search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bug 458256. Use LoadLibraryW instead of LoadLibrary (patch by DougT). r+sr=vlad
[wine-gecko.git] / netwerk / protocol / http / src / nsHttpDigestAuth.cpp
blob092bbdef04647ae2bfc268c2f1181a5ea417a66a
1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
2 *
3 * ***** BEGIN LICENSE BLOCK *****
4 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
5 *
6 * The contents of this file are subject to the Mozilla Public License Version
7 * 1.1 (the "License"); you may not use this file except in compliance with
8 * the License. You may obtain a copy of the License at
9 * http://www.mozilla.org/MPL/
10 *
11 * Software distributed under the License is distributed on an "AS IS" basis,
12 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
13 * for the specific language governing rights and limitations under the
14 * License.
15 *
16 * The Original Code is mozilla.org code.
17 *
18 * The Initial Developer of the Original Code is
19 * Netscape Communications Corporation.
20 * Portions created by the Initial Developer are Copyright (C) 1998
21 * the Initial Developer. All Rights Reserved.
22 *
23 * Contributor(s):
24 * Justin Bradford <jab@atdot.org> (original author of nsDigestAuth.cpp)
25 * An-Cheng Huang <pach@cs.cmu.edu>
26 * Darin Fisher <darin@netscape.com>
27 *
28 * Alternatively, the contents of this file may be used under the terms of
29 * either the GNU General Public License Version 2 or later (the "GPL"), or
30 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
31 * in which case the provisions of the GPL or the LGPL are applicable instead
32 * of those above. If you wish to allow use of your version of this file only
33 * under the terms of either the GPL or the LGPL, and not to allow others to
34 * use your version of this file under the terms of the MPL, indicate your
35 * decision by deleting the provisions above and replace them with the notice
36 * and other provisions required by the GPL or the LGPL. If you do not delete
37 * the provisions above, a recipient may use your version of this file under
38 * the terms of any one of the MPL, the GPL or the LGPL.
39 *
40 * ***** END LICENSE BLOCK ***** */
41
42 #include <stdlib.h>
43 #include "nsHttp.h"
44 #include "nsHttpDigestAuth.h"
45 #include "nsIHttpChannel.h"
46 #include "nsIServiceManager.h"
47 #include "nsXPCOM.h"
48 #include "nsISupportsPrimitives.h"
49 #include "nsIURI.h"
50 #include "nsString.h"
51 #include "nsReadableUtils.h"
52 #include "nsEscape.h"
53 #include "nsNetCID.h"
54 #include "plbase64.h"
55 #include "plstr.h"
56 #include "prprf.h"
57 #include "prmem.h"
58 #include "nsCRT.h"
59
60 //-----------------------------------------------------------------------------
61 // nsHttpDigestAuth <public>
62 //-----------------------------------------------------------------------------
63
64 nsHttpDigestAuth::nsHttpDigestAuth()
65 {}
66
67 nsHttpDigestAuth::~nsHttpDigestAuth()
68 {}
69
70 //-----------------------------------------------------------------------------
71 // nsHttpDigestAuth::nsISupports
72 //-----------------------------------------------------------------------------
73
74 NS_IMPL_ISUPPORTS1(nsHttpDigestAuth, nsIHttpAuthenticator)
75
76 //-----------------------------------------------------------------------------
77 // nsHttpDigestAuth <protected>
78 //-----------------------------------------------------------------------------
79
80 nsresult
81 nsHttpDigestAuth::MD5Hash(const char *buf, PRUint32 len)
82 {
83 nsresult rv;
84
85 // Cache a reference to the nsICryptoHash instance since we'll be calling
86 // this function frequently.
