| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/http/http_auth_handler_digest.h" | 5 #include "net/http/http_auth_handler_digest.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 | 8 |
| 9 #include "base/logging.h" | 9 #include "base/logging.h" |
| 10 #include "base/md5.h" | 10 #include "base/md5.h" |
| 11 #include "base/rand_util.h" | 11 #include "base/rand_util.h" |
| 12 #include "base/strings/string_util.h" | 12 #include "base/strings/string_util.h" |
| 13 #include "base/strings/stringprintf.h" | 13 #include "base/strings/stringprintf.h" |
| 14 #include "base/strings/utf_string_conversions.h" | 14 #include "base/strings/utf_string_conversions.h" |
| 15 #include "net/base/net_errors.h" | 15 #include "net/base/net_errors.h" |
| 16 #include "net/base/net_string_util.h" | 16 #include "net/base/net_string_util.h" |
| 17 #include "net/base/net_util.h" | 17 #include "net/base/net_util.h" |
| 18 #include "net/http/http_auth.h" | 18 #include "net/http/http_auth.h" |
| 19 #include "net/http/http_auth_challenge_tokenizer.h" | 19 #include "net/http/http_auth_challenge_tokenizer.h" |
| 20 #include "net/http/http_request_info.h" | 20 #include "net/http/http_request_info.h" |
| 21 #include "net/http/http_util.h" | 21 #include "net/http/http_util.h" |
| 22 #include "url/gurl.h" | 22 #include "url/gurl.h" |
| 23 | 23 |
| 24 namespace net { | 24 namespace net { |
| 25 | 25 |
| 26 static const char* const kDigestSchemeName = "digest"; |
| 27 |
| 26 // Digest authentication is specified in RFC 2617. | 28 // Digest authentication is specified in RFC 2617. |
| 27 // The expanded derivations are listed in the tables below. | 29 // The expanded derivations are listed in the tables below. |
| 28 | 30 |
| 29 //==========+==========+==========================================+ | 31 //==========+==========+==========================================+ |
| 30 // qop |algorithm | response | | 32 // qop |algorithm | response | |
| 31 //==========+==========+==========================================+ | 33 //==========+==========+==========================================+ |
| 32 // ? | ?, md5, | MD5(MD5(A1):nonce:MD5(A2)) | | 34 // ? | ?, md5, | MD5(MD5(A1):nonce:MD5(A2)) | |
| 33 // | md5-sess | | | 35 // | md5-sess | | |
| 34 //--------- +----------+------------------------------------------+ | 36 //--------- +----------+------------------------------------------+ |
| 35 // auth, | ?, md5, | MD5(MD5(A1):nonce:nc:cnonce:qop:MD5(A2)) | | 37 // auth, | ?, md5, | MD5(MD5(A1):nonce:nc:cnonce:qop:MD5(A2)) | |
| (...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 106 handler->swap(tmp_handler); | 108 handler->swap(tmp_handler); |
| 107 return OK; | 109 return OK; |
| 108 } | 110 } |
| 109 | 111 |
| 110 HttpAuth::AuthorizationResult HttpAuthHandlerDigest::HandleAnotherChallenge( | 112 HttpAuth::AuthorizationResult HttpAuthHandlerDigest::HandleAnotherChallenge( |
| 111 HttpAuthChallengeTokenizer* challenge) { | 113 HttpAuthChallengeTokenizer* challenge) { |
| 112 // Even though Digest is not connection based, a "second round" is parsed | 114 // Even though Digest is not connection based, a "second round" is parsed |
| 113 // to differentiate between stale and rejected responses. | 115 // to differentiate between stale and rejected responses. |
| 114 // Note that the state of the current handler is not mutated - this way if | 116 // Note that the state of the current handler is not mutated - this way if |
| 115 // there is a rejection the realm hasn't changed. | 117 // there is a rejection the realm hasn't changed. |
| 116 if (!base::LowerCaseEqualsASCII(challenge->scheme(), "digest")) | 118 if (!challenge->SchemeIs(kDigestSchemeName)) |
| 117 return HttpAuth::AUTHORIZATION_RESULT_INVALID; | 119 return HttpAuth::AUTHORIZATION_RESULT_INVALID; |
| 118 | 120 |
| 119 HttpUtil::NameValuePairsIterator parameters = challenge->param_pairs(); | 121 HttpUtil::NameValuePairsIterator parameters = challenge->param_pairs(); |
| 120 | 122 |
| 121 // Try to find the "stale" value, and also keep track of the realm | 123 // Try to find the "stale" value, and also keep track of the realm |
