struct curl_slist * hmac_sign(const char * method, const char * path, struct curl_slist *headers, const Credentials * credentials) {
if (valid_credentials(credentials)) {
headers = add_date_header_if_missing(headers);
char * signature = build_signature(method, path, headers, credentials->secret_key);
char * auth_header = build_auth_header(credentials->access_id, signature);
curl_slist_append(headers, auth_header);
free(signature);
free(auth_header);
}
return headers;
}
apr_status_t
serf__setup_request_digest_auth(peer_t peer,
int code,
serf_connection_t *conn,
serf_request_t *request,
const char *method,
const char *uri,
serf_bucket_t *hdrs_bkt)
{
digest_authn_info_t *digest_info = (peer == HOST) ? conn->authn_baton :
conn->proxy_authn_baton;
apr_status_t status = APR_SUCCESS;
if (digest_info && digest_info->realm) {
const char *value;
apr_uri_t parsed_uri;
/* TODO: per request pool? */
/* Extract path from uri. */
status = apr_uri_parse(conn->pool, uri, &parsed_uri);
/* Build a new Authorization header. */
digest_info->header = (peer == HOST) ? "Authorization" :
"Proxy-Authorization";
value = build_auth_header(digest_info, parsed_uri.path, method,
conn->pool);
serf_bucket_headers_setn(hdrs_bkt, digest_info->header,
value);
digest_info->digest_nc++;
/* Store the uri of this request on the serf_request_t object, to make
it available when validating the Authentication-Info header of the
matching response. */
request->auth_baton = parsed_uri.path;
}
return status;
}
/* Implements serf__setup_request_func_t callback. */
static apr_status_t
serf__setup_request_digest_auth(peer_t peer,
int code,
serf_connection_t *conn,
serf_request_t *request,
const char *method,
const char *uri,
serf_bucket_t *hdrs_bkt)
{
serf_context_t *ctx = conn->ctx;
serf__authn_info_t *authn_info;
digest_authn_info_t *digest_info;
apr_status_t status;
if (peer == HOST) {
authn_info = serf__get_authn_info_for_server(conn);
} else {
authn_info = &ctx->proxy_authn_info;
}
digest_info = authn_info->baton;
if (digest_info && digest_info->realm) {
const char *value;
const char *path;
/* TODO: per request pool? */
/* for request 'CONNECT serf.googlecode.com:443', the uri also should be
serf.googlecode.com:443. apr_uri_parse can't handle this, so special
case. */
if (strcmp(method, "CONNECT") == 0)
path = uri;
else {
apr_uri_t parsed_uri;
/* Extract path from uri. */
status = apr_uri_parse(conn->pool, uri, &parsed_uri);
if (status)
return status;
path = parsed_uri.path;
}
/* Build a new Authorization header. */
digest_info->header = (peer == HOST) ? "Authorization" :
"Proxy-Authorization";
status = build_auth_header(&value, digest_info, path, method,
conn->pool);
if (status)
return status;
serf_bucket_headers_setn(hdrs_bkt, digest_info->header,
value);
digest_info->digest_nc++;
/* Store the uri of this request on the serf_request_t object, to make
it available when validating the Authentication-Info header of the
matching response. */
request->auth_baton = (void *)path;
}
return APR_SUCCESS;
}
