Swiftdiff options
| author | Remko Tronçon <git@el-tramo.be> | 2010-05-08 16:48:21 (GMT) |
|---|---|---|
| committer | Remko Tronçon <git@el-tramo.be> | 2010-05-08 16:48:21 (GMT) |
| commit | d233ec7a863fb0b9a6f20ea0aa52c7c0ea38e2fd (patch) | |
| tree | b0ff4203dc76d3995fbf696d0432f15d7f4916a9 /Swiften/SASL/DIGESTMD5ClientAuthenticator.cpp | |
| parent | 52bd37a759acc7edbd616c745ff64ac70ae41b9c (diff) | |
| download | swift-d233ec7a863fb0b9a6f20ea0aa52c7c0ea38e2fd.zip swift-d233ec7a863fb0b9a6f20ea0aa52c7c0ea38e2fd.tar.bz2 | |
Added DIGEST-MD5 client authenticator.
Diffstat (limited to 'Swiften/SASL/DIGESTMD5ClientAuthenticator.cpp')
| -rw-r--r-- | Swiften/SASL/DIGESTMD5ClientAuthenticator.cpp | 87 |
1 files changed, 87 insertions, 0 deletions
diff --git a/Swiften/SASL/DIGESTMD5ClientAuthenticator.cpp b/Swiften/SASL/DIGESTMD5ClientAuthenticator.cpp new file mode 100644 index 0000000..d22f295 --- /dev/null +++ b/Swiften/SASL/DIGESTMD5ClientAuthenticator.cpp @@ -0,0 +1,87 @@ +/* + * Copyright (c) 2010 Remko Tronçon + * Licensed under the GNU General Public License v3. + * See Documentation/Licenses/GPLv3.txt for more information. + */ + +#include "Swiften/SASL/DIGESTMD5ClientAuthenticator.h" + +#include <cassert> + +#include "Swiften/StringCodecs/MD5.h" +#include "Swiften/StringCodecs/Hexify.h" + +namespace Swift { + +DIGESTMD5ClientAuthenticator::DIGESTMD5ClientAuthenticator(const String& host, const String& nonce) : ClientAuthenticator("DIGEST-MD5"), step(Initial), host(host), cnonce(nonce) { +} + +ByteArray DIGESTMD5ClientAuthenticator::getResponse() const { + if (step == Initial) { + return ByteArray(); + } + else if (step == Response) { + String realm; + if (challenge.getValue("realm")) { + realm = *challenge.getValue("realm"); + } + String qop = "auth"; + String digestURI = "xmpp/" + host; + String nc = "00000001"; + + // Compute the response value + ByteArray A1 = MD5::getHash(getAuthenticationID() + ":" + realm + ":" + getPassword()) + ":" + *challenge.getValue("nonce") + ":" + cnonce; + if (!getAuthorizationID().isEmpty()) { + A1 += ":" + getAuthenticationID(); + } + String A2 = "AUTHENTICATE:" + digestURI; + + String responseValue = Hexify::hexify(MD5::getHash( + Hexify::hexify(MD5::getHash(A1)) + ":" + + *challenge.getValue("nonce") + ":" + nc + ":" + cnonce + ":" + qop + ":" + + Hexify::hexify(MD5::getHash(A2)))); + + DIGESTMD5Properties response; + response.setValue("username", getAuthenticationID()); + if (!realm.isEmpty()) { + response.setValue("realm", realm); + } + response.setValue("nonce", *challenge.getValue("nonce")); + response.setValue("cnonce", cnonce); + response.setValue("nc", "00000001"); + response.setValue("qop", qop); + response.setValue("digest-uri", digestURI); + response.setValue("charset", "utf-8"); + response.setValue("response", responseValue); + if (!getAuthorizationID().isEmpty()) { + response.setValue("authzid", getAuthorizationID()); + } + return response.serialize(); + } + else { + return ByteArray(); + } +} + +bool DIGESTMD5ClientAuthenticator::setChallenge(const ByteArray& challengeData) { + if (step == Initial) { + challenge = DIGESTMD5Properties::parse(challengeData); + + // Sanity checks + if (!challenge.getValue("nonce")) { + return false; + } + if (!challenge.getValue("charset") || *challenge.getValue("charset") != "utf-8") { + return false; + } + step = Response; + return true; + } + else { + step = Final; + // TODO: Check RSPAuth + return true; + } +} + +} |