From f2a6a6496fb90f71d2f7facdc1798e28b0737248 Mon Sep 17 00:00:00 2001
From: jwilson <jwilson@squareup.com>
Date: Sun, 3 Nov 2013 13:58:08 -0500
Subject: [PATCH] Fix a bug where authentication was incorrectly case
 sensitive.

---
 .../internal/http/HttpAuthenticator.java      |  6 ++---
 .../internal/http/URLConnectionTest.java      | 23 +++++++++++++++----
 2 files changed, 21 insertions(+), 8 deletions(-)

diff --git a/okhttp/src/main/java/com/squareup/okhttp/internal/http/HttpAuthenticator.java b/okhttp/src/main/java/com/squareup/okhttp/internal/http/HttpAuthenticator.java
index 63f39e47f..1ad36898e 100644
--- a/okhttp/src/main/java/com/squareup/okhttp/internal/http/HttpAuthenticator.java
+++ b/okhttp/src/main/java/com/squareup/okhttp/internal/http/HttpAuthenticator.java
@@ -39,7 +39,7 @@ public final class HttpAuthenticator {
     @Override public Credential authenticate(
         Proxy proxy, URL url, List<Challenge> challenges) throws IOException {
       for (Challenge challenge : challenges) {
-        if (!"Basic".equals(challenge.getScheme())) {
+        if (!"Basic".equalsIgnoreCase(challenge.getScheme())) {
           continue;
         }
 
@@ -56,7 +56,7 @@ public final class HttpAuthenticator {
     @Override public Credential authenticateProxy(
         Proxy proxy, URL url, List<Challenge> challenges) throws IOException {
       for (Challenge challenge : challenges) {
-        if (!"Basic".equals(challenge.getScheme())) {
+        if (!"Basic".equalsIgnoreCase(challenge.getScheme())) {
           continue;
         }
 
@@ -146,7 +146,7 @@ public final class HttpAuthenticator {
         //       It needs to be fixed to handle any scheme and any parameters
         //       http://code.google.com/p/android/issues/detail?id=11140
 
-        if (!value.regionMatches(pos, "realm=\"", 0, "realm=\"".length())) {
+        if (!value.regionMatches(true, pos, "realm=\"", 0, "realm=\"".length())) {
           break; // Unexpected challenge parameter; give up!
         }
 
diff --git a/okhttp/src/test/java/com/squareup/okhttp/internal/http/URLConnectionTest.java b/okhttp/src/test/java/com/squareup/okhttp/internal/http/URLConnectionTest.java
index 5af2812cc..7725f3d15 100644
--- a/okhttp/src/test/java/com/squareup/okhttp/internal/http/URLConnectionTest.java
+++ b/okhttp/src/test/java/com/squareup/okhttp/internal/http/URLConnectionTest.java
@@ -16,16 +16,16 @@
 
 package com.squareup.okhttp.internal.http;
 
-import com.squareup.okhttp.mockwebserver.MockResponse;
-import com.squareup.okhttp.mockwebserver.MockWebServer;
-import com.squareup.okhttp.mockwebserver.RecordedRequest;
-import com.squareup.okhttp.mockwebserver.SocketPolicy;
 import com.squareup.okhttp.HttpResponseCache;
 import com.squareup.okhttp.OkHttpClient;
 import com.squareup.okhttp.internal.RecordingAuthenticator;
 import com.squareup.okhttp.internal.RecordingHostnameVerifier;
 import com.squareup.okhttp.internal.RecordingOkAuthenticator;
 import com.squareup.okhttp.internal.SslContextBuilder;
+import com.squareup.okhttp.mockwebserver.MockResponse;
+import com.squareup.okhttp.mockwebserver.MockWebServer;
+import com.squareup.okhttp.mockwebserver.RecordedRequest;
+import com.squareup.okhttp.mockwebserver.SocketPolicy;
 import java.io.ByteArrayOutputStream;
 import java.io.File;
 import java.io.IOException;
@@ -76,11 +76,11 @@ import org.junit.Before;
 import org.junit.Ignore;
 import org.junit.Test;
 
+import static com.squareup.okhttp.OkAuthenticator.Credential;
 import static com.squareup.okhttp.mockwebserver.SocketPolicy.DISCONNECT_AT_END;
 import static com.squareup.okhttp.mockwebserver.SocketPolicy.DISCONNECT_AT_START;
 import static com.squareup.okhttp.mockwebserver.SocketPolicy.SHUTDOWN_INPUT_AT_END;
 import static com.squareup.okhttp.mockwebserver.SocketPolicy.SHUTDOWN_OUTPUT_AT_END;
-import static com.squareup.okhttp.OkAuthenticator.Credential;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNull;
@@ -1480,6 +1480,19 @@ public final class URLConnectionTest {
     }
   }
 
+  /** https://github.com/square/okhttp/issues/342 */
+  @Test public void authenticateRealmUppercase() throws Exception {
+    server.enqueue(new MockResponse().setResponseCode(401)
+        .addHeader("wWw-aUtHeNtIcAtE: bAsIc rEaLm=\"pRoTeCtEd aReA\"")
+        .setBody("Please authenticate."));
+    server.enqueue(new MockResponse().setBody("Successful auth!"));
+    server.play();
+
+    Authenticator.setDefault(new RecordingAuthenticator());
+    HttpURLConnection connection = client.open(server.getUrl("/"));
+    assertEquals("Successful auth!", readAscii(connection.getInputStream(), Integer.MAX_VALUE));
+  }
+
   @Test public void redirectedWithChunkedEncoding() throws Exception {
     testRedirected(TransferKind.CHUNKED, true);
   }