mirror of
https://github.com/pocoproject/poco.git
synced 2025-10-24 17:30:44 +02:00
backport changes from 1.4.3 branch
This commit is contained in:
123
Net/include/Poco/Net/HTTPAuthenticationParams.h
Normal file
123
Net/include/Poco/Net/HTTPAuthenticationParams.h
Normal file
@@ -0,0 +1,123 @@
|
|||||||
|
//
|
||||||
|
// HTTPAuthenticationParams.h
|
||||||
|
//
|
||||||
|
// $Id: //poco/1.4/Net/include/Poco/Net/HTTPAuthenticationParams.h#2 $
|
||||||
|
//
|
||||||
|
// Library: Net
|
||||||
|
// Package: HTTP
|
||||||
|
// Module: HTTPAuthenticationParams
|
||||||
|
//
|
||||||
|
// Definition of the HTTPAuthenticationParams class.
|
||||||
|
//
|
||||||
|
// Copyright (c) 2011, Anton V. Yabchinskiy (arn at bestmx dot ru).
|
||||||
|
// Copyright (c) 2012, Applied Informatics Software Engineering GmbH.
|
||||||
|
// and Contributors.
|
||||||
|
//
|
||||||
|
// Permission is hereby granted, free of charge, to any person or organization
|
||||||
|
// obtaining a copy of the software and accompanying documentation covered by
|
||||||
|
// this license (the "Software") to use, reproduce, display, distribute,
|
||||||
|
// execute, and transmit the Software, and to prepare derivative works of the
|
||||||
|
// Software, and to permit third-parties to whom the Software is furnished to
|
||||||
|
// do so, all subject to the following:
|
||||||
|
//
|
||||||
|
// The copyright notices in the Software and this entire statement, including
|
||||||
|
// the above license grant, this restriction and the following disclaimer,
|
||||||
|
// must be included in all copies of the Software, in whole or in part, and
|
||||||
|
// all derivative works of the Software, unless such copies or derivative
|
||||||
|
// works are solely in the form of machine-executable object code generated by
|
||||||
|
// a source language processor.
|
||||||
|
//
|
||||||
|
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||||
|
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||||
|
// FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT
|
||||||
|
// SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE
|
||||||
|
// FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,
|
||||||
|
// ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
|
||||||
|
// DEALINGS IN THE SOFTWARE.
|
||||||
|
//
|
||||||
|
|
||||||
|
|
||||||
|
#ifndef Net_HTTPAuthenticationParams_INCLUDED
|
||||||
|
#define Net_HTTPAuthenticationParams_INCLUDED
|
||||||
|
|
||||||
|
|
||||||
|
#include "Poco/Net/NameValueCollection.h"
|
||||||
|
|
||||||
|
|
||||||
|
namespace Poco {
|
||||||
|
namespace Net {
|
||||||
|
|
||||||
|
|
||||||
|
class HTTPRequest;
|
||||||
|
class HTTPResponse;
|
||||||
|
|
||||||
|
|
||||||
|
class Net_API HTTPAuthenticationParams: public NameValueCollection
|
||||||
|
/// Collection of name-value pairs of HTTP authentication header (i.e.
|
||||||
|
/// "realm", "qop", "nonce" in case of digest authentication header).
|
||||||
|
{
|
||||||
|
public:
|
||||||
|
HTTPAuthenticationParams();
|
||||||
|
/// Creates an empty authentication parameters collection.
|
||||||
|
|
||||||
|
explicit HTTPAuthenticationParams(const std::string& authInfo);
|
||||||
|
/// See fromAuthInfo() documentation.
|
||||||
|
|
||||||
|
explicit HTTPAuthenticationParams(const HTTPRequest& request);
|
||||||
|
/// See fromRequest() documentation.
|
||||||
|
|
||||||
|
explicit HTTPAuthenticationParams(const HTTPResponse& response);
|
||||||
|
/// See fromResponse() documentation.
|
||||||
|
|
||||||
|
virtual ~HTTPAuthenticationParams();
|
||||||
|
/// Destroys the HTTPAuthenticationParams.
|
||||||
|
|
||||||
|
HTTPAuthenticationParams& operator = (const HTTPAuthenticationParams& authParams);
|
||||||
|
/// Assigns the content of another HTTPAuthenticationParams.
|
||||||
|
|
||||||
|
void fromAuthInfo(const std::string& authInfo);
|
||||||
|
/// Creates an HTTPAuthenticationParams by parsing authentication
|
||||||
|
/// information.
|
||||||
|
|
||||||
|
void fromRequest(const HTTPRequest& request);
|
||||||
|
/// Extracts authentication information from the request and creates
|
||||||
|
/// HTTPAuthenticationParams by parsing it.
|
||||||
|
///
|
||||||
|
/// Throws a NotAuthenticatedException if no authentication
|
||||||
|
/// information is contained in request.
|
||||||
|
/// Throws a InvalidArgumentException if authentication scheme is
|
||||||
|
/// unknown or invalid.
|
||||||
|
|
||||||
|
void fromResponse(const HTTPResponse& response);
|
||||||
|
/// Extracts authentication information from the response and creates
|
||||||
|
/// HTTPAuthenticationParams by parsing it.
|
||||||
|
///
|
||||||
|
/// Throws a NotAuthenticatedException if no authentication
|
||||||
|
/// information is contained in response.
|
||||||
|
/// Throws a InvalidArgumentException if authentication scheme is
|
||||||
|
/// unknown or invalid.
|
||||||
|
|
||||||
|
void setRealm(const std::string& realm);
|
||||||
|
/// Sets the "realm" parameter to the provided string.
|
||||||
|
|
||||||
|
const std::string& getRealm() const;
|
||||||
|
/// Returns value of the "realm" parameter.
|
||||||
|
///
|
||||||
|
/// Throws NotFoundException is there is no "realm" set in the
|
||||||
|
/// HTTPAuthenticationParams.
|
||||||
|
|
||||||
|
std::string toString() const;
|
||||||
|
/// Formats the HTTPAuthenticationParams for inclusion in HTTP
|
||||||
|
/// request or response authentication header.
|
||||||
|
|
||||||
|
static const std::string REALM;
|
||||||
|
|
||||||
|
private:
|
||||||
|
void parse(std::string::const_iterator first, std::string::const_iterator last);
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
} } // namespace Poco::Net
|
||||||
|
|
||||||
|
|
||||||
|
#endif // Net_HTTPAuthenticationParams_INCLUDED
|
179
Net/include/Poco/Net/HTTPCredentials.h
Normal file
179
Net/include/Poco/Net/HTTPCredentials.h
Normal file
@@ -0,0 +1,179 @@
|
|||||||
|
//
|
||||||
|
// HTTPCredentials.h
|
||||||
|
//
|
||||||
|
// $Id: //poco/1.4/Net/include/Poco/Net/HTTPCredentials.h#2 $
|
||||||
|
//
|
||||||
|
// Library: Net
|
||||||
|
// Package: HTTP
|
||||||
|
// Module: HTTPCredentials
|
||||||
|
//
|
||||||
|
// Definition of the HTTPCredentials class.
