Back to index

lightning-sunbird  0.9+nobinonly
nsHttpDigestAuth.cpp
Go to the documentation of this file.
00001 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
00002  *
00003  * ***** BEGIN LICENSE BLOCK *****
00004  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
00005  *
00006  * The contents of this file are subject to the Mozilla Public License Version
00007  * 1.1 (the "License"); you may not use this file except in compliance with
00008  * the License. You may obtain a copy of the License at
00009  * http://www.mozilla.org/MPL/
00010  *
00011  * Software distributed under the License is distributed on an "AS IS" basis,
00012  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
00013  * for the specific language governing rights and limitations under the
00014  * License.
00015  *
00016  * The Original Code is mozilla.org code.
00017  *
00018  * The Initial Developer of the Original Code is
00019  * Netscape Communications Corporation.
00020  * Portions created by the Initial Developer are Copyright (C) 1998
00021  * the Initial Developer. All Rights Reserved.
00022  *
00023  * Contributor(s):
00024  *   Justin Bradford <jab@atdot.org> (original author of nsDigestAuth.cpp)
00025  *   An-Cheng Huang <pach@cs.cmu.edu>
00026  *   Darin Fisher <darin@netscape.com>
00027  *
00028  * Alternatively, the contents of this file may be used under the terms of
00029  * either the GNU General Public License Version 2 or later (the "GPL"), or
00030  * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
00031  * in which case the provisions of the GPL or the LGPL are applicable instead
00032  * of those above. If you wish to allow use of your version of this file only
00033  * under the terms of either the GPL or the LGPL, and not to allow others to
00034  * use your version of this file under the terms of the MPL, indicate your
00035  * decision by deleting the provisions above and replace them with the notice
00036  * and other provisions required by the GPL or the LGPL. If you do not delete
00037  * the provisions above, a recipient may use your version of this file under
00038  * the terms of any one of the MPL, the GPL or the LGPL.
00039  *
00040  * ***** END LICENSE BLOCK ***** */
00041 
00042 #include <stdlib.h>
00043 #include "nsHttp.h"
00044 #include "nsHttpDigestAuth.h"
00045 #include "nsIHttpChannel.h"
00046 #include "nsIServiceManager.h"
00047 #include "nsISignatureVerifier.h"
00048 #include "nsXPCOM.h"
00049 #include "nsISupportsPrimitives.h"
00050 #include "nsIURI.h"
00051 #include "nsString.h"
00052 #include "nsReadableUtils.h"
00053 #include "nsEscape.h"
00054 #include "plbase64.h"
00055 #include "plstr.h"
00056 #include "prprf.h"
00057 #include "prmem.h"
00058 #include "nsCRT.h"
00059 
00060 //-----------------------------------------------------------------------------
00061 // nsHttpDigestAuth <public>
00062 //-----------------------------------------------------------------------------
00063 
00064 nsHttpDigestAuth::nsHttpDigestAuth()
00065 {
00066   mVerifier = do_GetService("@mozilla.org/security/hash;1");
00067   mGotVerifier = (mVerifier != nsnull);
00068 
00069 #if defined(PR_LOGGING)
00070   if (mGotVerifier) {
00071     LOG(("nsHttpDigestAuth: Got signature_verifier\n"));
00072   } else {
00073     LOG(("nsHttpDigestAuth: No signature_verifier available\n"));
00074   }
00075 #endif
00076 }
00077 
00078 nsHttpDigestAuth::~nsHttpDigestAuth()
00079 {}
00080 
00081 //-----------------------------------------------------------------------------
00082 // nsHttpDigestAuth::nsISupports
00083 //-----------------------------------------------------------------------------
00084 
00085 NS_IMPL_ISUPPORTS1(nsHttpDigestAuth, nsIHttpAuthenticator)
00086 
00087 //-----------------------------------------------------------------------------
00088 // nsHttpDigestAuth <protected>
00089 //-----------------------------------------------------------------------------
00090 
00091 nsresult
00092 nsHttpDigestAuth::MD5Hash(const char *buf, PRUint32 len)
00093 {
00094   if (!mGotVerifier)
00095     return NS_ERROR_NOT_INITIALIZED;
