kind of done

Author: xinsnake

authorization.go

@@ -4,10 +4,13 @@ import (
 	"bytes"
 	"crypto/md5"
 	"crypto/sha256"
+	"encoding/hex"
 	"fmt"
 	"hash"
 	"io"
+	"net/url"
 	"regexp"
+	"strings"
 	"time"
 )
 
@@ -26,64 +29,79 @@ type authorization struct {
 	Username_ string // quoted
 }
 
-func newAuthorization(wa *wwwAuthenticate, dr *DigestRequest) (*authorization, error) {
+func newAuthorization(dr *DigestRequest) *authorization {
 
-	auth := authorization{
+	ah := authorization{
 		Algorithm: wa.Algorithm,
 		Cnonce:    "",
-		Nc:        1, // TODO
+		Nc:        0,
 		Nonce:     wa.Nonce,
 		Opaque:    wa.Opaque,
 		Qop:       "",
 		Realm:     wa.Realm,
 		Response:  "",
-		Uri:       dr.Uri,
+		Uri:       "",
 		Userhash:  wa.Userhash,
 		Username:  dr.Username,
 		Username_: "", // TODO
 	}
 
-	auth.Cnonce = auth.hash(fmt.Sprintf("%d:%s:dfjosbn3kjd01", time.Now().UnixNano(), dr.Username))
+	if ah.Userhash {
+		ah.Username = ah.hash(fmt.Sprintf("%s:%s", ah.Username, ah.Realm))
+	}
+
+	ah.refreshAuthorization(dr)
+
+	return &ah
+}
+
+func (ah *authorization) refreshAuthorization(dr *DigestRequest) (*authorization, error) {
+
+	ah.Nc++
+
+	ah.Cnonce = ah.hash(fmt.Sprintf("%d:%s:my_value", time.Now().UnixNano(), dr.Username))
 
-	if auth.Userhash {
-		auth.Username = auth.hash(fmt.Sprintf("%s:%s", auth.Username, auth.Realm))
+	url, err := url.Parse(dr.Uri)
+	if err != nil {
+		return nil, err
 	}
+	ah.Uri = url.RequestURI()
 
-	auth.Response = auth.computeResponse(wa, dr)
+	ah.Response = ah.computeResponse(dr)
 
-	return &auth, nil
+	return ah, nil
 }
 
-func (ah *authorization) computeResponse(wa *wwwAuthenticate, dr *DigestRequest) (s string) {
+func (ah *authorization) computeResponse(dr *DigestRequest) (s string) {
 
-	kdSecret := ah.hash(ah.computeA1(wa, dr))
-	kdData := fmt.Sprintf("%s:%s:%s:%s:%s", ah.Nonce, ah.Nc, ah.Cnonce, ah.Qop, ah.hash(ah.computeA2(wa, dr)))
+	kdSecret := ah.hash(ah.computeA1(dr))
+	kdData := fmt.Sprintf("%s:%08x:%s:%s:%s", ah.Nonce, ah.Nc, ah.Cnonce, ah.Qop, ah.hash(ah.computeA2(dr)))
 
 	return ah.hash(fmt.Sprintf("%s:%s", kdSecret, kdData))
 }
 
-func (ah *authorization) computeA1(wa *wwwAuthenticate, dr *DigestRequest) string {
+func (ah *authorization) computeA1(dr *DigestRequest) string {
 
 	if ah.Algorithm == "" || ah.Algorithm == "MD5" || ah.Algorithm == "SHA-256" {
 		return fmt.Sprintf("%s:%s:%s", ah.Username, ah.Realm, dr.Password)
 	}
 
 	if ah.Algorithm == "MD5-sess" || ah.Algorithm == "SHA-256-sess" {
 		upHash := ah.hash(fmt.Sprintf("%s:%s:%s", ah.Username, ah.Realm, dr.Password))
-		return fmt.Sprintf("%s:%s:%s", upHash, ah.Nc)
+		return fmt.Sprintf("%s:%s:%s", upHash, ah.Nonce, ah.Cnonce)
 	}
 
 	return ""
 }
 
-func (ah *authorization) computeA2(wa *wwwAuthenticate, dr *DigestRequest) string {
+func (ah *authorization) computeA2(dr *DigestRequest) string {
 
 	if matched, _ := regexp.MatchString("auth-int", wa.Qop); matched {
 		ah.Qop = "auth-int"
 		return fmt.Sprintf("%s:%s:%s", dr.Method, ah.Uri, ah.hash(dr.Body))
 	}
 
-	if ah.Qop == "auth" || ah.Qop == "" {
+	if wa.Qop == "auth" || wa.Qop == "" {
 		ah.Qop = "auth"
 		return fmt.Sprintf("%s:%s", dr.Method, ah.Uri)
 	}
@@ -95,14 +113,14 @@ func (ah *authorization) hash(a string) (s string) {
 
 	var h hash.Hash
 
-	if ah.Algorithm == "MD5" || ah.Algorithm == "MD5-sess" {
+	if ah.Algorithm == "" || ah.Algorithm == "MD5" || ah.Algorithm == "MD5-sess" {
 		h = md5.New()
 	} else if ah.Algorithm == "SHA-256" || ah.Algorithm == "SHA-256-sess" {
 		h = sha256.New()
 	}
 
 	io.WriteString(h, a)
-	s = string(h.Sum(nil))
+	s = hex.EncodeToString(h.Sum(nil))
 
 	return
 }
@@ -121,13 +139,17 @@ func (ah *authorization) toString() string {
 	}
 
 	if ah.Nc != 0 {
-		buffer.WriteString(fmt.Sprintf("nc=%08d, ", ah.Nc))
+		buffer.WriteString(fmt.Sprintf("nc=%08x, ", ah.Nc))
 	}
 
 	if ah.Opaque != "" {
 		buffer.WriteString(fmt.Sprintf("opaque=\"%s\", ", ah.Opaque))
 	}
 
