public void the_parsing_returns_null_if_the_authentication_is_not_digest()
{
string authenticationHeader = "Basic bla";
DigestHeader.Parse(authenticationHeader)
.ShouldBeNull();
}
public void ExtractDigestHeader_ParsesCompleteHeaderCorrectly()
{
string verb = "GET";
string header = @"Digest username=""Mufasa"",
realm=""*****@*****.**"",
nonce=""QWxhZGRpbjpvcGVuIHNlc2FtZQ=="",
uri=""/dir/index.html"",
qop=auth,
nc=00000001,
cnonce=""0a4f113b"",
response=""6629fae49393a05397450978507c4ef1"",
opaque=""5ccc069c403ebaf9f0171e9517f40e41""";
DigestHeader expectedHeader = new DigestHeader()
{
Verb = verb,
ClientNonce = "0a4f113b",
Nonce = "QWxhZGRpbjpvcGVuIHNlc2FtZQ==",
Opaque = "5ccc069c403ebaf9f0171e9517f40e41",
QualityOfProtection = DigestQualityOfProtectionType.Authentication,
Realm = "*****@*****.**",
RequestCounter = 1,
Response = "6629fae49393a05397450978507c4ef1",
Uri = "/dir/index.html",
UserName = "******"
};
Assert.Equal(expectedHeader, HttpDigestAuthHeaderParser.ExtractDigestHeader(verb, header), comparer);
}
public void ExtractDigestHeader_ParsesCompleteHeaderCorrectly()
{
string verb = "GET";
string header = @"Digest username=""Mufasa"",
realm=""*****@*****.**"",
nonce=""QWxhZGRpbjpvcGVuIHNlc2FtZQ=="",
uri=""/dir/index.html"",
qop=auth,
nc=00000001,
cnonce=""0a4f113b"",
response=""6629fae49393a05397450978507c4ef1"",
opaque=""5ccc069c403ebaf9f0171e9517f40e41""";
DigestHeader expectedHeader = new DigestHeader()
{
Verb = verb,
ClientNonce = "0a4f113b",
Nonce = "QWxhZGRpbjpvcGVuIHNlc2FtZQ==",
Opaque = "5ccc069c403ebaf9f0171e9517f40e41",
QualityOfProtection = DigestQualityOfProtectionType.Authentication,
Realm = "*****@*****.**",
RequestCounter = 1,
Response = "6629fae49393a05397450978507c4ef1",
Uri = "/dir/index.html",
UserName = "******"
};
Assert.Equal(expectedHeader, HttpDigestAuthHeaderParser.ExtractDigestHeader(verb, header), comparer);
}
public void Given_ADigestAuthenticateHeader_When_ITryCreateObject_Then_AllPropsMustBeFilled(string header)
{
var digestHeader = new DigestHeader(header);
digestHeader.Nonce.Should().Be("2021 - 12 - 21 13:40:54.513311Z f152e55bf3d14e28b90f47db5dbd8afb");
digestHeader.Qop.Should().Be("auth");
digestHeader.Realm.Should().Be("test - realm");
}
public virtual DigestHeader Generate(string ipAddress)
{
var digestHeader = new DigestHeader();
digestHeader.Realm = realm;
digestHeader.Nonce = nonceGenerator.Generate(ipAddress);
digestHeader.Qop = DigestQop.Auth;
return digestHeader;
}
public void MatchesCredentials_ThrowsOnInvalidHttpMethodName()
{
var header = new DigestHeader()
{
Verb = "FOO"
};
Assert.Throws <NotSupportedException>(() => { header.MatchesCredentials(string.Empty, string.Empty, string.Empty); });
}
public void MatchesCredential_ThrowsOnAuthenticationWithIntegrity()
{
var header = new DigestHeader()
{
QualityOfProtection = DigestQualityOfProtectionType.AuthenticationWithIntegrity
};
Assert.Throws <NotImplementedException>(() => { header.MatchesCredentials(string.Empty, string.Empty, string.Empty); });
}
public virtual DigestHeader Parse(string digestHeaderString)
{
string headerString = RemoveDigestFromHeaderString(digestHeaderString);
var header = new DigestHeader();
string[] keyValueCombinations = headerString.Split(',');
foreach (string keyValueCombination in keyValueCombinations)
{
HeaderKeyValue headerKeyValue = keyValueSplitter.Split(keyValueCombination);
header.Set(headerKeyValue);
}
return header;
}
public void the_content_of_the_header_is_parsed()
{
string authenticationHeader =
@"Digest username=""Mufasa"",
realm=""*****@*****.**"",
nonce=""dcd98b7102dd2f0e8b11d0f600bfb0c093"",
uri=""/dir/index.html"",
qop=auth,
nc=00000001,
cnonce=""0a4f113b"",
