如何在JAVA中使用基于SHA-256算法的Digest身份验证实现登录

问题描述

我正在尝试在 Java 中使用 SHA-256 算法实现基于摘要式身份验证的登录，但没有得到太多帮助。我可以使用 POSTMAN 登录并获取 HTTP 状态代码 200，但不确定 POSTMAN 是如何使用 SHA-256 的，Postman 请求配置快照和下面的我的实现，这会引发 SSLHandshakeException。

这是我的代码，我使用它导致握手失败：

import java.util.Arrays;
import java.util.Map;
import java.util.stream.Collectors;

import org.apache.http.*;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.*;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.protocol.HttpClientContext;
import org.apache.http.impl.auth.DigestScheme;
import org.apache.http.impl.client.*;

import junit.framework.Assert;

public class DigestTest {

    private static final String URL = "https://10.0.1.190/API/Web/Login";
    private static final String USER = "admin";
    private static final String PASSWORD = "testing123456";


    public static void main(String[] args) throws Exception {

        new Digesttest().run();
    }

    public void run() throws Exception {
        System.setProperty("https.protocols","TLSv1.2,TLSv1.1,SSLv3");

        HttpPost httpPost = new HttpPost(URL);

        HttpHost target
                = new HttpHost(httpPost.getURI().getHost(),443,"https");
        CredentialsProvider credsProvider = new BasicCredentialsProvider();

        UsernamePasswordCredentials credentials
                = new UsernamePasswordCredentials(USER,PASSWORD);
        credsProvider.setCredentials(
                new AuthScope(target.getHostName(),target.getPort()),credentials);

        CookieStore cookieStore = new BasicCookieStore();

        CloseableHttpClient httpclient
                = HttpClients.custom().setDefaultCookieStore(cookieStore)
                        .setDefaultCredentialsProvider(credsProvider).build();

        try {

            DigestScheme digestAuth = new DigestScheme();

            digestAuth.overrideParamter("qop","auth");
            digestAuth.overrideParamter("nc","0");
            digestAuth.overrideParamter("cnonce",DigestScheme.createCnonce());
            digestAuth.overrideParamter("algorithm","SHA-256");

            AuthCache authCache = new BasicAuthCache();
            authCache.put(target,digestAuth);

            HttpClientContext localContext = HttpClientContext.create();
            localContext.setAuthCache(authCache);

            CloseableHttpResponse response;

            response = httpclient.execute(target,httpPost,localContext);
            Map<String,String> wwwAuth = Arrays
                    .stream(response.getHeaders("WWW-Authenticate")[0]
                            .getElements())
                    .collect(Collectors.toMap(HeaderElement::getName,HeaderElement::getValue));

            // the first call ALWAYS fails with a 401
//            Assert.assertEquals(response.getStatusLine().getStatusCode(),401);

            digestAuth.overrideParamter("opaque",wwwAuth.get("opaque"));
            digestAuth.overrideParamter("nonce",wwwAuth.get("nonce"));
            digestAuth.overrideParamter("realm",wwwAuth.get("Digest realm"));
            Header authenticate = digestAuth.authenticate(credentials,localContext);
            httpPost.addHeader(authenticate);

            response = httpclient.execute(target,localContext);

            // the 2nd call is the real deal
//            Assert.assertEquals(response.getStatusLine().getStatusCode(),200);

            //System.out.println(IoUtils
              //      .toString(response.getEntity().getContent(),"utf-8"));
            System.out.println(response.getEntity().getContent().toString());

        } catch(Exception e){
            System.out.println("Exception : \n"+e);
        } finally {
            httpclient.close();
        }
    }

}

我收到以下异常：

异常： javax.net.ssl.SSLHandshakeException：收到致命警报：handshake_failure

请帮忙修改代码。

解决方法

在邮递员中，您可以将您的请求导出为代码片段（请参阅https://learning.postman.com/docs/sending-requests/generate-code-snippets/ 操作方法）。

在您的情况下，使用 OkHttp 客户端的 java 代码段将是：

OkHttpClient client = new OkHttpClient().newBuilder()
  .build();
MediaType mediaType = MediaType.parse("text/plain");
RequestBody body = RequestBody.create(mediaType,"{}");
Request request = new Request.Builder()
  .url("https://test.it/uri")
  .method("POST",body)
  .addHeader("Authorization","Digest username=\"username\",realm=\"test\",nonce=\"nonce\",uri=\"/uri\",algorithm=\"SHA-256\",response=\"6d46e1187d1e79c88241d4ae0e57eda1cd572dfb027ce9eded02aea499f15695\""
  )
  .addHeader("Content-Type","text/plain")
  .build();
Response response = client.newCall(request).execute();

（请注意，您需要将 username、realm、nonce 和 uri 替换为您的实际值。）。 >

要计算 response 值，您可以在 https://en.wikipedia.org/wiki/Digest_access_authentication 中查看公式（用于 MD5）。

在上面的代码中，使用 SHA256 而不是 MD5 的计算如下：

HA1 = SHA256(username:realm:password) = SHA256(username:test:password) = 338c3ad443d25c378fdcdb90df9f81d42161278b8f1f03276a2d14f0803165f2
HA2 = SHA256(method:digestURI) = SHA256(POST:/uri) = fc51c21830fc2b6ffe97afe3290df89e7c2b1e287d6e373ad4282ce7fe912650
response = SHA256(HA1:nonce:HA2) = SHA256(338c3ad443d25c378fdcdb90df9f81d42161278b8f1f03276a2d14f0803165f2:nonce:fc51c21830fc2b6ffe97afe3290df89e7c2b1e287d6e373ad4282ce7fe912650)
= 6d46e1187d1e79c88241d4ae0e57eda1cd572dfb027ce9eded02aea499f15695

apache-httpclient-4.x authentication digest-authentication java java