generic-library/poco
1
0
Fork 0
mirror of https://github.com/pocoproject/poco.git synced 2025-10-28 11:31:53 +01:00
Code Issues Projects Releases Wiki Activity

backport changes from 1.4.3 branch

Browse Source
This commit is contained in:
Marian Krivos
2012-01-07 11:07:00 +00:00
parent 6268aa3865
commit 45d3f03f14
6 changed files with 1245 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

123
Net/include/Poco/Net/HTTPAuthenticationParams.h Normal file
View File

@@ -0,0 +1,123 @@
//
// HTTPAuthenticationParams.h
//
// $Id: //poco/1.4/Net/include/Poco/Net/HTTPAuthenticationParams.h#2 $
//
// Library: Net
// Package: HTTP
// Module: HTTPAuthenticationParams
//
// Definition of the HTTPAuthenticationParams class.
//
// Copyright (c) 2011, Anton V. Yabchinskiy (arn at bestmx dot ru).
// Copyright (c) 2012, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
// obtaining a copy of the software and accompanying documentation covered by
// this license (the "Software") to use, reproduce, display, distribute,
// execute, and transmit the Software, and to prepare derivative works of the
// Software, and to permit third-parties to whom the Software is furnished to
// do so, all subject to the following:
//
// The copyright notices in the Software and this entire statement, including
// the above license grant, this restriction and the following disclaimer,
// must be included in all copies of the Software, in whole or in part, and
// all derivative works of the Software, unless such copies or derivative
// works are solely in the form of machine-executable object code generated by
// a source language processor.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT
// SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE
// FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,
// ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
// DEALINGS IN THE SOFTWARE.
//
#ifndef Net_HTTPAuthenticationParams_INCLUDED
#define Net_HTTPAuthenticationParams_INCLUDED
#include "Poco/Net/NameValueCollection.h"
namespace Poco {
namespace Net {
class HTTPRequest;
class HTTPResponse;
class Net_API HTTPAuthenticationParams: public NameValueCollection
/// Collection of name-value pairs of HTTP authentication header (i.e.
/// "realm", "qop", "nonce" in case of digest authentication header).
{
public:
HTTPAuthenticationParams();
/// Creates an empty authentication parameters collection.
explicit HTTPAuthenticationParams(const std::string& authInfo);
/// See fromAuthInfo() documentation.
explicit HTTPAuthenticationParams(const HTTPRequest& request);
/// See fromRequest() documentation.
explicit HTTPAuthenticationParams(const HTTPResponse& response);
/// See fromResponse() documentation.
virtual ~HTTPAuthenticationParams();
/// Destroys the HTTPAuthenticationParams.
HTTPAuthenticationParams& operator = (const HTTPAuthenticationParams& authParams);
/// Assigns the content of another HTTPAuthenticationParams.
void fromAuthInfo(const std::string& authInfo);
/// Creates an HTTPAuthenticationParams by parsing authentication
/// information.
void fromRequest(const HTTPRequest& request);
/// Extracts authentication information from the request and creates
/// HTTPAuthenticationParams by parsing it.
///
/// Throws a NotAuthenticatedException if no authentication
/// information is contained in request.
/// Throws a InvalidArgumentException if authentication scheme is
/// unknown or invalid.
void fromResponse(const HTTPResponse& response);
/// Extracts authentication information from the response and creates
/// HTTPAuthenticationParams by parsing it.
///
/// Throws a NotAuthenticatedException if no authentication
/// information is contained in response.
/// Throws a InvalidArgumentException if authentication scheme is
/// unknown or invalid.
void setRealm(const std::string& realm);
/// Sets the "realm" parameter to the provided string.
const std::string& getRealm() const;
/// Returns value of the "realm" parameter.
///
/// Throws NotFoundException is there is no "realm" set in the
/// HTTPAuthenticationParams.
std::string toString() const;
/// Formats the HTTPAuthenticationParams for inclusion in HTTP
/// request or response authentication header.
static const std::string REALM;
private:
void parse(std::string::const_iterator first, std::string::const_iterator last);
};
} } // namespace Poco::Net
#endif // Net_HTTPAuthenticationParams_INCLUDED

