File Doc Category Size Date Package
HttpAuthHeader.java API Doc Android 1.5 API 12267 Wed May 06 22:41:56 BST 2009 android.net.http

HttpAuthHeader

java.lang.Object

public class HttpAuthHeader extends Object

HttpAuthHeader: a class to store HTTP authentication-header parameters. For more information, see: RFC 2617: HTTP Authentication. {@hide}

Fields Summary
public static final String
BASIC_TOKEN
Possible HTTP-authentication header tokens to search for:
public static final String
DIGEST_TOKEN
private static final String
REALM_TOKEN
private static final String
NONCE_TOKEN
private static final String
STALE_TOKEN
private static final String
OPAQUE_TOKEN
private static final String
QOP_TOKEN
private static final String
ALGORITHM_TOKEN
private int
mScheme
An authentication scheme. We currently support two different schemes: HttpAuthHeader.BASIC - basic, and HttpAuthHeader.DIGEST - digest (algorithm=MD5, QOP="auth").
public static final int
UNKNOWN
public static final int
BASIC
public static final int
DIGEST
private boolean
mStale
A flag, indicating that the previous request from the client was rejected because the nonce value was stale. If stale is TRUE (case-insensitive), the client may wish to simply retry the request with a new encrypted response, without reprompting the user for a new username and password.
private String
mRealm
A string to be displayed to users so they know which username and password to use.
private String
mNonce
A server-specified data string which should be uniquely generated each time a 401 response is made.
private String
mOpaque
A string of data, specified by the server, which should be returned by the client unchanged in the Authorization header of subsequent requests with URIs in the same protection space.
private String
mQop
This directive is optional, but is made so only for backward compatibility with RFC 2069 [6]; it SHOULD be used by all implementations compliant with this version of the Digest scheme. If present, it is a quoted string of one or more tokens indicating the "quality of protection" values supported by the server. The value "auth" indicates authentication; the value "auth-int" indicates authentication with integrity protection.
private String
mAlgorithm
A string indicating a pair of algorithms used to produce the digest and a checksum. If this is not present it is assumed to be "MD5".
private boolean
mIsProxy
Is this authentication request a proxy authentication request?
private String
mUsername
Username string we get from the user.
private String
mPassword
Password string we get from the user.
Constructors Summary
public HttpAuthHeader(String header)
Creates a new HTTP-authentication header object from the input header string. The header string is assumed to contain parameters of at most one authentication-scheme (ensured by the caller).
if (header != null) { parseHeader(header); }
Methods Summary
public java.lang.String getAlgorithm()
return
The name of the algorithm used or null if there is none. By default, MD5 is used.
return mAlgorithm;
public java.lang.String getNonce()
return
The nonce value or null if there is none.
return mNonce;
public java.lang.String getOpaque()
return
The opaque value or null if there is none.
return mOpaque;
public java.lang.String getPassword()
return
The password string.
return mPassword;
public java.lang.String getQop()
return
The QOP ("quality-of_protection") value or null if there is none. The QOP value is always lower-case.
return mQop;
public java.lang.String getRealm()
return
The realm value or null if there is none.
return mRealm;
public int getScheme()
return
The authentication scheme requested. We currently support two schemes: HttpAuthHeader.BASIC - basic, and HttpAuthHeader.DIGEST - digest (algorithm=MD5, QOP="auth").
return mScheme;
public boolean getStale()
return
True if indicating that the previous request from the client was rejected because the nonce value was stale.
return mStale;
public java.lang.String getUsername()
return
The username string.
return mUsername;
public boolean isBasic()
return
True iff this is the BASIC-authentication request.
return mScheme == BASIC;
public boolean isDigest()
return
True iff this is the DIGEST-authentication request.
return mScheme == DIGEST;
public boolean isProxy()
return
