1 package com.jsql.util;
2
3 import com.jsql.model.InjectionModel;
4 import org.apache.commons.codec.digest.DigestUtils;
5 import org.apache.commons.lang3.StringUtils;
6 import org.apache.logging.log4j.LogManager;
7 import org.apache.logging.log4j.Logger;
8
9 import java.net.MalformedURLException;
10 import java.net.URI;
11 import java.net.URISyntaxException;
12 import java.net.URL;
13 import java.net.http.HttpRequest.Builder;
14 import java.util.AbstractMap.SimpleEntry;
15 import java.util.Arrays;
16 import java.util.Map;
17 import java.util.stream.Collectors;
18
19 public class DigestUtil {
20
21
22
23
24 private static final Logger LOGGER = LogManager.getRootLogger();
25
26 private String tokenDigest = null;
27
28 private final InjectionModel injectionModel;
29
30 public DigestUtil(InjectionModel injectionModel) {
31 this.injectionModel = injectionModel;
32 }
33
34 public void parseWwwAuthenticate(Map<String, String> mapResponse) {
35 if (
36 mapResponse.containsKey(HeaderUtil.WWW_AUTHENTICATE_RESPONSE)
37 && mapResponse.get(HeaderUtil.WWW_AUTHENTICATE_RESPONSE).trim().startsWith("Digest")
38 ) {
39 String[] digestParts = StringUtils.split(
40 mapResponse.get(HeaderUtil.WWW_AUTHENTICATE_RESPONSE).replaceAll("(?i)^\\s*Digest", StringUtils.EMPTY),
41 ","
42 );
43
44 Map<String, String> cookieValues = Arrays.stream(digestParts)
45 .map(cookie -> {
46 String[] cookieEntry = StringUtils.split(cookie, "=");
47 return new SimpleEntry<>(
48 cookieEntry[0].trim(),
49 cookieEntry[1].trim()
50 );
51 })
52 .collect(
53 Collectors.toMap(SimpleEntry::getKey, SimpleEntry::getValue)
54 );
55
56 String realm = cookieValues.get("realm").replace("\"", StringUtils.EMPTY);
57 String qop = cookieValues.get("qop").replace("\"", StringUtils.EMPTY);
58 String nonce = cookieValues.get("nonce").replace("\"", StringUtils.EMPTY);
59
60 try {
61 String username = this.injectionModel.getMediatorUtils().getAuthenticationUtil().getUsernameAuthentication();
62 String password = this.injectionModel.getMediatorUtils().getAuthenticationUtil().getPasswordAuthentication();
63 String nc = "00000001";
64 String cnonce = "2ecb0e39da79fcb5aa6ffb1bd45cb3bb";
65
66 URL url = new URI(this.injectionModel.getMediatorUtils().getConnectionUtil().getUrlByUser()).toURL();
67 String path = url.getFile();
68
69 String ha1 = DigestUtils.md5Hex(
70 String.format("%s:%s:%s", username, realm, password)
71 );
72 String ha2 = DigestUtils.md5Hex(
73 String.format("%s:%s", this.injectionModel.getMediatorUtils().getConnectionUtil().getTypeRequest(), path)
74 );
75 String response = DigestUtils.md5Hex(
76 String.format("%s:%s:%s:%s:%s:%s", ha1, nonce, nc, cnonce, qop, ha2)
77 );
78
79 this.tokenDigest = String.format(
80 "Digest username=\"%s\",realm=\"%s\",nonce=\"%s\",uri=\"%s\",cnonce=\"%s\",nc=%s,response=\"%s\",qop=\"%s\"",
81 username, realm, nonce, path, cnonce, nc, response, qop
82 );
83 } catch (MalformedURLException | URISyntaxException e) {
84 LOGGER.error("Incorrect URL", e);
85 }
86 }
87 }
88
89 public void addHeaderToken(Builder httpRequest) {
90 if (this.tokenDigest == null) {
91 return;
92 }
93 httpRequest.setHeader("Authorization", this.tokenDigest);
94 }
95
96 public boolean isDigest() {
97 return this.tokenDigest != null;
98 }
99
100 public void setTokenDigest(String tokenDigest) {
101 this.tokenDigest = tokenDigest;
102 }
103
104 public String getTokenDigest() {
105 return this.tokenDigest;
106 }
107 }