2 files changed, 531 insertions, 0 deletions
diff --git a/tinyHTTP/src/auth/thttp_auth.c b/tinyHTTP/src/auth/thttp_auth.c
new file mode 100644
index 0000000..3b996ba
--- /dev/null
+++ b/tinyHTTP/src/auth/thttp_auth.c
@@ -0,0 +1,234 @@
+/*
+* Copyright (C) 2009-2010 Mamadou Diop.
+*
+* Contact: Mamadou Diop <diopmamadou(at)doubango.org>
+*	
+* This file is part of Open Source Doubango Framework.
+*
+* DOUBANGO is free software: you can redistribute it and/or modify
+* it under the terms of the GNU General Public License as published by
+* the Free Software Foundation, either version 3 of the License, or
+* (at your option) any later version.
+*	
+* DOUBANGO is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+* GNU General Public License for more details.
+*	
+* You should have received a copy of the GNU General Public License
+* along with DOUBANGO.
+*
+*/
+/**@file thttp_auth.c
+ * @brief HTTP basic/digest authetication (RFC 2617) implementations.
+ *
+ * @author Mamadou Diop <diopmamadou(at)doubango.org>
+ *
+ * @date Created: Sat Nov 8 16:54:58 2009 mdiop
+ */
+#include "tinyhttp/auth/thttp_auth.h"
+
+#include "tsk_string.h"
+#include "tsk_base64.h"
+#include "tsk_buffer.h"
+#include "tsk_memory.h"
+
+#include <string.h>
+
+/**@defgroup thttp_auth_group HTTP basic/digest authentication (RFC 2617)
+*/
+
+/**@ingroup thttp_auth_group
+ *
+ * Generates HTTP-basic response as per RFC 2617.
+ *
+ * @param [in,out]	userid		The user-id. 
+ * @param [in,out]	password	The user-password.
+ * @param [in,out]	response	A pointer to the response. It will be up to the caller to free the newly allocated buffer. 
+ *
+ * @return	The size of the response. 
+**/
+tsk_size_t thttp_auth_basic_response(const char* userid, const char* password, char** response)
+{
+	tsk_size_t ret;
+
+	/* RFC 2617 - 2 Basic Authentication Scheme
+	
+	To receive authorization, the client sends the userid and password,
+	separated by a single colon (":") character, within a base64 [7]
+	encoded string in the credentials.
+	*/
+	
+	char *res = 0;
+	tsk_sprintf(&res, "%s:%s", userid, password);
+	ret = tsk_base64_encode((const uint8_t*)res, tsk_strlen(res), response);
+	TSK_FREE(res);
+
+	return ret;
+}
+
+
+/**@ingroup thttp_auth_group
+ * Generates digest HA1 value as per RFC 2617 subclause 3.2.2.2. 
+ *
+ *
+ * @param [in,out]	username	The user's name (unquoted) in the specified @a realm. 
+ * @param [in,out]	realm		The realm. (unquoted) 
+ * @param [in,out]	password	The user's password. 
+ * @param [in,out]	ha1			A pointer to the result. 
+ *
+ * @return	Zero if succeed and non-zero error code otherwise. 
+**/
+int thttp_auth_digest_HA1(const char* username, const char* realm, const char* password, tsk_md5string_t* ha1)
+{
+	int ret;
+
+	/* RFC 2617 - 3.2.2.2 A1
+		A1       = unq(username-value) ":" unq(realm-value) ":" passwd
+	*/
+	char *a1 = 0;
+	tsk_sprintf(&a1, "%s:%s:%s", username, realm, password);	
+	ret = tsk_md5compute(a1, tsk_strlen(a1), ha1);
+	TSK_FREE(a1);
+	
+	return ret;
+}
+
+/**@ingroup thttp_auth_group
+ *
+ * Generates digest HA1 value for 'MD5-sess' algo as per RFC 2617 subclause 3.2.2.2.
+ *
+ *
+ * @param [in,out]	username	The user's name (unquoted) in the specified @a realm.
+ * @param [in,out]	realm		The realm (unquoted). 
+ * @param [in,out]	password	The user's password.  
