OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/http/http_auth_handler_digest.h" | 5 #include "net/http/http_auth_handler_digest.h" |
6 | 6 |
7 #include <string> | 7 #include <string> |
8 | 8 |
9 #include "base/logging.h" | 9 #include "base/logging.h" |
10 #include "base/md5.h" | 10 #include "base/md5.h" |
(...skipping 95 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
106 handler->swap(tmp_handler); | 106 handler->swap(tmp_handler); |
107 return OK; | 107 return OK; |
108 } | 108 } |
109 | 109 |
110 HttpAuth::AuthorizationResult HttpAuthHandlerDigest::HandleAnotherChallenge( | 110 HttpAuth::AuthorizationResult HttpAuthHandlerDigest::HandleAnotherChallenge( |
111 HttpAuthChallengeTokenizer* challenge) { | 111 HttpAuthChallengeTokenizer* challenge) { |
112 // Even though Digest is not connection based, a "second round" is parsed | 112 // Even though Digest is not connection based, a "second round" is parsed |
113 // to differentiate between stale and rejected responses. | 113 // to differentiate between stale and rejected responses. |
114 // Note that the state of the current handler is not mutated - this way if | 114 // Note that the state of the current handler is not mutated - this way if |
115 // there is a rejection the realm hasn't changed. | 115 // there is a rejection the realm hasn't changed. |
116 if (!LowerCaseEqualsASCII(challenge->scheme(), "digest")) | 116 if (!base::LowerCaseEqualsASCII(challenge->scheme(), "digest")) |
117 return HttpAuth::AUTHORIZATION_RESULT_INVALID; | 117 return HttpAuth::AUTHORIZATION_RESULT_INVALID; |
118 | 118 |
119 HttpUtil::NameValuePairsIterator parameters = challenge->param_pairs(); | 119 HttpUtil::NameValuePairsIterator parameters = challenge->param_pairs(); |
120 | 120 |
121 // Try to find the "stale" value, and also keep track of the realm | 121 // Try to find the "stale" value, and also keep track of the realm |
122 // for the new challenge. | 122 // for the new challenge. |
123 std::string original_realm; | 123 std::string original_realm; |
124 while (parameters.GetNext()) { | 124 while (parameters.GetNext()) { |
125 if (LowerCaseEqualsASCII(parameters.name(), "stale")) { | 125 if (base::LowerCaseEqualsASCII(parameters.name(), "stale")) { |
126 if (LowerCaseEqualsASCII(parameters.value(), "true")) | 126 if (base::LowerCaseEqualsASCII(parameters.value(), "true")) |
127 return HttpAuth::AUTHORIZATION_RESULT_STALE; | 127 return HttpAuth::AUTHORIZATION_RESULT_STALE; |
128 } else if (LowerCaseEqualsASCII(parameters.name(), "realm")) { | 128 } else if (base::LowerCaseEqualsASCII(parameters.name(), "realm")) { |
129 original_realm = parameters.value(); | 129 original_realm = parameters.value(); |
130 } | 130 } |
131 } | 131 } |
132 return (original_realm_ != original_realm) ? | 132 return (original_realm_ != original_realm) ? |
133 HttpAuth::AUTHORIZATION_RESULT_DIFFERENT_REALM : | 133 HttpAuth::AUTHORIZATION_RESULT_DIFFERENT_REALM : |
134 HttpAuth::AUTHORIZATION_RESULT_REJECT; | 134 HttpAuth::AUTHORIZATION_RESULT_REJECT; |
135 } | 135 } |
136 | 136 |
137 bool HttpAuthHandlerDigest::Init(HttpAuthChallengeTokenizer* challenge) { | 137 bool HttpAuthHandlerDigest::Init(HttpAuthChallengeTokenizer* challenge) { |
138 return ParseChallenge(challenge); | 138 return ParseChallenge(challenge); |
(...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
192 score_ = 2; | 192 score_ = 2; |
193 properties_ = ENCRYPTS_IDENTITY; | 193 properties_ = ENCRYPTS_IDENTITY; |
194 | 194 |
195 // Initialize to defaults. | 195 // Initialize to defaults. |
196 stale_ = false; | 196 stale_ = false; |
197 algorithm_ = ALGORITHM_UNSPECIFIED; | 197 algorithm_ = ALGORITHM_UNSPECIFIED; |
198 qop_ = QOP_UNSPECIFIED; | 198 qop_ = QOP_UNSPECIFIED; |
199 realm_ = original_realm_ = nonce_ = domain_ = opaque_ = std::string(); | 199 realm_ = original_realm_ = nonce_ = domain_ = opaque_ = std::string(); |
200 | 200 |
201 // FAIL -- Couldn't match auth-scheme. | 201 // FAIL -- Couldn't match auth-scheme. |
202 if (!LowerCaseEqualsASCII(challenge->scheme(), "digest")) | 202 if (!base::LowerCaseEqualsASCII(challenge->scheme(), "digest")) |
203 return false; | 203 return false; |
204 | 204 |
205 HttpUtil::NameValuePairsIterator parameters = challenge->param_pairs(); | 205 HttpUtil::NameValuePairsIterator parameters = challenge->param_pairs(); |
206 | 206 |
207 // Loop through all the properties. | 207 // Loop through all the properties. |
208 while (parameters.GetNext()) { | 208 while (parameters.GetNext()) { |
209 // FAIL -- couldn't parse a property. | 209 // FAIL -- couldn't parse a property. |
210 if (!ParseChallengeProperty(parameters.name(), | 210 if (!ParseChallengeProperty(parameters.name(), |
211 parameters.value())) | 211 parameters.value())) |
212 return false; | 212 return false; |