87 if (!mVerifier) {
88 mVerifier = do_CreateInstance(NS_CRYPTO_HASH_CONTRACTID, &rv);
89 if (NS_FAILED(rv)) {
90 LOG(("nsHttpDigestAuth: no crypto hash!\n"));
91 return rv;
92 }
93 }
94
95 rv = mVerifier->Init(nsICryptoHash::MD5);
96 if (NS_FAILED(rv)) return rv;
97
98 rv = mVerifier->Update((unsigned char*)buf, len);
99 if (NS_FAILED(rv)) return rv;
100
101 nsCAutoString hashString;
102 rv = mVerifier->Finish(PR_FALSE, hashString);
103 if (NS_FAILED(rv)) return rv;
104
105 NS_ENSURE_STATE(hashString.Length() == sizeof(mHashBuf));
106 memcpy(mHashBuf, hashString.get(), hashString.Length());
107
108 return rv;
109 }
110
111 nsresult
112 nsHttpDigestAuth::GetMethodAndPath(nsIHttpChannel *httpChannel,
113 PRBool isProxyAuth,
114 nsCString &httpMethod,
115 nsCString &path)
116 {
117 nsresult rv;
118 nsCOMPtr<nsIURI> uri;
119 rv = httpChannel->GetURI(getter_AddRefs(uri));
120 if (NS_SUCCEEDED(rv)) {
121 PRBool isSecure;
122 rv = uri->SchemeIs("https", &isSecure);
123 if (NS_SUCCEEDED(rv)) {
124 //
125 // if we are being called in response to a 407, and if the protocol
126 // is HTTPS, then we are really using a CONNECT method.
127 //
128 if (isSecure && isProxyAuth) {
129 httpMethod.AssignLiteral("CONNECT");
130 //
131 // generate hostname:port string. (unfortunately uri->GetHostPort
132 // leaves out the port if it matches the default value, so we can't
133 // just call it.)
134 //
135 PRInt32 port;
136 rv = uri->GetAsciiHost(path);
137 rv |= uri->GetPort(&port);
138 if (NS_SUCCEEDED(rv)) {
139 path.Append(':');
140 path.AppendInt(port < 0 ? NS_HTTPS_DEFAULT_PORT : port);
141 }
142 }
143 else {
144 rv = httpChannel->GetRequestMethod(httpMethod);
145 rv |= uri->GetPath(path);
146 if (NS_SUCCEEDED(rv)) {
147 //
148 // strip any fragment identifier from the URL path.
149 //
150 PRInt32 ref = path.RFindChar('#');
151 if (ref != kNotFound)
152 path.Truncate(ref);
153 //
154 // make sure we escape any UTF-8 characters in the URI path. the
155 // digest auth uri attribute needs to match the request-URI.
156 //
157 // XXX we should really ask the HTTP channel for this string
158 // instead of regenerating it here.
159 //
160 nsCAutoString buf;
161 path = NS_EscapeURL(path, esc_OnlyNonASCII, buf);
162 }
163 }
164 }
165 }
166 return rv;
167 }
168
169 //-----------------------------------------------------------------------------
170 // nsHttpDigestAuth::nsIHttpAuthenticator
171 //-----------------------------------------------------------------------------
172
173 NS_IMETHODIMP
174 nsHttpDigestAuth::ChallengeReceived(nsIHttpChannel *httpChannel,
175 const char *challenge,
176 PRBool isProxyAuth,
177 nsISupports **sessionState,
178 nsISupports **continuationState,
179 PRBool *result)
180 {
181 nsCAutoString realm, domain, nonce, opaque;
182 PRBool stale;
183 PRUint16 algorithm, qop;
184
185 nsresult rv = ParseChallenge(challenge, realm, domain, nonce, opaque,
186 &stale, &algorithm, &qop);
187 if (NS_FAILED(rv)) return rv;
188
189 // if the challenge has the "stale" flag set, then the user identity is not
190 // necessarily invalid. by returning FALSE here we can suppress username
191 // and password prompting that usually accompanies a 401/407 challenge.
192 *result = !stale;
193
194 // clear any existing nonce_count since we have a new challenge.
