Skip to content

Introduce digest access authentication with SHA-256 #13236

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: jetty-12.1.x
Choose a base branch
from
Open

Introduce digest access authentication with SHA-256 #13236

wants to merge 4 commits into from
+30 −10

Conversation

arsenalzp
Copy link
Contributor

This is the draft PR related to #13127 which introduced SHA-256 algorithm for Digest access authentication.
In case this implementation is OK I will add related extension of Credential class and tests, of course.

@joakime joakime moved this to 👀 In review in Jetty 12.1.0 Jun 11, 2025
@joakime joakime requested a review from sbordet June 11, 2025 21:34
@joakime joakime requested a review from gregw June 11, 2025 21:35
sbordet
sbordet requested changes Jun 12, 2025
View reviewed changes
@sbordet sbordet self-requested a review June 13, 2025 19:54
@arsenalzp
Introduce digest access authentication with SHA-256
6b24431 
Signed-off-by: Oleksandr Krutko <[email protected]>

improve DigestAuthenticator algorithm for SHA-256

Signed-off-by: Oleksandr Krutko <[email protected]>

Improve DigestAuthenticator class

Signed-off-by: Oleksandr Krutko <[email protected]>
@arsenalzp
Copy link
Contributor Author

Hello,
Are you colleagues satisfied by this solution?
If so I will proceed with tests and SHA256 credentials class

sbordet
sbordet requested changes Jun 16, 2025
View reviewed changes
...ty-security/src/main/java/org/eclipse/jetty/security/authentication/DigestAuthenticator.java Outdated
@@ -58,7 +58,18 @@ public class DigestAuthenticator extends LoginAuthenticator
private final ConcurrentMap<String, Nonce> _nonceMap = new ConcurrentHashMap<>();
private long _maxNonceAgeMs = 60 * 1000;
private int _maxNC = 1024;
private String algorithm = "MD5";
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fields of this class are prefixed with _, so change this to _algorithm.

...ty-security/src/main/java/org/eclipse/jetty/security/authentication/DigestAuthenticator.java Outdated
@Override
public boolean check(Object credentials)
{
{
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remove these spaces.

...ty-security/src/main/java/org/eclipse/jetty/security/authentication/DigestAuthenticator.java Outdated
if (credentials instanceof char[])
credentials = new String((char[])credentials);
String password = (credentials instanceof String) ? (String)credentials : credentials.toString();

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remove spaces.

...ty-security/src/main/java/org/eclipse/jetty/security/authentication/DigestAuthenticator.java Outdated
}
catch (Exception e)
return stringEquals(TypeUtil.toString(md.digest(), 16).toLowerCase(), response == null ? null : response.toLowerCase());

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remove empty line.

...ty-security/src/main/java/org/eclipse/jetty/security/authentication/DigestAuthenticator.java Outdated
{
LOG.warn("Unable to process digest", e);
}

return false;
return false;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fix indentation.

...ty-security/src/main/java/org/eclipse/jetty/security/authentication/DigestAuthenticator.java Outdated
}

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remove spaces.

@sbordet
Copy link
Contributor

sbordet commented Jun 16, 2025

@arsenalzp looks good, but please follow suggestions in my review.

@arsenalzp
Copy link
Contributor Author

@arsenalzp looks good, but please follow suggestions in my review.

I'm in business trip right now, I will review and do all remaining parts on weekend.
Do we have time yet?

@gregw
Copy link
Contributor

gregw commented Jun 18, 2025

@arsenalzp We might make those changes for you so we can get this into a build this week. They are all just formatting and naming. Thanks for the contribution!

@gregw @sbordet
Apply suggestions from code review
eb89ad1 
Applying review comments

Co-authored-by: Simone Bordet <[email protected]>
@gregw
Apply suggestions from code review
81d45bf 
more format  and name fixes
@gregw gregw requested a review from sbordet June 18, 2025 20:50
@gregw
Copy link
Contributor

gregw commented Jun 18, 2025

@sbordet I applied your suggestions and fixed some others. Can you re-review if this builds OK?

@gregw
Copy link
Contributor

gregw commented Jun 18, 2025

@sbordet dang! Looks like I broke this build, I'll fix somehow

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gregw gregw gregw left review comments

@sbordet sbordet sbordet approved these changes

Assignees
No one assigned
Labels
Enhancement
Projects
Jetty 12.1.0
Status: 👀 In review
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@arsenalzp @sbordet @gregw @joakime