generic-library/poco
1
0
Fork 0
mirror of https://github.com/pocoproject/poco.git synced 2025-10-23 16:48:06 +02:00
Code Issues Projects Releases Wiki Activity

backport changes from 1.4.3 branch

Browse Source
This commit is contained in:
Marian Krivos
2012-01-07 11:07:00 +00:00
parent 6268aa3865
commit 45d3f03f14
6 changed files with 1245 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

326
Net/src/HTTPAuthenticationParams.cpp Normal file
View File

@@ -0,0 +1,326 @@
//
// HTTPAuthenticationParams.cpp
//
// $Id: //poco/1.4/Net/src/HTTPAuthenticationParams.cpp#1 $
//
// Library: Net
// Package: HTTP
// Module: HTTPAuthenticationParams
//
// Copyright (c) 2011, Anton V. Yabchinskiy (arn at bestmx dot ru).
// Copyright (c) 2012, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
// obtaining a copy of the software and accompanying documentation covered by
// this license (the "Software") to use, reproduce, display, distribute,
// execute, and transmit the Software, and to prepare derivative works of the
// Software, and to permit third-parties to whom the Software is furnished to
// do so, all subject to the following:
//
// The copyright notices in the Software and this entire statement, including
// the above license grant, this restriction and the following disclaimer,
// must be included in all copies of the Software, in whole or in part, and
// all derivative works of the Software, unless such copies or derivative
// works are solely in the form of machine-executable object code generated by
// a source language processor.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT
// SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE
// FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,
// ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
// DEALINGS IN THE SOFTWARE.
//
#include "Poco/Exception.h"
#include "Poco/Net/HTTPAuthenticationParams.h"
#include "Poco/Net/HTTPRequest.h"
#include "Poco/Net/HTTPResponse.h"
#include "Poco/Net/NetException.h"
#include "Poco/String.h"
#include "Poco/Ascii.h"
using Poco::icompare;
using Poco::Ascii;
namespace
{
bool mustBeQuoted(const std::string& name)
{
return
icompare(name, "cnonce") == 0 ||
icompare(name, "domain") == 0 ||
icompare(name, "nonce") == 0 ||
icompare(name, "opaque") == 0 ||
icompare(name, "qop") == 0 ||
icompare(name, "realm") == 0 ||
icompare(name, "response") == 0 ||
icompare(name, "uri") == 0 ||
icompare(name, "username") == 0;
}
void formatParameter(std::string& result, const std::string& name, const std::string& value)
{
result += name;
result += '=';
if (mustBeQuoted(name))
{
result += '"';
result += value;
result += '"';
}
else
{
result += value;
}
}
}
namespace Poco {
namespace Net {
const std::string HTTPAuthenticationParams::REALM("realm");
HTTPAuthenticationParams::HTTPAuthenticationParams()
{
}
HTTPAuthenticationParams::HTTPAuthenticationParams(const std::string& authInfo)
{
fromAuthInfo(authInfo);
}
HTTPAuthenticationParams::HTTPAuthenticationParams(const HTTPRequest& request)
{
fromRequest(request);
}
HTTPAuthenticationParams::HTTPAuthenticationParams(const HTTPResponse& response)
{
fromResponse(response);
}
HTTPAuthenticationParams::~HTTPAuthenticationParams()
{
}
HTTPAuthenticationParams& HTTPAuthenticationParams::operator = (const HTTPAuthenticationParams& authParams)
{
NameValueCollection::operator = (authParams);
return *this;
}
void HTTPAuthenticationParams::fromAuthInfo(const std::string& authInfo)
{
parse(authInfo.begin(), authInfo.end());
}
void HTTPAuthenticationParams::fromRequest(const HTTPRequest& request)
{
std::string scheme;
std::string authInfo;
request.getCredentials(scheme, authInfo);
if (icompare(scheme, "Digest") != 0)
throw InvalidArgumentException("Could not parse non-Digest authentication information", scheme);
fromAuthInfo(authInfo);
}
void HTTPAuthenticationParams::fromResponse(const HTTPResponse& response)
{
if (!response.has("WWW-Authenticate"))
throw NotAuthenticatedException("HTTP response has no authentication header");
const std::string& header = response.get("WWW-Authenticate");