+ * @param [in,out]	nonce		The nonce (unquoted).
+ * @param [in,out]	cnonce		The client nonce (unquoted).
+ * @param [in,out]	ha1sess		A pointer to the result. 
+ *
+ * @return	Zero if succeed and non-zero error code otherwise. 
+**/
+int thttp_auth_digest_HA1sess(const char* username, const char* realm, const char* password, const char* nonce, const char* cnonce, tsk_md5string_t* ha1sess)
+{
+	int ret;
+
+	/* RFC 2617 - 3.2.2.2 A1
+			A1       = H( unq(username-value) ":" unq(realm-value)
+                     ":" passwd )
+                     ":" unq(nonce-value) ":" unq(cnonce-value)
+	*/
+
+	char *a1sess = 0;
+	tsk_sprintf(&a1sess, "%s:%s:%s:%s:%s", username, realm, password, nonce, cnonce);	
+	ret = tsk_md5compute(a1sess, tsk_strlen(a1sess), ha1sess);
+	TSK_FREE(a1sess);
+
+	return ret;
+}
+
+/**@ingroup thttp_auth_group
+ * Generates digest HA2 value as per RFC 2617 subclause 3.2.2.3. 
+ *
+ *
+ * @param [in,out]	method		The HTTP/SIP method name. 
+ * @param [in,out]	url			The HTTP URL or SIP URI of the request. 
+ * @param [in,out]	entity_body	The entity body. 
+ * @param [in,out]	qop			The Quality Of Protection.
+ * @param [in,out]	ha2			A pointer to the response. 
+ *
+ * @return	Zero if succeed and non-zero error code otherwise. 
+**/
+int thttp_auth_digest_HA2(const char* method, const char* url, const tsk_buffer_t* entity_body, const char* qop, tsk_md5string_t* ha2)
+{
+	int ret;
+	/* RFC 2617 - 3.2.2.3 A2
+
+	If the "qop" directive's value is "auth" or is unspecified, then A2
+	is:
+	A2       = Method ":" digest-url-value
+
+	If the "qop" value is "auth-int", then A2 is:
+	A2       = Method ":" digest-url-value ":" H(entity-body)
+	*/
+
+	char *a2 = 0;
+
+	if(!qop || tsk_strempty(qop) || tsk_striequals(qop, "auth")){
+		tsk_sprintf(&a2, "%s:%s", method, url);
+	}
+	else if(tsk_striequals(qop, "auth-int"))
+	{
+		if(entity_body && entity_body->data){
+			tsk_md5string_t hEntity;
+			if((ret = tsk_md5compute(entity_body->data, entity_body->size, &hEntity))){
+				goto bail;
+			}
+			tsk_sprintf(&a2, "%s:%s:%s", method, url, hEntity);
+		}
+		else{
+			tsk_sprintf(&a2, "%s:%s:%s", method, url, TSK_MD5_EMPTY);
+		}
+	}
+
+	ret = tsk_md5compute(a2, tsk_strlen(a2), ha2);
+
+bail:
+	 TSK_FREE(a2);
+
+	 return ret;
+}
+
+
+/**@ingroup thttp_auth_group
+ *
+ * Generates HTTP digest response as per RFC 2617 subclause 3.2.2.1.
+ *
+ * @param [in,out]	ha1			HA1 string generated using  @ref thttp_auth_digest_HA1 or @ref thttp_auth_digest_HA1sess.
+ * @param [in,out]	nonce		The nonce value. 
+ * @param [in,out]	noncecount	The nonce count.
+ * @param [in,out]	cnonce		The client nounce (unquoted).
+ * @param [in,out]	qop			The Quality Of Protection (unquoted).
+ * @param [in,out]	ha2			HA2 string generated using @ref thttp_auth_digest_HA2.
+ * @param [in,out]	response	A pointer to the response.
+ *
+ * @return	Zero if succeed and non-zero error code otherwise. 