00096 
00097   nsresult rv;
00098 
00099 
00100   rv = mVerifier->Init(nsICryptoHash::MD5);
00101   if (NS_FAILED(rv)) return rv;
00102 
00103   rv = mVerifier->Update((unsigned char*)buf, len);
00104   if (NS_FAILED(rv)) return rv;
00105 
00106   nsCAutoString hashString;
00107   rv = mVerifier->Finish(PR_FALSE, hashString);
00108   if (NS_FAILED(rv)) return rv;
00109   
00110   if (NS_SUCCEEDED(rv))
00111     memcpy(mHashBuf, hashString.get(), hashString.Length());
00112   return rv;
00113 }
00114 
00115 nsresult
00116 nsHttpDigestAuth::GetMethodAndPath(nsIHttpChannel *httpChannel,
00117                                    PRBool          isProxyAuth,
00118                                    nsCString      &httpMethod,
00119                                    nsCString      &path)
00120 {
00121   nsresult rv;
00122   nsCOMPtr<nsIURI> uri;
00123   rv = httpChannel->GetURI(getter_AddRefs(uri));
00124   if (NS_SUCCEEDED(rv)) {
00125     PRBool isSecure;
00126     rv = uri->SchemeIs("https", &isSecure);
00127     if (NS_SUCCEEDED(rv)) {
00128       //
00129       // if we are being called in response to a 407, and if the protocol
00130       // is HTTPS, then we are really using a CONNECT method.
00131       //
00132       if (isSecure && isProxyAuth) {
00133         httpMethod.AssignLiteral("CONNECT");
00134         //
00135         // generate hostname:port string. (unfortunately uri->GetHostPort
00136         // leaves out the port if it matches the default value, so we can't
00137         // just call it.)
00138         //
00139         PRInt32 port;
00140         rv  = uri->GetAsciiHost(path);
00141         rv |= uri->GetPort(&port);
00142         if (NS_SUCCEEDED(rv)) {
00143           path.Append(':');
00144           path.AppendInt(port < 0 ? NS_HTTPS_DEFAULT_PORT : port);
00145         }
00146       }
00147       else { 
00148         rv  = httpChannel->GetRequestMethod(httpMethod);
00149         rv |= uri->GetPath(path);
00150         if (NS_SUCCEEDED(rv)) {
00151           //
00152           // strip any fragment identifier from the URL path.
00153           //
00154           PRInt32 ref = path.RFindChar('#');
00155           if (ref != kNotFound)
00156             path.Truncate(ref);
00157           //
00158           // make sure we escape any UTF-8 characters in the URI path.  the
00159           // digest auth uri attribute needs to match the request-URI.
00160           //
00161           // XXX we should really ask the HTTP channel for this string
00162           // instead of regenerating it here.
00163           //
00164           nsCAutoString buf;
00165           path = NS_EscapeURL(path, esc_OnlyNonASCII, buf);
00166         }
00167       }
00168     }
00169   }
00170   return rv;
00171 }
00172 
00173 //-----------------------------------------------------------------------------
00174 // nsHttpDigestAuth::nsIHttpAuthenticator
00175 //-----------------------------------------------------------------------------
00176 
00177 NS_IMETHODIMP
00178 nsHttpDigestAuth::ChallengeReceived(nsIHttpChannel *httpChannel,
00179                                     const char *challenge,
00180                                     PRBool isProxyAuth,
00181                                     nsISupports **sessionState,
00182                                     nsISupports **continuationState,
00183                                     PRBool *result)
00184 {
00185   nsCAutoString realm, domain, nonce, opaque;
00186   PRBool stale;
00187   PRUint16 algorithm, qop;
00188 
00189   nsresult rv = ParseChallenge(challenge, realm, domain, nonce, opaque,
00190                                &stale, &algorithm, &qop);
00191   if (NS_FAILED(rv)) return rv;
00192 
00193   // if the challenge has the "stale" flag set, then the user identity is not
00194   // necessarily invalid.  by returning FALSE here we can suppress username
00195   // and password prompting that usually accompanies a 401/407 challenge.
00196   *result = !stale;
00197 
00198   // clear any existing nonce_count since we have a new challenge.
