1
2
3
4
5
6
7
8
9
10
11
12
13
14 package waffle.util;
15
16 import javax.servlet.http.HttpServletRequest;
17
18 import com.google.common.io.BaseEncoding;
19
20
21
22
23
24
25 public class AuthorizationHeader {
26
27
28 private final HttpServletRequest request;
29
30
31
32
33
34
35
36 public AuthorizationHeader(final HttpServletRequest httpServletRequest) {
37 this.request = httpServletRequest;
38 }
39
40
41
42
43
44
45 public String getHeader() {
46 return this.request.getHeader("Authorization");
47 }
48
49
50
51
52
53
54 public boolean isNull() {
55 return this.getHeader() == null || this.getHeader().length() == 0;
56 }
57
58
59
60
61
62
63 public String getSecurityPackage() {
64 final String header = this.getHeader();
65
66 if (header == null) {
67 throw new RuntimeException("Missing Authorization: header");
68 }
69
70 final int space = header.indexOf(' ');
71 if (space > 0) {
72 return header.substring(0, space);
73 }
74
75 throw new RuntimeException("Invalid Authorization header: " + header);
76 }
77
78
79
80
81 @Override
82 public String toString() {
83 return this.isNull() ? "<none>" : this.getHeader();
84 }
85
86
87
88
89
90
91 public String getToken() {
92 return this.getHeader().substring(this.getSecurityPackage().length() + 1);
93 }
94
95
96
97
98
99
100 public byte[] getTokenBytes() {
101 try {
102 return BaseEncoding.base64().decode(this.getToken());
103 } catch (final IllegalArgumentException e) {
104 throw new RuntimeException("Invalid authorization header.");
105 }
106 }
107
108
109
110
111
112
113 public boolean isNtlmType1Message() {
114 if (this.isNull()) {
115 return false;
116 }
117
118 final byte[] tokenBytes = this.getTokenBytes();
119 if (!NtlmMessage.isNtlmMessage(tokenBytes)) {
120 return false;
121 }
122
123 return 1 == NtlmMessage.getMessageType(tokenBytes);
124 }
125
126
127
128
129
130
131 public boolean isSPNegoMessage() {
132
133 if (this.isNull()) {
134 return false;
135 }
136
137 final byte[] tokenBytes = this.getTokenBytes();
138 if (!SPNegoMessage.isSPNegoMessage(tokenBytes)) {
139 return false;
140 }
141
142 return true;
143 }
144
145
146
147
148
149
150
151
152
153 public boolean isNtlmType1PostAuthorizationHeader() {
154 if (!this.request.getMethod().equals("POST") && !this.request.getMethod().equals("PUT")) {
155 return false;
156 }
157
158 if (this.request.getContentLength() != 0) {
159 return false;
160 }
161
162 return this.isNtlmType1Message() || this.isSPNegoMessage();
163 }
164 }