all cases of Digest authorization was implemented (#19)

Digest authentication was improved
This commit is contained in:
Vitalii 2018-07-10 19:51:11 +03:00 committed by Christoph Polcin
parent 95706c0747
commit ec1263db2f

View File

@ -44,12 +44,15 @@ func (d *DigestAuth) Authorize(c *Client, method string, path string) {
func digestParts(resp *http.Response) map[string]string { func digestParts(resp *http.Response) map[string]string {
result := map[string]string{} result := map[string]string{}
if len(resp.Header["Www-Authenticate"]) > 0 { if len(resp.Header["Www-Authenticate"]) > 0 {
wantedHeaders := []string{"nonce", "realm", "qop", "opaque"} wantedHeaders := []string{"nonce", "realm", "qop", "opaque", "algorithm", "entityBody"}
responseHeaders := strings.Split(resp.Header["Www-Authenticate"][0], ",") responseHeaders := strings.Split(resp.Header["Www-Authenticate"][0], ",")
for _, r := range responseHeaders { for _, r := range responseHeaders {
for _, w := range wantedHeaders { for _, w := range wantedHeaders {
if strings.Contains(r, w) { if strings.Contains(r, w) {
result[w] = strings.Split(r, `"`)[1] result[w] = strings.Trim(
strings.SplitN(r, `=`, 2)[1],
`"`,
)
} }
} }
} }
@ -72,13 +75,68 @@ func getCnonce() string {
func getDigestAuthorization(digestParts map[string]string) string { func getDigestAuthorization(digestParts map[string]string) string {
d := digestParts d := digestParts
// These are the correct ha1 and ha2 for qop=auth. We should probably check for other types of qop. // These are the correct ha1 and ha2 for qop=auth. We should probably check for other types of qop.
ha1 := getMD5(d["username"] + ":" + d["realm"] + ":" + d["password"])
ha2 := getMD5(d["method"] + ":" + d["uri"]) var (
nonceCount := 00000001 ha1 string
cnonce := getCnonce() ha2 string
response := getMD5(fmt.Sprintf("%s:%s:%v:%s:%s:%s", ha1, d["nonce"], nonceCount, cnonce, d["qop"], ha2)) nonceCount = 00000001
authorization := fmt.Sprintf(`Digest username="%s", realm="%s", nonce="%s", uri="%s", qop=%s, nc=%v, cnonce="%s", response="%s"`, cnonce = getCnonce()
d["username"], d["realm"], d["nonce"], d["uri"], d["qop"], nonceCount, cnonce, response) response string
)
// 'ha1' value depends on value of "algorithm" field
switch d["algorithm"] {
case "MD5", "":
ha1 = getMD5(d["username"] + ":" + d["realm"] + ":" + d["password"])
case "MD5-sess":
ha1 = getMD5(
fmt.Sprintf("%s:%v:%s",
getMD5(d["username"] + ":" + d["realm"] + ":" + d["password"]),
nonceCount,
cnonce,
),
)
}
// 'ha2' value depends on value of "qop" field
switch d["qop"] {
case "auth", "":
ha2 = getMD5(d["method"] + ":" + d["uri"])
case "auth-int":
if d["entityBody"] != "" {
ha2 = getMD5(d["method"] + ":" + d["uri"] + ":" + getMD5(d["entityBody"]))
}
}
// 'response' value depends on value of "qop" field
switch d["qop"] {
case "":
response = getMD5(
fmt.Sprintf("%s:%s:%s",
ha1,
d["nonce"],
ha2,
),
)
case "auth", "auth-int":
response = getMD5(
fmt.Sprintf("%s:%s:%v:%s:%s:%s",
ha1,
d["nonce"],
nonceCount,
cnonce,
d["qop"],
ha2,
),
)
}
authorization := fmt.Sprintf(`Digest username="%s", realm="%s", nonce="%s", uri="%s", nc=%v, cnonce="%s", response="%s"`,
d["username"], d["realm"], d["nonce"], d["uri"], nonceCount, cnonce, response)
if d["qop"] != "" {
authorization += fmt.Sprintf(`, qop=%s`, d["qop"])
}
if d["opaque"] != "" { if d["opaque"] != "" {
authorization += fmt.Sprintf(`, opaque="%s"`, d["opaque"]) authorization += fmt.Sprintf(`, opaque="%s"`, d["opaque"])