ok2c commented on code in PR #597:
URL:
https://github.com/apache/httpcomponents-client/pull/597#discussion_r1826566335
##########
httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/DigestScheme.java:
##########
@@ -590,4 +618,27 @@ private boolean containsInvalidABNFChars(final String
value) {
}
return false;
}
+
+ /**
+ * Resolves the specified algorithm name to a standard form based on
recognized algorithm suffixes.
+ * <p>
+ * This method translates session-based algorithms (e.g., "-sess" suffix)
to their base forms
+ * for correct MessageDigest usage. If no algorithm is specified or
"MD5-sess" is provided,
+ * it defaults to "MD5". The method also maps "SHA-512-256" to
"SHA-512/256" to align with
+ * Java's naming for SHA-512/256.
+ * </p>
+ *
+ * @param algorithm the algorithm name to resolve, such as "MD5-sess",
"SHA-256-sess", or "SHA-512-256-sess"
+ * @return the resolved base algorithm name, or the original algorithm
name if no mapping applies
+ */
+ private String resolveAlgorithm(final String algorithm) {
+ if (algorithm == null || algorithm.equalsIgnoreCase("MD5-sess")) {
Review Comment:
@arturobernalg Maybe we should use an enum to represent supported algorithms?
##########
httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/DigestScheme.java:
##########
@@ -367,7 +365,7 @@ private String createDigestResponse(final HttpRequest
request) throws Authentica
}
// 3.2.2.2: Calculating digest
- if ("MD5-sess".equalsIgnoreCase(algorithm)) {
+ if ("MD5-sess".equalsIgnoreCase(algorithm) ||
"SHA-256-sess".equalsIgnoreCase(algorithm) ||
"SHA-512-256-sess".equalsIgnoreCase(algorithm)) {
Review Comment:
@arturobernalg You might want to se a set here
##########
httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/DigestScheme.java:
##########
@@ -520,22 +523,47 @@ static String formatHex(final byte[] binaryData) {
buffer[i * 2] = HEXADECIMAL[high];
buffer[(i * 2) + 1] = HEXADECIMAL[low];
}
-
return new String(buffer);
}
+
/**
- * Creates a random cnonce value based on the current time.
+ * Creates a random cnonce value based on the specified algorithm's
expected entropy.
+ * Adjusts the length of the byte array based on the algorithm to ensure
sufficient entropy.
*
- * @return The cnonce value as String.
+ * @param algorithm the algorithm for which the cnonce is being generated
(e.g., "MD5", "SHA-256", "SHA-512-256").
+ * @return The cnonce value as a byte array.
+ * @since 5.5
*/
- static byte[] createCnonce() {
+ static byte[] createCnonce(final String algorithm) {
final SecureRandom rnd = new SecureRandom();
- final byte[] tmp = new byte[8];
+ final int length;
+ switch (algorithm.toUpperCase()) {
+ case "SHA-256":
+ case "SHA-512/256":
+ length = 32;
+ break;
+ case "MD5":
+ default:
+ length = 16;
+ break;
+ }
+ final byte[] tmp = new byte[length];
rnd.nextBytes(tmp);
return tmp;
}
+ /**
+ * Creates a random cnonce value based on the current time.
+ *
+ * @return The cnonce value as String.
+ * @deprecated Use {@link DigestScheme#createCnonce(String)} instead.
+ */
+ @Deprecated
+ static byte[] createCnonce() {
Review Comment:
@arturobernalg This method is package private. Just delete it.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org
