Changeset 22025b0


Ignore:
Timestamp:
Apr 23, 2013 6:22:48 PM (7 years ago)
Author:
zzz <zzz@…>
Branches:
master
Children:
aa547a16
Parents:
4358d11
Message:
Location:
apps
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • apps/jetty/build.xml

    r4358d11 r22025b0  
    203203                <pathelement location="./jettylib/jetty-http.jar" />
    204204                <pathelement location="./jettylib/jetty-io.jar" />
     205                <pathelement location="./jettylib/jetty-security.jar" />
    205206                <pathelement location="./jettylib/jetty-util.jar" />
    206207                <pathelement location="./jettylib/jetty-xml.jar" />
     
    217218            destdir="./build/obj"
    218219            includeAntRuntime="false"
    219             classpath="../../core/java/build/i2p.jar:./jettylib/commons-logging.jar:./jettylib/javax.servlet.jar:./jettylib/org.mortbay.jetty.jar:./jettylib/jetty-http.jar:./jettylib/jetty-io.jar:./jettylib/jetty-util.jar:./jettylib/jetty-xml.jar" >
     220            classpath="../../core/java/build/i2p.jar:./jettylib/commons-logging.jar:./jettylib/javax.servlet.jar:./jettylib/org.mortbay.jetty.jar:./jettylib/jetty-http.jar:./jettylib/jetty-io.jar:./jettylib/jetty-security.jar:./jettylib/jetty-util.jar:./jettylib/jetty-xml.jar" >
    220221            <compilerarg line="${javac.compilerargs}" />
    221222        </javac>
  • apps/jetty/java/src/net/i2p/jetty/I2PDigestAuthenticator.java

    r4358d11 r22025b0  
    1717//
    1818
    19 package org.eclipse.jetty.security.authentication;
     19package net.i2p.jetty;
    2020
    2121import java.io.IOException;
     
    2626import java.util.concurrent.ConcurrentLinkedQueue;
    2727import java.util.concurrent.ConcurrentMap;
    28 import java.util.concurrent.atomic.AtomicInteger;
    2928
    3029import javax.servlet.ServletRequest;
     
    3736import org.eclipse.jetty.security.ServerAuthException;
    3837import org.eclipse.jetty.security.UserAuthentication;
     38import org.eclipse.jetty.security.authentication.DeferredAuthentication;
     39import org.eclipse.jetty.security.authentication.DigestAuthenticator;
    3940import org.eclipse.jetty.server.Authentication;
    4041import org.eclipse.jetty.server.Authentication.User;
     
    5152
    5253/**
     54 * I2P fixes for out-of-order nonce counts.
     55 * Based on DigestAuthenticator in Jetty 7.6.10.
     56 * Includes the nonce count verification code from Tomcat 7.0.35.
     57 * ref: http://jira.codehaus.org/browse/JETTY-1468 which was closed not-a-bug.
     58 * ref: https://bugs.eclipse.org/bugs/show_bug.cgi?id=336443 in which the
     59 * Jetty implementation was introduced.
     60 *
     61 * @since 0.9.6
     62 *
    5363 * @version $Rev: 4793 $ $Date: 2009-03-19 00:00:01 +0100 (Thu, 19 Mar 2009) $
    5464 *
     