|
||||||
|
//
|
||||||
|
// Copyright (c) 2011, Anton V. Yabchinskiy (arn at bestmx dot ru).
|
||||||
|
// Copyright (c) 2012, Applied Informatics Software Engineering GmbH.
|
||||||
|
// and Contributors.
|
||||||
|
//
|
||||||
|
// Permission is hereby granted, free of charge, to any person or organization
|
||||||
|
// obtaining a copy of the software and accompanying documentation covered by
|
||||||
|
// this license (the "Software") to use, reproduce, display, distribute,
|
||||||
|
// execute, and transmit the Software, and to prepare derivative works of the
|
||||||
|
// Software, and to permit third-parties to whom the Software is furnished to
|
||||||
|
// do so, all subject to the following:
|
||||||
|
//
|
||||||
|
// The copyright notices in the Software and this entire statement, including
|
||||||
|
// the above license grant, this restriction and the following disclaimer,
|
||||||
|
// must be included in all copies of the Software, in whole or in part, and
|
||||||
|
// all derivative works of the Software, unless such copies or derivative
|
||||||
|
// works are solely in the form of machine-executable object code generated by
|
||||||
|
// a source language processor.
|
||||||
|
//
|
||||||
|
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||||
|
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||||
|
// FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT
|
||||||
|
// SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE
|
||||||
|
// FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,
|
||||||
|
// ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
|
||||||
|
// DEALINGS IN THE SOFTWARE.
|
||||||
|
//
|
||||||
|
|
||||||
|
|
||||||
|
#ifndef Net_HTTPCredentials_INCLUDED
|
||||||
|
#define Net_HTTPCredentials_INCLUDED
|
||||||
|
|
||||||
|
|
||||||
|
#include "Poco/Net/HTTPDigestCredentials.h"
|
||||||
|
|
||||||
|
|
||||||
|
namespace Poco {
|
||||||
|
|
||||||
|
|
||||||
|
class URI;
|
||||||
|
|
||||||
|
|
||||||
|
namespace Net {
|
||||||
|
|
||||||
|
|
||||||
|
class HTTPRequest;
|
||||||
|
class HTTPResponse;
|
||||||
|
|
||||||
|
|
||||||
|
class Net_API HTTPCredentials
|
||||||
|
/// This is a utility class for working with HTTP
|
||||||
|
/// authentication (basic or digest) in HTTPRequest objects.
|
||||||
|
///
|
||||||
|
/// Usage is as follows:
|
||||||
|
/// First, create a HTTPCredentials object containing
|
||||||
|
/// the username and password.
|
||||||
|
/// Poco::Net::HTTPCredentials creds("user", "s3cr3t");
|
||||||
|
///
|
||||||
|
/// Second, send the HTTP request with Poco::Net::HTTPClientSession.
|
||||||
|
/// Poco::Net::HTTPClientSession session("pocoproject.org");
|
||||||
|
/// Poco::Net::HTTPRequest request(HTTPRequest::HTTP_GET, "/index.html", HTTPMessage::HTTP_1_1);
|
||||||
|
/// session.sendRequest(request);
|
||||||
|
/// Poco::Net::HTTPResponse;
|
||||||
|
/// std::istream& istr = session.receiveResponse(response);
|
||||||
|
///
|
||||||
|
/// If the server responds with a 401 status, authenticate the
|
||||||
|
/// request and resend it:
|
||||||
|
/// if (response.getStatus() == Poco::Net::HTTPResponse::HTTP_UNAUTHORIZED)
|
||||||
|
/// {
|
||||||
|
/// creds.authenticate(request, response);
|
||||||
|
/// session.sendRequest(request);
|
||||||
|
/// ...
|
||||||
|
/// }
|
||||||
|
///
|
||||||
|
/// To perform multiple authenticated requests, call updateAuthInfo()
|
||||||
|
/// instead of authenticate() on subsequent requests.
|
||||||
|
/// creds.updateAuthInfo(request);
|
||||||
|
/// session.sendRequest(request);
|
||||||
|
/// ...
|
||||||
|
///
|
||||||
|
/// Note: Do not forget to read the entire response stream from the 401 response
|
||||||
|
/// before sending the authenticated request, otherwise there may be
|
||||||
|
/// problems if a persistent connection is used.
|
||||||
|
{
|
||||||
|
public:
|
||||||
|
HTTPCredentials();
|
||||||
|
/// Creates an empty HTTPCredentials object.
|
||||||
|
|
||||||
|
HTTPCredentials(const std::string& username, const std::string& password);
|
||||||
|
/// Creates an HTTPCredentials object with the given username and password.
|
||||||
|
|
||||||
|
~HTTPCredentials();
|
||||||
|
/// Destroys the HTTPCredentials.
|
||||||
|
|
||||||
|
void setUsername(const std::string& username);
|
||||||
|
/// Sets the username.
|
||||||
|
|
||||||
|
const std::string& getUsername() const;
|
||||||
|
/// Returns the username.
|
||||||
|
|
||||||
|
void setPassword(const std::string& password);
|
||||||
|
/// Sets the password.
|
||||||
|
|
||||||
|
const std::string& getPassword() const;
|
||||||
|
/// Returns the password.
|
||||||
|
|
||||||
|
void authenticate(HTTPRequest& request, const HTTPResponse& response);
|
||||||
|
/// Inspects authenticate header of the response, initializes
|
||||||
|
/// the internal state (in case of digest authentication) and
|
||||||
|
/// adds required information to the given HTTPRequest.
|
||||||
|
///
|
||||||
|
/// Does nothing if there is no authentication header in the
|
||||||
|
/// HTTPResponse.
|
||||||
|
|
||||||
|
void updateAuthInfo(HTTPRequest& request);
|
||||||
|
/// Updates internal state (in case of digest authentication) and
|
||||||
|
/// replaces authentication information in the request accordingly.
|
||||||
|
|
||||||
|
static bool isBasicCredentials(const std::string& header);
|
||||||
|
/// Returns true if authentication header is for Basic authentication.
|
||||||
|
|
||||||
|
static bool isDigestCredentials(const std::string& header);
|
||||||
|
/// Returns true if authentication header is for Digest authentication.
|
||||||
|
|
||||||
|
static void extractCredentials(const std::string& userInfo, std::string& username, std::string& password);
|
||||||
|
/// Extracts username and password from user:password information string.
|
||||||
|
|
||||||
|
static void extractCredentials(const Poco::URI& uri, std::string& username, std::string& password);
|
||||||
|
/// Extracts username and password from the given URI (e.g.: "http://user:pass@sample.com/secret").
