Panda3D
Loading...
Searching...
No Matches
httpDigestAuthorization.h
Go to the documentation of this file.
1/**
2 * PANDA 3D SOFTWARE
3 * Copyright (c) Carnegie Mellon University. All rights reserved.
4 *
5 * All use of this software is subject to the terms of the revised BSD
6 * license. You should have received a copy of this license along
7 * with this source code in a file named "LICENSE."
8 *
9 * @file httpDigestAuthorization.h
10 * @author drose
11 * @date 2002-10-25
12 */
13
14#ifndef HTTPDIGESTAUTHORIZATION_H
15#define HTTPDIGESTAUTHORIZATION_H
16
17#include "pandabase.h"
18
19// This module requires OpenSSL to compile, even though it doesn't actually
20// use any OpenSSL code, because it is a support module for HTTPChannel, which
21// *does* use OpenSSL code.
22
23#ifdef HAVE_OPENSSL
24
25#include "httpAuthorization.h"
26
27/**
28 * Implements the "Digest" type of HTTP authorization. This is designed to be
29 * an improvement over "Basic" authorization, in that it does not send
30 * passwords over the net in cleartext, and it is harder to spoof.
31 */
32class HTTPDigestAuthorization : public HTTPAuthorization {
33public:
34 HTTPDigestAuthorization(const Tokens &tokens, const URLSpec &url,
35 bool is_proxy);
36 virtual ~HTTPDigestAuthorization();
37
38 virtual const std::string &get_mechanism() const;
39 virtual bool is_valid();
40
41 virtual std::string generate(HTTPEnum::Method method, const std::string &request_path,
42 const std::string &username, const std::string &body);
43
44public:
45 enum Algorithm {
46 A_unknown,
47 A_md5,
48 A_md5_sess,
49 };
50 enum Qop {
51 // These are used as a bitfield.
52 Q_unused = 0x000,
53 Q_auth = 0x001,
54 Q_auth_int = 0x002,
55 };
56
57private:
58 static int match_qop_token(const std::string &token);
59
60 std::string calc_request_digest(const std::string &username, const std::string &password,
61 HTTPEnum::Method method,
62 const std::string &request_path, const std::string &body);
63 std::string calc_h(const std::string &data) const;
64 std::string calc_kd(const std::string &secret, const std::string &data) const;
65 std::string get_a1(const std::string &username, const std::string &password);
66 std::string get_a2(HTTPEnum::Method method, const std::string &request_path,
67 const std::string &body);
68 std::string get_hex_nonce_count() const;
69
70 static std::string calc_md5(const std::string &source);
71 INLINE static char hexdigit(int value);
72
73 std::string _cnonce;
74 std::string _nonce;
75 int _nonce_count;
76 std::string _opaque;
77
78 Algorithm _algorithm;
79 std::string _a1;
80
81 int _qop;
82 Qop _chosen_qop;
83
84 static const std::string _mechanism;
85};
86
87std::ostream &operator << (std::ostream &out, HTTPDigestAuthorization::Algorithm algorithm);
88std::ostream &operator << (std::ostream &out, HTTPDigestAuthorization::Qop qop);
89
91
92#endif // HAVE_OPENSSL
93
94#endif
A container for a URL, e.g.
Definition urlSpec.h:28
PANDA 3D SOFTWARE Copyright (c) Carnegie Mellon University.
PANDA 3D SOFTWARE Copyright (c) Carnegie Mellon University.
PANDA 3D SOFTWARE Copyright (c) Carnegie Mellon University.