Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement username* validation and decoding in DigestScheme #511

Merged
merged 1 commit into from
Dec 8, 2023
Merged

Implement username* validation and decoding in DigestScheme #511

merged 1 commit into from
Dec 8, 2023

Conversation

arturobernalg
Copy link
Member

Introduces validation and decoding logic for the 'username*' field in the DigestScheme class. The changes ensure compliance with RFC 7616 and RFC 5987 by handling cases where the 'username' contains characters not allowed in an ABNF quoted-string.

ok2c
ok2c requested changes Dec 3, 2023
View reviewed changes
httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/DigestScheme.java Outdated

// Extract username and username*
String username = credentials.getUserName();
final String usernameStar = paramMap.get("username*");
Copy link
Member

@ok2c ok2c Dec 3, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@arturobernalg This looks wrong. The server is not supposed to be sending us username* in the auth challenge, or at any rate, we should not be using it. We should only be using the username provided by CredentialsProvider.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

HI @ok2c
you're right. Please do another pass.
TY

@arturobernalg arturobernalg force-pushed the username_validaions_2 branch 4 times, most recently from fa714a1 to 3fcc9f6 Compare December 5, 2023 21:52
@arturobernalg arturobernalg requested a review from ok2c December 5, 2023 21:56
ok2c
ok2c approved these changes Dec 6, 2023
View reviewed changes
httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/RFC5987Codec.java Outdated
if (u != -1 && l != -1) {
bb.put((byte) ((u << 4) + l));
} else {
throw new IllegalArgumentException("Invalid percent encoding in " + s);
Copy link
Member

@ok2c ok2c Dec 6, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@arturobernalg Can we throw a better exception here, like CodingException of some sort, which could be caught at a higher level and translated in a proper protocol exception?

httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/RFC5987Codec.java Outdated
* should not be used as part of the public API.
*/
@Internal
class RFC5987Codec {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@arturobernalg There is a similar implementation in the HttpRFC7578Multipart class. Could you please get rid of it in this or a follow-up change-set?

@arturobernalg
Implement username* validation and decoding in DigestScheme
9dab859 
Introduces validation and decoding logic for the 'username*' field in the DigestScheme class. The changes ensure compliance with RFC 7616 and RFC 5987 by handling cases where the 'username' contains characters not allowed in an ABNF quoted-string.
@arturobernalg
Copy link
Member Author

@ok2c please take another look.

@arturobernalg arturobernalg requested a review from ok2c December 7, 2023 18:50
@arturobernalg arturobernalg merged commit d03511c into apache:5.4.x Dec 8, 2023
7 checks passed
ok2c pushed a commit that referenced this pull request Dec 13, 2023
@arturobernalg @ok2c
Implement username* validation and decoding in DigestScheme (#511)
94e43b2 
Introduces validation and decoding logic for the 'username*' field in the DigestScheme class. The changes ensure compliance with RFC 7616 and RFC 5987 by handling cases where the 'username' contains characters not allowed in an ABNF quoted-string.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ok2c ok2c ok2c approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@arturobernalg @ok2c