|
||||||
|
|
||||||
|
private:
|
||||||
|
HTTPCredentials(const HTTPCredentials&);
|
||||||
|
HTTPCredentials& operator = (const HTTPCredentials&);
|
||||||
|
|
||||||
|
HTTPDigestCredentials _digest;
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
//
|
||||||
|
// inlines
|
||||||
|
//
|
||||||
|
inline void HTTPCredentials::setUsername(const std::string& username)
|
||||||
|
{
|
||||||
|
_digest.setUsername(username);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
inline const std::string& HTTPCredentials::getUsername() const
|
||||||
|
{
|
||||||
|
return _digest.getUsername();
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
inline void HTTPCredentials::setPassword(const std::string& password)
|
||||||
|
{
|
||||||
|
_digest.setPassword(password);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
inline const std::string& HTTPCredentials::getPassword() const
|
||||||
|
{
|
||||||
|
return _digest.getPassword();
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
} } // namespace Poco::Net
|
||||||
|
|
||||||
|
|
||||||
|
#endif // Net_HTTPCredentials_INCLUDED
|
174
Net/include/Poco/Net/HTTPDigestCredentials.h
Normal file
174
Net/include/Poco/Net/HTTPDigestCredentials.h
Normal file
@@ -0,0 +1,174 @@
|
|||||||
|
//
|
||||||
|
// HTTPDigestCredentials.h
|
||||||
|
//
|
||||||
|
// $Id: //poco/1.4/Net/include/Poco/Net/HTTPDigestCredentials.h#2 $
|
||||||
|
//
|
||||||
|
// Library: Net
|
||||||
|
// Package: HTTP
|
||||||
|
// Module: HTTPDigestCredentials
|
||||||
|
//
|
||||||
|
// Definition of the HTTPDigestCredentials class.
|
||||||
|
//
|
||||||
|
// Copyright (c) 2011, Anton V. Yabchinskiy (arn at bestmx dot ru).
|
||||||
|
// Copyright (c) 2012, Applied Informatics Software Engineering GmbH.
|
||||||
|
// and Contributors.
|
||||||
|
//
|
||||||
|
// Permission is hereby granted, free of charge, to any person or organization
|
||||||
|
// obtaining a copy of the software and accompanying documentation covered by
|
||||||
|
// this license (the "Software") to use, reproduce, display, distribute,
|
||||||
|
// execute, and transmit the Software, and to prepare derivative works of the
|
||||||
|
// Software, and to permit third-parties to whom the Software is furnished to
|
||||||
|
// do so, all subject to the following:
|
||||||
|
//
|
||||||
|
// The copyright notices in the Software and this entire statement, including
|
||||||
|
// the above license grant, this restriction and the following disclaimer,
|
||||||
|
// must be included in all copies of the Software, in whole or in part, and
|
||||||
|
// all derivative works of the Software, unless such copies or derivative
|
||||||
|
// works are solely in the form of machine-executable object code generated by
|
||||||
|
// a source language processor.
|
||||||
|
//
|
||||||
|
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||||
|
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||||
|
// FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT
|
||||||
|
// SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE
|
||||||
|
// FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,
|
||||||
|
// ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
|
||||||
|
// DEALINGS IN THE SOFTWARE.
|
||||||
|
//
|
||||||
|
|
||||||
|
|
||||||
|
#ifndef Net_HTTPDigestCredentials_INCLUDED
|
||||||
|
#define Net_HTTPDigestCredentials_INCLUDED
|
||||||
|
|
||||||
|
|
||||||
|
#include "Poco/Net/HTTPAuthenticationParams.h"
|
||||||
|
#include "Poco/Mutex.h"
|
||||||
|
#include <map>
|
||||||
|
|
||||||
|
|
||||||
|
namespace Poco {
|
||||||
|
namespace Net {
|
||||||
|
|
||||||
|
|
||||||
|
class HTTPRequest;
|
||||||
|
class HTTPResponse;
|
||||||
|
|
||||||
|
|
||||||
|
class Net_API HTTPDigestCredentials
|
||||||
|
/// This is a utility class for working with
|
||||||
|
/// HTTP Digest Authentication in HTTPRequest
|
||||||
|
/// objects.
|
||||||
|
///
|
||||||
|
/// Note: currently, no qop or qop=auth is
|
||||||
|
/// supported only.
|
||||||
|
{
|
||||||
|
public:
|
||||||
|
HTTPDigestCredentials();
|
||||||
|
/// Creates an empty HTTPDigestCredentials object.
|
||||||
|
|
||||||
|
HTTPDigestCredentials(const std::string& username, const std::string& password);
|
||||||
|
/// Creates a HTTPDigestCredentials object with the given username and password.
|
||||||
|
|
||||||
|
~HTTPDigestCredentials();
|
||||||
|
/// Destroys the HTTPDigestCredentials.
|
||||||
|
|
||||||
|
void setUsername(const std::string& username);
|
||||||
|
/// Sets the username.
|
||||||
|
|
||||||
|
const std::string& getUsername() const;
|
||||||
|
/// Returns the username.
|
||||||
|
|
||||||
|
void setPassword(const std::string& password);
|
||||||
|
/// Sets the password.
|
||||||
|
|
||||||
|
const std::string& getPassword() const;
|
||||||
|
/// Returns the password.
|
||||||
|
|
||||||
|
void authenticate(HTTPRequest& request, const HTTPResponse& response);
|
||||||
|
/// Parses authentication header of the HTTPResponse, initializes
|
||||||
|
/// internal state, and adds authentication information to the given HTTPRequest.
|
||||||
|
|
||||||
|
void authenticate(HTTPRequest& request, const HTTPAuthenticationParams& responseAuthParams);
|
||||||
|
/// Initializes internal state according to information from the
|
||||||
|
/// HTTPAuthenticationParams of the response, and adds authentication
|
||||||
|
/// information to the given HTTPRequest.
|
||||||
|
///
|
||||||
|
/// Throws InvalidArgumentException if HTTPAuthenticationParams is
|
||||||
|
/// invalid or some required parameter is missing.
|
||||||
|
/// Throws NotImplementedException in case of unsupported digest
|
||||||
|
/// algorithm or quality of protection method.
|
||||||
|
|
||||||
|
void updateAuthInfo(HTTPRequest& request);
|
||||||
|
/// Updates internal state and adds authentication information to
|
||||||
|
/// the given HTTPRequest.
|
||||||
|
|
||||||
|
bool verifyAuthInfo(const HTTPRequest& request) const;
|
||||||
|
/// Verifies the digest authentication information in the given HTTPRequest
|
||||||
|
/// by recomputing the response and comparing it with what's in the request.
|
||||||
|
///
|
||||||
|
/// Note: This method creates a HTTPAuthenticationParams object from the request
|
||||||
|
/// and calls verifyAuthParams() with request and params.
|
||||||
|
|
||||||
|
bool verifyAuthParams(const HTTPRequest& request, const HTTPAuthenticationParams& params) const;
|
||||||
|
/// Verifies the digest authentication information in the given HTTPRequest
|
||||||
|
/// and HTTPAuthenticationParams by recomputing the response and comparing
|
||||||
|
/// it with what's in the request.
