Commit 64d4eb2e authored by jehan's avatar jehan

htttp disgest auth firt impl

parent 7b7049be
......@@ -20,7 +20,7 @@
<folderInfo id="cdt.managedbuild.toolchain.gnu.macosx.base.557244179.779699347" name="/" resourcePath="">
<toolChain id="cdt.managedbuild.toolchain.gnu.macosx.base.688348245" name="cdt.managedbuild.toolchain.gnu.macosx.base" superClass="cdt.managedbuild.toolchain.gnu.macosx.base">
<targetPlatform archList="all" binaryParser="org.eclipse.cdt.core.MachO64" id="cdt.managedbuild.target.gnu.platform.macosx.base.1183422670" name="Debug Platform" osList="macosx" superClass="cdt.managedbuild.target.gnu.platform.macosx.base"/>
<builder arguments="-j4 CFLAGS=&quot;-g -Wall &quot; V=1" command="make" id="cdt.managedbuild.target.gnu.builder.macosx.base.1706103106" keepEnvironmentInBuildfile="false" managedBuildOn="false" name="Gnu Make Builder" superClass="cdt.managedbuild.target.gnu.builder.macosx.base"/>
<builder arguments="-j4 CFLAGS=&quot;-g -Wall -Wno-error=unknown-pragmas&quot; V=1" command="make" id="cdt.managedbuild.target.gnu.builder.macosx.base.1706103106" keepEnvironmentInBuildfile="false" managedBuildOn="false" name="Gnu Make Builder" superClass="cdt.managedbuild.target.gnu.builder.macosx.base"/>
<tool id="cdt.managedbuild.tool.macosx.c.linker.macosx.base.2093869426" name="MacOS X C Linker" superClass="cdt.managedbuild.tool.macosx.c.linker.macosx.base">
<inputType id="cdt.managedbuild.tool.macosx.c.linker.input.451088761" superClass="cdt.managedbuild.tool.macosx.c.linker.input">
<additionalInput kind="additionalinputdependency" paths="$(USER_OBJS)"/>
......
......@@ -32,6 +32,15 @@ BELLE_SIP_BEGIN_DECLS
*/
BELLESIP_EXPORT belle_sip_header_authorization_t* belle_sip_auth_helper_create_authorization(const belle_sip_header_www_authenticate_t* authentication);
/**
* Create an http authorization header from an www_authenticate header, all common parameters are copyed.
* copy params: scheme, realm, nonce, algorithm, opaque
* @param authentication source to be used as input
* @return belle_http_header_authorization_t*
*/
BELLESIP_EXPORT belle_http_header_authorization_t* belle_http_auth_helper_create_authorization(const belle_sip_header_www_authenticate_t* authentication);
/**
* Create an proxy_authorization header from an www_authenticate header, all common parameters are copyed.
* copy params: scheme, realm, nonce, algorithm, opaque
......
......@@ -442,6 +442,20 @@ BELLESIP_EXPORT belle_sip_header_proxy_authorization_t* belle_sip_header_proxy_a
#define BELLE_SIP_HEADER_PROXY_AUTHORIZATION(t) BELLE_SIP_CAST(t,belle_sip_header_proxy_authorization_t)
#define BELLE_SIP_PROXY_AUTHORIZATION "Proxy-Authorization"
/*******************************
* http_authorization inherit from Authorization
*/
typedef struct _belle_http_header_authorization belle_http_header_authorization_t;
BELLESIP_EXPORT belle_http_header_authorization_t* belle_http_header_authorization_new();
/*cannot be parsed for now
BELLESIP_EXPORT belle_http_header_authorization_t* belle_http_header_authorization_parse(const char* proxy_authorization);
*/
BELLESIP_EXPORT void belle_http_header_authorization_set_uri(belle_http_header_authorization_t* authorization, belle_generic_uri_t* uri);
BELLESIP_EXPORT belle_generic_uri_t* belle_http_header_authorization_get_uri(const belle_http_header_authorization_t* authorization);
#define BELLE_HTTP_HEADER_AUTHORIZATION(t) BELLE_SIP_CAST(t,belle_http_header_authorization_t)
#define BELLE_HTTP_AUTHORIZATION "Authorization"
/*******************************
* www_authenticate inherit from parameters
*/
......