response=""6629fae49393a05397450978507c4ef1"",
opaque=""5ccc069c403ebaf9f0171e9517f40e41""";
var credentials = DigestHeader.Parse(authenticationHeader);
credentials.Username.ShouldBe("Mufasa");
credentials.Uri.ShouldBe("/dir/index.html");
}
void GivenAClientAuthzHeader(string httpMethod, string username, string password, string realm, string nonce,
string uri)
{
TheRequestAuthorizationHeader = new DigestHeader
{
Username = username,
Password = password,
Realm = realm,
Nonce = nonce,
Uri = uri,
QualityOfProtection = "auth",
ClientNonce = "clientNonce",
Opaque = "opaque"
};
TheRequestAuthorizationHeader.Response = TheRequestAuthorizationHeader.GetCalculatedResponse(httpMethod);
Context.Request.Headers["Authorization"] = TheRequestAuthorizationHeader.ClientRequestHeader;
}
public PipelineContinuation ReadCredentials(ICommunicationContext context)
{
if (!_resolver.HasDependency(typeof(IAuthenticationProvider)))
{
return(PipelineContinuation.Continue);
}
_authentication = _resolver.Resolve <IAuthenticationProvider>();
DigestHeader authorizeHeader = GetDigestHeader(context);
if (authorizeHeader == null)
{
return(PipelineContinuation.Continue);
}
string digestUri = GetAbsolutePath(authorizeHeader.Uri);
if (digestUri != context.Request.Uri.AbsolutePath)
{
return(ClientError(context));
}
Credentials creds = _authentication.GetByUsername(authorizeHeader.Username);
if (creds == null)
{
return(NotAuthorized(context));
}
var checkHeader = new DigestHeader(authorizeHeader)
{
Password = creds.Password,
Uri = authorizeHeader.Uri
};
string hashedDigest = checkHeader.GetCalculatedResponse(context.Request.HttpMethod);
if (authorizeHeader.Response == hashedDigest)
{
IIdentity id = new GenericIdentity(creds.Username, "Digest");
context.User = new GenericPrincipal(id, creds.Roles);
return(PipelineContinuation.Continue);
}
return(NotAuthorized(context));
}
IResponse RetryWithHttpAuthenticationCredentials(IClientRequest request, IResponse response)
{
if (response.Headers["WWW-Authenticate"] != null && response.Headers["WWW-Authenticate"].Contains("Digest"))
{
var responseDigest = DigestHeader.Parse(response.Headers["WWW-Authenticate"]);
var header = new OpenRasta.Security.DigestHeader(responseDigest)
{
Username = request.Credentials.Username,
Password = request.Credentials.Password,
Nonce = responseDigest.Nonce,
ClientNonce = "none",
Uri = request.Uri.GetLeftPart(UriPartial.Path)
};
header.Response = header.GetCalculatedResponse(request.HttpMethod);
request.Headers["Authorization"] = header.ClientRequestHeader;
return(_host.ProcessRequest(request));
}
return(response);
}
public void MatchesCredentials_ReturnsTrueOnMatchedResponseWithAuthenticationQualityOfProtection()
{
//sample from http://en.wikipedia.org/wiki/Digest_access_authentication
string realm = "*****@*****.**",
opaque = "5ccc069c403ebaf9f0171e9517f40e41";
var header = new DigestHeader()
{
Verb = "GET",
UserName = "******",
Realm = realm,
Nonce = "dcd98b7102dd2f0e8b11d0f600bfb0c093",
Uri = "/dir/index.html",
QualityOfProtection = DigestQualityOfProtectionType.Authentication,
RequestCounter = 1,
ClientNonce = "0a4f113b",
Opaque = opaque,
Response = "6629fae49393a05397450978507c4ef1"
};
Assert.True(header.MatchesCredentials(realm, opaque, "Circle Of Life"));
}
public void MatchesCredentials_ReturnsFalseOnMismatchedRealm()
{
//sample from http://en.wikipedia.org/wiki/Digest_access_authentication
string opaque = "5ccc069c403ebaf9f0171e9517f40e41";
var header = new DigestHeader()
{
Verb = "GET",
UserName = "******",
Realm = "*****@*****.**",
Nonce = "dcd98b7102dd2f0e8b11d0f600bfb0c093",
Uri = "/dir/index.html",
QualityOfProtection = DigestQualityOfProtectionType.Authentication,
RequestCounter = 1,