|
||||||
|
|
||||||
|
static std::string createNonce();
|
||||||
|
/// Creates a random nonce string.
|
||||||
|
|
||||||
|
static const std::string SCHEME;
|
||||||
|
|
||||||
|
private:
|
||||||
|
HTTPDigestCredentials(const HTTPDigestCredentials&);
|
||||||
|
HTTPDigestCredentials& operator = (const HTTPDigestCredentials&);
|
||||||
|
|
||||||
|
void createAuthParams(const HTTPRequest& request, const HTTPAuthenticationParams& responseAuthParams);
|
||||||
|
void updateAuthParams(const HTTPRequest& request);
|
||||||
|
int updateNonceCounter(const std::string& nonce);
|
||||||
|
|
||||||
|
static const std::string DEFAULT_ALGORITHM;
|
||||||
|
static const std::string DEFAULT_QOP;
|
||||||
|
static const std::string NONCE_PARAM;
|
||||||
|
static const std::string REALM_PARAM;
|
||||||
|
static const std::string QOP_PARAM;
|
||||||
|
static const std::string ALGORITHM_PARAM;
|
||||||
|
static const std::string USERNAME_PARAM;
|
||||||
|
static const std::string OPAQUE_PARAM;
|
||||||
|
static const std::string URI_PARAM;
|
||||||
|
static const std::string RESPONSE_PARAM;
|
||||||
|
static const std::string AUTH_PARAM;
|
||||||
|
static const std::string CNONCE_PARAM;
|
||||||
|
static const std::string NC_PARAM;
|
||||||
|
|
||||||
|
typedef std::map<std::string, int> NonceCounterMap;
|
||||||
|
|
||||||
|
std::string _username;
|
||||||
|
std::string _password;
|
||||||
|
HTTPAuthenticationParams _requestAuthParams;
|
||||||
|
NonceCounterMap _nc;
|
||||||
|
|
||||||
|
static int _nonceCounter;
|
||||||
|
static Poco::FastMutex _nonceMutex;
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
//
|
||||||
|
// inlines
|
||||||
|
//
|
||||||
|
inline const std::string& HTTPDigestCredentials::getUsername() const
|
||||||
|
{
|
||||||
|
return _username;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
inline const std::string& HTTPDigestCredentials::getPassword() const
|
||||||
|
{
|
||||||
|
return _password;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
} } // namespace Poco::Net
|
||||||
|
|
||||||
|
|
||||||
|
#endif // Net_HTTPDigestCredentials_INCLUDED
|
326
Net/src/HTTPAuthenticationParams.cpp
Normal file
326
Net/src/HTTPAuthenticationParams.cpp
Normal file
@@ -0,0 +1,326 @@
|
|||||||
|
//
|
||||||
|
// HTTPAuthenticationParams.cpp
|
||||||
|
//
|
||||||
|
// $Id: //poco/1.4/Net/src/HTTPAuthenticationParams.cpp#1 $
|
||||||
|
//
|
||||||
|
// Library: Net
|
||||||
|
// Package: HTTP
|
||||||
|
// Module: HTTPAuthenticationParams
|
||||||
|
//
|
||||||
|
// Copyright (c) 2011, Anton V. Yabchinskiy (arn at bestmx dot ru).
|
||||||
|
// Copyright (c) 2012, Applied Informatics Software Engineering GmbH.
|
||||||
|
// and Contributors.
|
||||||
|
//
|
||||||
|
// Permission is hereby granted, free of charge, to any person or organization
|
||||||
|
// obtaining a copy of the software and accompanying documentation covered by
|
||||||
|
// this license (the "Software") to use, reproduce, display, distribute,
|
||||||
|
// execute, and transmit the Software, and to prepare derivative works of the
|
||||||
|
// Software, and to permit third-parties to whom the Software is furnished to
|
||||||
|
// do so, all subject to the following:
|
||||||
|
//
|
||||||
|
// The copyright notices in the Software and this entire statement, including
|
||||||
|
// the above license grant, this restriction and the following disclaimer,
|
||||||
|
// must be included in all copies of the Software, in whole or in part, and
|
||||||
|
// all derivative works of the Software, unless such copies or derivative
|
||||||
|
// works are solely in the form of machine-executable object code generated by
|
||||||
|
// a source language processor.
|
||||||
|
//
|
||||||
|
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||||
|
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||||
|
// FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT
|
||||||
|
// SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE
|
||||||
|
// FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,
|
||||||
|
// ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
|
||||||
|
// DEALINGS IN THE SOFTWARE.
|
||||||
|
//
|
||||||
|
|
||||||
|
|
||||||
|
#include "Poco/Exception.h"
|
||||||
|
#include "Poco/Net/HTTPAuthenticationParams.h"
|
||||||
|
#include "Poco/Net/HTTPRequest.h"
|
||||||
|
#include "Poco/Net/HTTPResponse.h"
|
||||||
|
#include "Poco/Net/NetException.h"
|
||||||
|
#include "Poco/String.h"
|
||||||
|
#include "Poco/Ascii.h"
|
||||||
|
|
||||||
|
|
||||||
|
using Poco::icompare;
|
||||||
|
using Poco::Ascii;
|
||||||
|
|
||||||
|
|
||||||
|
namespace
|
||||||
|
{
|
||||||
|
bool mustBeQuoted(const std::string& name)
|
||||||
|
{
|
||||||
|
return
|
||||||
|
icompare(name, "cnonce") == 0 ||
|
||||||
|
icompare(name, "domain") == 0 ||
|
||||||
|
icompare(name, "nonce") == 0 ||
|
||||||
|
icompare(name, "opaque") == 0 ||
|
||||||
|
icompare(name, "qop") == 0 ||
|
||||||
|
icompare(name, "realm") == 0 ||
|
||||||
|
icompare(name, "response") == 0 ||
|
||||||
|
icompare(name, "uri") == 0 ||
|
||||||
|
icompare(name, "username") == 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
void formatParameter(std::string& result, const std::string& name, const std::string& value)
|
||||||
|
{
|
||||||
|
result += name;
|
||||||
|
result += '=';
|
||||||
|
if (mustBeQuoted(name))
|
||||||
|
{
|
||||||
|
result += '"';
|
||||||
|
result += value;
|
||||||
|
result += '"';
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
result += value;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
namespace Poco {
|
||||||
|
namespace Net {
|
||||||
|
|
||||||
|
|
||||||
|
const std::string HTTPAuthenticationParams::REALM("realm");
|
||||||
|
|
||||||
|
|
||||||
|
HTTPAuthenticationParams::HTTPAuthenticationParams()
|
||||||
|
{
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
HTTPAuthenticationParams::HTTPAuthenticationParams(const std::string& authInfo)
|
||||||
|
{
|
||||||
|
fromAuthInfo(authInfo);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
HTTPAuthenticationParams::HTTPAuthenticationParams(const HTTPRequest& request)
|
||||||
|
{
|
||||||
|
fromRequest(request);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
HTTPAuthenticationParams::HTTPAuthenticationParams(const HTTPResponse& response)
|
||||||
|
{
|
||||||
|
fromResponse(response);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
