Re: LWP::Authen::Digest update for RFC 2617
Dave Dunkin (dave_dunkin@hotmail.com)
21 Jan 2001 00:52:13 -0600
--=-FEADMvTynIuIWHGj4NIL
Content-Type: text/plain
On 19 Jan 2001 10:11:41 -0800, Gisle Aas wrote:
<snip>
> You should probably try to avoid warnings from perl about using undef
> values if the response did not include any nonce value too. LWP
> really ought to have a test-suite entry for this code too.
The response header must contain the nonce value, according to RFC 2617.
I looked in the tests and didn't find anything related to the client
side of the authentication. Did I miss it, or is it not there? I've
attached an updated patch, taking into consideration the things you
pointed out.
Dave
--=-FEADMvTynIuIWHGj4NIL
Content-Type: text/plain
Content-Disposition: attachment; filename=patch4
Content-Transfer-Encoding: 7bit
--- Digest.pm.latest Fri Jan 19 03:02:43 2001
+++ Digest.pm Sun Jan 21 00:17:05 2001
@@ -12,6 +12,10 @@
$request->url, $proxy);
return $response unless defined $user and defined $pass;
+ $ua->{authen_md5_nonce_count}{$auth_param->{nonce}}++;
+ my $nc = sprintf "%08X";
+ my $cnonce = sprintf "%8x", time;
+
my $uri = $request->url->path_query;
$uri = "/" unless length $uri;
@@ -24,6 +28,10 @@
push(@digest, $auth_param->{nonce});
+ if ($auth_param->{qop}) {
+ push(@digest, $nc, $cnonce, $auth_param->{qop});
+ }
+
$md5->add(join(":", $request->method, $uri));
push(@digest, $md5->hexdigest);
$md5->reset;
@@ -33,9 +41,13 @@
$md5->reset;
my %resp = map { $_ => $auth_param->{$_} } qw(realm nonce opaque);
- @resp{qw(username uri response)} = ($user, $uri, $digest);
+ @resp{qw(username uri response algorithm)} = ($user, $uri, $digest, "MD5");
+
+ if($auth_param->{qop} eq "auth") {
+ @resp{qw(qop cnonce nc)} = ("auth", $cnonce, $nc);
+ }
- my(@order) = qw(username realm nonce uri response);
+ my(@order) = qw(username realm qop algorithm uri nonce nc cnonce response);
if($request->method =~ /^(?:POST|PUT)$/) {
$md5->add($request->content);
my $content = $md5->hexdigest;
--=-FEADMvTynIuIWHGj4NIL--