static char *
soup_auth_digest_get_authorization (SoupAuth *auth, SoupMessage *msg)
{
SoupAuthDigestPrivate *priv = SOUP_AUTH_DIGEST_GET_PRIVATE (auth);
char response[33], *token;
char *url, *algorithm;
GString *out;
SoupURI *uri;
uri = soup_message_get_uri (msg);
g_return_val_if_fail (uri != NULL, NULL);
url = soup_uri_to_string (uri, TRUE);
soup_auth_digest_compute_response (msg->method, url, priv->hex_a1,
priv->qop, priv->nonce,
priv->cnonce, priv->nc,
response);
out = g_string_new ("Digest ");
soup_header_g_string_append_param_quoted (out, "username", priv->user);
g_string_append (out, ", ");
soup_header_g_string_append_param_quoted (out, "realm", auth->realm);
g_string_append (out, ", ");
soup_header_g_string_append_param_quoted (out, "nonce", priv->nonce);
g_string_append (out, ", ");
soup_header_g_string_append_param_quoted (out, "uri", url);
g_string_append (out, ", ");
algorithm = soup_auth_digest_get_algorithm (priv->algorithm);
g_string_append_printf (out, "algorithm=%s", algorithm);
g_free (algorithm);
g_string_append (out, ", ");
soup_header_g_string_append_param_quoted (out, "response", response);
if (priv->opaque) {
g_string_append (out, ", ");
soup_header_g_string_append_param_quoted (out, "opaque", priv->opaque);
}
if (priv->qop) {
char *qop = soup_auth_digest_get_qop (priv->qop);
g_string_append (out, ", ");
soup_header_g_string_append_param_quoted (out, "cnonce", priv->cnonce);
g_string_append_printf (out, ", nc=%.8x, qop=%s",
priv->nc, qop);
g_free (qop);
}
g_free (url);
priv->nc++;
token = g_string_free (out, FALSE);
soup_message_add_header_handler (msg,
"got_headers",
soup_auth_is_for_proxy (auth) ?
"Proxy-Authentication-Info" :
"Authentication-Info",
G_CALLBACK (authentication_info_cb),
auth);
return token;
}
static gboolean
check_hex_urp (SoupAuthDomain *domain, SoupMessage *msg,
GHashTable *params, const char *username,
const char *hex_urp)
{
const char *uri, *qop, *realm, *msg_username;
const char *nonce, *nc, *cnonce, *response;
char hex_a1[33], computed_response[33];
int nonce_count;
SoupURI *dig_uri, *req_uri;
msg_username = g_hash_table_lookup (params, "username");
if (!msg_username || strcmp (msg_username, username) != 0)
return FALSE;
/* Check uri */
uri = g_hash_table_lookup (params, "uri");
if (!uri)
return FALSE;
req_uri = soup_message_get_uri (msg);
dig_uri = soup_uri_new (uri);
if (dig_uri) {
if (!soup_uri_equal (dig_uri, req_uri)) {
soup_uri_free (dig_uri);
return FALSE;
}
soup_uri_free (dig_uri);
} else {
char *req_path;
req_path = soup_uri_to_string (req_uri, TRUE);
if (strcmp (uri, req_path) != 0) {
g_free (req_path);
return FALSE;
}
g_free (req_path);
}
/* Check qop; we only support "auth" for now */
qop = g_hash_table_lookup (params, "qop");
if (!qop || strcmp (qop, "auth") != 0)
return FALSE;
/* Check realm */
realm = g_hash_table_lookup (params, "realm");
if (!realm || strcmp (realm, soup_auth_domain_get_realm (domain)) != 0)
return FALSE;
nonce = g_hash_table_lookup (params, "nonce");
if (!nonce)
return FALSE;
nc = g_hash_table_lookup (params, "nc");
if (!nc)
return FALSE;
nonce_count = strtoul (nc, NULL, 16);
if (nonce_count <= 0)
return FALSE;
cnonce = g_hash_table_lookup (params, "cnonce");
if (!cnonce)
return FALSE;
response = g_hash_table_lookup (params, "response");
if (!response)
return FALSE;
soup_auth_digest_compute_hex_a1 (hex_urp,
SOUP_AUTH_DIGEST_ALGORITHM_MD5,
nonce, cnonce, hex_a1);
soup_auth_digest_compute_response (msg->method, uri,
hex_a1,
SOUP_AUTH_DIGEST_QOP_AUTH,
nonce, cnonce, nonce_count,
computed_response);
return strcmp (response, computed_response) == 0;
}
