// Copyright 2011 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #ifdef UNSAFE_BUFFERS_BUILD // TODO(crbug.com/40284755): Remove this and spanify to fix the errors. #pragma allow_unsafe_buffers #endif #include "net/http/http_auth_handler_digest.h" #include <string> #include <string_view> #include "base/hash/md5.h" #include "base/logging.h" #include "base/memory/ptr_util.h" #include "base/rand_util.h" #include "base/strings/string_number_conversions.h" #include "base/strings/string_util.h" #include "base/strings/stringprintf.h" #include "base/strings/utf_string_conversions.h" #include "net/base/features.h" #include "net/base/net_errors.h" #include "net/base/net_string_util.h" #include "net/base/url_util.h" #include "net/dns/host_resolver.h" #include "net/http/http_auth.h" #include "net/http/http_auth_challenge_tokenizer.h" #include "net/http/http_auth_scheme.h" #include "net/http/http_request_info.h" #include "net/http/http_util.h" #include "third_party/boringssl/src/include/openssl/digest.h" #include "url/gurl.h" namespace net { // Digest authentication is specified in RFC 7616. // The expanded derivations for algorithm=MD5 are listed in the tables below. //==========+==========+==========================================+ // qop |algorithm | response | //==========+==========+==========================================+ // ? | ?, md5, | MD5(MD5(A1):nonce:MD5(A2)) | // | md5-sess | | //--------- +----------+------------------------------------------+ // auth, | ?, md5, | MD5(MD5(A1):nonce:nc:cnonce:qop:MD5(A2)) | // auth-int | md5-sess | | //==========+==========+==========================================+ // qop |algorithm | A1 | //==========+==========+==========================================+ // | ?, md5 | user:realm:password | //----------+----------+------------------------------------------+ // | md5-sess | MD5(user:realm:password):nonce:cnonce | //==========+==========+==========================================+ // qop |algorithm | A2 | //==========+==========+==========================================+ // ?, auth | | req-method:req-uri | //----------+----------+------------------------------------------+ // auth-int | | req-method:req-uri:MD5(req-entity-body) | //=====================+==========================================+ HttpAuthHandlerDigest::NonceGenerator::NonceGenerator() = default; HttpAuthHandlerDigest::NonceGenerator::~NonceGenerator() = default; HttpAuthHandlerDigest::DynamicNonceGenerator::DynamicNonceGenerator() = default; std::string HttpAuthHandlerDigest::DynamicNonceGenerator::GenerateNonce() const { … } HttpAuthHandlerDigest::FixedNonceGenerator::FixedNonceGenerator( const std::string& nonce) : … { … } std::string HttpAuthHandlerDigest::FixedNonceGenerator::GenerateNonce() const { … } HttpAuthHandlerDigest::Factory::Factory() : … { … } HttpAuthHandlerDigest::Factory::~Factory() = default; void HttpAuthHandlerDigest::Factory::set_nonce_generator( std::unique_ptr<const NonceGenerator> nonce_generator) { … } int HttpAuthHandlerDigest::Factory::CreateAuthHandler( HttpAuthChallengeTokenizer* challenge, HttpAuth::Target target, const SSLInfo& ssl_info, const NetworkAnonymizationKey& network_anonymization_key, const url::SchemeHostPort& scheme_host_port, CreateReason reason, int digest_nonce_count, const NetLogWithSource& net_log, HostResolver* host_resolver, std::unique_ptr<HttpAuthHandler>* handler) { … } bool HttpAuthHandlerDigest::Init( HttpAuthChallengeTokenizer* challenge, const SSLInfo& ssl_info, const NetworkAnonymizationKey& network_anonymization_key) { … } int HttpAuthHandlerDigest::GenerateAuthTokenImpl( const AuthCredentials* credentials, const HttpRequestInfo* request, CompletionOnceCallback callback, std::string* auth_token) { … } HttpAuth::AuthorizationResult HttpAuthHandlerDigest::HandleAnotherChallengeImpl( HttpAuthChallengeTokenizer* challenge) { … } HttpAuthHandlerDigest::HttpAuthHandlerDigest( int nonce_count, const NonceGenerator* nonce_generator) : … { … } HttpAuthHandlerDigest::~HttpAuthHandlerDigest() = default; // The digest challenge header looks like: // WWW-Authenticate: Digest // [realm="<realm-value>"] // nonce="<nonce-value>" // [domain="<list-of-URIs>"] // [opaque="<opaque-token-value>"] // [stale="<true-or-false>"] // [algorithm="<digest-algorithm>"] // [qop="<list-of-qop-values>"] // [<extension-directive>] // // Note that according to RFC 2617 (section 1.2) the realm is required. // However we allow it to be omitted, in which case it will default to the // empty string. // // This allowance is for better compatibility with webservers that fail to // send the realm (See http://crbug.com/20984 for an instance where a // webserver was not sending the realm with a BASIC challenge). bool HttpAuthHandlerDigest::ParseChallenge( HttpAuthChallengeTokenizer* challenge) { … } bool HttpAuthHandlerDigest::ParseChallengeProperty(std::string_view name, std::string_view value) { … } // static std::string HttpAuthHandlerDigest::QopToString(QualityOfProtection qop) { … } // static std::string HttpAuthHandlerDigest::AlgorithmToString(Algorithm algorithm) { … } void HttpAuthHandlerDigest::GetRequestMethodAndPath( const HttpRequestInfo* request, std::string* method, std::string* path) const { … } class HttpAuthHandlerDigest::DigestContext { … }; std::string HttpAuthHandlerDigest::AssembleResponseDigest( const std::string& method, const std::string& path, const AuthCredentials& credentials, const std::string& cnonce, const std::string& nc) const { … } std::string HttpAuthHandlerDigest::AssembleCredentials( const std::string& method, const std::string& path, const AuthCredentials& credentials, const std::string& cnonce, int nonce_count) const { … } } // namespace net
Codebase Browser
chromium