private String getWebSocketAccept(String key) throws ServletException { MessageDigest sha1Helper = sha1Helpers.poll(); if (sha1Helper == null) { try { sha1Helper = MessageDigest.getInstance("SHA1"); } catch (NoSuchAlgorithmException e) { throw new ServletException(e); } } sha1Helper.reset(); sha1Helper.update(key.getBytes(B2CConverter.ISO_8859_1)); String result = Base64.encode(sha1Helper.digest(WS_ACCEPT)); sha1Helpers.add(sha1Helper); return result; }
/** * Create a token for the given user id. This will produce a unique * token for this user. Tokens are non-deterministic, so calling this * method multiple times for the same token should result in different * tokens every time. * @param userId the user id to create a token for * @return a token for the user */ private static String newToken(String userId) { MessageDigest md; try { md = MessageDigest.getInstance("SHA"); } catch (NoSuchAlgorithmException nsae) { throw new IllegalStateException("Unable to find SHA", nsae); } md.update(userId.getBytes()); // add some random data to the message to make it unique SecureRandom sr = new SecureRandom(); byte[] buffer = new byte[128]; sr.nextBytes(buffer); md.update(buffer); byte[] res = md.digest(); return new String(Base64.encode(res)); }
private Credentials getCredentials(Request request) { Credentials credentials = null; MessageBytes authorization = request.getCoyoteRequest().getMimeHeaders().getValue("authorization"); if (authorization != null) { authorization.toBytes(); ByteChunk authBC = authorization.getByteChunk(); if (authBC.startsWithIgnoreCase("basic ", 0)) { authBC.setOffset(authBC.getOffset() + 6); CharChunk authCC = authorization.getCharChunk(); Base64.decode(authBC, authCC); String username; String password = null; int colon = authCC.indexOf(':'); if (colon < 0) { username = authCC.toString(); } else { char[] buf = authCC.getBuffer(); username = new String(buf, 0, colon); password = new String(buf, colon + 1, authCC.getEnd() - colon - 1); } authBC.setOffset(authBC.getOffset() - 6); credentials = new Credentials(username, password); } } return credentials; }
@Test public void testKey() throws Exception { Tomcat tomcat = getTomcatInstance(); // No file system docBase required Context ctx = tomcat.addContext("", null); ctx.addApplicationListener(new ApplicationListener( TesterEchoServer.Config.class.getName(), false)); Tomcat.addServlet(ctx, "default", new DefaultServlet()); ctx.addServletMapping("/", "default"); tomcat.start(); WebSocketClient client= new WebSocketClient(getPort()); // Send the WebSocket handshake client.writer.write("GET " + TesterEchoServer.Config.PATH_BASIC + " HTTP/1.1" + CRLF); client.writer.write("Host: foo" + CRLF); client.writer.write("Upgrade: websocket" + CRLF); client.writer.write("Connection: upgrade" + CRLF); client.writer.write("Sec-WebSocket-Version: 13" + CRLF); client.writer.write("Sec-WebSocket-Key: TODO" + CRLF); client.writer.write(CRLF); client.writer.flush(); // Make sure we got an upgrade response String responseLine = client.reader.readLine(); assertTrue(responseLine.startsWith("HTTP/1.1 101")); String accept = null; String responseHeaderLine = client.reader.readLine(); while (!responseHeaderLine.equals("")) { if(responseHeaderLine.startsWith("Sec-WebSocket-Accept: ")) { accept = responseHeaderLine.substring(responseHeaderLine.indexOf(':')+2); break; } responseHeaderLine = client.reader.readLine(); } assertTrue(accept != null); MessageDigest sha1Helper = MessageDigest.getInstance("SHA1"); sha1Helper.reset(); sha1Helper.update("TODO".getBytes(B2CConverter.ISO_8859_1)); String source = Base64.encode(sha1Helper.digest(WS_ACCEPT)); assertEquals(source,accept); sha1Helper.reset(); sha1Helper.update("TOD".getBytes(B2CConverter.ISO_8859_1)); source = Base64.encode(sha1Helper.digest(WS_ACCEPT)); assertFalse(source.equals(accept)); // Finished with the socket client.close(); }
@Test public void testKey() throws Exception { Tomcat tomcat = getTomcatInstance(); // Must have a real docBase - just use temp Context ctx = tomcat.addContext("", System.getProperty("java.io.tmpdir")); ctx.addApplicationListener(new ApplicationListener( TesterEchoServer.Config.class.getName(), false)); Tomcat.addServlet(ctx, "default", new DefaultServlet()); ctx.addServletMapping("/", "default"); tomcat.start(); WebSocketClient client= new WebSocketClient(getPort()); // Send the WebSocket handshake client.writer.write("GET " + TesterEchoServer.Config.PATH_BASIC + " HTTP/1.1" + CRLF); client.writer.write("Host: foo" + CRLF); client.writer.write("Upgrade: websocket" + CRLF); client.writer.write("Connection: upgrade" + CRLF); client.writer.write("Sec-WebSocket-Version: 13" + CRLF); client.writer.write("Sec-WebSocket-Key: TODO" + CRLF); client.writer.write(CRLF); client.writer.flush(); // Make sure we got an upgrade response String responseLine = client.reader.readLine(); assertTrue(responseLine.startsWith("HTTP/1.1 101")); String accept = null; String responseHeaderLine = client.reader.readLine(); while (!responseHeaderLine.equals("")) { if(responseHeaderLine.startsWith("Sec-WebSocket-Accept: ")) { accept = responseHeaderLine.substring(responseHeaderLine.indexOf(":")+2); break; } responseHeaderLine = client.reader.readLine(); } assertTrue(accept != null); MessageDigest sha1Helper = MessageDigest.getInstance("SHA1"); sha1Helper.reset(); sha1Helper.update("TODO".getBytes(B2CConverter.ISO_8859_1)); String source = Base64.encode(sha1Helper.digest(WS_ACCEPT)); assertEquals(source,accept); sha1Helper.reset(); sha1Helper.update("TOD".getBytes(B2CConverter.ISO_8859_1)); source = Base64.encode(sha1Helper.digest(WS_ACCEPT)); assertFalse(source.equals(accept)); // Finished with the socket client.close(); }
