int belle_sip_auth_helper_fill_proxy_authorization(belle_sip_header_proxy_authorization_t* proxy_authorization
,const char* method
,const char* ha1) {
return belle_sip_auth_helper_fill_authorization(BELLE_SIP_HEADER_AUTHORIZATION(proxy_authorization)
,method, ha1);
}
static void test_authentication(void) {
const char* l_raw_header = "WWW-Authenticate: Digest "
"algorithm=MD5, realm=\"sip.linphone.org\", opaque=\"1bc7f9097684320\","
" nonce=\"cz3h0gAAAAC06TKKAABmTz1V9OcAAAAA\"";
char ha1[33];
belle_sip_header_www_authenticate_t* www_authenticate=belle_sip_header_www_authenticate_parse(l_raw_header);
belle_sip_header_authorization_t* authorization = belle_sip_auth_helper_create_authorization(www_authenticate);
belle_sip_header_authorization_set_uri(authorization,belle_sip_uri_parse("sip:sip.linphone.org"));
BC_ASSERT_EQUAL_FATAL(0,belle_sip_auth_helper_compute_ha1("jehan-mac","sip.linphone.org","toto",ha1), int, "%d");
BC_ASSERT_EQUAL_FATAL(0,belle_sip_auth_helper_fill_authorization(authorization,"REGISTER",ha1), int, "%d");
BC_ASSERT_STRING_EQUAL(belle_sip_header_authorization_get_response(authorization),"77ebf3de72e41934d806175586086508");
belle_sip_object_unref(www_authenticate);
belle_sip_object_unref(authorization);
}
static void test_authentication_qop_auth(void) {
const char* l_raw_header = "WWW-Authenticate: Digest "
"algorithm=MD5, realm=\"sip.linphone.org\", opaque=\"1bc7f9097684320\","
" qop=\"auth,auth-int\", nonce=\"cz3h0gAAAAC06TKKAABmTz1V9OcAAAAA\"";
char ha1[33];
belle_sip_header_www_authenticate_t* www_authenticate=belle_sip_header_www_authenticate_parse(l_raw_header);
belle_sip_header_authorization_t* authorization = belle_sip_auth_helper_create_authorization(www_authenticate);
belle_sip_header_authorization_set_uri(authorization,belle_sip_uri_parse("sip:sip.linphone.org"));
belle_sip_header_authorization_set_nonce_count(authorization,1);
belle_sip_header_authorization_set_qop(authorization,"auth");
belle_sip_header_authorization_set_cnonce(authorization,"8302210f"); /*for testing purpose*/
BC_ASSERT_EQUAL_FATAL(0,belle_sip_auth_helper_compute_ha1("jehan-mac","sip.linphone.org","toto",ha1), int, "%d");
BC_ASSERT_EQUAL_FATAL(0,belle_sip_auth_helper_fill_authorization(authorization,"REGISTER",ha1), int, "%d");
BC_ASSERT_STRING_EQUAL(belle_sip_header_authorization_get_qop(authorization),"auth");
BC_ASSERT_STRING_EQUAL(belle_sip_header_authorization_get_response(authorization),"694dab8dfe7d50d28ba61e8c43e30666");
BC_ASSERT_EQUAL(belle_sip_header_authorization_get_nonce_count(authorization),1, int, "%d");
belle_sip_object_unref(www_authenticate);
belle_sip_object_unref(authorization);
}
static int http_channel_context_handle_authentication(belle_http_channel_context_t *ctx, belle_http_request_t *req){
const char *realm=NULL;
belle_sip_auth_event_t *ev=NULL;
belle_http_response_t *resp=belle_http_request_get_response(req);
const char *username=NULL;
const char *passwd=NULL;
const char *ha1=NULL;
char computed_ha1[33];
belle_sip_header_www_authenticate_t* authenticate;
int ret=0;
if (req->auth_attempt_count>1){
req->auth_attempt_count=0;
return -1;
}
if (resp == NULL ) {
belle_sip_error("Missing response for req [%p], cannot authenticate", req);
return -1;
}
if (!(authenticate = belle_sip_message_get_header_by_type(resp,belle_sip_header_www_authenticate_t))) {
if (belle_sip_message_get_header_by_type(resp,belle_sip_header_proxy_authenticate_t)) {
belle_sip_error("Proxy authentication not supported yet, cannot authenticate for resp [%p]", resp);
}
belle_sip_error("Missing auth header in response [%p], cannot authenticate", resp);
return -1;
}
if (strcasecmp("Digest",belle_sip_header_www_authenticate_get_scheme(authenticate)) != 0) {
belle_sip_error("Unsupported auth scheme [%s] in response [%p], cannot authenticate", belle_sip_header_www_authenticate_get_scheme(authenticate),resp);
return -1;
}
/*find if username, passwd were already supplied in original request uri*/
if (req->orig_uri){
username=belle_generic_uri_get_user(req->orig_uri);
passwd=belle_generic_uri_get_user_password(req->orig_uri);
}
realm = belle_sip_header_www_authenticate_get_realm(authenticate);
if (!username || !passwd) {
ev=belle_sip_auth_event_create((belle_sip_object_t*)ctx->provider,realm,NULL);
BELLE_HTTP_REQUEST_INVOKE_LISTENER(req,process_auth_requested,ev);
username=ev->username;
passwd=ev->passwd;
ha1=ev->ha1;
}
if (!ha1 && username && passwd) {
belle_sip_auth_helper_compute_ha1(username,realm,passwd, computed_ha1);
ha1=computed_ha1;
} else if (!ha1){
belle_sip_error("No auth info found for request [%p], cannot authenticate",req);
ret=-1;
}
if (ha1) {
belle_http_header_authorization_t* authorization;
req->auth_attempt_count++;
authorization = belle_http_auth_helper_create_authorization(authenticate);
/*select first qop mode*/
belle_sip_header_authorization_set_qop(BELLE_SIP_HEADER_AUTHORIZATION(authorization),belle_sip_header_www_authenticate_get_qop_first(authenticate));
belle_sip_header_authorization_set_nonce_count(BELLE_SIP_HEADER_AUTHORIZATION(authorization),1); /*we don't store nonce count for now*/
belle_sip_header_authorization_set_username(BELLE_SIP_HEADER_AUTHORIZATION(authorization),username);
belle_http_header_authorization_set_uri(authorization,belle_http_request_get_uri(req));
if (belle_sip_auth_helper_fill_authorization(BELLE_SIP_HEADER_AUTHORIZATION(authorization),belle_http_request_get_method(req),ha1)) {
belle_sip_error("Cannot fill auth header for request [%p]",req);
if (authorization) belle_sip_object_unref(authorization);
ret=-1;
} else {
belle_sip_message_remove_header(BELLE_SIP_MESSAGE(req),BELLE_HTTP_AUTHORIZATION);
belle_sip_message_add_header(BELLE_SIP_MESSAGE(req),BELLE_SIP_HEADER(authorization));
belle_http_provider_send_request(ctx->provider,req,NULL);
}
}
if (ev) belle_sip_auth_event_destroy(ev);
return ret;
}