if (icompare(header, 0, 6, "Basic ") == 0)
{
parse(header.begin() + 6, header.end());
}
else if (icompare(header, 0, 7, "Digest ") == 0)
{
parse(header.begin() + 7, header.end());
}
else throw InvalidArgumentException("Invalid authentication scheme", header);
}
const std::string& HTTPAuthenticationParams::getRealm() const
{
return get(REALM);
}
void HTTPAuthenticationParams::setRealm(const std::string& realm)
{
set(REALM, realm);
}
std::string HTTPAuthenticationParams::toString() const
{
ConstIterator iter = begin();
std::string result;
if (iter != end())
{
formatParameter(result, iter->first, iter->second);
++iter;
}
for (; iter != end(); ++iter)
{
result.append(", ");
formatParameter(result, iter->first, iter->second);
}
return result;
}
void HTTPAuthenticationParams::parse(std::string::const_iterator first, std::string::const_iterator last)
{
enum State
{
STATE_INITIAL = 0x0100,
STATE_FINAL = 0x0200,
STATE_SPACE = STATE_INITIAL | 0,
STATE_TOKEN = 1,
STATE_EQUALS = 2,
STATE_VALUE = STATE_FINAL | 3,
STATE_VALUE_QUOTED = 4,
STATE_VALUE_ESCAPE = 5,
STATE_COMMA = STATE_FINAL | 6
};
int state = STATE_SPACE;
std::string token;
std::string value;
for (std::string::const_iterator it = first; it != last; ++it)
{
switch (state)
{
case STATE_SPACE:
if (Ascii::isAlphaNumeric(*it))
{
token += *it;
state = STATE_TOKEN;
}
else if (Ascii::isSpace(*it))
{
// Skip
}
else throw SyntaxException("Invalid authentication information");
break;
case STATE_TOKEN:
if (*it == '=')
{
state = STATE_EQUALS;
}
else if (Ascii::isAlphaNumeric(*it))
{
token += *it;
}
else throw SyntaxException("Invalid authentication information");
break;
case STATE_EQUALS:
if (Ascii::isAlphaNumeric(*it))
{
value += *it;
state = STATE_VALUE;
}
else if (*it == '"')
{
state = STATE_VALUE_QUOTED;
}
else throw SyntaxException("Invalid authentication information");
break;
case STATE_VALUE_QUOTED:
if (*it == '\\')
{
state = STATE_VALUE_ESCAPE;
}
else if (*it == '"')
{
add(token, value);
token.clear();
value.clear();
state = STATE_COMMA;
}
else
{
value += *it;
}
break;
case STATE_VALUE_ESCAPE:
value += *it;
state = STATE_VALUE_QUOTED;
break;
case STATE_VALUE:
if (Ascii::isSpace(*it))
{
add(token, value);
token.clear();
value.clear();
state = STATE_COMMA;
}
else if (*it == ',')
{
add(token, value);
token.clear();
value.clear();
state = STATE_SPACE;
}
else
{
value += *it;
}
break;
case STATE_COMMA:
if (*it == ',')
{
state = STATE_SPACE;
}
else if (Ascii::isSpace(*it))
{
// Skip
}
else throw SyntaxException("Invalid authentication information");
break;
}
}
if (!(state & STATE_FINAL))
throw SyntaxException("Invalid authentication information");
}
} } // namespace Poco::Net

145
Net/src/HTTPCredentials.cpp Normal file
View File

@@ -0,0 +1,145 @@
//
// HTTPCredentials.cpp
//
// $Id: //poco/1.4/Net/src/HTTPCredentials.cpp#1 $
//
// Library: Net
// Package: HTTP
// Module: HTTPCredentials
//
// Copyright (c) 2011, Anton V. Yabchinskiy (arn at bestmx dot ru).
// Copyright (c) 2012, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
// obtaining a copy of the software and accompanying documentation covered by
// this license (the "Software") to use, reproduce, display, distribute,
// execute, and transmit the Software, and to prepare derivative works of the
// Software, and to permit third-parties to whom the Software is furnished to
// do so, all subject to the following:
//
// The copyright notices in the Software and this entire statement, including
// the above license grant, this restriction and the following disclaimer,
// must be included in all copies of the Software, in whole or in part, and
// all derivative works of the Software, unless such copies or derivative
// works are solely in the form of machine-executable object code generated by
// a source language processor.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT
// SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE
// FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,
// ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
// DEALINGS IN THE SOFTWARE.