195 NS_IF_RELEASE(*sessionState);
196 return NS_OK;
197 }
198
199 NS_IMETHODIMP
200 nsHttpDigestAuth::GenerateCredentials(nsIHttpChannel *httpChannel,
201 const char *challenge,
202 PRBool isProxyAuth,
203 const PRUnichar *userdomain,
204 const PRUnichar *username,
205 const PRUnichar *password,
206 nsISupports **sessionState,
207 nsISupports **continuationState,
208 char **creds)
209
210 {
211 LOG(("nsHttpDigestAuth::GenerateCredentials [challenge=%s]\n", challenge));
212
213 NS_ENSURE_ARG_POINTER(creds);
214
215 PRBool isDigestAuth = !PL_strncasecmp(challenge, "digest ", 7);
216 NS_ENSURE_TRUE(isDigestAuth, NS_ERROR_UNEXPECTED);
217
218 // IIS implementation requires extra quotes
219 PRBool requireExtraQuotes = PR_FALSE;
220 {
221 nsCAutoString serverVal;
222 httpChannel->GetResponseHeader(NS_LITERAL_CSTRING("Server"), serverVal);
223 if (!serverVal.IsEmpty()) {
224 requireExtraQuotes = !PL_strncasecmp(serverVal.get(), "Microsoft-IIS", 13);
225 }
226 }
227
228 nsresult rv;
229 nsCAutoString httpMethod;
230 nsCAutoString path;
231 rv = GetMethodAndPath(httpChannel, isProxyAuth, httpMethod, path);
232 if (NS_FAILED(rv)) return rv;
233
234 nsCAutoString realm, domain, nonce, opaque;
235 PRBool stale;
236 PRUint16 algorithm, qop;
237
238 rv = ParseChallenge(challenge, realm, domain, nonce, opaque,
239 &stale, &algorithm, &qop);
240 if (NS_FAILED(rv)) {
241 LOG(("nsHttpDigestAuth::GenerateCredentials [ParseChallenge failed rv=%x]\n", rv));
242 return rv;
243 }
244
245 char ha1_digest[EXPANDED_DIGEST_LENGTH+1];
246 char ha2_digest[EXPANDED_DIGEST_LENGTH+1];
247 char response_digest[EXPANDED_DIGEST_LENGTH+1];
248 char upload_data_digest[EXPANDED_DIGEST_LENGTH+1];
249
250 if (qop & QOP_AUTH_INT) {
251 // we do not support auth-int "quality of protection" currently
252 qop &= ~QOP_AUTH_INT;
253
254 NS_WARNING("no support for Digest authentication with data integrity quality of protection");
255
256 /* TODO: to support auth-int, we need to get an MD5 digest of
257 * TODO: the data uploaded with this request.
258 * TODO: however, i am not sure how to read in the file in without
259 * TODO: disturbing the channel''s use of it. do i need to copy it
260 * TODO: somehow?
261 */
262 #if 0
263 if (http_channel != nsnull)
264 {
265 nsIInputStream * upload;
266 nsCOMPtr<nsIUploadChannel> uc = do_QueryInterface(http_channel);
267 NS_ENSURE_TRUE(uc, NS_ERROR_UNEXPECTED);
268 uc->GetUploadStream(&upload);
269 if (upload) {
270 char * upload_buffer;
271 int upload_buffer_length = 0;
272 //TODO: read input stream into buffer
273 const char * digest = (const char*)
274 nsNetwerkMD5Digest(upload_buffer, upload_buffer_length);
275 ExpandToHex(digest, upload_data_digest);
276 NS_RELEASE(upload);
277 }
278 }
279 #endif
280 }
281
282 if (!(algorithm & ALGO_MD5 || algorithm & ALGO_MD5_SESS)) {
283 // they asked only for algorithms that we do not support
284 NS_WARNING("unsupported algorithm requested by Digest authentication");
285 return NS_ERROR_NOT_IMPLEMENTED;
286 }
287
288 //
289 // the following are for increasing security. see RFC 2617 for more
290 // information.
