static void
recompute_hex_a1 (SoupAuthDigestPrivate *priv)
{
soup_auth_digest_compute_hex_a1 (priv->hex_urp,
priv->algorithm,
priv->nonce,
priv->cnonce,
priv->hex_a1);
}
static gboolean
check_hex_urp (SoupAuthDomain *domain, SoupMessage *msg,
GHashTable *params, const char *username,
const char *hex_urp)
{
const char *uri, *qop, *realm, *msg_username;
const char *nonce, *nc, *cnonce, *response;
char hex_a1[33], computed_response[33];
int nonce_count;
SoupURI *dig_uri, *req_uri;
msg_username = g_hash_table_lookup (params, "username");
if (!msg_username || strcmp (msg_username, username) != 0)
return FALSE;
/* Check uri */
uri = g_hash_table_lookup (params, "uri");
if (!uri)
return FALSE;
req_uri = soup_message_get_uri (msg);
dig_uri = soup_uri_new (uri);
if (dig_uri) {
if (!soup_uri_equal (dig_uri, req_uri)) {
soup_uri_free (dig_uri);
return FALSE;
}
soup_uri_free (dig_uri);
} else {
char *req_path;
req_path = soup_uri_to_string (req_uri, TRUE);
if (strcmp (uri, req_path) != 0) {
g_free (req_path);
return FALSE;
}
g_free (req_path);
}
/* Check qop; we only support "auth" for now */
qop = g_hash_table_lookup (params, "qop");
if (!qop || strcmp (qop, "auth") != 0)
return FALSE;
/* Check realm */
realm = g_hash_table_lookup (params, "realm");
if (!realm || strcmp (realm, soup_auth_domain_get_realm (domain)) != 0)
return FALSE;
nonce = g_hash_table_lookup (params, "nonce");
if (!nonce)
return FALSE;
nc = g_hash_table_lookup (params, "nc");
if (!nc)
return FALSE;
nonce_count = strtoul (nc, NULL, 16);
if (nonce_count <= 0)
return FALSE;
cnonce = g_hash_table_lookup (params, "cnonce");
if (!cnonce)
return FALSE;
response = g_hash_table_lookup (params, "response");
if (!response)
return FALSE;
soup_auth_digest_compute_hex_a1 (hex_urp,
SOUP_AUTH_DIGEST_ALGORITHM_MD5,
nonce, cnonce, hex_a1);
soup_auth_digest_compute_response (msg->method, uri,
hex_a1,
SOUP_AUTH_DIGEST_QOP_AUTH,
nonce, cnonce, nonce_count,
computed_response);
return strcmp (response, computed_response) == 0;
}