    5666 * using the name "maxNonceAge"
    5767 */
    58 public class DigestAuthenticator extends LoginAuthenticator
     68public class I2PDigestAuthenticator extends DigestAuthenticator
    5969{
    60     private static final Logger LOG = Log.getLogger(DigestAuthenticator.class);
     70    // shadows super
     71    private static final Logger LOG = Log.getLogger(I2PDigestAuthenticator.class);
    6172    SecureRandom _random = new SecureRandom();
    62     private long _maxNonceAgeMs = 60*1000;
     73    // shadows super
     74    private long _maxNonceAgeMs = 60*60*1000L;
    6375    private ConcurrentMap<String, Nonce> _nonceCount = new ConcurrentHashMap<String, Nonce>();
     76    // shadows super
    6477    private Queue<Nonce> _nonceQueue = new ConcurrentLinkedQueue<Nonce>();
     78
     79    /*
     80     * Shadows super
     81     *
     82     * Contains code from Tomcat 7.0.35 DigestAuthenticator.NonceInfo
     83     *
     84     * Licensed to the Apache Software Foundation (ASF) under one or more
     85     * contributor license agreements.  See the NOTICE file distributed with
     86     * this work for additional information regarding copyright ownership.
     87     * The ASF licenses this file to You under the Apache License, Version 2.0
     88     * (the "License"); you may not use this file except in compliance with
     89     * the License.  You may obtain a copy of the License at
     90     *
     91     *      http://www.apache.org/licenses/LICENSE-2.0
     92     *
     93     * Unless required by applicable law or agreed to in writing, software
     94     * distributed under the License is distributed on an "AS IS" BASIS,
     95     * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     96     * See the License for the specific language governing permissions and
     97     * limitations under the License.
     98     */
    6599    private static class Nonce
    66100    {
    67101        final String _nonce;
    68102        final long _ts;
    69         AtomicInteger _nc=new AtomicInteger();
     103        private volatile boolean seen[];
     104        private volatile int offset;
     105        private volatile int count = 0;
     106        private static final int seenWindowSize = 100;
     107
    70108        public Nonce(String nonce, long ts)
    71109        {
    72110            _nonce=nonce;
    73111            _ts=ts;
    74         }
    75     }
    76 
    77     /* ------------------------------------------------------------ */
    78     public DigestAuthenticator()
     112            seen = new boolean[seenWindowSize];
     113            offset = seenWindowSize / 2;
     114        }
     115
     116        public synchronized boolean nonceCountValid(long nonceCount) {
     117            if ((count - offset) >= nonceCount ||
     118                    (nonceCount > count - offset + seen.length)) {
     119                return false;
     120            }
     121            int checkIndex = (int) ((nonceCount + offset) % seen.length);
     122            if (seen[checkIndex]) {
     123                return false;
     124            } else {
     125                seen[checkIndex] = true;
     126                seen[count % seen.length] = false;
     127                count++;
     128                return true;
     129            }
     130        }
     131    }
     132
     133    /* ------------------------------------------------------------ */
     134    public I2PDigestAuthenticator()
    79135    {
    80136        super();
    81137    }
    82138
    83     /* ------------------------------------------------------------ */
    84     /**
    85      * @see org.eclipse.jetty.security.authentication.LoginAuthenticator#setConfiguration(org.eclipse.jetty.security.Authenticator.AuthConfiguration)
     139   
     140    /* ------------------------------------------------------------ */
     141
     142    /**
     143     *  Store local copy since field in super is private
    86144     */
    87145    @Override
    88     public void setConfiguration(AuthConfiguration configuration)
    89     {
    90         super.setConfiguration(configuration);
    91        
    92         String mna=configuration.getInitParameter("maxNonceAge");
    93         if (mna!=null)
    94         {
    95             synchronized (this)
    96             {
    97                 _maxNonceAgeMs=Long.valueOf(mna);
    98             }
    99         }
    100     }
    101    
    102     /* ------------------------------------------------------------ */
    103146    public synchronized void setMaxNonceAge(long maxNonceAgeInMillis)
    104147    {
     148        super.setMaxNonceAge(maxNonceAgeInMillis);
    105149        _maxNonceAgeMs = maxNonceAgeInMillis;
    106150    }
    107151
    108152    /* ------------------------------------------------------------ */
    109     public String getAuthMethod()
    110     {
    111         return Constraint.__DIGEST_AUTH;
    112     }
    113 
    114     /* ------------------------------------------------------------ */
    115     public boolean secureResponse(ServletRequest req, ServletResponse res, boolean mandatory, User validatedUser) throws ServerAuthException
    116     {
    117         return true;
    118     }
    119 
    120     /* ------------------------------------------------------------ */
     153
     154    /**
     155     *  No changes from super
     156     */
     157    @Override
    121158    public Authentication validateRequest(ServletRequest req, ServletResponse res, boolean mandatory) throws ServerAuthException
    122159    {
     
    225262
    226263    /* ------------------------------------------------------------ */
     264
     265    /**
     266     *  No changes from super
     267     */
     268    @Override
    227269    public String newNonce(Request request)
    228270    {
     
    248290     */
    249291    /* ------------------------------------------------------------ */
     292
     293    /**
     294     *  Contains fixes
     295     */
    250296    private int checkNonce(Digest digest, Request request)
    251297    {
     
    275321            if (count>Integer.MAX_VALUE)
    276322                return 0;
    277             int old=nonce._nc.get();
    278             while (!nonce._nc.compareAndSet(old,(int)count))
    279                 old=nonce._nc.get();
    280             if (count<=old)
     323            if (!nonce.nonceCountValid(count)) {
    281324                return -1;
    282  
     325            }
    283326            return 1;
    284327        }
     
    293336    /* ------------------------------------------------------------ */
    294337    /* ------------------------------------------------------------ */
     338
     339    /**
     340     *  Shadows super.
     341     *  No changes from super
     342     */
    295343    private static class Digest extends Credential
    296344    {
  • apps/routerconsole/java/src/net/i2p/router/web/RouterConsoleRunner.java

    r4358d11 r22025b0  
    3030import net.i2p.data.Base32;
    3131import net.i2p.data.DataHelper;
     32import net.i2p.jetty.I2PDigestAuthenticator;
    3233import net.i2p.jetty.I2PLogger;
    3334import net.i2p.router.RouterContext;
     
    106107
    107108    // Jetty Auth
    108     private static final DigestAuthenticator authenticator = new DigestAuthenticator();
     109    private static final DigestAuthenticator authenticator = new I2PDigestAuthenticator();
     110    static {
     111        // default changed from 0 (forever) in Jetty 6 to 60*1000 ms in Jetty 7
     112        authenticator.setMaxNonceAge(7*24*60*60*1000L);
     113    }
    109114    public static final String JETTY_REALM = "i2prouter";
    110115    private static final String JETTY_ROLE = "routerAdmin";
Note: See TracChangeset for help on using the changeset viewer.