291 //
292 // nonce_count allows the server to keep track of auth challenges (to help
293 // prevent spoofing). we increase this count every time.
294 //
295 char nonce_count[NONCE_COUNT_LENGTH+1] = "00000001"; // in hex
296 if (*sessionState) {
297 nsCOMPtr<nsISupportsPRUint32> v(do_QueryInterface(*sessionState));
298 if (v) {
299 PRUint32 nc;
300 v->GetData(&nc);
301 PR_snprintf(nonce_count, sizeof(nonce_count), "%08x", ++nc);
302 v->SetData(nc);
303 }
304 }
305 else {
306 nsCOMPtr<nsISupportsPRUint32> v(
307 do_CreateInstance(NS_SUPPORTS_PRUINT32_CONTRACTID));
308 if (v) {
309 v->SetData(1);
310 NS_ADDREF(*sessionState = v);
311 }
312 }
313 LOG((" nonce_count=%s\n", nonce_count));
314
315 //
316 // this lets the client verify the server response (via a server
317 // returned Authentication-Info header). also used for session info.
318 //
319 nsCAutoString cnonce;
320 static const char hexChar[] = "0123456789abcdef";
321 for (int i=0; i<16; ++i) {
322 cnonce.Append(hexChar[(int)(15.0 * rand()/(RAND_MAX + 1.0))]);
323 }
324 LOG((" cnonce=%s\n", cnonce.get()));
325
326 //
327 // calculate credentials
328 //
329
330 NS_ConvertUTF16toUTF8 cUser(username), cPass(password);
331 rv = CalculateHA1(cUser, cPass, realm, algorithm, nonce, cnonce, ha1_digest);
332 if (NS_FAILED(rv)) return rv;
333
334 rv = CalculateHA2(httpMethod, path, qop, upload_data_digest, ha2_digest);
335 if (NS_FAILED(rv)) return rv;
336
337 rv = CalculateResponse(ha1_digest, ha2_digest, nonce, qop, nonce_count,
338 cnonce, response_digest);
339 if (NS_FAILED(rv)) return rv;
340
341 //
342 // Values that need to match the quoted-string production from RFC 2616:
343 //
344 // username
345 // realm
346 // nonce
347 // opaque
348 // cnonce
349 //
350
351 nsCAutoString authString;
352
353 authString.AssignLiteral("Digest username=");
354 rv = AppendQuotedString(cUser, authString);
355 NS_ENSURE_SUCCESS(rv, rv);
356
357 authString.AppendLiteral(", realm=");
358 rv = AppendQuotedString(realm, authString);
359 NS_ENSURE_SUCCESS(rv, rv);
360
361 authString.AppendLiteral(", nonce=");
362 rv = AppendQuotedString(nonce, authString);
363 NS_ENSURE_SUCCESS(rv, rv);
364
365 authString.AppendLiteral(", uri=\"");
366 authString += path;
367 if (algorithm & ALGO_SPECIFIED) {
368 authString.AppendLiteral("\", algorithm=");
369 if (algorithm & ALGO_MD5_SESS)
370 authString.AppendLiteral("MD5-sess");
371 else
372 authString.AppendLiteral("MD5");
373 } else {
374 authString += '\"';
375 }
376 authString.AppendLiteral(", response=\"");
377 authString += response_digest;
378 authString += '\"';
379
380 if (!opaque.IsEmpty()) {
381 authString.AppendLiteral(", opaque=");
382 rv = AppendQuotedString(opaque, authString);
383 NS_ENSURE_SUCCESS(rv, rv);
384 }
385
386 if (qop) {
387 authString.AppendLiteral(", qop=");
388 if (requireExtraQuotes)
389 authString += '\"';
390 authString.AppendLiteral("auth");
391 if (qop & QOP_AUTH_INT)
392 authString.AppendLiteral("-int");
393 if (requireExtraQuotes)
394 authString += '\"';
395 authString.AppendLiteral(", nc=");
396 authString += nonce_count;
397
398 authString.AppendLiteral(", cnonce=");
399 rv = AppendQuotedString(cnonce, authString);
400 NS_ENSURE_SUCCESS(rv, rv);
401 }
402
403
404 *creds = ToNewCString(authString);
405 return NS_OK;
406 }
407
408 NS_IMETHODIMP
409 nsHttpDigestAuth::GetAuthFlags(PRUint32 *flags)
410 {
411 *flags = REQUEST_BASED | REUSABLE_CHALLENGE | IDENTITY_ENCRYPTED;
412 //
413 // NOTE: digest auth credentials must be uniquely computed for each request,
414 // so we do not set the REUSABLE_CREDENTIALS flag.