//
#include "Poco/Net/HTTPAuthenticationParams.h"
#include "Poco/Net/HTTPBasicCredentials.h"
#include "Poco/Net/HTTPCredentials.h"
#include "Poco/Net/HTTPRequest.h"
#include "Poco/Net/HTTPResponse.h"
#include "Poco/Net/NetException.h"
#include "Poco/String.h"
#include "Poco/URI.h"
using Poco::icompare;
namespace Poco {
namespace Net {
HTTPCredentials::HTTPCredentials()
{
}
HTTPCredentials::HTTPCredentials(const std::string& username, const std::string& password):
_digest(username, password)
{
}
HTTPCredentials::~HTTPCredentials()
{
}
void HTTPCredentials::authenticate(HTTPRequest& request, const HTTPResponse& response)
{
for (HTTPResponse::ConstIterator iter = response.find("WWW-Authenticate"); iter != response.end(); ++iter)
{
if (isBasicCredentials(iter->second))
{
HTTPBasicCredentials(_digest.getUsername(), _digest.getPassword()).authenticate(request);
return;
}
else if (isDigestCredentials(iter->second))
{
_digest.authenticate(request, HTTPAuthenticationParams(iter->second.substr(7)));
return;
}
}
}
void HTTPCredentials::updateAuthInfo(HTTPRequest& request)
{
if (request.has("Authorization"))
{
const std::string& authorization = request.get("Authorization");
if (isBasicCredentials(authorization))
{
HTTPBasicCredentials(_digest.getUsername(), _digest.getPassword()).authenticate(request);
}
else if (isDigestCredentials(authorization))
{
_digest.updateAuthInfo(request);
}
}
}
bool HTTPCredentials::isBasicCredentials(const std::string& header)
{
return icompare(header, 0, 6, "Basic ") == 0;
}
bool HTTPCredentials::isDigestCredentials(const std::string& header)
{
return icompare(header, 0, 7, "Digest ") == 0;
}
void HTTPCredentials::extractCredentials(const std::string& userInfo, std::string& username, std::string& password)
{
const std::string::size_type p = userInfo.find(':');
if (p != std::string::npos)
{
username.assign(userInfo, 0, p);
password.assign(userInfo, p + 1, std::string::npos);
}
else
{
username.assign(userInfo);
password.clear();
}
}
void HTTPCredentials::extractCredentials(const Poco::URI& uri, std::string& username, std::string& password)
{
if (!uri.getUserInfo().empty())
{
extractCredentials(uri.getUserInfo(), username, password);
}
}
} } // namespace Poco::Net

298
Net/src/HTTPDigestCredentials.cpp Normal file
View File

@@ -0,0 +1,298 @@
//
// HTTPDigestCredentials.cpp
//
// $Id: //poco/1.4/Net/src/HTTPDigestCredentials.cpp#2 $
//
// Library: Net
// Package: HTTP
// Module: HTTPDigestCredentials
//
// Copyright (c) 2011, Anton V. Yabchinskiy (arn at bestmx dot ru).
// Copyright (c) 2012, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// Permission is hereby granted, free of charge, to any person or organization
// obtaining a copy of the software and accompanying documentation covered by
// this license (the "Software") to use, reproduce, display, distribute,
// execute, and transmit the Software, and to prepare derivative works of the
// Software, and to permit third-parties to whom the Software is furnished to
// do so, all subject to the following:
//
// The copyright notices in the Software and this entire statement, including
// the above license grant, this restriction and the following disclaimer,
// must be included in all copies of the Software, in whole or in part, and
// all derivative works of the Software, unless such copies or derivative
// works are solely in the form of machine-executable object code generated by
// a source language processor.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT
// SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE
// FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,
// ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
// DEALINGS IN THE SOFTWARE.