00199   NS_IF_RELEASE(*sessionState);
00200   return NS_OK;
00201 }
00202 
00203 NS_IMETHODIMP
00204 nsHttpDigestAuth::GenerateCredentials(nsIHttpChannel *httpChannel,
00205                                       const char *challenge,
00206                                       PRBool isProxyAuth,
00207                                       const PRUnichar *userdomain,
00208                                       const PRUnichar *username,
00209                                       const PRUnichar *password,
00210                                       nsISupports **sessionState,
00211                                       nsISupports **continuationState,
00212                                       char **creds)
00213 
00214 {
00215   LOG(("nsHttpDigestAuth::GenerateCredentials [challenge=%s]\n", challenge));
00216 
00217   NS_ENSURE_ARG_POINTER(creds);
00218 
00219   PRBool isDigestAuth = !PL_strncasecmp(challenge, "digest ", 7);
00220   NS_ENSURE_TRUE(isDigestAuth, NS_ERROR_UNEXPECTED);
00221 
00222   // IIS implementation requires extra quotes
00223   PRBool requireExtraQuotes = PR_FALSE;
00224   {
00225     nsCAutoString serverVal;
00226     httpChannel->GetResponseHeader(NS_LITERAL_CSTRING("Server"), serverVal);
00227     if (!serverVal.IsEmpty()) {
00228       requireExtraQuotes = !PL_strncasecmp(serverVal.get(), "Microsoft-IIS", 13);
00229     }
00230   }
00231 
00232   nsresult rv;
00233   nsCAutoString httpMethod;
00234   nsCAutoString path;
00235   rv = GetMethodAndPath(httpChannel, isProxyAuth, httpMethod, path);
00236   if (NS_FAILED(rv)) return rv;
00237 
00238   nsCAutoString realm, domain, nonce, opaque;
00239   PRBool stale;
00240   PRUint16 algorithm, qop;
00241 
00242   rv = ParseChallenge(challenge, realm, domain, nonce, opaque,
00243                       &stale, &algorithm, &qop);
00244   if (NS_FAILED(rv)) {
00245     LOG(("nsHttpDigestAuth::GenerateCredentials [ParseChallenge failed rv=%x]\n", rv));
00246     return rv;
00247   }
00248 
00249   char ha1_digest[EXPANDED_DIGEST_LENGTH+1];
00250   char ha2_digest[EXPANDED_DIGEST_LENGTH+1];
00251   char response_digest[EXPANDED_DIGEST_LENGTH+1];
00252   char upload_data_digest[EXPANDED_DIGEST_LENGTH+1];
00253 
00254   if (qop & QOP_AUTH_INT) {
00255     // we do not support auth-int "quality of protection" currently
00256     qop &= ~QOP_AUTH_INT;
00257 
00258     NS_WARNING("no support for Digest authentication with data integrity quality of protection");
00259 
00260     /* TODO: to support auth-int, we need to get an MD5 digest of
00261      * TODO: the data uploaded with this request.
00262      * TODO: however, i am not sure how to read in the file in without
00263      * TODO: disturbing the channel''s use of it. do i need to copy it 
00264      * TODO: somehow?
00265      */
00266 #if 0
00267     if (http_channel != nsnull)
00268     {
00269       nsIInputStream * upload;
00270       nsCOMPtr<nsIUploadChannel> uc = do_QueryInterface(http_channel);
00271       NS_ENSURE_TRUE(uc, NS_ERROR_UNEXPECTED);
00272       uc->GetUploadStream(&upload);
00273       if (upload) {
00274         char * upload_buffer;
00275         int upload_buffer_length = 0;
00276         //TODO: read input stream into buffer
00277         const char * digest = (const char*)
00278         nsNetwerkMD5Digest(upload_buffer, upload_buffer_length);
00279         ExpandToHex(digest, upload_data_digest);
00280         NS_RELEASE(upload);
00281       }
00282     }
00283 #endif
00284   }
00285 
00286   if (!(algorithm & ALGO_MD5 || algorithm & ALGO_MD5_SESS)) {
00287     // they asked only for algorithms that we do not support
00288     NS_WARNING("unsupported algorithm requested by Digest authentication");
00289     return NS_ERROR_NOT_IMPLEMENTED;
00290   }
00291 
00292   //
00293   // the following are for increasing security.  see RFC 2617 for more
00294   // information.
00295   // 
00296   // nonce_count allows the server to keep track of auth challenges (to help
00297   // prevent spoofing). we increase this count every time.