......@@ -121,7 +121,8 @@ BELLE_SIP_DECLARE_TYPES_BEGIN(belle_sip,1)
BELLE_SIP_TYPE_ID(belle_http_channel_context_t),
BELLE_SIP_TYPE_ID(belle_generic_uri_t),
BELLE_SIP_TYPE_ID(belle_http_callbacks_t),
BELLE_SIP_TYPE_ID(belle_tls_verify_policy_t)
BELLE_SIP_TYPE_ID(belle_tls_verify_policy_t),
BELLE_SIP_TYPE_ID(belle_http_header_authorization_t)
BELLE_SIP_DECLARE_TYPES_END
......
......@@ -22,9 +22,10 @@
#include "md5.h"
#include <string.h>
#define CHECK_IS_PRESENT(obj,header_name,name) \
if (!belle_sip_header_##header_name##_get_##name(obj)) {\
belle_sip_error("parameter ["#name"]not found for header ["#header_name);\
belle_sip_error("parameter ["#name"]not found for header ["#header_name"]");\
return-1;\
}
......@@ -40,6 +41,12 @@ belle_sip_header_authorization_t* belle_sip_auth_helper_create_authorization(con
belle_sip_auth_helper_clone_authorization(authorization,authentication);
return authorization;
}
belle_http_header_authorization_t* belle_http_auth_helper_create_authorization(const belle_sip_header_www_authenticate_t* authentication) {
belle_http_header_authorization_t* authorization = belle_http_header_authorization_new();
belle_sip_auth_helper_clone_authorization(BELLE_SIP_HEADER_AUTHORIZATION(authorization),authentication);
return authorization;
}
belle_sip_header_proxy_authorization_t* belle_sip_auth_helper_create_proxy_authorization(const belle_sip_header_proxy_authenticate_t* proxy_authentication){
belle_sip_header_proxy_authorization_t* authorization = belle_sip_header_proxy_authorization_new();
belle_sip_auth_helper_clone_authorization(BELLE_SIP_HEADER_AUTHORIZATION(authorization),BELLE_SIP_HEADER_WWW_AUTHENTICATE(proxy_authentication));
......@@ -182,7 +189,15 @@ int belle_sip_auth_helper_fill_authorization(belle_sip_header_authorization_t* a
}
CHECK_IS_PRESENT(authorization,authorization,realm)
CHECK_IS_PRESENT(authorization,authorization,nonce)
CHECK_IS_PRESENT(authorization,authorization,uri)
if (BELLE_SIP_IS_INSTANCE_OF(authorization,belle_http_header_authorization_t)) {
/*http case*/
if (!belle_http_header_authorization_get_uri(BELLE_HTTP_HEADER_AUTHORIZATION(authorization))) {
belle_sip_error("parameter uri not found for http header authorization");
return-1;
}
} else {
CHECK_IS_PRESENT(authorization,authorization,uri)
}
if (auth_mode) {
CHECK_IS_PRESENT(authorization,authorization,nonce_count)
if (!belle_sip_header_authorization_get_cnonce(authorization)) {
......@@ -195,8 +210,13 @@ int belle_sip_auth_helper_fill_authorization(belle_sip_header_authorization_t* a
return -1;
}
if (BELLE_SIP_IS_INSTANCE_OF(authorization,belle_http_header_authorization_t)) {
/*http case*/
uri=belle_generic_uri_to_string(belle_http_header_authorization_get_uri(BELLE_HTTP_HEADER_AUTHORIZATION(authorization)));
} else {
uri=belle_sip_uri_to_string(belle_sip_header_authorization_get_uri(authorization));
}
uri=belle_sip_uri_to_string(belle_sip_header_authorization_get_uri(authorization));
belle_sip_auth_helper_compute_ha2(method,uri,ha2);
belle_sip_free(uri);
if (auth_mode) {
......