+**/
+int thttp_auth_digest_response(const tsk_md5string_t *ha1, const char* nonce, const nonce_count_t noncecount, const char* cnonce, 
+							   const char* qop, const tsk_md5string_t* ha2, tsk_md5string_t* response)
+{
+	int ret;
+
+	/* RFC 2617 3.2.2.1 Request-Digest
+
+	============ CASE 1 ============
+	If the "qop" value is "auth" or "auth-int":
+	request-digest  = <"> < KD ( H(A1),     unq(nonce-value)
+	":" nc-value
+	":" unq(cnonce-value)
+	":" unq(qop-value)
+	":" H(A2)
+	) <">
+	============ CASE 2 ============
+	If the "qop" directive is not present (this construction is for
+	compatibility with RFC 2069):
+	request-digest  =
+	<"> < KD ( H(A1), unq(nonce-value) ":" H(A2) ) >
+	<">
+	*/
+
+	char *res = 0;
+
+	if(tsk_striequals(qop, "auth") || tsk_striequals(qop, "auth-int")){
+		/* CASE 1 */
+		tsk_sprintf(&res, "%s:%s:%s:%s:%s:%s", *ha1, nonce, noncecount, cnonce, qop, *ha2);
+	}
+	else{
+		/* CASE 2 */
+		tsk_sprintf(&res, "%s:%s:%s", *ha1, nonce, *ha2);
+	}
+
+	ret = tsk_md5compute(res, tsk_strlen(res), response);
+	TSK_FREE(res);
+
+	 return ret;
+}
diff --git a/tinyHTTP/src/auth/thttp_challenge.c b/tinyHTTP/src/auth/thttp_challenge.c
new file mode 100644
index 0000000..bf0e184
--- /dev/null
+++ b/tinyHTTP/src/auth/thttp_challenge.c
@@ -0,0 +1,297 @@
+/*
+* Copyright (C) 2009-2010 Mamadou Diop.
+*
+* Contact: Mamadou Diop <diopmamadou(at)doubango.org>
+*	
+* This file is part of Open Source Doubango Framework.
+*
+* DOUBANGO is free software: you can redistribute it and/or modify
+* it under the terms of the GNU General Public License as published by
+* the Free Software Foundation, either version 3 of the License, or
+* (at your option) any later version.
+*	
+* DOUBANGO is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+* GNU General Public License for more details.
+*	
+* You should have received a copy of the GNU General Public License
+* along with DOUBANGO.
+*
+*/
+
+/**@file thttp_challenge.c
+ * @brief HTTP authentication challenge.
+ *
+ * @author Mamadou Diop <diopmamadou(at)doubango.org>
+ *
+ * @date Created: Sat Nov 8 16:54:58 2009 mdiop
+ */
+#include "tinyhttp/auth/thttp_challenge.h"
+
+#include "thttp.h"
+
+#include "tinyhttp/headers/thttp_header_Authorization.h"
+
+#include "tsk_string.h"
+#include "tsk_debug.h"
+#include "tsk_memory.h"
+#include "tsk_base64.h"
+#include "tsk_hmac.h"
+
+#include <string.h>
+
+#define THTTP_CHALLENGE_IS_DIGEST(self)	((self) ? tsk_striequals((self)->scheme, "Digest") : tsk_false)
+#define THTTP_CHALLENGE_IS_BASIC(self)	((self) ? tsk_striequals((self)->scheme, "Basic") : tsk_false)
+#define THTTP_CHALLENGE_IS_AKAv1(self)	((self) ? tsk_striequals((self)->algorithm, "AKAv1-MD5") : tsk_false)
+#define THTTP_CHALLENGE_IS_AKAv2(self)	((self) ? tsk_striequals((self)->algorithm, "AKAv2-MD5") : tsk_false)
+
+thttp_challenge_t* thttp_challenge_create(tsk_bool_t isproxy,const char* scheme, const char* realm, const char* nonce, const char* opaque, const char* algorithm, const char* qop)
+{
+	return tsk_object_new(thttp_challenge_def_t, isproxy, scheme, realm, nonce, opaque, algorithm, qop);
+}
+
+int thttp_challenge_reset_cnonce(thttp_challenge_t *self)
+{
+	if(self)
+	{
+		if(self->qop) /* client nonce is only used if qop=auth, auth-int or both */
+		{
+#if 0
+			memcpy(self->cnonce, "f221681c1e42fb5f8f9957bf7e72eb2b", 32);
+#else
+			tsk_istr_t istr;
+			
+			tsk_strrandom(&istr);
+			tsk_md5compute(istr, tsk_strlen(istr), &self->cnonce);
+#endif
+			self->nc = 1;
+		}
+	}
+	return -1;
+}
+
+int thttp_challenge_get_digest_response(thttp_challenge_t *self, const char* username, const char* password, const char* method, const char* uristring, const tsk_buffer_t* entity_body, char** response)
+{
+	if(THTTP_CHALLENGE_IS_DIGEST(self)){
+		tsk_md5string_t ha1, ha2, md5_response;
+		nonce_count_t nc;
+
+		/* ===
+			Calculate HA1 = MD5(A1) = M5(username:realm:secret)
+		*/
+		thttp_auth_digest_HA1(username, self->realm, password, &ha1);
+		
+		/* ===
+			HA2 
+		*/
+		thttp_auth_digest_HA2(method,
+			uristring,
+			entity_body,
+			self->qop,
+			&ha2);
+
+		/* RESPONSE */
+		if(self->nc){
+			THTTP_NCOUNT_2_STRING(self->nc, nc);
+		}
+		thttp_auth_digest_response((const tsk_md5string_t *)&ha1, 
+			self->nonce,
+			nc,
+			self->cnonce,
+			self->qop,
+			(const tsk_md5string_t *)&ha2,
+			&md5_response);
+		
+		if(self->qop){
+			self->nc++;
+		}
+		if(response && !*response){
+			*response = tsk_strdup(md5_response);
+		}
+
+		return 0;
+	}
+	return -1;
+}
+
+int thttp_challenge_update(thttp_challenge_t *self, const char* scheme, const char* realm, const char* nonce, const char* opaque, const char* algorithm, const char* qop)
+{
+	if(self)
+	{
+		int noncechanged = !tsk_striequals(self->nonce, nonce);
+
+		tsk_strupdate(&self->scheme, scheme);
+		tsk_strupdate(&self->realm, realm);
+		tsk_strupdate(&self->nonce, nonce);
+		tsk_strupdate(&self->opaque, opaque);
+		tsk_strupdate(&self->algorithm, algorithm);
+		if(qop){
+			self->qop = tsk_strcontains(qop, tsk_strlen(qop), "auth-int") ? "auth-int" : 
+					(tsk_strcontains(qop, tsk_strlen(qop), "auth") ? "auth" : tsk_null);
+		}
+
+		if(noncechanged && self->qop){
+			thttp_challenge_reset_cnonce(self);
+		}
+		return 0;
+	}
+	return -1;
+}
+
+thttp_header_t *thttp_challenge_create_header_authorization(thttp_challenge_t *self, const char* username, const char* password, const thttp_request_t *request)
+{
+	char* response = tsk_null;
+	tsk_size_t response_size = 0;
+	nonce_count_t nc;
+	char *uristring = tsk_null;
+	thttp_header_t *header = 0;
+
+	if(!self || !request || !request->line.request.url){
+		goto bail;
+	}
+
+	/* Sets URI: hpath do not start with / ==> append a '/'*/
+	tsk_sprintf(&uristring, "/%s", request->line.request.url->hpath ? request->line.request.url->hpath : "");
+
+	/* We compute the nc here because @ref thttp_challenge_get_response function will increment it's value. */
+	if(self->nc){
+		THTTP_NCOUNT_2_STRING(self->nc, nc);
+	}
+
+	/* Computes the response (Basic and Digest)*/
+	if(THTTP_CHALLENGE_IS_DIGEST(self)){
+		if(thttp_challenge_get_digest_response(self, username, password, request->line.request.method, uristring, request->Content, &response)){
+			goto bail;
+		}
+		response_size = (TSK_MD5_DIGEST_SIZE*2);
+	}
+	else if(THTTP_CHALLENGE_IS_BASIC(self)){
+		response_size = thttp_auth_basic_response(username, password, &response);
+	}
+	else{
+		TSK_DEBUG_ERROR("%s not supported as scheme.", self->scheme);
+		goto bail;
+	}
+
+
+#define THTTP_AUTH_COPY_VALUES(hdr)															\
+		hdr->username = tsk_strdup(username);												\
+		hdr->scheme = tsk_strdup(self->scheme);												\
+		hdr->realm = tsk_strdup(self->realm);												\
+		hdr->nonce = tsk_strdup(self->nonce);												\
+		hdr->qop = tsk_strdup(self->qop);													\
+		hdr->opaque = tsk_strdup(self->opaque);												\
+		hdr->algorithm = self->algorithm ? tsk_strdup(self->algorithm) : tsk_strdup("MD5");	\
+		hdr->cnonce = self->nc? tsk_strdup(self->cnonce) : 0;								\
+		hdr->uri = tsk_strdup(uristring);													\
+		hdr->nc = self->nc? tsk_strdup(nc) : 0;												\
+		hdr->response = tsk_strndup(response, response_size);								\
+
+	if(self->isproxy){
+		thttp_header_Proxy_Authorization_t *proxy_auth = thttp_header_authorization_create(); // Very bad way to create Proxy_auth header.