00298   //
00299   char nonce_count[NONCE_COUNT_LENGTH+1] = "00000001"; // in hex
00300   if (*sessionState) {
00301     nsCOMPtr<nsISupportsPRUint32> v(do_QueryInterface(*sessionState));
00302     if (v) {
00303       PRUint32 nc;
00304       v->GetData(&nc);
00305       PR_snprintf(nonce_count, sizeof(nonce_count), "%08x", ++nc);
00306       v->SetData(nc);
00307     }
00308   }
00309   else {
00310     nsCOMPtr<nsISupportsPRUint32> v(
00311             do_CreateInstance(NS_SUPPORTS_PRUINT32_CONTRACTID, &rv));
00312     if (v) {        
00313       v->SetData(1);
00314       NS_ADDREF(*sessionState = v);
00315     }
00316   }
00317   LOG(("   nonce_count=%s\n", nonce_count));
00318 
00319   //
00320   // this lets the client verify the server response (via a server
00321   // returned Authentication-Info header). also used for session info.
00322   //
00323   nsCAutoString cnonce;
00324   static const char hexChar[] = "0123456789abcdef"; 
00325   for (int i=0; i<16; ++i) {
00326     cnonce.Append(hexChar[(int)(15.0 * rand()/(RAND_MAX + 1.0))]);
00327   }
00328   LOG(("   cnonce=%s\n", cnonce.get()));
00329 
00330   //
00331   // calculate credentials
00332   //
00333 
00334   NS_ConvertUCS2toUTF8 cUser(username), cPass(password);
00335   rv = CalculateHA1(cUser, cPass, realm, algorithm, nonce, cnonce, ha1_digest);
00336   if (NS_FAILED(rv)) return rv;
00337 
00338   rv = CalculateHA2(httpMethod, path, qop, upload_data_digest, ha2_digest);
00339   if (NS_FAILED(rv)) return rv;
00340 
00341   rv = CalculateResponse(ha1_digest, ha2_digest, nonce, qop, nonce_count,
00342                          cnonce, response_digest);
00343   if (NS_FAILED(rv)) return rv;
00344 
00345   //
00346   // Values that need to match the quoted-string production from RFC 2616:
00347   //
00348   //    username
00349   //    realm
00350   //    nonce
00351   //    opaque
00352   //    cnonce
00353   //
00354 
00355   nsCAutoString authString;
00356 
00357   authString.AssignLiteral("Digest username=");
00358   rv = AppendQuotedString(cUser, authString);
00359   NS_ENSURE_SUCCESS(rv, rv);
00360 
00361   authString.AppendLiteral(", realm=");
00362   rv = AppendQuotedString(realm, authString);
00363   NS_ENSURE_SUCCESS(rv, rv);
00364 
00365   authString.AppendLiteral(", nonce=");
00366   rv = AppendQuotedString(nonce, authString);
00367   NS_ENSURE_SUCCESS(rv, rv);
00368 
00369   authString.AppendLiteral(", uri=\"");
00370   authString += path;
00371   if (algorithm & ALGO_SPECIFIED) {
00372     authString.AppendLiteral("\", algorithm=");
00373     if (algorithm & ALGO_MD5_SESS)
00374       authString.AppendLiteral("MD5-sess");
00375     else
00376       authString.AppendLiteral("MD5");
00377   } else {
00378     authString += '\"';
00379   }
00380   authString.AppendLiteral(", response=\"");
00381   authString += response_digest;
00382   authString += '\"';
00383 
00384   if (!opaque.IsEmpty()) {
00385     authString.AppendLiteral(", opaque=");
00386     rv = AppendQuotedString(opaque, authString);
00387     NS_ENSURE_SUCCESS(rv, rv);
00388   }
00389 
00390   if (qop) {
00391     authString.AppendLiteral(", qop=");
00392     if (requireExtraQuotes)
00393       authString += '\"';
00394     authString.AppendLiteral("auth");
00395     if (qop & QOP_AUTH_INT)
00396       authString.AppendLiteral("-int");
00397     if (requireExtraQuotes)
00398       authString += '\"';
00399     authString.AppendLiteral(", nc=");
00400     authString += nonce_count;
00401 
00402     authString.AppendLiteral(", cnonce=");
00403     rv = AppendQuotedString(cnonce, authString);
00404     NS_ENSURE_SUCCESS(rv, rv);
00405   }
00406 
00407 
00408   *creds = ToNewCString(authString);
00409   return NS_OK;
00410 }
00411 
00412 NS_IMETHODIMP
00413 nsHttpDigestAuth::GetAuthFlags(PRUint32 *flags)
00414 {
00415   *flags = REQUEST_BASED | REUSABLE_CHALLENGE;
00416   //
00417   // NOTE: digest auth credentials must be uniquely computed for each request,
00418   //       so we do not set the REUSABLE_CREDENTIALS flag.
