avoid duplicate code.

avoid append username and with UTF-* for hash
apache · Dec 5, 2023 · fa714a1 · fa714a1
1 parent 46a4604
commit fa714a1
Showing 1 changed file with 5 additions and 7 deletions.
diff --git a/httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/DigestScheme.java b/httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/DigestScheme.java
@@ -346,7 +346,7 @@ private String createDigestResponse(final HttpRequest request) throws Authentica
 
 
         // Extract username and username*
-        final String username = credentials.getUserName();
+        String username = credentials.getUserName();
         String encodedUsername = null;
         // Check if 'username' has invalid characters and use 'username*'
         if (username != null && containsInvalidABNFChars(username)) {
@@ -358,6 +358,7 @@ private String createDigestResponse(final HttpRequest request) throws Authentica
             final String usernameRealm = username + ":" + realm;
             final byte[] hashedBytes = digester.digest(usernameRealm.getBytes(StandardCharsets.UTF_8));
             usernameForDigest = formatHex(hashedBytes); // Use hashed username for digest
+            username = usernameForDigest;
         } else if (encodedUsername != null) {
             usernameForDigest = encodedUsername; // Use encoded username for digest
         } else {
@@ -371,13 +372,13 @@ private String createDigestResponse(final HttpRequest request) throws Authentica
             //      ":" unq(cnonce-value)
 
             // calculated one per session
-            buffer.append(usernameForDigest).append(":").append(credentials.getUserPassword());
+            buffer.append(username).append(":").append(credentials.getUserPassword());
             final String checksum = formatHex(digester.digest(this.buffer.toByteArray()));
             buffer.reset();
             buffer.append(checksum).append(":").append(nonce).append(":").append(cnonce);
         } else {
             // unq(username-value) ":" unq(realm-value) ":" passwd
-            buffer.append(usernameForDigest).append(":").append(credentials.getUserPassword());
+            buffer.append(username).append(":").append(credentials.getUserPassword());
         }
         a1 = buffer.toByteArray();
 
@@ -441,6 +442,7 @@ private String createDigestResponse(final HttpRequest request) throws Authentica
         if (this.userhashSupported) {
             // Use hashed username for the 'username' parameter
             params.add(new BasicNameValuePair("username", usernameForDigest));
+            params.add(new BasicNameValuePair("userhash", "true"));
         } else if (encodedUsername != null) {
             // Use encoded 'username*' parameter
             params.add(new BasicNameValuePair("username*", encodedUsername));
@@ -465,10 +467,6 @@ private String createDigestResponse(final HttpRequest request) throws Authentica
             params.add(new BasicNameValuePair("opaque", opaque));
         }
 
-        if (this.userhashSupported) {
-            params.add(new BasicNameValuePair("userhash", "true"));
-        }
-
         for (int i = 0; i < params.size(); i++) {
             final BasicNameValuePair param = params.get(i);
             if (i > 0) {