......@@ -1149,6 +1149,7 @@ struct _belle_sip_header_proxy_authorization {
static void belle_sip_header_proxy_authorization_destroy(belle_sip_header_proxy_authorization_t* proxy_authorization) {
}
static void belle_sip_header_proxy_authorization_clone(belle_sip_header_proxy_authorization_t* proxy_authorization,
......@@ -1161,6 +1162,60 @@ belle_sip_error_code belle_sip_header_proxy_authorization_marshal(belle_sip_head
BELLE_SIP_NEW_HEADER(header_proxy_authorization,header_authorization,BELLE_SIP_PROXY_AUTHORIZATION)
BELLE_SIP_PARSE(header_proxy_authorization)
/**************************
*HTTP Authorization header object inherent from Authorization
****************************
*/
struct _belle_http_header_authorization {
belle_sip_header_authorization_t authorization;
belle_generic_uri_t* uri;
};
static void belle_http_header_authorization_init(belle_http_header_authorization_t* authorization) {
belle_sip_header_set_name(BELLE_SIP_HEADER(authorization),BELLE_HTTP_AUTHORIZATION);
}
static void belle_http_header_authorization_destroy(belle_http_header_authorization_t* authorization) {
if (authorization->uri) {
belle_sip_object_unref(authorization->uri);
}
}
static void belle_http_header_authorization_clone(belle_http_header_authorization_t* authorization,
const belle_http_header_authorization_t *orig ) {
if (belle_http_header_authorization_get_uri(orig)) {
belle_http_header_authorization_set_uri(authorization,BELLE_GENERIC_URI(belle_sip_object_clone(BELLE_SIP_OBJECT(belle_http_header_authorization_get_uri(orig)))));
}
}
belle_sip_error_code belle_http_header_authorization_marshal(belle_http_header_authorization_t* authorization, char* buff, size_t buff_size, size_t *offset) {
belle_sip_error_code error=BELLE_SIP_OK;
/*first make sure there is no sip uri*/
if (belle_sip_header_authorization_get_uri(BELLE_SIP_HEADER_AUTHORIZATION(authorization))) {
belle_sip_error ("Cannot marshal http_header_authorization because a sip uri is set. Use belle_http_authorization_set uri instead of belle_sip_header_authorization_set_uri");
return BELLE_SIP_NOT_IMPLEMENTED;
}
belle_sip_header_authorization_marshal(BELLE_SIP_HEADER_AUTHORIZATION(authorization),buff,buff_size,offset);
if (authorization->uri) {
error=belle_sip_snprintf(buff,buff_size,offset,", uri=\"");
if (error!=BELLE_SIP_OK) return error;
error=belle_generic_uri_marshal(authorization->uri,buff,buff_size,offset);
if (error!=BELLE_SIP_OK) return error;
error=belle_sip_snprintf(buff,buff_size,offset,"%s","\"");
if (error!=BELLE_SIP_OK) return error;
}
return error;
}
BELLE_NEW(belle_http_header_authorization,belle_sip_header_authorization)
belle_generic_uri_t* belle_http_header_authorization_get_uri(const belle_http_header_authorization_t* authorization) {
return authorization->uri;
}
void belle_http_header_authorization_set_uri( belle_http_header_authorization_t* authorization,belle_generic_uri_t* uri) {
if (authorization->uri) belle_sip_object_unref(authorization->uri);
if (uri) belle_sip_object_ref(uri);
authorization->uri=uri;
}
/**************************
*WWW-Authenticate header object inherent from parameters
****************************
......