00419   //
00420   return NS_OK;
00421 }
00422 
00423 nsresult
00424 nsHttpDigestAuth::CalculateResponse(const char * ha1_digest,
00425                                     const char * ha2_digest,
00426                                     const nsAFlatCString & nonce,
00427                                     PRUint16 qop,
00428                                     const char * nonce_count,
00429                                     const nsAFlatCString & cnonce,
00430                                     char * result)
00431 {
00432   PRUint32 len = 2*EXPANDED_DIGEST_LENGTH + nonce.Length() + 2;
00433 
00434   if (qop & QOP_AUTH || qop & QOP_AUTH_INT) {
00435     len += cnonce.Length() + NONCE_COUNT_LENGTH + 3;
00436     if (qop & QOP_AUTH_INT)
00437       len += 8; // length of "auth-int"
00438     else
00439       len += 4; // length of "auth"
00440   }
00441 
00442   nsCAutoString contents;
00443   contents.SetCapacity(len);
00444 
00445   contents.Assign(ha1_digest, EXPANDED_DIGEST_LENGTH);
00446   contents.Append(':');
00447   contents.Append(nonce);
00448   contents.Append(':');
00449 
00450   if (qop & QOP_AUTH || qop & QOP_AUTH_INT) {
00451     contents.Append(nonce_count, NONCE_COUNT_LENGTH);
00452     contents.Append(':');
00453     contents.Append(cnonce);
00454     contents.Append(':');
00455     if (qop & QOP_AUTH_INT)
00456       contents.AppendLiteral("auth-int:");
00457     else
00458       contents.AppendLiteral("auth:");
00459   }
00460 
00461   contents.Append(ha2_digest, EXPANDED_DIGEST_LENGTH);
00462 
00463   nsresult rv = MD5Hash(contents.get(), contents.Length());
00464   if (NS_SUCCEEDED(rv))
00465     rv = ExpandToHex(mHashBuf, result);
00466   return rv;
00467 }
00468 
00469 nsresult
00470 nsHttpDigestAuth::ExpandToHex(const char * digest, char * result)
00471 {
00472   PRInt16 index, value;
00473 
00474   for (index = 0; index < DIGEST_LENGTH; index++) {
00475     value = (digest[index] >> 4) & 0xf;
00476     if (value < 10)
00477       result[index*2] = value + '0';
00478     else
00479       result[index*2] = value - 10 + 'a';
00480 
00481     value = digest[index] & 0xf;
00482     if (value < 10)
00483       result[(index*2)+1] = value + '0';
00484     else
00485       result[(index*2)+1] = value - 10 + 'a';
00486   }
00487 
00488   result[EXPANDED_DIGEST_LENGTH] = 0;
00489   return NS_OK;
00490 }
00491 
00492 nsresult
00493 nsHttpDigestAuth::CalculateHA1(const nsAFlatCString & username,
00494                                const nsAFlatCString & password,
00495                                const nsAFlatCString & realm,
00496                                PRUint16 algorithm,
00497                                const nsAFlatCString & nonce,
00498                                const nsAFlatCString & cnonce,
00499                                char * result)
00500 {
00501   PRInt16 len = username.Length() + password.Length() + realm.Length() + 2;
00502   if (algorithm & ALGO_MD5_SESS) {
00503     PRInt16 exlen = EXPANDED_DIGEST_LENGTH + nonce.Length() + cnonce.Length() + 2;
00504     if (exlen > len)
00505         len = exlen;
00506   }
00507 
00508   nsCAutoString contents;
00509   contents.SetCapacity(len + 1);
00510 
00511   contents.Assign(username);
00512   contents.Append(':');
00513   contents.Append(realm);
00514   contents.Append(':');
00515   contents.Append(password);
00516 
00517   nsresult rv;
00518   rv = MD5Hash(contents.get(), contents.Length());
00519   if (NS_FAILED(rv))
00520     return rv;
00521 
00522   if (algorithm & ALGO_MD5_SESS) {
