OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/http/http_auth_handler_digest.h" | 5 #include "net/http/http_auth_handler_digest.h" |
6 | 6 |
7 #include <string> | 7 #include <string> |
8 | 8 |
9 #include "base/logging.h" | 9 #include "base/logging.h" |
10 #include "base/md5.h" | 10 #include "base/md5.h" |
11 #include "base/rand_util.h" | 11 #include "base/rand_util.h" |
12 #include "base/strings/string_util.h" | 12 #include "base/strings/string_util.h" |
13 #include "base/strings/stringprintf.h" | 13 #include "base/strings/stringprintf.h" |
14 #include "base/strings/utf_string_conversions.h" | 14 #include "base/strings/utf_string_conversions.h" |
15 #include "net/base/net_errors.h" | 15 #include "net/base/net_errors.h" |
16 #include "net/base/net_string_util.h" | 16 #include "net/base/net_string_util.h" |
17 #include "net/base/net_util.h" | 17 #include "net/base/net_util.h" |
18 #include "net/http/http_auth.h" | 18 #include "net/http/http_auth.h" |
19 #include "net/http/http_auth_challenge_tokenizer.h" | 19 #include "net/http/http_auth_challenge_tokenizer.h" |
20 #include "net/http/http_request_info.h" | 20 #include "net/http/http_request_info.h" |
21 #include "net/http/http_util.h" | 21 #include "net/http/http_util.h" |
22 #include "url/gurl.h" | 22 #include "url/gurl.h" |
23 | 23 |
24 namespace net { | 24 namespace net { |
25 | 25 |
| 26 static const char* const kDigestSchemeName = "digest"; |
| 27 |
26 // Digest authentication is specified in RFC 2617. | 28 // Digest authentication is specified in RFC 2617. |
27 // The expanded derivations are listed in the tables below. | 29 // The expanded derivations are listed in the tables below. |
28 | 30 |
29 //==========+==========+==========================================+ | 31 //==========+==========+==========================================+ |
30 // qop |algorithm | response | | 32 // qop |algorithm | response | |
31 //==========+==========+==========================================+ | 33 //==========+==========+==========================================+ |
32 // ? | ?, md5, | MD5(MD5(A1):nonce:MD5(A2)) | | 34 // ? | ?, md5, | MD5(MD5(A1):nonce:MD5(A2)) | |
33 // | md5-sess | | | 35 // | md5-sess | | |
34 //--------- +----------+------------------------------------------+ | 36 //--------- +----------+------------------------------------------+ |
35 // auth, | ?, md5, | MD5(MD5(A1):nonce:nc:cnonce:qop:MD5(A2)) | | 37 // auth, | ?, md5, | MD5(MD5(A1):nonce:nc:cnonce:qop:MD5(A2)) | |
(...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
106 handler->swap(tmp_handler); | 108 handler->swap(tmp_handler); |
107 return OK; | 109 return OK; |
108 } | 110 } |
109 | 111 |
110 HttpAuth::AuthorizationResult HttpAuthHandlerDigest::HandleAnotherChallenge( | 112 HttpAuth::AuthorizationResult HttpAuthHandlerDigest::HandleAnotherChallenge( |
111 HttpAuthChallengeTokenizer* challenge) { | 113 HttpAuthChallengeTokenizer* challenge) { |
112 // Even though Digest is not connection based, a "second round" is parsed | 114 // Even though Digest is not connection based, a "second round" is parsed |
113 // to differentiate between stale and rejected responses. | 115 // to differentiate between stale and rejected responses. |
114 // Note that the state of the current handler is not mutated - this way if | 116 // Note that the state of the current handler is not mutated - this way if |
115 // there is a rejection the realm hasn't changed. | 117 // there is a rejection the realm hasn't changed. |
116 if (!base::LowerCaseEqualsASCII(challenge->scheme(), "digest")) | 118 if (!challenge->SchemeIs(kDigestSchemeName)) |
117 return HttpAuth::AUTHORIZATION_RESULT_INVALID; | 119 return HttpAuth::AUTHORIZATION_RESULT_INVALID; |
118 | 120 |
119 HttpUtil::NameValuePairsIterator parameters = challenge->param_pairs(); | 121 HttpUtil::NameValuePairsIterator parameters = challenge->param_pairs(); |
120 | 122 |
121 // Try to find the "stale" value, and also keep track of the realm | 123 // Try to find the "stale" value, and also keep track of the realm |
122 // for the new challenge. | 124 // for the new challenge. |
123 std::string original_realm; | 125 std::string original_realm; |
124 while (parameters.GetNext()) { | 126 while (parameters.GetNext()) { |
125 if (base::LowerCaseEqualsASCII(parameters.name(), "stale")) { | 127 if (base::LowerCaseEqualsASCII(parameters.name(), "stale")) { |
126 if (base::LowerCaseEqualsASCII(parameters.value(), "true")) | 128 if (base::LowerCaseEqualsASCII(parameters.value(), "true")) |
(...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
181 // | 183 // |
182 // Note that according to RFC 2617 (section 1.2) the realm is required. | 184 // Note that according to RFC 2617 (section 1.2) the realm is required. |
183 // However we allow it to be omitted, in which case it will default to the | 185 // However we allow it to be omitted, in which case it will default to the |
184 // empty string. | 186 // empty string. |
185 // | 187 // |
186 // This allowance is for better compatibility with webservers that fail to | 188 // This allowance is for better compatibility with webservers that fail to |
187 // send the realm (See http://crbug.com/20984 for an instance where a | 189 // send the realm (See http://crbug.com/20984 for an instance where a |
188 // webserver was not sending the realm with a BASIC challenge). | 190 // webserver was not sending the realm with a BASIC challenge). |
189 bool HttpAuthHandlerDigest::ParseChallenge( | 191 bool HttpAuthHandlerDigest::ParseChallenge( |
190 HttpAuthChallengeTokenizer* challenge) { | 192 HttpAuthChallengeTokenizer* challenge) { |
191 auth_scheme_ = HttpAuth::AUTH_SCHEME_DIGEST; | 193 auth_scheme_ = kDigestSchemeName; |
192 score_ = 2; | |
193 properties_ = ENCRYPTS_IDENTITY; | |
194 | 194 |
195 // Initialize to defaults. | 195 // Initialize to defaults. |
196 stale_ = false; | 196 stale_ = false; |
197 algorithm_ = ALGORITHM_UNSPECIFIED; | 197 algorithm_ = ALGORITHM_UNSPECIFIED; |
198 qop_ = QOP_UNSPECIFIED; | 198 qop_ = QOP_UNSPECIFIED; |
199 realm_ = original_realm_ = nonce_ = domain_ = opaque_ = std::string(); | 199 realm_ = original_realm_ = nonce_ = domain_ = opaque_ = std::string(); |
200 | 200 |
201 // FAIL -- Couldn't match auth-scheme. | 201 // FAIL -- Couldn't match auth-scheme. |
202 if (!base::LowerCaseEqualsASCII(challenge->scheme(), "digest")) | 202 if (!challenge->SchemeIs(kDigestSchemeName)) |
203 return false; | 203 return false; |
204 | 204 |
205 HttpUtil::NameValuePairsIterator parameters = challenge->param_pairs(); | 205 HttpUtil::NameValuePairsIterator parameters = challenge->param_pairs(); |
206 | 206 |
207 // Loop through all the properties. | 207 // Loop through all the properties. |
208 while (parameters.GetNext()) { | 208 while (parameters.GetNext()) { |
209 // FAIL -- couldn't parse a property. | 209 // FAIL -- couldn't parse a property. |
210 if (!ParseChallengeProperty(parameters.name(), | 210 if (!ParseChallengeProperty(parameters.name(), |
211 parameters.value())) | 211 parameters.value())) |
212 return false; | 212 return false; |
(...skipping 161 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
374 // TODO(eroman): Supposedly IIS server requires quotes surrounding qop. | 374 // TODO(eroman): Supposedly IIS server requires quotes surrounding qop. |
375 authorization += ", qop=" + QopToString(qop_); | 375 authorization += ", qop=" + QopToString(qop_); |
376 authorization += ", nc=" + nc; | 376 authorization += ", nc=" + nc; |
377 authorization += ", cnonce=" + HttpUtil::Quote(cnonce); | 377 authorization += ", cnonce=" + HttpUtil::Quote(cnonce); |
378 } | 378 } |
379 | 379 |
380 return authorization; | 380 return authorization; |
381 } | 381 } |
382 | 382 |
383 } // namespace net | 383 } // namespace net |
OLD | NEW |