Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

handle optional qop in http digest authentication

  • Loading branch information...
commit 94745f1ded032cdb73dac300ff3063837c1c28e1 1 parent 5a86dc0
Nicolas Niclausse nniclausse authored
3  include/ts_http.hrl
View
@@ -49,10 +49,11 @@
digest_opaque,
digest_cnonce,
digest_nc,
+ digest_qop,
realm,
soap_action % for SOAP support
}).
-
+
-record(url,
{scheme, %% http, https, ...
host,
16 src/test/ts_test_http.erl
View
@@ -241,6 +241,22 @@ compress_chunk_test()->
Data= <<Data1/binary, A/binary, Data2/binary, B/binary, Data3/binary>>,
?assertEqual(<< "HTTP header\r\nHeader: value\r\nTransfer-Encoding: chunked\r\n\r\nsesame ouvre toi" >>, ts_http:decode_buffer(Data, #http{chunk_toread=-2, compressed={false,gzip}})).
+authentication_basic_test()->
+ Base="QWxhZGRpbjpvcGVuIHNlc2FtZQ==",
+ ?assertEqual(["Authorization: Basic ",Base,?CRLF], ts_http_common:authenticate(#http_request{userid="Aladdin", auth_type="basic",passwd="open sesame"})).
+
+authentication_digest1_test()->
+ OK="Authorization: Digest username=\"Mufasa\", realm=\"testrealm@host.com\", nonce=\"dcd98b7102dd2f0e8b11d0f600bfb0c093\", uri=\"/dir/index.html\", response=\"6629fae49393a05397450978507c4ef1\", opaque=\"5ccc069c403ebaf9f0171e9517f40e41\", qop=\"auth\", nc=00000001, cnonce=\"0a4f113b\"\r\n",
+
+ Req=#http_request{userid="Mufasa", auth_type="digest",passwd="Circle Of Life",
+ realm ="testrealm@host.com", url="/dir/index.html",
+ digest_qop = "auth",
+ digest_nonce = "dcd98b7102dd2f0e8b11d0f600bfb0c093",
+ digest_nc = "00000001",
+ digest_cnonce = "0a4f113b",
+ digest_opaque = "5ccc069c403ebaf9f0171e9517f40e41"},
+ ?assertEqual(OK, lists:flatten(ts_http_common:authenticate(Req))).
+
myset_env()->
myset_env(0).
myset_env(N)->
4 src/test/ts_test_recorder.erl
View
@@ -56,10 +56,6 @@ decode_base64_test()->
Base="QWxhZGRpbjpvcGVuIHNlc2FtZQ==",
?assertEqual({"Aladdin","open sesame"}, ts_proxy_http:decode_basic_auth(Base)).
-%%TODO: should be in ts_test_http
-encode_base64_test()->
- Base="QWxhZGRpbjpvcGVuIHNlc2FtZQ==",
- ?assertEqual(["Authorization: Basic ",Base,?CRLF], ts_http_common:authenticate(#http_request{userid="Aladdin", auth_type="basic",passwd="open sesame"})).