00523     char part1[EXPANDED_DIGEST_LENGTH+1];
00524     ExpandToHex(mHashBuf, part1);
00525 
00526     contents.Assign(part1, EXPANDED_DIGEST_LENGTH);
00527     contents.Append(':');
00528     contents.Append(nonce);
00529     contents.Append(':');
00530     contents.Append(cnonce);
00531 
00532     rv = MD5Hash(contents.get(), contents.Length());
00533     if (NS_FAILED(rv))
00534       return rv;
00535   }
00536 
00537   return ExpandToHex(mHashBuf, result);
00538 }
00539 
00540 nsresult
00541 nsHttpDigestAuth::CalculateHA2(const nsAFlatCString & method,
00542                                const nsAFlatCString & path,
00543                                PRUint16 qop,
00544                                const char * bodyDigest,
00545                                char * result)
00546 {
00547   PRInt16 methodLen = method.Length();
00548   PRInt16 pathLen = path.Length();
00549   PRInt16 len = methodLen + pathLen + 1;
00550 
00551   if (qop & QOP_AUTH_INT) {
00552     len += EXPANDED_DIGEST_LENGTH + 1;
00553   }
00554 
00555   nsCAutoString contents;
00556   contents.SetCapacity(len);
00557 
00558   contents.Assign(method);
00559   contents.Append(':');
00560   contents.Append(path);
00561 
00562   if (qop & QOP_AUTH_INT) {
00563     contents.Append(':');
00564     contents.Append(bodyDigest, EXPANDED_DIGEST_LENGTH);
00565   }
00566 
00567   nsresult rv = MD5Hash(contents.get(), contents.Length());
00568   if (NS_SUCCEEDED(rv))
00569     rv = ExpandToHex(mHashBuf, result);
00570   return rv;
00571 }
00572 
00573 nsresult
00574 nsHttpDigestAuth::ParseChallenge(const char * challenge,
00575                                  nsACString & realm,
00576                                  nsACString & domain,
00577                                  nsACString & nonce,
00578                                  nsACString & opaque,
00579                                  PRBool * stale,
00580                                  PRUint16 * algorithm,
00581                                  PRUint16 * qop)
00582 {
00583   const char *p = challenge + 7; // first 7 characters are "Digest "
00584 
00585   *stale = PR_FALSE;
00586   *algorithm = ALGO_MD5; // default is MD5
00587   *qop = 0;
00588 
00589   for (;;) {
00590     while (*p && (*p == ',' || nsCRT::IsAsciiSpace(*p)))
00591       ++p;
00592     if (!*p)
00593       break;
00594 
00595     // name
00596     PRInt16 nameStart = (p - challenge);
00597     while (*p && !nsCRT::IsAsciiSpace(*p) && *p != '=') 
00598       ++p;
00599     if (!*p)
00600       return NS_ERROR_INVALID_ARG;
00601     PRInt16 nameLength = (p - challenge) - nameStart;
00602 
00603     while (*p && (nsCRT::IsAsciiSpace(*p) || *p == '=')) 
00604       ++p;
00605     if (!*p) 
00606       return NS_ERROR_INVALID_ARG;
00607 
00608     PRBool quoted = PR_FALSE;
00609     if (*p == '"') {
00610       ++p;
00611       quoted = PR_TRUE;
00612     }
00613 
00614     // value
00615     PRInt16 valueStart = (p - challenge);
00616     PRInt16 valueLength = 0;
00617     if (quoted) {
00618       while (*p && *p != '"') 
00619         ++p;
00620       if (*p != '"') 
00621         return NS_ERROR_INVALID_ARG;
00622       valueLength = (p - challenge) - valueStart;
00623       ++p;
00624     } else {
00625       while (*p && !nsCRT::IsAsciiSpace(*p) && *p != ',') 
00626         ++p; 
00627       valueLength = (p - challenge) - valueStart;
00628     }
00629 
00630     // extract information
00631     if (nameLength == 5 &&
00632         nsCRT::strncasecmp(challenge+nameStart, "realm", 5) == 0)
00633     {