HTTPAuthenticationParams::~HTTPAuthenticationParams()
|
||||||
|
{
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
HTTPAuthenticationParams& HTTPAuthenticationParams::operator = (const HTTPAuthenticationParams& authParams)
|
||||||
|
{
|
||||||
|
NameValueCollection::operator = (authParams);
|
||||||
|
|
||||||
|
return *this;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
void HTTPAuthenticationParams::fromAuthInfo(const std::string& authInfo)
|
||||||
|
{
|
||||||
|
parse(authInfo.begin(), authInfo.end());
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
void HTTPAuthenticationParams::fromRequest(const HTTPRequest& request)
|
||||||
|
{
|
||||||
|
std::string scheme;
|
||||||
|
std::string authInfo;
|
||||||
|
|
||||||
|
request.getCredentials(scheme, authInfo);
|
||||||
|
|
||||||
|
if (icompare(scheme, "Digest") != 0)
|
||||||
|
throw InvalidArgumentException("Could not parse non-Digest authentication information", scheme);
|
||||||
|
|
||||||
|
fromAuthInfo(authInfo);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
void HTTPAuthenticationParams::fromResponse(const HTTPResponse& response)
|
||||||
|
{
|
||||||
|
if (!response.has("WWW-Authenticate"))
|
||||||
|
throw NotAuthenticatedException("HTTP response has no authentication header");
|
||||||
|
|
||||||
|
const std::string& header = response.get("WWW-Authenticate");
|
||||||
|
|
||||||
|
if (icompare(header, 0, 6, "Basic ") == 0)
|
||||||
|
{
|
||||||
|
parse(header.begin() + 6, header.end());
|
||||||
|
}
|
||||||
|
else if (icompare(header, 0, 7, "Digest ") == 0)
|
||||||
|
{
|
||||||
|
parse(header.begin() + 7, header.end());
|
||||||
|
}
|
||||||
|
else throw InvalidArgumentException("Invalid authentication scheme", header);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
const std::string& HTTPAuthenticationParams::getRealm() const
|
||||||
|
{
|
||||||
|
return get(REALM);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
void HTTPAuthenticationParams::setRealm(const std::string& realm)
|
||||||
|
{
|
||||||
|
set(REALM, realm);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
std::string HTTPAuthenticationParams::toString() const
|
||||||
|
{
|
||||||
|
ConstIterator iter = begin();
|
||||||
|
std::string result;
|
||||||
|
|
||||||
|
if (iter != end())
|
||||||
|
{
|
||||||
|
formatParameter(result, iter->first, iter->second);
|
||||||
|
++iter;
|
||||||
|
}
|
||||||
|
|
||||||
|
for (; iter != end(); ++iter)
|
||||||
|
{
|
||||||
|
result.append(", ");
|
||||||
|
formatParameter(result, iter->first, iter->second);
|
||||||
|
}
|
||||||
|
|
||||||
|
return result;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
void HTTPAuthenticationParams::parse(std::string::const_iterator first, std::string::const_iterator last)
|
||||||
|
{
|
||||||
|
enum State
|
||||||
|
{
|
||||||
|
STATE_INITIAL = 0x0100,
|
||||||
|
STATE_FINAL = 0x0200,
|
||||||
|
|
||||||
|
STATE_SPACE = STATE_INITIAL | 0,
|
||||||
|
STATE_TOKEN = 1,
|
||||||
|
STATE_EQUALS = 2,
|
||||||
|
STATE_VALUE = STATE_FINAL | 3,
|
||||||
|
STATE_VALUE_QUOTED = 4,
|
||||||
|
STATE_VALUE_ESCAPE = 5,
|
||||||
|
STATE_COMMA = STATE_FINAL | 6
|
||||||
|
};
|
||||||
|
|
||||||
|
int state = STATE_SPACE;
|
||||||
|
std::string token;
|
||||||
|
std::string value;
|
||||||
|
|
||||||
|
for (std::string::const_iterator it = first; it != last; ++it)
|
||||||
|
{
|
||||||
|
switch (state)
|
||||||
|
{
|
||||||
|
case STATE_SPACE:
|
||||||
|
if (Ascii::isAlphaNumeric(*it))
|
||||||
|
{
|
||||||
|
token += *it;
|
||||||
|
state = STATE_TOKEN;
|
||||||
|
}
|
||||||
|
else if (Ascii::isSpace(*it))
|
||||||
|
{
|
||||||
|
// Skip
|
||||||
|
}
|
||||||
|
else throw SyntaxException("Invalid authentication information");
|
||||||
|
break;
|
||||||
|
|
||||||
|
case STATE_TOKEN:
|
||||||
|
if (*it == '=')
|
||||||
|
{
|
||||||
|
state = STATE_EQUALS;
|
||||||
|
}
|
||||||
|
else if (Ascii::isAlphaNumeric(*it))
|
||||||
|
{
|
||||||
|
token += *it;
|
||||||
|
}
|
||||||
|
else throw SyntaxException("Invalid authentication information");
|
||||||
|
break;
|
||||||
|
|
||||||
|
case STATE_EQUALS:
|
||||||
|
if (Ascii::isAlphaNumeric(*it))
|
||||||
|
{
|
||||||
|
value += *it;
|
||||||
|
state = STATE_VALUE;
|
||||||
|
}
|
||||||
|
else if (*it == '"')
|
||||||
|
{
|
||||||
|
state = STATE_VALUE_QUOTED;
|
||||||
|
}
|
||||||
|
else throw SyntaxException("Invalid authentication information");
|
||||||
|
break;
|
||||||
|
|
||||||
|
case STATE_VALUE_QUOTED:
|
||||||
|
if (*it == '\\')
|
||||||
|
{
|
||||||
|
state = STATE_VALUE_ESCAPE;
|
||||||
|
}
|
||||||
|
else if (*it == '"')
|
||||||
|
{
|
||||||
|
add(token, value);
|
||||||
|
token.clear();
|
||||||
|
value.clear();
|
||||||
|
state = STATE_COMMA;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
value += *it;
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
|
||||||
|
case STATE_VALUE_ESCAPE:
|
||||||
|
value += *it;
|
||||||
|
state = STATE_VALUE_QUOTED;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case STATE_VALUE:
|
||||||
|
if (Ascii::isSpace(*it))
|
||||||
|
{
|
||||||
|
add(token, value);
|
||||||
|
token.clear();
|
||||||
|
value.clear();
|
||||||
|
state = STATE_COMMA;
|
||||||
|
}
|
||||||
|
else if (*it == ',')
|
||||||
|
{
|
||||||
|
add(token, value);
|
||||||
|
token.clear();
|
||||||
|
value.clear();
|
||||||
|
state = STATE_SPACE;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
value += *it;
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
|
||||||
|
case STATE_COMMA:
|
||||||
|
if (*it == ',')
|
||||||
|
{
|
||||||
|
state = STATE_SPACE;
|
||||||
|
}
|
||||||
|
else if (Ascii::isSpace(*it))
|
||||||
|
{
|
||||||
|
// Skip
|
||||||
|
}
|
||||||
|
else throw SyntaxException("Invalid authentication information");
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!(state & STATE_FINAL))
|
||||||
|
throw SyntaxException("Invalid authentication information");
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
} } // namespace Poco::Net
|
145
Net/src/HTTPCredentials.cpp
Normal file
145
Net/src/HTTPCredentials.cpp
Normal file
@@ -0,0 +1,145 @@
|
|||||||
|
//
|
||||||
|
// HTTPCredentials.cpp
|
||||||
|
//
|
||||||
|
// $Id: //poco/1.4/Net/src/HTTPCredentials.cpp#1 $
|
||||||
|
//
|
||||||
|
// Library: Net
|
||||||
|
// Package: HTTP
|
||||||
|
// Module: HTTPCredentials
|
||||||
|
//
|
||||||
|
// Copyright (c) 2011, Anton V. Yabchinskiy (arn at bestmx dot ru).
