static void compute_response(const char* username ,const char* realm ,const char* passwd ,const char* nonce ,const char* method ,const char* uri ,char response[33] ) { char ha1[33],ha2[33]; belle_sip_auth_helper_compute_ha1(username,realm,passwd,ha1); belle_sip_auth_helper_compute_ha2(method,uri,ha2); belle_sip_auth_helper_compute_response(ha1,nonce,ha2,response); }
static void test_authentication(void) { const char* l_raw_header = "WWW-Authenticate: Digest " "algorithm=MD5, realm=\"sip.linphone.org\", opaque=\"1bc7f9097684320\"," " nonce=\"cz3h0gAAAAC06TKKAABmTz1V9OcAAAAA\""; char ha1[33]; belle_sip_header_www_authenticate_t* www_authenticate=belle_sip_header_www_authenticate_parse(l_raw_header); belle_sip_header_authorization_t* authorization = belle_sip_auth_helper_create_authorization(www_authenticate); belle_sip_header_authorization_set_uri(authorization,belle_sip_uri_parse("sip:sip.linphone.org")); BC_ASSERT_EQUAL_FATAL(0,belle_sip_auth_helper_compute_ha1("jehan-mac","sip.linphone.org","toto",ha1), int, "%d"); BC_ASSERT_EQUAL_FATAL(0,belle_sip_auth_helper_fill_authorization(authorization,"REGISTER",ha1), int, "%d"); BC_ASSERT_STRING_EQUAL(belle_sip_header_authorization_get_response(authorization),"77ebf3de72e41934d806175586086508"); belle_sip_object_unref(www_authenticate); belle_sip_object_unref(authorization); }
static void compute_response_auth_qop(const char* username ,const char* realm ,const char* passwd ,const char* nonce ,unsigned int nonce_count ,const char* cnonce ,const char* qop ,const char* method ,const char* uri ,char response[33] ) { char ha1[33],ha2[33]; belle_sip_auth_helper_compute_ha1(username,realm,passwd,ha1); belle_sip_auth_helper_compute_ha2(method,uri,ha2); belle_sip_auth_helper_compute_response_qop_auth(ha1, nonce,nonce_count, cnonce,qop,ha2,response); }
static void test_authentication_qop_auth(void) { const char* l_raw_header = "WWW-Authenticate: Digest " "algorithm=MD5, realm=\"sip.linphone.org\", opaque=\"1bc7f9097684320\"," " qop=\"auth,auth-int\", nonce=\"cz3h0gAAAAC06TKKAABmTz1V9OcAAAAA\""; char ha1[33]; belle_sip_header_www_authenticate_t* www_authenticate=belle_sip_header_www_authenticate_parse(l_raw_header); belle_sip_header_authorization_t* authorization = belle_sip_auth_helper_create_authorization(www_authenticate); belle_sip_header_authorization_set_uri(authorization,belle_sip_uri_parse("sip:sip.linphone.org")); belle_sip_header_authorization_set_nonce_count(authorization,1); belle_sip_header_authorization_set_qop(authorization,"auth"); belle_sip_header_authorization_set_cnonce(authorization,"8302210f"); /*for testing purpose*/ BC_ASSERT_EQUAL_FATAL(0,belle_sip_auth_helper_compute_ha1("jehan-mac","sip.linphone.org","toto",ha1), int, "%d"); BC_ASSERT_EQUAL_FATAL(0,belle_sip_auth_helper_fill_authorization(authorization,"REGISTER",ha1), int, "%d"); BC_ASSERT_STRING_EQUAL(belle_sip_header_authorization_get_qop(authorization),"auth"); BC_ASSERT_STRING_EQUAL(belle_sip_header_authorization_get_response(authorization),"694dab8dfe7d50d28ba61e8c43e30666"); BC_ASSERT_EQUAL(belle_sip_header_authorization_get_nonce_count(authorization),1, int, "%d"); belle_sip_object_unref(www_authenticate); belle_sip_object_unref(authorization); }