00634       realm.Assign(challenge+valueStart, valueLength);
00635     }
00636     else if (nameLength == 6 &&
00637         nsCRT::strncasecmp(challenge+nameStart, "domain", 6) == 0)
00638     {
00639       domain.Assign(challenge+valueStart, valueLength);
00640     }
00641     else if (nameLength == 5 &&
00642         nsCRT::strncasecmp(challenge+nameStart, "nonce", 5) == 0)
00643     {
00644       nonce.Assign(challenge+valueStart, valueLength);
00645     }
00646     else if (nameLength == 6 &&
00647         nsCRT::strncasecmp(challenge+nameStart, "opaque", 6) == 0)
00648     {
00649       opaque.Assign(challenge+valueStart, valueLength);
00650     }
00651     else if (nameLength == 5 &&
00652         nsCRT::strncasecmp(challenge+nameStart, "stale", 5) == 0)
00653     {
00654       if (nsCRT::strncasecmp(challenge+valueStart, "true", 4) == 0)
00655         *stale = PR_TRUE;
00656       else
00657         *stale = PR_FALSE;
00658     }
00659     else if (nameLength == 9 &&
00660         nsCRT::strncasecmp(challenge+nameStart, "algorithm", 9) == 0)
00661     {
00662       // we want to clear the default, so we use = not |= here
00663       *algorithm = ALGO_SPECIFIED;
00664       if (valueLength == 3 &&
00665           nsCRT::strncasecmp(challenge+valueStart, "MD5", 3) == 0)
00666         *algorithm |= ALGO_MD5;
00667       else if (valueLength == 8 &&
00668           nsCRT::strncasecmp(challenge+valueStart, "MD5-sess", 8) == 0)
00669         *algorithm |= ALGO_MD5_SESS;
00670     }
00671     else if (nameLength == 3 &&
00672         nsCRT::strncasecmp(challenge+nameStart, "qop", 3) == 0)
00673     {
00674       PRInt16 ipos = valueStart;
00675       while (ipos < valueStart+valueLength) {
00676         while (ipos < valueStart+valueLength &&
00677                (nsCRT::IsAsciiSpace(challenge[ipos]) ||
00678                 challenge[ipos] == ',')) 
00679           ipos++;
00680         PRInt16 algostart = ipos;
00681         while (ipos < valueStart+valueLength &&
00682                !nsCRT::IsAsciiSpace(challenge[ipos]) &&
00683                challenge[ipos] != ',') 
00684           ipos++;
00685         if ((ipos - algostart) == 4 &&
00686             nsCRT::strncasecmp(challenge+algostart, "auth", 4) == 0)
00687           *qop |= QOP_AUTH;
00688         else if ((ipos - algostart) == 8 &&
00689             nsCRT::strncasecmp(challenge+algostart, "auth-int", 8) == 0)
00690           *qop |= QOP_AUTH_INT;
00691       }
00692     }
00693   }
00694   return NS_OK;
00695 }
00696 
00697 nsresult
00698 nsHttpDigestAuth::AppendQuotedString(const nsACString & value,
00699                                      nsACString & aHeaderLine)
00700 {
00701   nsCAutoString quoted;
00702   nsACString::const_iterator s, e;
00703   value.BeginReading(s);
00704   value.EndReading(e);
00705 
00706   //
00707   // Encode string according to RFC 2616 quoted-string production
00708   //
00709   quoted.Append('"');
00710   for ( ; s != e; ++s) {
00711     //
00712     // CTL = <any US-ASCII control character (octets 0 - 31) and DEL (127)>
00713     //
00714     if (*s <= 31 || *s == 127) {
00715       return NS_ERROR_FAILURE;
00716     }
00717 
00718     // Escape two syntactically significant characters
00719     if (*s == '"' || *s == '\\') {
00720       quoted.Append('\\');
00721     }
00722 
00723     quoted.Append(*s);
00724   }
00725   // FIXME: bug 41489
00726   // We should RFC2047-encode non-Latin-1 values according to spec
00727   quoted.Append('"');
00728   aHeaderLine.Append(quoted);
00729   return NS_OK;
00730 }
00731 
00732 // vim: ts=2 sw=2