|
||||||
|
// Copyright (c) 2012, Applied Informatics Software Engineering GmbH.
|
||||||
|
// and Contributors.
|
||||||
|
//
|
||||||
|
// Permission is hereby granted, free of charge, to any person or organization
|
||||||
|
// obtaining a copy of the software and accompanying documentation covered by
|
||||||
|
// this license (the "Software") to use, reproduce, display, distribute,
|
||||||
|
// execute, and transmit the Software, and to prepare derivative works of the
|
||||||
|
// Software, and to permit third-parties to whom the Software is furnished to
|
||||||
|
// do so, all subject to the following:
|
||||||
|
//
|
||||||
|
// The copyright notices in the Software and this entire statement, including
|
||||||
|
// the above license grant, this restriction and the following disclaimer,
|
||||||
|
// must be included in all copies of the Software, in whole or in part, and
|
||||||
|
// all derivative works of the Software, unless such copies or derivative
|
||||||
|
// works are solely in the form of machine-executable object code generated by
|
||||||
|
// a source language processor.
|
||||||
|
//
|
||||||
|
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||||
|
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||||
|
// FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT
|
||||||
|
// SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE
|
||||||
|
// FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,
|
||||||
|
// ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
|
||||||
|
// DEALINGS IN THE SOFTWARE.
|
||||||
|
//
|
||||||
|
|
||||||
|
|
||||||
|
#include "Poco/Net/HTTPAuthenticationParams.h"
|
||||||
|
#include "Poco/Net/HTTPBasicCredentials.h"
|
||||||
|
#include "Poco/Net/HTTPCredentials.h"
|
||||||
|
#include "Poco/Net/HTTPRequest.h"
|
||||||
|
#include "Poco/Net/HTTPResponse.h"
|
||||||
|
#include "Poco/Net/NetException.h"
|
||||||
|
#include "Poco/String.h"
|
||||||
|
#include "Poco/URI.h"
|
||||||
|
|
||||||
|
|
||||||
|
using Poco::icompare;
|
||||||
|
|
||||||
|
|
||||||
|
namespace Poco {
|
||||||
|
namespace Net {
|
||||||
|
|
||||||
|
|
||||||
|
HTTPCredentials::HTTPCredentials()
|
||||||
|
{
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
HTTPCredentials::HTTPCredentials(const std::string& username, const std::string& password):
|
||||||
|
_digest(username, password)
|
||||||
|
{
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
HTTPCredentials::~HTTPCredentials()
|
||||||
|
{
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
void HTTPCredentials::authenticate(HTTPRequest& request, const HTTPResponse& response)
|
||||||
|
{
|
||||||
|
for (HTTPResponse::ConstIterator iter = response.find("WWW-Authenticate"); iter != response.end(); ++iter)
|
||||||
|
{
|
||||||
|
if (isBasicCredentials(iter->second))
|
||||||
|
{
|
||||||
|
HTTPBasicCredentials(_digest.getUsername(), _digest.getPassword()).authenticate(request);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
else if (isDigestCredentials(iter->second))
|
||||||
|
{
|
||||||
|
_digest.authenticate(request, HTTPAuthenticationParams(iter->second.substr(7)));
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
void HTTPCredentials::updateAuthInfo(HTTPRequest& request)
|
||||||
|
{
|
||||||
|
if (request.has("Authorization"))
|
||||||
|
{
|
||||||
|
const std::string& authorization = request.get("Authorization");
|
||||||
|
|
||||||
|
if (isBasicCredentials(authorization))
|
||||||
|
{
|
||||||
|
HTTPBasicCredentials(_digest.getUsername(), _digest.getPassword()).authenticate(request);
|
||||||
|
}
|
||||||
|
else if (isDigestCredentials(authorization))
|
||||||
|
{
|
||||||
|
_digest.updateAuthInfo(request);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
bool HTTPCredentials::isBasicCredentials(const std::string& header)
|
||||||
|
{
|
||||||
|
return icompare(header, 0, 6, "Basic ") == 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
bool HTTPCredentials::isDigestCredentials(const std::string& header)
|
||||||
|
{
|
||||||
|
return icompare(header, 0, 7, "Digest ") == 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
void HTTPCredentials::extractCredentials(const std::string& userInfo, std::string& username, std::string& password)
|
||||||
|
{
|
||||||
|
const std::string::size_type p = userInfo.find(':');
|
||||||
|
|
||||||
|
if (p != std::string::npos)
|
||||||
|
{
|
||||||
|
username.assign(userInfo, 0, p);
|
||||||
|
password.assign(userInfo, p + 1, std::string::npos);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
username.assign(userInfo);
|
||||||
|
password.clear();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
void HTTPCredentials::extractCredentials(const Poco::URI& uri, std::string& username, std::string& password)
|
||||||
|
{
|
||||||
|
if (!uri.getUserInfo().empty())
|
||||||
|
{
|
||||||
|
extractCredentials(uri.getUserInfo(), username, password);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
} } // namespace Poco::Net
|
298
Net/src/HTTPDigestCredentials.cpp
Normal file
298
Net/src/HTTPDigestCredentials.cpp
Normal file
@@ -0,0 +1,298 @@
|
|||||||
|
//
|
||||||
|
// HTTPDigestCredentials.cpp
|
||||||
|
//
|
||||||
|
// $Id: //poco/1.4/Net/src/HTTPDigestCredentials.cpp#2 $
|
||||||
|
//
|
||||||
|
// Library: Net
|
||||||
|
// Package: HTTP
|
||||||
|
// Module: HTTPDigestCredentials
|
||||||
|
//
|
||||||
|
// Copyright (c) 2011, Anton V. Yabchinskiy (arn at bestmx dot ru).