179
Net/include/Poco/Net/HTTPCredentials.h Normal file
View File

@@ -0,0 +1,179 @@
//
// HTTPCredentials.h
//
// $Id: //poco/1.4/Net/include/Poco/Net/HTTPCredentials.h#2 $
//
// Library: Net
// Package: HTTP
// Module: HTTPCredentials
//
// Definition of the HTTPCredentials class.
//
// Copyright (c) 2011, Anton V. Yabchinskiy (arn at bestmx dot ru).
// Copyright (c) 2012, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
// obtaining a copy of the software and accompanying documentation covered by
// this license (the "Software") to use, reproduce, display, distribute,
// execute, and transmit the Software, and to prepare derivative works of the
// Software, and to permit third-parties to whom the Software is furnished to
// do so, all subject to the following:
//
// The copyright notices in the Software and this entire statement, including
// the above license grant, this restriction and the following disclaimer,
// must be included in all copies of the Software, in whole or in part, and
// all derivative works of the Software, unless such copies or derivative
// works are solely in the form of machine-executable object code generated by
// a source language processor.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT
// SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE
// FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,
// ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
// DEALINGS IN THE SOFTWARE.
//
#ifndef Net_HTTPCredentials_INCLUDED
#define Net_HTTPCredentials_INCLUDED
#include "Poco/Net/HTTPDigestCredentials.h"
namespace Poco {
class URI;
namespace Net {
class HTTPRequest;
class HTTPResponse;
class Net_API HTTPCredentials
/// This is a utility class for working with HTTP
/// authentication (basic or digest) in HTTPRequest objects.
///
/// Usage is as follows:
/// First, create a HTTPCredentials object containing
/// the username and password.
/// Poco::Net::HTTPCredentials creds("user", "s3cr3t");
///
/// Second, send the HTTP request with Poco::Net::HTTPClientSession.
/// Poco::Net::HTTPClientSession session("pocoproject.org");
/// Poco::Net::HTTPRequest request(HTTPRequest::HTTP_GET, "/index.html", HTTPMessage::HTTP_1_1);
/// session.sendRequest(request);
/// Poco::Net::HTTPResponse;
/// std::istream& istr = session.receiveResponse(response);
///
/// If the server responds with a 401 status, authenticate the
/// request and resend it:
/// if (response.getStatus() == Poco::Net::HTTPResponse::HTTP_UNAUTHORIZED)
/// {
/// creds.authenticate(request, response);
/// session.sendRequest(request);
/// ...
/// }
///
/// To perform multiple authenticated requests, call updateAuthInfo()
/// instead of authenticate() on subsequent requests.
/// creds.updateAuthInfo(request);
/// session.sendRequest(request);
/// ...
///
/// Note: Do not forget to read the entire response stream from the 401 response
/// before sending the authenticated request, otherwise there may be
/// problems if a persistent connection is used.
{
public:
HTTPCredentials();
/// Creates an empty HTTPCredentials object.
HTTPCredentials(const std::string& username, const std::string& password);
/// Creates an HTTPCredentials object with the given username and password.
~HTTPCredentials();
/// Destroys the HTTPCredentials.
void setUsername(const std::string& username);
/// Sets the username.
const std::string& getUsername() const;
/// Returns the username.
void setPassword(const std::string& password);
/// Sets the password.
const std::string& getPassword() const;
/// Returns the password.
void authenticate(HTTPRequest& request, const HTTPResponse& response);
/// Inspects authenticate header of the response, initializes
/// the internal state (in case of digest authentication) and
/// adds required information to the given HTTPRequest.
///
/// Does nothing if there is no authentication header in the
/// HTTPResponse.
void updateAuthInfo(HTTPRequest& request);
/// Updates internal state (in case of digest authentication) and
/// replaces authentication information in the request accordingly.
static bool isBasicCredentials(const std::string& header);
/// Returns true if authentication header is for Basic authentication.
static bool isDigestCredentials(const std::string& header);
/// Returns true if authentication header is for Digest authentication.
static void extractCredentials(const std::string& userInfo, std::string& username, std::string& password);
/// Extracts username and password from user:password information string.
static void extractCredentials(const Poco::URI& uri, std::string& username, std::string& password);
/// Extracts username and password from the given URI (e.g.: "http://user:pass@sample.com/secret").
private:
HTTPCredentials(const HTTPCredentials&);
HTTPCredentials& operator = (const HTTPCredentials&);
HTTPDigestCredentials _digest;
};
//
// inlines
//
inline void HTTPCredentials::setUsername(const std::string& username)
{
_digest.setUsername(username);
}
inline const std::string& HTTPCredentials::getUsername() const
{
return _digest.getUsername();
}
inline void HTTPCredentials::setPassword(const std::string& password)
{
_digest.setPassword(password);
}
inline const std::string& HTTPCredentials::getPassword() const
{
return _digest.getPassword();
}
} } // namespace Poco::Net
#endif // Net_HTTPCredentials_INCLUDED