......@@ -200,6 +200,7 @@ BELLE_SIP_DECLARE_VPTR(belle_http_response_t);
BELLE_SIP_DECLARE_VPTR(belle_generic_uri_t);
BELLE_SIP_DECLARE_VPTR(belle_http_callbacks_t);
BELLE_SIP_DECLARE_VPTR(belle_tls_verify_policy_t);
BELLE_SIP_DECLARE_VPTR(belle_http_header_authorization_t);
BELLE_SIP_DECLARE_CUSTOM_VPTR_BEGIN(belle_sip_resolver_context_t,belle_sip_source_t)
void (*cancel)(belle_sip_resolver_context_t *);
......
......@@ -50,35 +50,78 @@ static int http_channel_context_handle_authentication(belle_http_channel_context
belle_http_response_t *resp=belle_http_request_get_response(req);
const char *username=NULL;
const char *passwd=NULL;
const char *ha1=NULL;
char computed_ha1[33];
belle_sip_header_www_authenticate_t* authenticate;
int ret=0;
(void)resp;
if (req->auth_attempt_count>1){
req->auth_attempt_count=0;
return -1;
}
if (resp == NULL ) {
belle_sip_error("Missing response for req [%p], cannot authenticate", req);
return -1;
}
if (!(authenticate = belle_sip_message_get_header_by_type(resp,belle_sip_header_www_authenticate_t))) {
if (belle_sip_message_get_header_by_type(resp,belle_sip_header_proxy_authenticate_t)) {
belle_sip_error("Proxy authentication not supported yet, cannot authenticate for resp [%p]", resp);
}
belle_sip_error("Missing auth header in response [%p], cannot authenticate", resp);
return -1;
}
if (strcasecmp("Digest",belle_sip_header_www_authenticate_get_scheme(authenticate)) != 0) {
belle_sip_error("Unsupported auth scheme [%s] in response [%p], cannot authenticate", belle_sip_header_www_authenticate_get_scheme(authenticate),resp);
return -1;
}
if (strcasecmp("MD5",belle_sip_header_www_authenticate_get_algorithm(authenticate)) != 0) {
belle_sip_error("Unsupported auth algo [%s] in response [%p], cannot authenticate", belle_sip_header_www_authenticate_get_algorithm(authenticate),resp);
return -1;
}
/*find if username, passwd were already supplied in original request uri*/
if (req->orig_uri){
username=belle_generic_uri_get_user(req->orig_uri);
passwd=belle_generic_uri_get_user_password(req->orig_uri);
}
if (username==NULL || passwd==NULL){
/*TODO find the realm from the Authentication header*/
realm = belle_sip_header_www_authenticate_get_realm(authenticate);
if (!username || !passwd) {
ev=belle_sip_auth_event_create((belle_sip_object_t*)ctx->provider,realm,NULL);
BELLE_HTTP_REQUEST_INVOKE_LISTENER(req,process_auth_requested,ev);
username=ev->username;
passwd=ev->passwd;
ha1=ev->ha1;
}
if (!ha1 && username && passwd) {
belle_sip_auth_helper_compute_ha1(username,realm,passwd, computed_ha1);
ha1=computed_ha1;
} else if (!ha1){
belle_sip_error("No auth info found for request [%p], cannot authenticate",req);
ret=-1;
}
if (username && passwd){
/*TODO resubmit the request to the provider with authentication added*/
if (ha1) {
belle_http_header_authorization_t* authorization;
req->auth_attempt_count++;
belle_http_provider_send_request(ctx->provider,req,NULL);
}else ret=-1;
authorization = belle_http_auth_helper_create_authorization(authenticate);
belle_http_header_authorization_set_uri(authorization,belle_http_request_get_uri(req));
if (belle_sip_auth_helper_fill_authorization(BELLE_SIP_HEADER_AUTHORIZATION(authorization),belle_http_request_get_method(req),ha1)) {
belle_sip_error("Cannot fill auth header for request [%p]",req);
if (authorization) belle_sip_object_unref(authorization);
ret=-1;
} else {
belle_sip_message_add_header(BELLE_SIP_MESSAGE(req),BELLE_SIP_HEADER(authorization));
belle_http_provider_send_request(ctx->provider,req,NULL);
}
}
if (ev) belle_sip_auth_event_destroy(ev);
return ret;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment