From fa714a1a2689c287623242627adc3a38c3773600 Mon Sep 17 00:00:00 2001
From: Arturo Bernal <abernal@apache.org>
Date: Tue, 5 Dec 2023 22:52:10 +0100
Subject: [PATCH] avoid duplicate code. avoid append username and with UTF-*
 for hash

---
 .../hc/client5/http/impl/auth/DigestScheme.java      | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/DigestScheme.java b/httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/DigestScheme.java
index 52d10058c9..144ace8707 100644
--- a/httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/DigestScheme.java
+++ b/httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/DigestScheme.java
@@ -346,7 +346,7 @@ private String createDigestResponse(final HttpRequest request) throws Authentica
 
 
         // Extract username and username*
-        final String username = credentials.getUserName();
+        String username = credentials.getUserName();
         String encodedUsername = null;
         // Check if 'username' has invalid characters and use 'username*'
         if (username != null && containsInvalidABNFChars(username)) {
@@ -358,6 +358,7 @@ private String createDigestResponse(final HttpRequest request) throws Authentica
             final String usernameRealm = username + ":" + realm;
             final byte[] hashedBytes = digester.digest(usernameRealm.getBytes(StandardCharsets.UTF_8));
             usernameForDigest = formatHex(hashedBytes); // Use hashed username for digest
+            username = usernameForDigest;
         } else if (encodedUsername != null) {
             usernameForDigest = encodedUsername; // Use encoded username for digest
         } else {
@@ -371,13 +372,13 @@ private String createDigestResponse(final HttpRequest request) throws Authentica
             //      ":" unq(cnonce-value)
 
             // calculated one per session
-            buffer.append(usernameForDigest).append(":").append(credentials.getUserPassword());
+            buffer.append(username).append(":").append(credentials.getUserPassword());
             final String checksum = formatHex(digester.digest(this.buffer.toByteArray()));
             buffer.reset();
             buffer.append(checksum).append(":").append(nonce).append(":").append(cnonce);
         } else {
             // unq(username-value) ":" unq(realm-value) ":" passwd
-            buffer.append(usernameForDigest).append(":").append(credentials.getUserPassword());
+            buffer.append(username).append(":").append(credentials.getUserPassword());
         }
         a1 = buffer.toByteArray();
 
@@ -441,6 +442,7 @@ private String createDigestResponse(final HttpRequest request) throws Authentica
         if (this.userhashSupported) {
             // Use hashed username for the 'username' parameter
             params.add(new BasicNameValuePair("username", usernameForDigest));
+            params.add(new BasicNameValuePair("userhash", "true"));
         } else if (encodedUsername != null) {
             // Use encoded 'username*' parameter
             params.add(new BasicNameValuePair("username*", encodedUsername));
@@ -465,10 +467,6 @@ private String createDigestResponse(final HttpRequest request) throws Authentica
             params.add(new BasicNameValuePair("opaque", opaque));
         }
 
-        if (this.userhashSupported) {
-            params.add(new BasicNameValuePair("userhash", "true"));
-        }
-
         for (int i = 0; i < params.size(); i++) {
             final BasicNameValuePair param = params.get(i);
             if (i > 0) {