Panda3D
httpDigestAuthorization.h
Go to the documentation of this file.
1 /**
2  * PANDA 3D SOFTWARE
3  * Copyright (c) Carnegie Mellon University. All rights reserved.
4  *
5  * All use of this software is subject to the terms of the revised BSD
6  * license. You should have received a copy of this license along
7  * with this source code in a file named "LICENSE."
8  *
9  * @file httpDigestAuthorization.h
10  * @author drose
11  * @date 2002-10-25
12  */
13 
14 #ifndef HTTPDIGESTAUTHORIZATION_H
15 #define HTTPDIGESTAUTHORIZATION_H
16 
17 #include "pandabase.h"
18 
19 // This module requires OpenSSL to compile, even though it doesn't actually
20 // use any OpenSSL code, because it is a support module for HTTPChannel, which
21 // *does* use OpenSSL code.
22 
23 #ifdef HAVE_OPENSSL
24 
25 #include "httpAuthorization.h"
26 
27 /**
28  * Implements the "Digest" type of HTTP authorization. This is designed to be
29  * an improvement over "Basic" authorization, in that it does not send
30  * passwords over the net in cleartext, and it is harder to spoof.
31  */
32 class HTTPDigestAuthorization : public HTTPAuthorization {
33 public:
34  HTTPDigestAuthorization(const Tokens &tokens, const URLSpec &url,
35  bool is_proxy);
36  virtual ~HTTPDigestAuthorization();
37 
38  virtual const std::string &get_mechanism() const;
39  virtual bool is_valid();
40 
41  virtual std::string generate(HTTPEnum::Method method, const std::string &request_path,
42  const std::string &username, const std::string &body);
43 
44 public:
45  enum Algorithm {
46  A_unknown,
47  A_md5,
48  A_md5_sess,
49  };
50  enum Qop {
51  // These are used as a bitfield.
52  Q_unused = 0x000,
53  Q_auth = 0x001,
54  Q_auth_int = 0x002,
55  };
56 
57 private:
58  static int match_qop_token(const std::string &token);
59 
60  std::string calc_request_digest(const std::string &username, const std::string &password,
61  HTTPEnum::Method method,
62  const std::string &request_path, const std::string &body);
63  std::string calc_h(const std::string &data) const;
64  std::string calc_kd(const std::string &secret, const std::string &data) const;
65  std::string get_a1(const std::string &username, const std::string &password);
66  std::string get_a2(HTTPEnum::Method method, const std::string &request_path,
67  const std::string &body);
68  std::string get_hex_nonce_count() const;
69 
70  static std::string calc_md5(const std::string &source);
71  INLINE static char hexdigit(int value);
72 
73  std::string _cnonce;
74  std::string _nonce;
75  int _nonce_count;
76  std::string _opaque;
77 
78  Algorithm _algorithm;
79  std::string _a1;
80 
81  int _qop;
82  Qop _chosen_qop;
83 
84  static const std::string _mechanism;
85 };
86 
87 std::ostream &operator << (std::ostream &out, HTTPDigestAuthorization::Algorithm algorithm);
88 std::ostream &operator << (std::ostream &out, HTTPDigestAuthorization::Qop qop);
89 
90 #include "httpDigestAuthorization.I"
91 
92 #endif // HAVE_OPENSSL
93 
94 #endif
httpAuthorization.h
PANDA 3D SOFTWARE Copyright (c) Carnegie Mellon University.
URLSpec
A container for a URL, e.g.
Definition: urlSpec.h:28
pandabase.h
PANDA 3D SOFTWARE Copyright (c) Carnegie Mellon University.
httpDigestAuthorization.I
PANDA 3D SOFTWARE Copyright (c) Carnegie Mellon University.
Generated on Wed Jan 23 2019 21:39:56 for Panda3D by   doxygen 1.8.15