Index: src/java/org/apache/commons/httpclient/auth/DigestScheme.java =================================================================== RCS file: /home/cvspublic/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/auth/DigestScheme.java,v retrieving revision 1.6 diff -u -r1.6 DigestScheme.java --- src/java/org/apache/commons/httpclient/auth/DigestScheme.java 13 Aug 2003 19:57:10 -0000 1.6 +++ src/java/org/apache/commons/httpclient/auth/DigestScheme.java 4 Sep 2003 08:58:33 -0000 @@ -220,6 +220,7 @@ String cnonce = (String) params.get("cnonce"); String qop = (String) params.get("qop"); String method = (String) params.get("methodname"); + String algorithm = (String) params.get("algorithm"); if (qop != null) { qop = "auth"; @@ -236,16 +237,35 @@ } // Calculating digest according to rfc 2617 + + String a1 = null; + if(algorithm.equals("MD5")) { + // unq(username-value) ":" unq(realm-value) ":" passwd + a1 = uname + ":" + realm + ":" + pwd; + } else if(algorithm.equals("MD5-sess")) { + // H( unq(username-value) ":" unq(realm-value) ":" passwd ) + // ":" unq(nonce-value) + // ":" unq(cnonce-value) + + String tmp=encode(md5Helper.digest(HttpConstants.getBytes( + uname + ":" + realm + ":" + pwd))); + + a1 = tmp + ":" + nonce + ":" + cnonce; + } else { + LOG.warn("Unhandled algorithm " + algorithm + " requested"); + a1 = uname + ":" + realm + ":" + pwd; + } + String md5a1 = encode(md5Helper.digest(HttpConstants.getBytes(a1))); + String serverDigestValue; + String a2 = method + ":" + uri; String md5a2 = encode(md5Helper.digest(HttpConstants.getBytes(a2))); - String digestValue = uname + ":" + realm + ":" + pwd; - String md5a1 - = encode(md5Helper.digest(HttpConstants.getBytes(digestValue))); - String serverDigestValue; if (qop == null) { + LOG.debug("Using null qop method"); serverDigestValue = md5a1 + ":" + nonce + ":" + md5a2; } else { + LOG.debug("Using qop method " + qop); serverDigestValue = md5a1 + ":" + nonce + ":" + nc + ":" + cnonce + ":" + qop + ":" + md5a2; } @@ -283,12 +303,11 @@ String opaque = (String) params.get("opaque"); String response = digest; String qop = (String) params.get("qop"); + String algorithm = (String) params.get("algorithm"); if (qop != null) { qop = "auth"; //we only support auth } - - String algorithm = "MD5"; //we only support MD5 sb.append("username=\"" + uname + "\"") .append(", realm=\"" + realm + "\"")