415 //
416 return NS_OK;
417 }
418
419 nsresult
420 nsHttpDigestAuth::CalculateResponse(const char * ha1_digest,
421 const char * ha2_digest,
422 const nsAFlatCString & nonce,
423 PRUint16 qop,
424 const char * nonce_count,
425 const nsAFlatCString & cnonce,
426 char * result)
427 {
428 PRUint32 len = 2*EXPANDED_DIGEST_LENGTH + nonce.Length() + 2;
429
430 if (qop & QOP_AUTH || qop & QOP_AUTH_INT) {
431 len += cnonce.Length() + NONCE_COUNT_LENGTH + 3;
432 if (qop & QOP_AUTH_INT)
433 len += 8; // length of "auth-int"
434 else
435 len += 4; // length of "auth"
436 }
437
438 nsCAutoString contents;
439 contents.SetCapacity(len);
440
441 contents.Assign(ha1_digest, EXPANDED_DIGEST_LENGTH);
442 contents.Append(':');
443 contents.Append(nonce);
444 contents.Append(':');
445
446 if (qop & QOP_AUTH || qop & QOP_AUTH_INT) {
447 contents.Append(nonce_count, NONCE_COUNT_LENGTH);
448 contents.Append(':');
449 contents.Append(cnonce);
450 contents.Append(':');
451 if (qop & QOP_AUTH_INT)
452 contents.AppendLiteral("auth-int:");
453 else
454 contents.AppendLiteral("auth:");
455 }
456
457 contents.Append(ha2_digest, EXPANDED_DIGEST_LENGTH);
458
459 nsresult rv = MD5Hash(contents.get(), contents.Length());
460 if (NS_SUCCEEDED(rv))
461 rv = ExpandToHex(mHashBuf, result);
462 return rv;
463 }
464
465 nsresult
466 nsHttpDigestAuth::ExpandToHex(const char * digest, char * result)
467 {
468 PRInt16 index, value;
469
470 for (index = 0; index < DIGEST_LENGTH; index++) {
471 value = (digest[index] >> 4) & 0xf;
472 if (value < 10)
473 result[index*2] = value + '0';
474 else
475 result[index*2] = value - 10 + 'a';
476
477 value = digest[index] & 0xf;
478 if (value < 10)
479 result[(index*2)+1] = value + '0';
480 else
481 result[(index*2)+1] = value - 10 + 'a';
482 }
483
484 result[EXPANDED_DIGEST_LENGTH] = 0;
485 return NS_OK;
486 }
487
488 nsresult
489 nsHttpDigestAuth::CalculateHA1(const nsAFlatCString & username,
490 const nsAFlatCString & password,
491 const nsAFlatCString & realm,
492 PRUint16 algorithm,
493 const nsAFlatCString & nonce,
494 const nsAFlatCString & cnonce,
495 char * result)
496 {
497 PRInt16 len = username.Length() + password.Length() + realm.Length() + 2;
498 if (algorithm & ALGO_MD5_SESS) {
499 PRInt16 exlen = EXPANDED_DIGEST_LENGTH + nonce.Length() + cnonce.Length() + 2;
500 if (exlen > len)
501 len = exlen;
502 }
503
504 nsCAutoString contents;
505 contents.SetCapacity(len + 1);
506
507 contents.Assign(username);
508 contents.Append(':');
509 contents.Append(realm);
510 contents.Append(':');
511 contents.Append(password);
512
513 nsresult rv;
514 rv = MD5Hash(contents.get(), contents.Length());
515 if (NS_FAILED(rv))
516 return rv;
517
518 if (algorithm & ALGO_MD5_SESS) {
519 char part1[EXPANDED_DIGEST_LENGTH+1];
