1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
|
/*
* Copyright (c) 2010 Remko Tronçon
* Licensed under the GNU General Public License v3.
* See Documentation/Licenses/GPLv3.txt for more information.
*/
#include "Swiften/SASL/DIGESTMD5ClientAuthenticator.h"
#include <cassert>
#include "Swiften/StringCodecs/MD5.h"
#include "Swiften/StringCodecs/Hexify.h"
namespace Swift {
DIGESTMD5ClientAuthenticator::DIGESTMD5ClientAuthenticator(const String& host, const String& nonce) : ClientAuthenticator("DIGEST-MD5"), step(Initial), host(host), cnonce(nonce) {
}
boost::optional<ByteArray> DIGESTMD5ClientAuthenticator::getResponse() const {
if (step == Initial) {
return boost::optional<ByteArray>();
}
else if (step == Response) {
String realm;
if (challenge.getValue("realm")) {
realm = *challenge.getValue("realm");
}
String qop = "auth";
String digestURI = "xmpp/" + host;
String nc = "00000001";
// Compute the response value
ByteArray A1 = MD5::getHash(getAuthenticationID() + ":" + realm + ":" + getPassword()) + ":" + *challenge.getValue("nonce") + ":" + cnonce;
if (!getAuthorizationID().isEmpty()) {
A1 += ":" + getAuthenticationID();
}
String A2 = "AUTHENTICATE:" + digestURI;
String responseValue = Hexify::hexify(MD5::getHash(
Hexify::hexify(MD5::getHash(A1)) + ":"
+ *challenge.getValue("nonce") + ":" + nc + ":" + cnonce + ":" + qop + ":"
+ Hexify::hexify(MD5::getHash(A2))));
DIGESTMD5Properties response;
response.setValue("username", getAuthenticationID());
if (!realm.isEmpty()) {
response.setValue("realm", realm);
}
response.setValue("nonce", *challenge.getValue("nonce"));
response.setValue("cnonce", cnonce);
response.setValue("nc", "00000001");
response.setValue("qop", qop);
response.setValue("digest-uri", digestURI);
response.setValue("charset", "utf-8");
response.setValue("response", responseValue);
if (!getAuthorizationID().isEmpty()) {
response.setValue("authzid", getAuthorizationID());
}
return response.serialize();
}
else {
return boost::optional<ByteArray>();
}
}
bool DIGESTMD5ClientAuthenticator::setChallenge(const boost::optional<ByteArray>& challengeData) {
if (step == Initial) {
if (!challengeData) {
return false;
}
challenge = DIGESTMD5Properties::parse(*challengeData);
// Sanity checks
if (!challenge.getValue("nonce")) {
return false;
}
if (!challenge.getValue("charset") || *challenge.getValue("charset") != "utf-8") {
return false;
}
step = Response;
return true;
}
else {
step = Final;
// TODO: Check RSPAuth
return true;
}
}
}
|
Swift