static void test_proxy_authentication(void) {
	const char* l_raw_header = "Proxy-Authenticate: Digest "
				"algorithm=MD5, realm=\"sip.linphone.org\", opaque=\"1bc7f9097684320\","
				" qop=\"auth,auth-int\", nonce=\"cz3h0gAAAAC06TKKAABmTz1V9OcAAAAA\"";
	char ha1[33];
	belle_sip_header_proxy_authenticate_t* proxy_authenticate=belle_sip_header_proxy_authenticate_parse(l_raw_header);
	belle_sip_header_proxy_authorization_t* proxy_authorization = belle_sip_auth_helper_create_proxy_authorization(proxy_authenticate);
	belle_sip_header_authorization_set_uri(BELLE_SIP_HEADER_AUTHORIZATION(proxy_authorization),belle_sip_uri_parse("sip:sip.linphone.org"));
	BC_ASSERT_EQUAL_FATAL(0,belle_sip_auth_helper_compute_ha1("jehan-mac","sip.linphone.org","toto",ha1), int, "%d");
	BC_ASSERT_EQUAL_FATAL(0,belle_sip_auth_helper_fill_proxy_authorization(proxy_authorization,"REGISTER",ha1), int, "%d");
	BC_ASSERT_STRING_EQUAL(belle_sip_header_authorization_get_response(BELLE_SIP_HEADER_AUTHORIZATION(proxy_authorization))
							,"77ebf3de72e41934d806175586086508");
	belle_sip_object_unref(proxy_authenticate);
	belle_sip_object_unref(proxy_authorization);

}
Beispiel #2
0
int belle_sip_auth_helper_fill_proxy_authorization(belle_sip_header_proxy_authorization_t* proxy_authorization
												,const char* method
												,const char* ha1) {
	return belle_sip_auth_helper_fill_authorization(BELLE_SIP_HEADER_AUTHORIZATION(proxy_authorization)
													,method, ha1);


}
static int http_channel_context_handle_authentication(belle_http_channel_context_t *ctx, belle_http_request_t *req){
	const char *realm=NULL;
	belle_sip_auth_event_t *ev=NULL;
	belle_http_response_t *resp=belle_http_request_get_response(req);
	const char *username=NULL;
	const char *passwd=NULL;
	const char *ha1=NULL;
	char computed_ha1[33];
	belle_sip_header_www_authenticate_t* authenticate;
	int ret=0;


	if (req->auth_attempt_count>1){
		req->auth_attempt_count=0;
		return -1;
	}
	if (resp == NULL ) {
		belle_sip_error("Missing response for  req [%p], cannot authenticate", req);
		return -1;
	}
	if (!(authenticate = belle_sip_message_get_header_by_type(resp,belle_sip_header_www_authenticate_t))) {
		if (belle_sip_message_get_header_by_type(resp,belle_sip_header_proxy_authenticate_t)) {
			belle_sip_error("Proxy authentication not supported yet, cannot authenticate for resp [%p]", resp);
		}
		belle_sip_error("Missing auth header in response  [%p], cannot authenticate", resp);
		return -1;
	}


	if (strcasecmp("Digest",belle_sip_header_www_authenticate_get_scheme(authenticate)) != 0) {
		belle_sip_error("Unsupported auth scheme [%s] in response  [%p], cannot authenticate", belle_sip_header_www_authenticate_get_scheme(authenticate),resp);
		return -1;
	}

	/*find if username, passwd were already supplied in original request uri*/
	if (req->orig_uri){
		username=belle_generic_uri_get_user(req->orig_uri);
		passwd=belle_generic_uri_get_user_password(req->orig_uri);
	}

	realm = belle_sip_header_www_authenticate_get_realm(authenticate);
	if (!username || !passwd) {
		ev=belle_sip_auth_event_create((belle_sip_object_t*)ctx->provider,realm,NULL);
		BELLE_HTTP_REQUEST_INVOKE_LISTENER(req,process_auth_requested,ev);
		username=ev->username;
		passwd=ev->passwd;
		ha1=ev->ha1;
	}
	if (!ha1 && username  && passwd) {
		belle_sip_auth_helper_compute_ha1(username,realm,passwd, computed_ha1);
		ha1=computed_ha1;
	} else if (!ha1){
		belle_sip_error("No auth info found for request [%p], cannot authenticate",req);
		ret=-1;
	}

	if (ha1) {
		belle_http_header_authorization_t* authorization;
		req->auth_attempt_count++;

		authorization = belle_http_auth_helper_create_authorization(authenticate);
		/*select first qop mode*/
		belle_sip_header_authorization_set_qop(BELLE_SIP_HEADER_AUTHORIZATION(authorization),belle_sip_header_www_authenticate_get_qop_first(authenticate));
		belle_sip_header_authorization_set_nonce_count(BELLE_SIP_HEADER_AUTHORIZATION(authorization),1); /*we don't store nonce count for now*/
		belle_sip_header_authorization_set_username(BELLE_SIP_HEADER_AUTHORIZATION(authorization),username);
		belle_http_header_authorization_set_uri(authorization,belle_http_request_get_uri(req));
		if (belle_sip_auth_helper_fill_authorization(BELLE_SIP_HEADER_AUTHORIZATION(authorization),belle_http_request_get_method(req),ha1)) {
			belle_sip_error("Cannot fill auth header for request [%p]",req);
			if (authorization) belle_sip_object_unref(authorization);
			ret=-1;
		} else {
			belle_sip_message_remove_header(BELLE_SIP_MESSAGE(req),BELLE_HTTP_AUTHORIZATION);
			belle_sip_message_add_header(BELLE_SIP_MESSAGE(req),BELLE_SIP_HEADER(authorization));
			belle_http_provider_send_request(ctx->provider,req,NULL);
		}

	}
	if (ev) belle_sip_auth_event_destroy(ev);
	return ret;
}
Beispiel #4
0
belle_sip_header_proxy_authorization_t* belle_sip_auth_helper_create_proxy_authorization(const belle_sip_header_proxy_authenticate_t* proxy_authentication){
	belle_sip_header_proxy_authorization_t* authorization = belle_sip_header_proxy_authorization_new();
	belle_sip_auth_helper_clone_authorization(BELLE_SIP_HEADER_AUTHORIZATION(authorization),BELLE_SIP_HEADER_WWW_AUTHENTICATE(proxy_authentication));
	return authorization;
}
Beispiel #5
0
belle_http_header_authorization_t* belle_http_auth_helper_create_authorization(const belle_sip_header_www_authenticate_t* authentication) {
	belle_http_header_authorization_t* authorization = belle_http_header_authorization_new();
	belle_sip_auth_helper_clone_authorization(BELLE_SIP_HEADER_AUTHORIZATION(authorization),authentication);
	return authorization;
}
static void reuse_nonce(void) {
	belle_sip_request_t *register_request;
	int initial_auth_context_count=belle_sip_list_size(prov->auth_contexts);
	register_request=register_user_at_domain(stack, prov, "tcp",1,"marie","sip.linphone.org",NULL);
	if (register_request) {

		char * first_nonce_used;
		belle_sip_header_authorization_t * h = NULL;
		belle_sip_request_t *message_request;
		listener_callbacks.process_dialog_terminated=process_dialog_terminated;
		listener_callbacks.process_io_error=process_io_error;
		listener_callbacks.process_request_event=process_request_event;
		listener_callbacks.process_response_event=process_message_response_event;
		listener_callbacks.process_timeout=process_timeout;
		listener_callbacks.process_transaction_terminated=process_transaction_terminated;
		listener_callbacks.process_auth_requested=process_auth_requested;
		listener_callbacks.listener_destroyed=NULL;
		listener=belle_sip_listener_create_from_callbacks(&listener_callbacks,NULL);

		belle_sip_provider_add_sip_listener(prov,BELLE_SIP_LISTENER(listener));

		/*currently only one nonce should have been used (the one for the REGISTER)*/
		CU_ASSERT_EQUAL(belle_sip_list_size(prov->auth_contexts), initial_auth_context_count+1);

		/*this should reuse previous nonce*/
		message_request=send_message(register_request, auth_domain);
		CU_ASSERT_EQUAL(is_register_ok, 404);
		 h = BELLE_SIP_HEADER_AUTHORIZATION(belle_sip_message_get_header_by_type(
					BELLE_SIP_MESSAGE(message_request), belle_sip_header_proxy_authorization_t
				));
		CU_ASSERT_PTR_NOT_NULL_FATAL(h);
		CU_ASSERT_EQUAL(2, belle_sip_header_authorization_get_nonce_count(h));
		first_nonce_used = belle_sip_strdup(belle_sip_header_authorization_get_nonce(h));

		belle_sip_object_unref(message_request);


		/*new nonce should be created when not using outbound proxy realm*/
		message_request=send_message(register_request, NULL);
		CU_ASSERT_EQUAL(is_register_ok, 407);
		h = BELLE_SIP_HEADER_AUTHORIZATION(belle_sip_message_get_header_by_type(
				BELLE_SIP_MESSAGE(message_request), belle_sip_header_proxy_authorization_t
			));
		CU_ASSERT_PTR_NULL_FATAL(h);
		belle_sip_object_unref(message_request);


		/*new nonce should be created here too*/
		message_request=send_message(register_request, "wrongrealm");
		CU_ASSERT_EQUAL(is_register_ok, 407);
		h = BELLE_SIP_HEADER_AUTHORIZATION(belle_sip_message_get_header_by_type(
				BELLE_SIP_MESSAGE(message_request), belle_sip_header_proxy_authorization_t
			));
		CU_ASSERT_PTR_NULL_FATAL(h);
		belle_sip_object_unref(message_request);


		/*first nonce created should be reused*/
		message_request=send_message(register_request, auth_domain);
		CU_ASSERT_EQUAL(is_register_ok, 404);
		h = BELLE_SIP_HEADER_AUTHORIZATION(belle_sip_message_get_header_by_type(
				BELLE_SIP_MESSAGE(message_request), belle_sip_header_proxy_authorization_t
			));
		CU_ASSERT_PTR_NOT_NULL_FATAL(h);
		CU_ASSERT_EQUAL(3, belle_sip_header_authorization_get_nonce_count(h));
		belle_sip_object_unref(message_request);

		belle_sip_provider_remove_sip_listener(prov,BELLE_SIP_LISTENER(listener));
		unregister_user(stack,prov,register_request,1);
		belle_sip_object_unref(register_request);
		belle_sip_free(first_nonce_used);
	}
}