213 } | 213 } |
214 | 214 |
215 // Check if tokenizer failed. | 215 // Check if tokenizer failed. |
216 if (!parameters.valid()) | 216 if (!parameters.valid()) |
217 return false; | 217 return false; |
218 | 218 |
219 // Check that a minimum set of properties were provided. | 219 // Check that a minimum set of properties were provided. |
220 if (nonce_.empty()) | 220 if (nonce_.empty()) |
221 return false; | 221 return false; |
222 | 222 |
223 return true; | 223 return true; |
224 } | 224 } |
225 | 225 |
226 bool HttpAuthHandlerDigest::ParseChallengeProperty(const std::string& name, | 226 bool HttpAuthHandlerDigest::ParseChallengeProperty(const std::string& name, |
227 const std::string& value) { | 227 const std::string& value) { |
228 if (LowerCaseEqualsASCII(name, "realm")) { | 228 if (base::LowerCaseEqualsASCII(name, "realm")) { |
229 std::string realm; | 229 std::string realm; |
230 if (!ConvertToUtf8AndNormalize(value, kCharsetLatin1, &realm)) | 230 if (!ConvertToUtf8AndNormalize(value, kCharsetLatin1, &realm)) |
231 return false; | 231 return false; |
232 realm_ = realm; | 232 realm_ = realm; |
233 original_realm_ = value; | 233 original_realm_ = value; |
234 } else if (LowerCaseEqualsASCII(name, "nonce")) { | 234 } else if (base::LowerCaseEqualsASCII(name, "nonce")) { |
235 nonce_ = value; | 235 nonce_ = value; |
236 } else if (LowerCaseEqualsASCII(name, "domain")) { | 236 } else if (base::LowerCaseEqualsASCII(name, "domain")) { |
237 domain_ = value; | 237 domain_ = value; |
238 } else if (LowerCaseEqualsASCII(name, "opaque")) { | 238 } else if (base::LowerCaseEqualsASCII(name, "opaque")) { |
239 opaque_ = value; | 239 opaque_ = value; |
240 } else if (LowerCaseEqualsASCII(name, "stale")) { | 240 } else if (base::LowerCaseEqualsASCII(name, "stale")) { |
241 // Parse the stale boolean. | 241 // Parse the stale boolean. |
242 stale_ = LowerCaseEqualsASCII(value, "true"); | 242 stale_ = base::LowerCaseEqualsASCII(value, "true"); |
243 } else if (LowerCaseEqualsASCII(name, "algorithm")) { | 243 } else if (base::LowerCaseEqualsASCII(name, "algorithm")) { |
244 // Parse the algorithm. | 244 // Parse the algorithm. |
245 if (LowerCaseEqualsASCII(value, "md5")) { | 245 if (base::LowerCaseEqualsASCII(value, "md5")) { |
246 algorithm_ = ALGORITHM_MD5; | 246 algorithm_ = ALGORITHM_MD5; |
247 } else if (LowerCaseEqualsASCII(value, "md5-sess")) { | 247 } else if (base::LowerCaseEqualsASCII(value, "md5-sess")) { |
248 algorithm_ = ALGORITHM_MD5_SESS; | 248 algorithm_ = ALGORITHM_MD5_SESS; |
249 } else { | 249 } else { |
250 DVLOG(1) << "Unknown value of algorithm"; | 250 DVLOG(1) << "Unknown value of algorithm"; |
251 return false; // FAIL -- unsupported value of algorithm. | 251 return false; // FAIL -- unsupported value of algorithm. |
252 } | 252 } |
253 } else if (LowerCaseEqualsASCII(name, "qop")) { | 253 } else if (base::LowerCaseEqualsASCII(name, "qop")) { |
254 // Parse the comma separated list of qops. | 254 // Parse the comma separated list of qops. |
255 // auth is the only supported qop, and all other values are ignored. | 255 // auth is the only supported qop, and all other values are ignored. |
256 HttpUtil::ValuesIterator qop_values(value.begin(), value.end(), ','); | 256 HttpUtil::ValuesIterator qop_values(value.begin(), value.end(), ','); |
257 qop_ = QOP_UNSPECIFIED; | 257 qop_ = QOP_UNSPECIFIED; |
258 while (qop_values.GetNext()) { | 258 while (qop_values.GetNext()) { |
259 if (LowerCaseEqualsASCII(qop_values.value(), "auth")) { | 259 if (base::LowerCaseEqualsASCII(qop_values.value(), "auth")) { |
260 qop_ = QOP_AUTH; | 260 qop_ = QOP_AUTH; |
261 break; | 261 break; |
262 } | 262 } |
263 } | 263 } |
264 } else { | 264 } else { |
265 DVLOG(1) << "Skipping unrecognized digest property"; | 265 DVLOG(1) << "Skipping unrecognized digest property"; |
266 // TODO(eroman): perhaps we should fail instead of silently skipping? | 266 // TODO(eroman): perhaps we should fail instead of silently skipping? |
267 } | 267 } |
268 return true; | 268 return true; |
269 } | 269 } |
(...skipping 104 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
374 // TODO(eroman): Supposedly IIS server requires quotes surrounding qop. | 374 // TODO(eroman): Supposedly IIS server requires quotes surrounding qop. |
375 authorization += ", qop=" + QopToString(qop_); | 375 authorization += ", qop=" + QopToString(qop_); |
376 authorization += ", nc=" + nc; | 376 authorization += ", nc=" + nc; |
377 authorization += ", cnonce=" + HttpUtil::Quote(cnonce); | 377 authorization += ", cnonce=" + HttpUtil::Quote(cnonce); |
378 } | 378 } |
379 | 379 |
380 return authorization; | 380 return authorization; |
381 } | 381 } |
382 | 382 |
383 } // namespace net | 383 } // namespace net |
OLD | NEW |