+		THTTP_HEADER(proxy_auth)->type = thttp_htype_Proxy_Authorization;
+
+		THTTP_AUTH_COPY_VALUES(proxy_auth);
+		header = THTTP_HEADER(proxy_auth);
+	}
+	else{
+		thttp_header_Authorization_t *auth = thttp_header_authorization_create();
+		THTTP_AUTH_COPY_VALUES(auth);
+		header = THTTP_HEADER(auth);
+	}
+
+bail:
+	TSK_FREE(uristring);
+	TSK_FREE(response);
+
+	return header;
+
+#undef THTTP_AUTH_COPY_VALUES
+}
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+//========================================================
+//	HTTP challenge object definition
+//
+
+/**@ingroup thttp_challenge_group
+*/
+static tsk_object_t* thttp_challenge_ctor(tsk_object_t *self, va_list * app)
+{
+	thttp_challenge_t *challenge = self;
+	if(challenge){
+		const char* qop;
+
+		challenge->isproxy = va_arg(*app, tsk_bool_t);
+		challenge->scheme = tsk_strdup(va_arg(*app, const char*));
+		challenge->realm = tsk_strdup(va_arg(*app, const char*));
+		challenge->nonce = tsk_strdup(va_arg(*app, const char*));
+		challenge->opaque = tsk_strdup(va_arg(*app, const char*));
+		challenge->algorithm = tsk_strdup(va_arg(*app, const char*));
+		qop = va_arg(*app, const char*);
+		if(qop){
+			challenge->qop = tsk_strcontains(qop, tsk_strlen(qop), "auth-int") ? "auth-int" : 
+					(tsk_strcontains(qop, tsk_strlen(qop), "auth") ? "auth" : tsk_null);
+		}
+		
+		if(challenge->qop){
+			thttp_challenge_reset_cnonce(challenge);
+		}
+	}
+	else TSK_DEBUG_ERROR("Failed to create new http challenge object.");
+	
+	return self;
+}
+
+/**@ingroup thttp_challenge_group
+*/
+static tsk_object_t* thttp_challenge_dtor(tsk_object_t *self)
+{
+	thttp_challenge_t *challenge = self;
+	if(challenge){
+		TSK_FREE(challenge->scheme);
+		TSK_FREE(challenge->realm);
+		TSK_FREE(challenge->nonce);
+		TSK_FREE(challenge->opaque);
+		TSK_FREE(challenge->algorithm);
+		
+		//TSK_FREE(challenge->qop);
+	}
+	else{
+		TSK_DEBUG_ERROR("Null HTTP challenge object.");
+	}
+
+	return self;
+}
+
+static const tsk_object_def_t thttp_challenge_def_s = 
+{
+	sizeof(thttp_challenge_t),
+	thttp_challenge_ctor,
+	thttp_challenge_dtor,
+	tsk_null
+};
+const tsk_object_def_t *thttp_challenge_def_t = &thttp_challenge_def_s;