True iff this is a proxy authentication header.
return mIsProxy;
public boolean isSupportedScheme()
return
True iff the authentication scheme requested by the server is supported; currently supported schemes: BASIC, DIGEST (only algorithm="md5", no qop or qop="auth).
// it is a good idea to enforce non-null realms! if (mRealm != null) { if (mScheme == BASIC) { return true; } else { if (mScheme == DIGEST) { return mAlgorithm.equals("md5") && (mQop == null || mQop.equals("auth")); } } } return false;
private void parseHeader(java.lang.String header)
Parses the header scheme name and then scheme parameters if the scheme is supported.
if (HttpLog.LOGV) { HttpLog.v("HttpAuthHeader.parseHeader(): header: " + header); } if (header != null) { String parameters = parseScheme(header); if (parameters != null) { // if we have a supported scheme if (mScheme != UNKNOWN) { parseParameters(parameters); } } }
private void parseParameter(java.lang.String parameter)
Parses a single authentication scheme parameter. The parameter string is expected to follow the format: PARAMETER=VALUE.
if (parameter != null) { // here, we are looking for the 1st occurence of '=' only!!! int i = parameter.indexOf('="); if (i >= 0) { String token = parameter.substring(0, i).trim(); String value = trimDoubleQuotesIfAny(parameter.substring(i + 1).trim()); if (HttpLog.LOGV) { HttpLog.v("HttpAuthHeader.parseParameter():" + " token: " + token + " value: " + value); } if (token.equalsIgnoreCase(REALM_TOKEN)) { mRealm = value; } else { if (mScheme == DIGEST) { parseParameter(token, value); } } } }
private void parseParameter(java.lang.String token, java.lang.String value)
If the token is a known parameter name, parses and initializes the token value.
if (token != null && value != null) { if (token.equalsIgnoreCase(NONCE_TOKEN)) { mNonce = value; return; } if (token.equalsIgnoreCase(STALE_TOKEN)) { parseStale(value); return; } if (token.equalsIgnoreCase(OPAQUE_TOKEN)) { mOpaque = value; return; } if (token.equalsIgnoreCase(QOP_TOKEN)) { mQop = value.toLowerCase(); return; } if (token.equalsIgnoreCase(ALGORITHM_TOKEN)) { mAlgorithm = value.toLowerCase(); return; } }
private void parseParameters(java.lang.String parameters)
Parses a comma-separated list of authentification scheme parameters.
if (HttpLog.LOGV) { HttpLog.v("HttpAuthHeader.parseParameters():" + " parameters: " + parameters); } if (parameters != null) { int i; do { i = parameters.indexOf(',"); if (i < 0) { // have only one parameter parseParameter(parameters); } else { parseParameter(parameters.substring(0, i)); parameters = parameters.substring(i + 1); } } while (i >= 0); }
private java.lang.String parseScheme(java.lang.String header)
Parses the authentication scheme name. If we have a Digest scheme, sets the algorithm value to the default of MD5.
return
The authentication scheme parameters string to be parsed later (if the scheme is supported) or null if failed to parse the scheme (the header value is null?).
if (header != null) { int i = header.indexOf(' "); if (i >= 0) { String scheme = header.substring(0, i).trim(); if (scheme.equalsIgnoreCase(DIGEST_TOKEN)) { mScheme = DIGEST; // md5 is the default algorithm!!! mAlgorithm = "md5"; } else { if (scheme.equalsIgnoreCase(BASIC_TOKEN)) { mScheme = BASIC; } } return header.substring(i + 1); } } return null;
private void parseStale(java.lang.String value)
Parses and initializes the 'stale' paramer value. Any value different from case-insensitive "true" is considered "false".
if (value != null) { if (value.equalsIgnoreCase("true")) { mStale = true; } }
public void setPassword(java.lang.String password)
Sets the password string.
mPassword = password;
public void setProxy()
Marks this header as a proxy authentication header.
mIsProxy = true;
public void setUsername(java.lang.String username)
Sets the username string.
mUsername = username;
private static java.lang.String trimDoubleQuotesIfAny(java.lang.String value)
Trims double-quotes around a parameter value if there are any.
return
The string value without the outermost pair of double- quotes or null if the original value is null.
if (value != null) { int len = value.length(); if (len > 2 && value.charAt(0) == '\"" && value.charAt(len - 1) == '\"") { return value.substring(1, len - 1); } } return value;