+	if ah.Nonce != "" {
+		buffer.WriteString(fmt.Sprintf("nonce=\"%s\", ", ah.Nonce))
+	}
+
 	if ah.Qop != "" {
 		buffer.WriteString(fmt.Sprintf("qop=%s, ", ah.Qop))
 	}
@@ -140,10 +162,6 @@ func (ah *authorization) toString() string {
 		buffer.WriteString(fmt.Sprintf("response=\"%s\", ", ah.Response))
 	}
 
-	if ah.Response != "" {
-		buffer.WriteString(fmt.Sprintf("response=\"%s\", ", ah.Response))
-	}
-
 	if ah.Uri != "" {
 		buffer.WriteString(fmt.Sprintf("uri=\"%s\", ", ah.Uri))
 	}
@@ -156,5 +174,7 @@ func (ah *authorization) toString() string {
 		buffer.WriteString(fmt.Sprintf("username=\"%s\", ", ah.Username))
 	}
 
-	return buffer.String()
+	s := buffer.String()
+
+	return strings.TrimSuffix(s, ", ")
 }

digest_auth_client.go

@@ -7,6 +7,11 @@ import (
 	"time"
 )
 
+var (
+	auth *authorization
+	wa   *wwwAuthenticate
+)
+
 type DigestRequest struct {
 	Body     string
 	Method   string
@@ -15,62 +20,76 @@ type DigestRequest struct {
 	Username string
 }
 
-func (dr *DigestRequest) NewRequest(
-	username string, password string, method string, uri string, body string) DigestRequest {
+func NewRequest(username string, password string, method string, uri string, body string) DigestRequest {
+
+	dr := DigestRequest{}
 
 	dr.Body = body
 	dr.Method = method
 	dr.Password = password
 	dr.Uri = uri
-	dr.Body = body
+	dr.Username = username
 
-	return *dr
+	return dr
 }
 
 func (dr *DigestRequest) Execute() (resp *http.Response, err error) {
-	var req *http.Request
-	if req, err = http.NewRequest(dr.Method, dr.Uri, bytes.NewReader([]byte(dr.Body))); err != nil {
-		return nil, err
-	}
-
-	client := &http.Client{
-		Timeout: 30 * time.Second,
-	}
-	resp, err = client.Do(req)
 
-	if resp.StatusCode == 401 {
-		return dr.executeDigest(resp)
+	if auth == nil {
+		var req *http.Request
+		if req, err = http.NewRequest(dr.Method, dr.Uri, bytes.NewReader([]byte(dr.Body))); err != nil {
+			return nil, err
+		}
+
+		client := &http.Client{
+			Timeout: 30 * time.Second,
+		}
+		resp, err = client.Do(req)
+
+		if resp.StatusCode == 401 {
+			return dr.executeNewDigest(resp)
+		}
+		return
 	}
 
-	return
+	return dr.executeExistingDigest()
 }
 
-func (dr *DigestRequest) executeDigest(resp *http.Response) (*http.Response, error) {
-	var (
-		err  error
-		wa   *wwwAuthenticate
-		auth *authorization
-		req  *http.Request
-	)
+func (dr *DigestRequest) executeNewDigest(resp *http.Response) (*http.Response, error) {
 
 	waString := resp.Header.Get("WWW-Authenticate")
 	if waString == "" {
 		return nil, fmt.Errorf("Failed to get WWW-Authenticate header, please check your server configuration.")
 	}
+	wa = newWwwAuthenticate(waString)
 
-	if wa, err = newWwwAuthenticate(waString); err != nil {
-		return nil, err
-	}
+	authString := newAuthorization(dr).toString()
+
+	return dr.executeRequest(authString)
+}
+
+func (dr *DigestRequest) executeExistingDigest() (*http.Response, error) {
+	var err error
 
-	if auth, err = newAuthorization(wa, dr); err != nil {
+	if auth, err = auth.refreshAuthorization(dr); err != nil {
 		return nil, err
 	}
 
-	authString := fmt.Sprintf("Digest %s", auth.toString())
+	authString := auth.toString()
+	return dr.executeRequest(authString)
+}
+
+func (dr *DigestRequest) executeRequest(authString string) (*http.Response, error) {
+	var (
+		err error
+		req *http.Request
+	)
+
 	if req, err = http.NewRequest(dr.Method, dr.Uri, bytes.NewReader([]byte(dr.Body))); err != nil {
 		return nil, err
 	}
 
+	fmt.Printf("AUTHSTRING: %s\n\n", authString)
 	req.Header.Add("Authorization", authString)
 
 	client := &http.Client{

www_authenticate.go

@@ -17,7 +17,7 @@ type wwwAuthenticate struct {
 	Userhash  bool   // quoted
 }
 
-func newWwwAuthenticate(s string) (*wwwAuthenticate, error) {
+func newWwwAuthenticate(s string) *wwwAuthenticate {
 
 	var wa = wwwAuthenticate{}
 
@@ -75,5 +75,5 @@ func newWwwAuthenticate(s string) (*wwwAuthenticate, error) {
 		wa.Userhash = (strings.ToLower(userhashMatch[1]) == "true")
 	}
 
-	return &wa, nil
+	return &wa
 }