174
Net/include/Poco/Net/HTTPDigestCredentials.h Normal file
View File

@@ -0,0 +1,174 @@
//
// HTTPDigestCredentials.h
//
// $Id: //poco/1.4/Net/include/Poco/Net/HTTPDigestCredentials.h#2 $
//
// Library: Net
// Package: HTTP
// Module: HTTPDigestCredentials
//
// Definition of the HTTPDigestCredentials class.
//
// Copyright (c) 2011, Anton V. Yabchinskiy (arn at bestmx dot ru).
// Copyright (c) 2012, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
// obtaining a copy of the software and accompanying documentation covered by
// this license (the "Software") to use, reproduce, display, distribute,
// execute, and transmit the Software, and to prepare derivative works of the
// Software, and to permit third-parties to whom the Software is furnished to
// do so, all subject to the following:
//
// The copyright notices in the Software and this entire statement, including
// the above license grant, this restriction and the following disclaimer,
// must be included in all copies of the Software, in whole or in part, and
// all derivative works of the Software, unless such copies or derivative
// works are solely in the form of machine-executable object code generated by
// a source language processor.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT
// SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE
// FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,
// ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
// DEALINGS IN THE SOFTWARE.
//
#ifndef Net_HTTPDigestCredentials_INCLUDED
#define Net_HTTPDigestCredentials_INCLUDED
#include "Poco/Net/HTTPAuthenticationParams.h"
#include "Poco/Mutex.h"
#include <map>
namespace Poco {
namespace Net {
class HTTPRequest;
class HTTPResponse;
class Net_API HTTPDigestCredentials
/// This is a utility class for working with
/// HTTP Digest Authentication in HTTPRequest
/// objects.
///
/// Note: currently, no qop or qop=auth is
/// supported only.
{
public:
HTTPDigestCredentials();
/// Creates an empty HTTPDigestCredentials object.
HTTPDigestCredentials(const std::string& username, const std::string& password);
/// Creates a HTTPDigestCredentials object with the given username and password.
~HTTPDigestCredentials();
/// Destroys the HTTPDigestCredentials.
void setUsername(const std::string& username);
/// Sets the username.
const std::string& getUsername() const;
/// Returns the username.
void setPassword(const std::string& password);
/// Sets the password.
const std::string& getPassword() const;
/// Returns the password.
void authenticate(HTTPRequest& request, const HTTPResponse& response);
/// Parses authentication header of the HTTPResponse, initializes
/// internal state, and adds authentication information to the given HTTPRequest.
void authenticate(HTTPRequest& request, const HTTPAuthenticationParams& responseAuthParams);
/// Initializes internal state according to information from the
/// HTTPAuthenticationParams of the response, and adds authentication
/// information to the given HTTPRequest.
///
/// Throws InvalidArgumentException if HTTPAuthenticationParams is
/// invalid or some required parameter is missing.
/// Throws NotImplementedException in case of unsupported digest
/// algorithm or quality of protection method.
void updateAuthInfo(HTTPRequest& request);
/// Updates internal state and adds authentication information to
/// the given HTTPRequest.
bool verifyAuthInfo(const HTTPRequest& request) const;
/// Verifies the digest authentication information in the given HTTPRequest
/// by recomputing the response and comparing it with what's in the request.
///
/// Note: This method creates a HTTPAuthenticationParams object from the request
/// and calls verifyAuthParams() with request and params.
bool verifyAuthParams(const HTTPRequest& request, const HTTPAuthenticationParams& params) const;
/// Verifies the digest authentication information in the given HTTPRequest
/// and HTTPAuthenticationParams by recomputing the response and comparing
/// it with what's in the request.
static std::string createNonce();
/// Creates a random nonce string.
static const std::string SCHEME;
private:
HTTPDigestCredentials(const HTTPDigestCredentials&);
HTTPDigestCredentials& operator = (const HTTPDigestCredentials&);
void createAuthParams(const HTTPRequest& request, const HTTPAuthenticationParams& responseAuthParams);
void updateAuthParams(const HTTPRequest& request);
int updateNonceCounter(const std::string& nonce);
static const std::string DEFAULT_ALGORITHM;
static const std::string DEFAULT_QOP;
static const std::string NONCE_PARAM;
static const std::string REALM_PARAM;
static const std::string QOP_PARAM;
static const std::string ALGORITHM_PARAM;
static const std::string USERNAME_PARAM;
static const std::string OPAQUE_PARAM;
static const std::string URI_PARAM;
static const std::string RESPONSE_PARAM;
static const std::string AUTH_PARAM;
static const std::string CNONCE_PARAM;
static const std::string NC_PARAM;
typedef std::map<std::string, int> NonceCounterMap;
std::string _username;
std::string _password;
HTTPAuthenticationParams _requestAuthParams;
NonceCounterMap _nc;
static int _nonceCounter;
static Poco::FastMutex _nonceMutex;
};
//
// inlines
//
inline const std::string& HTTPDigestCredentials::getUsername() const
{
return _username;
}
inline const std::string& HTTPDigestCredentials::getPassword() const
{
return _password;
}
} } // namespace Poco::Net
#endif // Net_HTTPDigestCredentials_INCLUDED