520 ExpandToHex(mHashBuf, part1);
521
522 contents.Assign(part1, EXPANDED_DIGEST_LENGTH);
523 contents.Append(':');
524 contents.Append(nonce);
525 contents.Append(':');
526 contents.Append(cnonce);
527
528 rv = MD5Hash(contents.get(), contents.Length());
529 if (NS_FAILED(rv))
530 return rv;
531 }
532
533 return ExpandToHex(mHashBuf, result);
534 }
535
536 nsresult
537 nsHttpDigestAuth::CalculateHA2(const nsAFlatCString & method,
538 const nsAFlatCString & path,
539 PRUint16 qop,
540 const char * bodyDigest,
541 char * result)
542 {
543 PRInt16 methodLen = method.Length();
544 PRInt16 pathLen = path.Length();
545 PRInt16 len = methodLen + pathLen + 1;
546
547 if (qop & QOP_AUTH_INT) {
548 len += EXPANDED_DIGEST_LENGTH + 1;
549 }
550
551 nsCAutoString contents;
552 contents.SetCapacity(len);
553
554 contents.Assign(method);
555 contents.Append(':');
556 contents.Append(path);
557
558 if (qop & QOP_AUTH_INT) {
559 contents.Append(':');
560 contents.Append(bodyDigest, EXPANDED_DIGEST_LENGTH);
561 }
562
563 nsresult rv = MD5Hash(contents.get(), contents.Length());
564 if (NS_SUCCEEDED(rv))
565 rv = ExpandToHex(mHashBuf, result);
566 return rv;
567 }
568
569 nsresult
570 nsHttpDigestAuth::ParseChallenge(const char * challenge,
571 nsACString & realm,
572 nsACString & domain,
573 nsACString & nonce,
574 nsACString & opaque,
575 PRBool * stale,
576 PRUint16 * algorithm,
577 PRUint16 * qop)
578 {
579 const char *p = challenge + 7; // first 7 characters are "Digest "
580
581 *stale = PR_FALSE;
582 *algorithm = ALGO_MD5; // default is MD5
583 *qop = 0;
584
585 for (;;) {
586 while (*p && (*p == ',' || nsCRT::IsAsciiSpace(*p)))
587 ++p;
588 if (!*p)
589 break;
590
591 // name
592 PRInt16 nameStart = (p - challenge);
593 while (*p && !nsCRT::IsAsciiSpace(*p) && *p != '=')
594 ++p;
595 if (!*p)
596 return NS_ERROR_INVALID_ARG;
597 PRInt16 nameLength = (p - challenge) - nameStart;
598
599 while (*p && (nsCRT::IsAsciiSpace(*p) || *p == '='))
600 ++p;
601 if (!*p)
602 return NS_ERROR_INVALID_ARG;
603
604 PRBool quoted = PR_FALSE;
605 if (*p == '"') {
606 ++p;
607 quoted = PR_TRUE;
608 }
609
610 // value
611 PRInt16 valueStart = (p - challenge);
612 PRInt16 valueLength = 0;
613 if (quoted) {
614 while (*p && *p != '"')
615 ++p;
616 if (*p != '"')
617 return NS_ERROR_INVALID_ARG;
618 valueLength = (p - challenge) - valueStart;
619 ++p;
620 } else {
621 while (*p && !nsCRT::IsAsciiSpace(*p) && *p != ',')
622 ++p;
623 valueLength = (p - challenge) - valueStart;
624 }
625
626 // extract information
627 if (nameLength == 5 &&
628 nsCRT::strncasecmp(challenge+nameStart, "realm", 5) == 0)
629 {
630 realm.Assign(challenge+valueStart, valueLength);
631 }
632 else if (nameLength == 6 &&
633 nsCRT::strncasecmp(challenge+nameStart, "domain", 6) == 0)
