java - Digest authentication in Android using HttpURLConnection -

-

as question allready says, trying digest authentication in android.
until have used defaulthttpclient , it's authentication method (using usernamepasswordcredentials , on), deprecated since android 5 , removed in android 6.
switch defaulthttpclient httpurlconnection.
trying achieve digest authentication, should work pretty simple explained here:

authenticator.setdefault(new authenticator() {     protected passwordauthentication getpasswordauthentication() {         return new passwordauthentication(username, password);     } });

but getpasswordauthentication gets never called reason.
during search problem found different posts, saying digest authentication not supported httpurlconnection in android, posts 2010-2012, not sure if still true. using httpurlconnection digest authentication in our desktop java application, work.

i found posts, talking okhttp. okhttp seems used android under hood (to more specific httpurlconnectionimpl). httpurlconnectionimpl bit strange, not shown in eclipse type hierarchy , not able debug it. should com.squareup.okhttp.internal.huc.httpurlconnectionimpl, while in android com.android.okhttp.internal.http.httpurlconnectionimpl.

so not able digest authentication httpurlconnection in android.
can tell me how without external libraries?

edit:
server asks digest authentication: 

www-authenticate: digest realm="realm name",domain="/domain",nonce="nonce",algorithm=md5,qop="auth"

so basic-authentication shouldn' work, server asking digest.

the answer is, httpurlconnection not support digest.

you therefore have implement rfc2617 yourself.

you can use following code baseline implementation: http digest auth android.

the steps involve (see rfc2617 reference):

  • if 401 response, iterate on www-authenticate headers , parse them:
    • check if algorithm md5 or undefined, (optionally select auth qop option), otherwise ignore challenge , go next header.
    • get credentials using authenticator.requestpasswordauthentication.
    • calculate h(a1) using username, realm , password.
    • store canonical root url, realm, ha1, username, nonce (+ optionally algorithm, opaque , client selected qop option if present).
    • retry request.
  • on each request, iterate on realms have session information stored canonical root url:
    • calculate h(a2) using request method , path.
    • calculate h(a3) using ha1, nonce (+ optionally nc, cnonce, qop) , ha2.
    • build , add authorization header httpurlconnection.
  • implement sort of session pruning.

by using authenticator, can make sure, httpurlconnection supports digest natively, code not being used anymore (because wont receive 401 in first place).

this quick summary on how implement it, idea.

if want go further implement sha256 well: rfc7616


Comments

Post a Comment

Popular posts from this blog

java - Date formats difference between yyyy-MM-dd'T'HH:mm:ss and yyyy-MM-dd'T'HH:mm:ssXXX -

-
i trying parse date 2014-12-03t10:05:59.5646+08:00 using these 2 formats: yyyy-mm-dd't'hh:mm:ss yyyy-mm-dd't'hh:mm:ssxxx when parse using yyyy-mm-dd't'hh:mm:ss works fine, when parse yyyy-mm-dd't'hh:mm:ssxxx parseexception thrown. which correct format parse date , difference between these 2 formats? note : cannot use joda :( those valid formats: yyyy-mm-dd't'hh:mm:ss.sssz >>> e.g.: 2001-07-04t12:08:56.235-0700 yyyy-mm-dd't'hh:mm:ss.sssxxx >>> e.g.: 2001-07-04t12:08:56.235-07:00 edit: btw, "x" refer (iso 8601 time zone)
Read more

c# - Get rid of xmlns attribute when adding node to existing xml -

-
i have xml-file: <ns2:root xmlns:ns2="namespace"> <ns2:a> <ns2:b>some content</b> <ns2:c>some content</c> <ns2:d>some content</d> </a> </root> i need add new node in specific place, code is: var doc = xdocument.load(file); xnamespace ns2 = "namespace"; doc.element(ns2 + "root").element(ns2 + "a").element(ns2 + "c").addafterself( new xelement(ns2+"new", new xelement("new1", new xelement("new2","some content"), new xelement("new3", "some content")))); the output is: <ns2:root xmlns:ns2="namespace"> <ns2:a> <ns2:b>some content</b> <ns2:c>some content</c> <ns2:new> <new1 xmlns=""> <new2>some content</new2> ...
Read more