rewrite_http_secure_cookie_test()->
Data="HTTP/1.1 200 OK\r\nSet-Cookie: JSESSIONID=F949C9182402EB74258F43FDC3F3C63F; Path=/; Secure\r\nLocation: https://foo.bar/\r\nContent-Length: 0\r\n\r\n",
12 src/tsung/ts_http.erl
View
@@ -229,8 +229,8 @@ add_dynparams(#http{session_cookies=DynCookie,user_agent=UA}, Req, _) ->
%% @end
%%----------------------------------------------------------------------
subst(Req=#http_request{url=URL, body=Body, headers = Headers, oauth_url=OUrl,
- oauth_access_token=AToken, oauth_access_secret=ASecret,
- digest_cnonce=CNonce, digest_nc=Nc,digest_nonce=Nonce,
+ oauth_access_token=AToken, oauth_access_secret=ASecret,digest_qop = QOP,
+ digest_cnonce=CNonce, digest_nc=Nc,digest_nonce=Nonce, digest_opaque=Opaque,
realm=Realm, userid=UserId, passwd=Passwd, cookie = Cookies}, DynVars) ->
Req#http_request{url = escape_url(ts_search:subst(URL, DynVars)),
body = ts_search:subst(Body, DynVars),
@@ -238,10 +238,12 @@ subst(Req=#http_request{url=URL, body=Body, headers = Headers, oauth_url=OUrl,
[{Name, ts_search:subst(Value, DynVars)} | Result]
end, [], Headers),
oauth_access_token = ts_search:subst(AToken, DynVars),
- digest_nonce = ts_search:subst(Nonce, DynVars),
+ digest_nonce = ts_search:subst(Nonce, DynVars),
digest_cnonce = ts_search:subst(CNonce, DynVars),
- digest_nc = ts_search:subst(Nc, DynVars),
- realm = ts_search:subst(Realm, DynVars),
+ digest_nc = ts_search:subst(Nc, DynVars),
+ digest_opaque = ts_search:subst(Opaque, DynVars),
+ digest_qop = ts_search:subst(QOP, DynVars),
+ realm = ts_search:subst(Realm, DynVars),
oauth_access_secret = ts_search:subst(ASecret, DynVars),
oauth_url = ts_search:subst(OUrl, DynVars),
cookie = lists:foldl(
46 src/tsung/ts_http_common.erl
View
@@ -132,22 +132,44 @@ authenticate(#http_request{passwd=Passwd, auth_type="basic",userid=UserId})->
authenticate(#http_request{method=Method, passwd=Passwd,userid=UserId,
auth_type="digest", realm=Realm,
- digest_cnonce=CNonce, digest_nc=NC,
- digest_nonce=Nonce, digest_opaque=_Opaque,
+ digest_cnonce=CNonce, digest_nc=NC, digest_qop=QOP,
+ digest_nonce=Nonce, digest_opaque=Opaque,
url=URL
}) ->
HA1 = md5_hex(string:join([UserId, Realm, Passwd], ":")),
HA2 = md5_hex(string:join([string:to_upper(atom_to_list(Method)), URL], ":")),
- Response = md5_hex(string:join([HA1, Nonce,NC, CNonce,"auth",HA2], ":")),
- ["Authorization: Digest "
- "username=\"",UserId,"\", ",
- "realm=\"", Realm, "\", ",
- "nonce=\"", Nonce, "\", ",
- "uri=\"", URL, "\", ",
- "nc=", NC, ", ",
- "cnonce=\"", CNonce, "\", ",
- "qop=auth,",
- "response=\"", Response, "\"", ?CRLF].
+ Response = digest_response({HA1, Nonce,NC, CNonce,QOP,HA2}),
+ digest_header(UserId,Realm,Nonce,URL,QOP,NC,CNonce,Response,Opaque).
+
+digest_header(User,Realm,Nonce,URI, QOP,NC,CNonce, Response,Opaque) ->
+ Acc= ["Authorization: Digest "
+ "username=\"",User,"\", ",
+ "realm=\"", Realm, "\", ",
+ "nonce=\"", Nonce, "\", ",
+ "uri=\"", URI, "\", ",
+ "response=\"", Response, "\""],
+ digest_header_opt(Acc, QOP, NC, CNonce, Opaque).
+
+%% qop and opaque are undefined
+digest_header_opt(Acc, undefined, _NC, _CNonce, undefined) ->
+ [Acc, ?CRLF];
+
+digest_header_opt(Acc, QOP, NC, CNonce, Opaque) when is_list(Opaque)->
+ NewAcc=[Acc,", opaque=\"",Opaque,"\""],
+ digest_header_opt(NewAcc,QOP,NC,CNonce,undefined);
+
+digest_header_opt(Acc, QOP, NC, CNonce,undefined) ->
+ NewAcc=[Acc,", qop=\"",QOP,"\"",
+ ", nc=", NC,
+ ", cnonce=\"", CNonce, "\""
+ ],
+ digest_header_opt(NewAcc,undefined,"","",undefined).
+
+digest_response({HA1,Nonce, _NC, _CNonce, undefined, HA2})-> %qop undefined
+ md5_hex(string:join([HA1, Nonce, HA2], ":"));
+digest_response({HA1,Nonce, NC, CNonce, QOP, HA2})->
+ md5_hex(string:join([HA1,Nonce,NC,CNonce,QOP,HA2], ":")).
+
md5_hex(String)->
lists:flatten([io_lib:format("~2.16.0b",[N])||N<-binary_to_list(erlang:md5(String))]).
Please sign in to comment.
Something went wrong with that request. Please try again.