634 {
635 domain.Assign(challenge+valueStart, valueLength);
636 }
637 else if (nameLength == 5 &&
638 nsCRT::strncasecmp(challenge+nameStart, "nonce", 5) == 0)
639 {
640 nonce.Assign(challenge+valueStart, valueLength);
641 }
642 else if (nameLength == 6 &&
643 nsCRT::strncasecmp(challenge+nameStart, "opaque", 6) == 0)
644 {
645 opaque.Assign(challenge+valueStart, valueLength);
646 }
647 else if (nameLength == 5 &&
648 nsCRT::strncasecmp(challenge+nameStart, "stale", 5) == 0)
649 {
650 if (nsCRT::strncasecmp(challenge+valueStart, "true", 4) == 0)
651 *stale = PR_TRUE;
652 else
653 *stale = PR_FALSE;
654 }
655 else if (nameLength == 9 &&
656 nsCRT::strncasecmp(challenge+nameStart, "algorithm", 9) == 0)
657 {
658 // we want to clear the default, so we use = not |= here
659 *algorithm = ALGO_SPECIFIED;
660 if (valueLength == 3 &&
661 nsCRT::strncasecmp(challenge+valueStart, "MD5", 3) == 0)
662 *algorithm |= ALGO_MD5;
663 else if (valueLength == 8 &&
664 nsCRT::strncasecmp(challenge+valueStart, "MD5-sess", 8) == 0)
665 *algorithm |= ALGO_MD5_SESS;
666 }
667 else if (nameLength == 3 &&
668 nsCRT::strncasecmp(challenge+nameStart, "qop", 3) == 0)
669 {
670 PRInt16 ipos = valueStart;
671 while (ipos < valueStart+valueLength) {
672 while (ipos < valueStart+valueLength &&
673 (nsCRT::IsAsciiSpace(challenge[ipos]) ||
674 challenge[ipos] == ','))
675 ipos++;
676 PRInt16 algostart = ipos;
677 while (ipos < valueStart+valueLength &&
678 !nsCRT::IsAsciiSpace(challenge[ipos]) &&
679 challenge[ipos] != ',')
680 ipos++;
681 if ((ipos - algostart) == 4 &&
682 nsCRT::strncasecmp(challenge+algostart, "auth", 4) == 0)
683 *qop |= QOP_AUTH;
684 else if ((ipos - algostart) == 8 &&
685 nsCRT::strncasecmp(challenge+algostart, "auth-int", 8) == 0)
686 *qop |= QOP_AUTH_INT;
687 }
688 }
689 }
690 return NS_OK;
691 }
692
693 nsresult
694 nsHttpDigestAuth::AppendQuotedString(const nsACString & value,
695 nsACString & aHeaderLine)
696 {
697 nsCAutoString quoted;
698 nsACString::const_iterator s, e;
699 value.BeginReading(s);
700 value.EndReading(e);
701
702 //
703 // Encode string according to RFC 2616 quoted-string production
704 //
705 quoted.Append('"');
706 for ( ; s != e; ++s) {
707 //
708 // CTL = <any US-ASCII control character (octets 0 - 31) and DEL (127)>
709 //
710 if (*s <= 31 || *s == 127) {
711 return NS_ERROR_FAILURE;
712 }
713
714 // Escape two syntactically significant characters
715 if (*s == '"' || *s == '\\') {
716 quoted.Append('\\');
717 }
718
719 quoted.Append(*s);
720 }
721 // FIXME: bug 41489
722 // We should RFC2047-encode non-Latin-1 values according to spec
723 quoted.Append('"');
724 aHeaderLine.Append(quoted);
725 return NS_OK;
726 }
727
728 // vim: ts=2 sw=2
Wine Gecko package