summaryrefslogtreecommitdiffstats
blob: f27caecd09136687c3407a1fc12d8b923e3c9db9 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
/*
 * Copyright (c) 2010-2013 Isode Limited.
 * All rights reserved.
 * See the COPYING file for more information.
 */

#include <Swiften/SASL/DIGESTMD5ClientAuthenticator.h>

#include <cassert>

#include <Swiften/StringCodecs/Hexify.h>
#include <Swiften/Base/Concat.h>
#include <Swiften/Base/Algorithm.h>
#include <Swiften/Crypto/CryptoProvider.h>

namespace Swift {

DIGESTMD5ClientAuthenticator::DIGESTMD5ClientAuthenticator(const std::string& host, const std::string& nonce, CryptoProvider* crypto) : ClientAuthenticator("DIGEST-MD5"), step(Initial), host(host), cnonce(nonce), crypto(crypto) {
}

boost::optional<SafeByteArray> DIGESTMD5ClientAuthenticator::getResponse() const {
	if (step == Initial) {
		return boost::optional<SafeByteArray>();
	}
	else if (step == Response) {
		std::string realm;
		if (challenge.getValue("realm")) {
			realm = *challenge.getValue("realm");
		}
		std::string qop = "auth";
		std::string digestURI = "xmpp/" + host;
		std::string nc = "00000001";

		// Compute the response value
		ByteArray A1 = concat(
				crypto->getMD5Hash(
					concat(createSafeByteArray(getAuthenticationID().c_str()), createSafeByteArray(":"), createSafeByteArray(realm.c_str()), createSafeByteArray(":"), getPassword())),
				createByteArray(":"), createByteArray(*challenge.getValue("nonce")), createByteArray(":"), createByteArray(cnonce));
		if (!getAuthorizationID().empty()) {
			append(A1, createByteArray(":" + getAuthenticationID()));
		}
		ByteArray A2 = createByteArray("AUTHENTICATE:" + digestURI);

		std::string responseValue = Hexify::hexify(crypto->getMD5Hash(createByteArray(
			Hexify::hexify(crypto->getMD5Hash(A1)) + ":"
			+ *challenge.getValue("nonce") + ":" + nc + ":" + cnonce + ":" + qop + ":"
			+ Hexify::hexify(crypto->getMD5Hash(A2)))));


		DIGESTMD5Properties response;
		response.setValue("username", getAuthenticationID());
		if (!realm.empty()) {
			response.setValue("realm", realm);
		}
		response.setValue("nonce", *challenge.getValue("nonce"));
		response.setValue("cnonce", cnonce);
		response.setValue("nc", "00000001");
		response.setValue("qop", qop);
		response.setValue("digest-uri", digestURI);
		response.setValue("charset", "utf-8");
		response.setValue("response", responseValue);
		if (!getAuthorizationID().empty()) {
			response.setValue("authzid", getAuthorizationID());
		}
		return createSafeByteArray(response.serialize());
	}
	else {
		return boost::optional<SafeByteArray>();
	}
}

bool DIGESTMD5ClientAuthenticator::setChallenge(const boost::optional<ByteArray>& challengeData) {
	if (step == Initial) {
		if (!challengeData) {
			return false;
		}
		challenge = DIGESTMD5Properties::parse(*challengeData);

		// Sanity checks
		if (!challenge.getValue("nonce")) {
			return false;
		}
		if (!challenge.getValue("charset") || *challenge.getValue("charset") != "utf-8") {
			return false;
		}
		step = Response;
		return true;
	}
	else {
		step = Final;
		// TODO: Check RSPAuth
		return true;
	}
}

}