|
||||||
|
// Copyright (c) 2012, Applied Informatics Software Engineering GmbH.
|
||||||
|
// and Contributors.
|
||||||
|
//
|
||||||
|
// Permission is hereby granted, free of charge, to any person or organization
|
||||||
|
// obtaining a copy of the software and accompanying documentation covered by
|
||||||
|
// this license (the "Software") to use, reproduce, display, distribute,
|
||||||
|
// execute, and transmit the Software, and to prepare derivative works of the
|
||||||
|
// Software, and to permit third-parties to whom the Software is furnished to
|
||||||
|
// do so, all subject to the following:
|
||||||
|
//
|
||||||
|
// The copyright notices in the Software and this entire statement, including
|
||||||
|
// the above license grant, this restriction and the following disclaimer,
|
||||||
|
// must be included in all copies of the Software, in whole or in part, and
|
||||||
|
// all derivative works of the Software, unless such copies or derivative
|
||||||
|
// works are solely in the form of machine-executable object code generated by
|
||||||
|
// a source language processor.
|
||||||
|
//
|
||||||
|
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||||
|
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||||
|
// FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT
|
||||||
|
// SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE
|
||||||
|
// FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,
|
||||||
|
// ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
|
||||||
|
// DEALINGS IN THE SOFTWARE.
|
||||||
|
//
|
||||||
|
|
||||||
|
|
||||||
|
#include "Poco/DateTime.h"
|
||||||
|
#include "Poco/DateTimeFormat.h"
|
||||||
|
#include "Poco/DateTimeFormatter.h"
|
||||||
|
#include "Poco/Exception.h"
|
||||||
|
#include "Poco/MD5Engine.h"
|
||||||
|
#include "Poco/Net/HTTPDigestCredentials.h"
|
||||||
|
#include "Poco/Net/HTTPRequest.h"
|
||||||
|
#include "Poco/Net/HTTPResponse.h"
|
||||||
|
#include "Poco/NumberFormatter.h"
|
||||||
|
#include "Poco/StringTokenizer.h"
|
||||||
|
|
||||||
|
|
||||||
|
namespace
|
||||||
|
{
|
||||||
|
std::string digest(Poco::DigestEngine& engine,
|
||||||
|
const std::string& a,
|
||||||
|
const std::string& b,
|
||||||
|
const std::string& c = std::string(),
|
||||||
|
const std::string& d = std::string(),
|
||||||
|
const std::string& e = std::string(),
|
||||||
|
const std::string& f = std::string())
|
||||||
|
{
|
||||||
|
engine.reset();
|
||||||
|
engine.update(a);
|
||||||
|
engine.update(':');
|
||||||
|
engine.update(b);
|
||||||
|
if (!c.empty())
|
||||||
|
{
|
||||||
|
engine.update(':');
|
||||||
|
engine.update(c);
|
||||||
|
if (!d.empty())
|
||||||
|
{
|
||||||
|
engine.update(':');
|
||||||
|
engine.update(d);
|
||||||
|
engine.update(':');
|
||||||
|
engine.update(e);
|
||||||
|
engine.update(':');
|
||||||
|
engine.update(f);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return Poco::DigestEngine::digestToHex(engine.digest());
|
||||||
|
}
|
||||||
|
|
||||||
|
std::string formatNonceCounter(int counter)
|
||||||
|
{
|
||||||
|
return Poco::NumberFormatter::formatHex(counter, 8);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
namespace Poco {
|
||||||
|
namespace Net {
|
||||||
|
|
||||||
|
|
||||||
|
const std::string HTTPDigestCredentials::SCHEME = "Digest";
|
||||||
|
const std::string HTTPDigestCredentials::DEFAULT_ALGORITHM("MD5");
|
||||||
|
const std::string HTTPDigestCredentials::DEFAULT_QOP("");
|
||||||
|
const std::string HTTPDigestCredentials::NONCE_PARAM("nonce");
|
||||||
|
const std::string HTTPDigestCredentials::REALM_PARAM("realm");
|
||||||
|
const std::string HTTPDigestCredentials::QOP_PARAM("qop");
|
||||||
|
const std::string HTTPDigestCredentials::ALGORITHM_PARAM("algorithm");
|
||||||
|
const std::string HTTPDigestCredentials::USERNAME_PARAM("username");
|
||||||
|
const std::string HTTPDigestCredentials::OPAQUE_PARAM("opaque");
|
||||||
|
const std::string HTTPDigestCredentials::URI_PARAM("uri");
|
||||||
|
const std::string HTTPDigestCredentials::RESPONSE_PARAM("response");
|
||||||
|
const std::string HTTPDigestCredentials::AUTH_PARAM("auth");
|
||||||
|
const std::string HTTPDigestCredentials::CNONCE_PARAM("cnonce");
|
||||||
|
const std::string HTTPDigestCredentials::NC_PARAM("nc");
|
||||||
|
int HTTPDigestCredentials::_nonceCounter(0);
|
||||||
|
Poco::FastMutex HTTPDigestCredentials::_nonceMutex;
|
||||||
|
|
||||||
|
|
||||||
|
HTTPDigestCredentials::HTTPDigestCredentials()
|
||||||
|
{
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
HTTPDigestCredentials::HTTPDigestCredentials(const std::string& username, const std::string& password):
|
||||||
|
_username(username),
|
||||||
|
_password(password)
|
||||||
|
{
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
HTTPDigestCredentials::~HTTPDigestCredentials()
|
||||||
|
{
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
void HTTPDigestCredentials::setUsername(const std::string& username)
|
||||||
|
{
|
||||||
|
_username = username;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
void HTTPDigestCredentials::setPassword(const std::string& password)
|
||||||
|
{
|
||||||
|
_password = password;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
void HTTPDigestCredentials::authenticate(HTTPRequest& request, const HTTPResponse& response)
|
||||||
|
{
|
||||||
|
authenticate(request, HTTPAuthenticationParams(response));
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
void HTTPDigestCredentials::authenticate(HTTPRequest& request, const HTTPAuthenticationParams& responseAuthParams)
|
||||||
|
{
|
||||||
|
createAuthParams(request, responseAuthParams);
|
||||||
|
request.setCredentials(SCHEME, _requestAuthParams.toString());
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
void HTTPDigestCredentials::updateAuthInfo(HTTPRequest& request)
|
||||||
|
{
|
||||||
|
updateAuthParams(request);
|
||||||
|
request.setCredentials(SCHEME, _requestAuthParams.toString());
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
std::string HTTPDigestCredentials::createNonce()
|
||||||
|
{
|
||||||
|
Poco::FastMutex::ScopedLock lock(_nonceMutex);
|
||||||
|
|
||||||
|
MD5Engine md5;
|
||||||
|
Timestamp::TimeVal now = Timestamp().epochMicroseconds();
|
||||||
|
|
||||||
|
md5.update(&_nonceCounter, sizeof(_nonceCounter));
|
||||||
|
md5.update(&now, sizeof(now));
|
||||||
|
|
||||||
|
++_nonceCounter;
|
||||||
|
|
||||||
|
return DigestEngine::digestToHex(md5.digest());
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
void HTTPDigestCredentials::createAuthParams(const HTTPRequest& request, const HTTPAuthenticationParams& responseAuthParams)
|
||||||
|
{
|
||||||
|
// Not implemented: "domain" auth parameter and integrity protection.
