{
sendDigestReq(rsp);
return false;
}
/*取得cnonce*/
cnonce = UtilHttpAuth.getDigestParam(digest, UtilHttpAuth.CNONCE);
if(cnonce==null){
sendDigestReq(rsp);
return false;
}
/*校验response*/
response = UtilHttpAuth.getDigestParam(digest, UtilHttpAuth.RESPONSE).trim();
if(response==null){
sendDigestReq(rsp);
return false;
}
String password=UtilHttpAuth.getAuthenticationMode(UtilHttpAuth.PASSWORD);
String name=UtilHttpAuth.getAuthenticationMode(UtilHttpAuth.USER_USERNAME);
MD5A1 = UtilHttpAuth.calcMD5(name+ ":" + UtilHttpAuth.REALM+ ":" + password);
MD5A2 = UtilHttpAuth.calcMD5("POST" + ":" + uri);
temp = UtilHttpAuth.calcMD5(MD5A1 + ":" + nonce + ":" + ncValue + ":" + cnonce + ":" + qop + ":" + MD5A2);
if(!temp.trim().equals(response))
{
sendDigestReq(rsp);
return false;
}
return true;
}
测试数据:
String digest=UtilHttpAuth.getDigestAuthInfo("AuthorizationjavaabWVhY2hhbHlhbmc6bWVhY2hhbHlhbmc=dddddddddusername=\"meachalyang\"realm=\"realm\"qop=\"auth\"uri=\"uri\"nonce=\"LS1OZXh0UGFydF8wXzI4MTdfMjQ4NTY=\"nc=1,cnonce=\"conce\"response=\"92dcf380bc94a077df83623d7e3e793e\"Digestfffffffffffffffff\r\nfffffffffffffffffffffffffffff");
String basic=UtilHttpAuth.getBasicAuthInfo("AuthorizationjavaabWVhY2hhbHlhbmc6bWVhY2hhbHlhbmc=dddddddddddddddddddddddffffffffffBasicfffffffffffffffff\r\nfffffffffffffffffffffffffffff");