| 122 // for the new challenge. | 124 // for the new challenge. |
| 123 std::string original_realm; | 125 std::string original_realm; |
| 124 while (parameters.GetNext()) { | 126 while (parameters.GetNext()) { |
| 125 if (base::LowerCaseEqualsASCII(parameters.name(), "stale")) { | 127 if (base::LowerCaseEqualsASCII(parameters.name(), "stale")) { |
| 126 if (base::LowerCaseEqualsASCII(parameters.value(), "true")) | 128 if (base::LowerCaseEqualsASCII(parameters.value(), "true")) |
| (...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 181 // | 183 // |
| 182 // Note that according to RFC 2617 (section 1.2) the realm is required. | 184 // Note that according to RFC 2617 (section 1.2) the realm is required. |
| 183 // However we allow it to be omitted, in which case it will default to the | 185 // However we allow it to be omitted, in which case it will default to the |
| 184 // empty string. | 186 // empty string. |
| 185 // | 187 // |
| 186 // This allowance is for better compatibility with webservers that fail to | 188 // This allowance is for better compatibility with webservers that fail to |
| 187 // send the realm (See http://crbug.com/20984 for an instance where a | 189 // send the realm (See http://crbug.com/20984 for an instance where a |
| 188 // webserver was not sending the realm with a BASIC challenge). | 190 // webserver was not sending the realm with a BASIC challenge). |
| 189 bool HttpAuthHandlerDigest::ParseChallenge( | 191 bool HttpAuthHandlerDigest::ParseChallenge( |
| 190 HttpAuthChallengeTokenizer* challenge) { | 192 HttpAuthChallengeTokenizer* challenge) { |
| 191 auth_scheme_ = HttpAuth::AUTH_SCHEME_DIGEST; | 193 auth_scheme_ = kDigestSchemeName; |
| 192 score_ = 2; | |
| 193 properties_ = ENCRYPTS_IDENTITY; | |
| 194 | 194 |
| 195 // Initialize to defaults. | 195 // Initialize to defaults. |
| 196 stale_ = false; | 196 stale_ = false; |
| 197 algorithm_ = ALGORITHM_UNSPECIFIED; | 197 algorithm_ = ALGORITHM_UNSPECIFIED; |
| 198 qop_ = QOP_UNSPECIFIED; | 198 qop_ = QOP_UNSPECIFIED; |
| 199 realm_ = original_realm_ = nonce_ = domain_ = opaque_ = std::string(); | 199 realm_ = original_realm_ = nonce_ = domain_ = opaque_ = std::string(); |
| 200 | 200 |
| 201 // FAIL -- Couldn't match auth-scheme. | 201 // FAIL -- Couldn't match auth-scheme. |
| 202 if (!base::LowerCaseEqualsASCII(challenge->scheme(), "digest")) | 202 if (!challenge->SchemeIs(kDigestSchemeName)) |
| 203 return false; | 203 return false; |
| 204 | 204 |
| 205 HttpUtil::NameValuePairsIterator parameters = challenge->param_pairs(); | 205 HttpUtil::NameValuePairsIterator parameters = challenge->param_pairs(); |
| 206 | 206 |
| 207 // Loop through all the properties. | 207 // Loop through all the properties. |
| 208 while (parameters.GetNext()) { | 208 while (parameters.GetNext()) { |
| 209 // FAIL -- couldn't parse a property. | 209 // FAIL -- couldn't parse a property. |
| 210 if (!ParseChallengeProperty(parameters.name(), | 210 if (!ParseChallengeProperty(parameters.name(), |
| 211 parameters.value())) | 211 parameters.value())) |
| 212 return false; | 212 return false; |
| (...skipping 161 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 374 // TODO(eroman): Supposedly IIS server requires quotes surrounding qop. | 374 // TODO(eroman): Supposedly IIS server requires quotes surrounding qop. |
| 375 authorization += ", qop=" + QopToString(qop_); | 375 authorization += ", qop=" + QopToString(qop_); |
| 376 authorization += ", nc=" + nc; | 376 authorization += ", nc=" + nc; |
| 377 authorization += ", cnonce=" + HttpUtil::Quote(cnonce); | 377 authorization += ", cnonce=" + HttpUtil::Quote(cnonce); |
| 378 } | 378 } |
| 379 | 379 |
| 380 return authorization; | 380 return authorization; |
| 381 } | 381 } |
| 382 | 382 |
| 383 } // namespace net | 383 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1157333005:
[net/http auth] Use strings to identify authentication schemes.
Base URL: https://chromium.googlesource.com/chromium/src.git@master