|
||||||
|
|
||||||
|
if (!responseAuthParams.has(NONCE_PARAM) || !responseAuthParams.has(REALM_PARAM))
|
||||||
|
throw InvalidArgumentException("Invalid HTTP authentication parameters");
|
||||||
|
|
||||||
|
const std::string& algorithm = responseAuthParams.get(ALGORITHM_PARAM, DEFAULT_ALGORITHM);
|
||||||
|
|
||||||
|
if (icompare(algorithm, DEFAULT_ALGORITHM) != 0)
|
||||||
|
throw NotImplementedException("Unsupported digest algorithm", algorithm);
|
||||||
|
|
||||||
|
const std::string& nonce = responseAuthParams.get(NONCE_PARAM);
|
||||||
|
const std::string& qop = responseAuthParams.get(QOP_PARAM, DEFAULT_QOP);
|
||||||
|
const std::string& realm = responseAuthParams.getRealm();
|
||||||
|
|
||||||
|
_requestAuthParams.clear();
|
||||||
|
_requestAuthParams.set(USERNAME_PARAM, _username);
|
||||||
|
_requestAuthParams.set(URI_PARAM, request.getURI());
|
||||||
|
_requestAuthParams.set(NONCE_PARAM, nonce);
|
||||||
|
_requestAuthParams.setRealm(realm);
|
||||||
|
if (responseAuthParams.has(OPAQUE_PARAM))
|
||||||
|
{
|
||||||
|
_requestAuthParams.set(OPAQUE_PARAM, responseAuthParams.get(OPAQUE_PARAM));
|
||||||
|
}
|
||||||
|
|
||||||
|
if (qop.empty())
|
||||||
|
{
|
||||||
|
MD5Engine engine;
|
||||||
|
|
||||||
|
const std::string ha1 = digest(engine, _username, realm, _password);
|
||||||
|
const std::string ha2 = digest(engine, request.getMethod(), request.getURI());
|
||||||
|
|
||||||
|
_requestAuthParams.set(RESPONSE_PARAM, digest(engine, ha1, nonce, ha2));
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
Poco::StringTokenizer tok(qop, ",", Poco::StringTokenizer::TOK_TRIM);
|
||||||
|
bool qopSupported = false;
|
||||||
|
for (Poco::StringTokenizer::Iterator it = tok.begin(); it != tok.end(); ++it)
|
||||||
|
{
|
||||||
|
if (icompare(*it, AUTH_PARAM) == 0)
|
||||||
|
{
|
||||||
|
qopSupported = true;
|
||||||
|
_requestAuthParams.set(CNONCE_PARAM, createNonce());
|
||||||
|
_requestAuthParams.set(QOP_PARAM, *it);
|
||||||
|
updateAuthParams(request);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (!qopSupported)
|
||||||
|
NotImplementedException("Unsupported QoP requested", qop);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
void HTTPDigestCredentials::updateAuthParams(const HTTPRequest& request)
|
||||||
|
{
|
||||||
|
const std::string& qop = _requestAuthParams.get(QOP_PARAM, DEFAULT_QOP);
|
||||||
|
if (icompare(qop, AUTH_PARAM) == 0)
|
||||||
|
{
|
||||||
|
MD5Engine engine;
|
||||||
|
|
||||||
|
const std::string& nonce = _requestAuthParams.get(NONCE_PARAM);
|
||||||
|
const std::string& realm = _requestAuthParams.getRealm();
|
||||||
|
const std::string& cnonce = _requestAuthParams.get(CNONCE_PARAM);
|
||||||
|
|
||||||
|
const std::string ha1 = digest(engine, _username, realm, _password);
|
||||||
|
const std::string ha2 = digest(engine, request.getMethod(), request.getURI());
|
||||||
|
const std::string nc = formatNonceCounter(updateNonceCounter(nonce));
|
||||||
|
|
||||||
|
_requestAuthParams.set(NC_PARAM, nc);
|
||||||
|
_requestAuthParams.set(RESPONSE_PARAM, digest(engine, ha1, nonce, nc, cnonce, qop, ha2));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
bool HTTPDigestCredentials::verifyAuthInfo(const HTTPRequest& request) const
|
||||||
|
{
|
||||||
|
HTTPAuthenticationParams params(request);
|
||||||
|
return verifyAuthParams(request, params);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
bool HTTPDigestCredentials::verifyAuthParams(const HTTPRequest& request, const HTTPAuthenticationParams& params) const
|
||||||
|
{
|
||||||
|
const std::string& nonce = params.get(NONCE_PARAM);
|
||||||
|
const std::string& realm = params.getRealm();
|
||||||
|
const std::string& qop = params.get(QOP_PARAM, DEFAULT_QOP);
|
||||||
|
std::string response;
|
||||||
|
MD5Engine engine;
|
||||||
|
if (qop.empty())
|
||||||
|
{
|
||||||
|
const std::string ha1 = digest(engine, _username, realm, _password);
|
||||||
|
const std::string ha2 = digest(engine, request.getMethod(), request.getURI());
|
||||||
|
response = digest(engine, ha1, nonce, ha2);
|
||||||
|
}
|
||||||
|
else if (icompare(qop, AUTH_PARAM) == 0)
|
||||||
|
{
|
||||||
|
const std::string& cnonce = params.get(CNONCE_PARAM);
|
||||||
|
const std::string& nc = params.get(NC_PARAM);
|
||||||
|
const std::string ha1 = digest(engine, _username, realm, _password);
|
||||||
|
const std::string ha2 = digest(engine, request.getMethod(), request.getURI());
|
||||||
|
response = digest(engine, ha1, nonce, nc, cnonce, qop, ha2);
|
||||||
|
}
|
||||||
|
return response == params.get(RESPONSE_PARAM);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
int HTTPDigestCredentials::updateNonceCounter(const std::string& nonce)
|
||||||
|
{
|
||||||
|
NonceCounterMap::iterator iter = _nc.find(nonce);
|
||||||
|
|
||||||
|
if (iter == _nc.end())
|
||||||
|
{
|
||||||
|
iter = _nc.insert(NonceCounterMap::value_type(nonce, 0)).first;
|
||||||
|
}
|
||||||
|
iter->second++;
|
||||||
|
|
||||||
|
return iter->second;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
} } // namespace Poco::Net
|
Reference in New Issue
Block a user