//
#include "Poco/DateTime.h"
#include "Poco/DateTimeFormat.h"
#include "Poco/DateTimeFormatter.h"
#include "Poco/Exception.h"
#include "Poco/MD5Engine.h"
#include "Poco/Net/HTTPDigestCredentials.h"
#include "Poco/Net/HTTPRequest.h"
#include "Poco/Net/HTTPResponse.h"
#include "Poco/NumberFormatter.h"
#include "Poco/StringTokenizer.h"
namespace
{
std::string digest(Poco::DigestEngine& engine,
const std::string& a,
const std::string& b,
const std::string& c = std::string(),
const std::string& d = std::string(),
const std::string& e = std::string(),
const std::string& f = std::string())
{
engine.reset();
engine.update(a);
engine.update(':');
engine.update(b);
if (!c.empty())
{
engine.update(':');
engine.update(c);
if (!d.empty())
{
engine.update(':');
engine.update(d);
engine.update(':');
engine.update(e);
engine.update(':');
engine.update(f);
}
}
return Poco::DigestEngine::digestToHex(engine.digest());
}
std::string formatNonceCounter(int counter)
{
return Poco::NumberFormatter::formatHex(counter, 8);
}
}
namespace Poco {
namespace Net {
const std::string HTTPDigestCredentials::SCHEME = "Digest";
const std::string HTTPDigestCredentials::DEFAULT_ALGORITHM("MD5");
const std::string HTTPDigestCredentials::DEFAULT_QOP("");
const std::string HTTPDigestCredentials::NONCE_PARAM("nonce");
const std::string HTTPDigestCredentials::REALM_PARAM("realm");
const std::string HTTPDigestCredentials::QOP_PARAM("qop");
const std::string HTTPDigestCredentials::ALGORITHM_PARAM("algorithm");
const std::string HTTPDigestCredentials::USERNAME_PARAM("username");
const std::string HTTPDigestCredentials::OPAQUE_PARAM("opaque");
const std::string HTTPDigestCredentials::URI_PARAM("uri");
const std::string HTTPDigestCredentials::RESPONSE_PARAM("response");
const std::string HTTPDigestCredentials::AUTH_PARAM("auth");
const std::string HTTPDigestCredentials::CNONCE_PARAM("cnonce");
const std::string HTTPDigestCredentials::NC_PARAM("nc");
int HTTPDigestCredentials::_nonceCounter(0);
Poco::FastMutex HTTPDigestCredentials::_nonceMutex;
HTTPDigestCredentials::HTTPDigestCredentials()
{
}
HTTPDigestCredentials::HTTPDigestCredentials(const std::string& username, const std::string& password):
_username(username),
_password(password)
{
}
HTTPDigestCredentials::~HTTPDigestCredentials()
{
}
void HTTPDigestCredentials::setUsername(const std::string& username)
{
_username = username;
}
void HTTPDigestCredentials::setPassword(const std::string& password)
{
_password = password;
}
void HTTPDigestCredentials::authenticate(HTTPRequest& request, const HTTPResponse& response)
{
authenticate(request, HTTPAuthenticationParams(response));
}
void HTTPDigestCredentials::authenticate(HTTPRequest& request, const HTTPAuthenticationParams& responseAuthParams)
{
createAuthParams(request, responseAuthParams);
request.setCredentials(SCHEME, _requestAuthParams.toString());
}
void HTTPDigestCredentials::updateAuthInfo(HTTPRequest& request)
{
updateAuthParams(request);
request.setCredentials(SCHEME, _requestAuthParams.toString());
}
std::string HTTPDigestCredentials::createNonce()
{
Poco::FastMutex::ScopedLock lock(_nonceMutex);
MD5Engine md5;
Timestamp::TimeVal now = Timestamp().epochMicroseconds();
md5.update(&_nonceCounter, sizeof(_nonceCounter));
md5.update(&now, sizeof(now));
++_nonceCounter;
return DigestEngine::digestToHex(md5.digest());
}
void HTTPDigestCredentials::createAuthParams(const HTTPRequest& request, const HTTPAuthenticationParams& responseAuthParams)
{
// Not implemented: "domain" auth parameter and integrity protection.
if (!responseAuthParams.has(NONCE_PARAM) || !responseAuthParams.has(REALM_PARAM))
throw InvalidArgumentException("Invalid HTTP authentication parameters");
const std::string& algorithm = responseAuthParams.get(ALGORITHM_PARAM, DEFAULT_ALGORITHM);
if (icompare(algorithm, DEFAULT_ALGORITHM) != 0)
throw NotImplementedException("Unsupported digest algorithm", algorithm);
const std::string& nonce = responseAuthParams.get(NONCE_PARAM);
const std::string& qop = responseAuthParams.get(QOP_PARAM, DEFAULT_QOP);
const std::string& realm = responseAuthParams.getRealm();
_requestAuthParams.clear();
_requestAuthParams.set(USERNAME_PARAM, _username);
_requestAuthParams.set(URI_PARAM, request.getURI());
_requestAuthParams.set(NONCE_PARAM, nonce);
_requestAuthParams.setRealm(realm);
if (responseAuthParams.has(OPAQUE_PARAM))
{
_requestAuthParams.set(OPAQUE_PARAM, responseAuthParams.get(OPAQUE_PARAM));
}
if (qop.empty())
{
MD5Engine engine;
const std::string ha1 = digest(engine, _username, realm, _password);
const std::string ha2 = digest(engine, request.getMethod(), request.getURI());
_requestAuthParams.set(RESPONSE_PARAM, digest(engine, ha1, nonce, ha2));
}
else
{
Poco::StringTokenizer tok(qop, ",", Poco::StringTokenizer::TOK_TRIM);
bool qopSupported = false;
for (Poco::StringTokenizer::Iterator it = tok.begin(); it != tok.end(); ++it)
{
if (icompare(*it, AUTH_PARAM) == 0)
{
qopSupported = true;
_requestAuthParams.set(CNONCE_PARAM, createNonce());
_requestAuthParams.set(QOP_PARAM, *it);
updateAuthParams(request);
break;
}
}
if (!qopSupported)
NotImplementedException("Unsupported QoP requested", qop);
}
}
void HTTPDigestCredentials::updateAuthParams(const HTTPRequest& request)
{
const std::string& qop = _requestAuthParams.get(QOP_PARAM, DEFAULT_QOP);
if (icompare(qop, AUTH_PARAM) == 0)
{
MD5Engine engine;
const std::string& nonce = _requestAuthParams.get(NONCE_PARAM);
const std::string& realm = _requestAuthParams.getRealm();
const std::string& cnonce = _requestAuthParams.get(CNONCE_PARAM);
const std::string ha1 = digest(engine, _username, realm, _password);
const std::string ha2 = digest(engine, request.getMethod(), request.getURI());
const std::string nc = formatNonceCounter(updateNonceCounter(nonce));
_requestAuthParams.set(NC_PARAM, nc);
_requestAuthParams.set(RESPONSE_PARAM, digest(engine, ha1, nonce, nc, cnonce, qop, ha2));
}
}
bool HTTPDigestCredentials::verifyAuthInfo(const HTTPRequest& request) const
{
HTTPAuthenticationParams params(request);
return verifyAuthParams(request, params);
}
bool HTTPDigestCredentials::verifyAuthParams(const HTTPRequest& request, const HTTPAuthenticationParams& params) const
{
const std::string& nonce = params.get(NONCE_PARAM);
const std::string& realm = params.getRealm();
const std::string& qop = params.get(QOP_PARAM, DEFAULT_QOP);
std::string response;
MD5Engine engine;
if (qop.empty())
{
const std::string ha1 = digest(engine, _username, realm, _password);
const std::string ha2 = digest(engine, request.getMethod(), request.getURI());
response = digest(engine, ha1, nonce, ha2);
}
else if (icompare(qop, AUTH_PARAM) == 0)
{
const std::string& cnonce = params.get(CNONCE_PARAM);
const std::string& nc = params.get(NC_PARAM);
const std::string ha1 = digest(engine, _username, realm, _password);
const std::string ha2 = digest(engine, request.getMethod(), request.getURI());
response = digest(engine, ha1, nonce, nc, cnonce, qop, ha2);
}
return response == params.get(RESPONSE_PARAM);
}
int HTTPDigestCredentials::updateNonceCounter(const std::string& nonce)
{
NonceCounterMap::iterator iter = _nc.find(nonce);
if (iter == _nc.end())
{
iter = _nc.insert(NonceCounterMap::value_type(nonce, 0)).first;
}
iter->second++;
return iter->second;
}
} } // namespace Poco::Net