Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add NextNonceInterceptor for nextnonce extraction from Authentication-Info headers #596

Merged
merged 1 commit into from
Nov 3, 2024
Merged

Add NextNonceInterceptor for nextnonce extraction from Authentication-Info headers #596

merged 1 commit into from
Nov 3, 2024

Conversation

arturobernalg
Copy link
Member

This PR introduces the NextNonceInterceptor to process HTTP responses with Authentication-Info headers by extracting the nextnonce parameter, as specified in RFC 7616. The interceptor checks for the presence of this header, retrieves the nextnonce value if available, and stores it within the HttpContext under the attribute auth-nextnonce. This mechanism supports secure client authentication workflows by allowing continuity in nonce-based authentication challenges.

@arturobernalg arturobernalg requested a review from ok2c November 1, 2024 13:20
ok2c
ok2c requested changes Nov 2, 2024
View reviewed changes
httpclient5/src/main/java/org/apache/hc/client5/http/protocol/NextNonceInterceptor.java
Args.notNull(response, "HTTP response");
Args.notNull(context, "HTTP context");

final Header header = response.getFirstHeader(AUTHENTICATION_INFO_HEADER);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@arturobernalg This can be made more efficient by checking if the header is FormattedHeader and re-using its internal attributes and eliminating an extra intermediate String.

        if (header instanceof FormattedHeader) {
            final CharArrayBuffer buf = ((FormattedHeader) header).getBuffer();
            final ParserCursor cursor = new ParserCursor(0, buf.length());
            cursor.updatePos(((FormattedHeader) header).getValuePos());
            parseNextNonce(buf, cursor;
        } else {
            final String value = header.getValue();
            final ParserCursor cursor = new ParserCursor(0, value.length());
            parseNextNonce(buf, cursor;

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/DigestScheme.java Outdated

if (context != null) {
final HttpClientContext clientContext = HttpClientContext.cast(context);
final String nextNonce = clientContext.getAttribute("auth-nextnonce", String.class);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@arturobernalg Maybe this deserves being an attribute in the context. Up to you.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ok2c that is a good idea. I made all the necessary change.

@arturobernalg arturobernalg requested a review from ok2c November 2, 2024 15:29
ok2c
ok2c requested changes Nov 3, 2024
View reviewed changes
httpclient5/src/main/java/org/apache/hc/client5/http/protocol/NextNonceInterceptor.java Outdated
* @param cursor the {@link ParserCursor} used to navigate through the buffer content
* @return the extracted {@code nextnonce} parameter value, or {@code null} if the parameter is not found
*/
private String parseNextNonce(final CharArrayBuffer buffer, final ParserCursor cursor) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@arturobernalg Please use CharSequence instead of CharArrayBuffer here.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

httpclient5/src/main/java/org/apache/hc/client5/http/protocol/NextNonceInterceptor.java Outdated
} else {
final String headerValue = header.getValue();
final ParserCursor cursor = new ParserCursor(0, headerValue.length());
final CharArrayBuffer buf = new CharArrayBuffer(headerValue.length());
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@arturobernalg This intermediate buffer will become unnecessary.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done.

@arturobernalg
Added NextNonceInterceptor to check the Authentication-Info header …
e1fbf1a 
…in HTTP Digest Access Authentication, extracting the `nextnonce` parameter when present and storing it in `HttpClientContext`. This supports compliance with RFC 7616, enhancing client authentication continuity.
@arturobernalg arturobernalg requested a review from ok2c November 3, 2024 10:17
@arturobernalg arturobernalg merged commit 40d6ba4 into apache:master Nov 3, 2024
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ok2c ok2c ok2c approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@arturobernalg @ok2c