static int http_channel_context_handle_authentication(belle_http_channel_context_t *ctx, belle_http_request_t *req){ const char *realm=NULL; belle_sip_auth_event_t *ev=NULL; belle_http_response_t *resp=belle_http_request_get_response(req); const char *username=NULL; const char *passwd=NULL; const char *ha1=NULL; char computed_ha1[33]; belle_sip_header_www_authenticate_t* authenticate; int ret=0; if (req->auth_attempt_count>1){ req->auth_attempt_count=0; return -1; } if (resp == NULL ) { belle_sip_error("Missing response for req [%p], cannot authenticate", req); return -1; } if (!(authenticate = belle_sip_message_get_header_by_type(resp,belle_sip_header_www_authenticate_t))) { if (belle_sip_message_get_header_by_type(resp,belle_sip_header_proxy_authenticate_t)) { belle_sip_error("Proxy authentication not supported yet, cannot authenticate for resp [%p]", resp); } belle_sip_error("Missing auth header in response [%p], cannot authenticate", resp); return -1; } if (strcasecmp("Digest",belle_sip_header_www_authenticate_get_scheme(authenticate)) != 0) { belle_sip_error("Unsupported auth scheme [%s] in response [%p], cannot authenticate", belle_sip_header_www_authenticate_get_scheme(authenticate),resp); return -1; } /*find if username, passwd were already supplied in original request uri*/ if (req->orig_uri){ username=belle_generic_uri_get_user(req->orig_uri); passwd=belle_generic_uri_get_user_password(req->orig_uri); } realm = belle_sip_header_www_authenticate_get_realm(authenticate); if (!username || !passwd) { ev=belle_sip_auth_event_create((belle_sip_object_t*)ctx->provider,realm,NULL); BELLE_HTTP_REQUEST_INVOKE_LISTENER(req,process_auth_requested,ev); username=ev->username; passwd=ev->passwd; ha1=ev->ha1; } if (!ha1 && username && passwd) { belle_sip_auth_helper_compute_ha1(username,realm,passwd, computed_ha1); ha1=computed_ha1; } else if (!ha1){ belle_sip_error("No auth info found for request [%p], cannot authenticate",req); ret=-1; } if (ha1) { belle_http_header_authorization_t* authorization; req->auth_attempt_count++; authorization = belle_http_auth_helper_create_authorization(authenticate); /*select first qop mode*/ belle_sip_header_authorization_set_qop(BELLE_SIP_HEADER_AUTHORIZATION(authorization),belle_sip_header_www_authenticate_get_qop_first(authenticate)); belle_sip_header_authorization_set_nonce_count(BELLE_SIP_HEADER_AUTHORIZATION(authorization),1); /*we don't store nonce count for now*/ belle_sip_header_authorization_set_username(BELLE_SIP_HEADER_AUTHORIZATION(authorization),username); belle_http_header_authorization_set_uri(authorization,belle_http_request_get_uri(req)); if (belle_sip_auth_helper_fill_authorization(BELLE_SIP_HEADER_AUTHORIZATION(authorization),belle_http_request_get_method(req),ha1)) { belle_sip_error("Cannot fill auth header for request [%p]",req); if (authorization) belle_sip_object_unref(authorization); ret=-1; } else { belle_sip_message_remove_header(BELLE_SIP_MESSAGE(req),BELLE_HTTP_AUTHORIZATION); belle_sip_message_add_header(BELLE_SIP_MESSAGE(req),BELLE_SIP_HEADER(authorization)); belle_http_provider_send_request(ctx->provider,req,NULL); } } if (ev) belle_sip_auth_event_destroy(ev); return ret; }
int sal_auth_compute_ha1(const char* userid,const char* realm,const char* password, char ha1[33]) { return belle_sip_auth_helper_compute_ha1(userid, realm, password, ha1); }