ClientNonce = "0a4f113b",
Opaque = opaque,
Response = "6629fae49393a05397450978507c4ef1"
};
//this would work, except for the fact that the realms don't match (and accordingly the responses shouldn't)
Assert.False(header.MatchesCredentials("*****@*****.**", opaque, "Circle Of Life"));
}
public void MatchesCredentials_ReturnsFalseOnMismatchedRealm()
{
//sample from http://en.wikipedia.org/wiki/Digest_access_authentication
string opaque = "5ccc069c403ebaf9f0171e9517f40e41";
var header = new DigestHeader()
{
Verb = "GET",
UserName = "******",
Realm = "*****@*****.**",
Nonce = "dcd98b7102dd2f0e8b11d0f600bfb0c093",
Uri = "/dir/index.html",
QualityOfProtection = DigestQualityOfProtectionType.Authentication,
RequestCounter = 1,
ClientNonce = "0a4f113b",
Opaque = opaque,
Response = "6629fae49393a05397450978507c4ef1"
};
//this would work, except for the fact that the realms don't match (and accordingly the responses shouldn't)
Assert.False(header.MatchesCredentials("*****@*****.**", opaque, "Circle Of Life"));
}
public void MatchesCredentials_ReturnsTrueOnMatchedResponseWithAuthenticationQualityOfProtection()
{
//sample from http://en.wikipedia.org/wiki/Digest_access_authentication
string realm = "*****@*****.**",
opaque = "5ccc069c403ebaf9f0171e9517f40e41";
var header = new DigestHeader()
{
Verb = "GET",
UserName = "******",
Realm = realm,
Nonce = "dcd98b7102dd2f0e8b11d0f600bfb0c093",
Uri = "/dir/index.html",
QualityOfProtection = DigestQualityOfProtectionType.Authentication,
RequestCounter = 1,
ClientNonce = "0a4f113b",
Opaque = opaque,
Response = "6629fae49393a05397450978507c4ef1"
};
Assert.True(header.MatchesCredentials(realm, opaque, "Circle Of Life"));
}
public void MatchesCredentials_ReturnsTrueOnMatchedResponseWithNoQualityOfProtection()
{
//sample from http://en.wikipedia.org/wiki/Digest_access_authentication
string realm = "*****@*****.**",
opaque = "5ccc069c403ebaf9f0171e9517f40e41";
var header = new DigestHeader()
{
Verb = "GET",
UserName = "******",
Realm = realm,
Nonce = "dcd98b7102dd2f0e8b11d0f600bfb0c093",
Uri = "/dir/index.html",
QualityOfProtection = DigestQualityOfProtectionType.Unspecified,
RequestCounter = 1,
ClientNonce = "0a4f113b",
Opaque = opaque,
//test response for unspecified qop calculated here http://md5-hash-online.waraxe.us/
Response = "670fd8c2df070c60b045671b8b24ff02"
};
Assert.True(header.MatchesCredentials(realm, opaque, "Circle Of Life"));
}
public void MatchesCredentials_ThrowsOnInvalidHttpMethodName()
{
var header = new DigestHeader() { Verb = "FOO" };
Assert.Throws<NotSupportedException>(() => { header.MatchesCredentials(string.Empty, string.Empty, string.Empty); });
}
public void MatchesCredentials_ReturnsTrueOnMatchedResponseWithNoQualityOfProtection()
{
//sample from http://en.wikipedia.org/wiki/Digest_access_authentication
string realm = "*****@*****.**",
opaque = "5ccc069c403ebaf9f0171e9517f40e41";
var header = new DigestHeader()
{
Verb = "GET",
UserName = "******",
Realm = realm,
Nonce = "dcd98b7102dd2f0e8b11d0f600bfb0c093",
Uri = "/dir/index.html",
QualityOfProtection = DigestQualityOfProtectionType.Unspecified,
RequestCounter = 1,
ClientNonce = "0a4f113b",
Opaque = opaque,
//test response for unspecified qop calculated here http://md5-hash-online.waraxe.us/
Response = "670fd8c2df070c60b045671b8b24ff02"
};
Assert.True(header.MatchesCredentials(realm, opaque, "Circle Of Life"));
}
public void MatchesCredential_ThrowsOnAuthenticationWithIntegrity()
{
var header = new DigestHeader() { QualityOfProtection = DigestQualityOfProtectionType.AuthenticationWithIntegrity };
Assert.Throws<NotImplementedException>(() => { header.MatchesCredentials(string.Empty, string.Empty, string.Empty); });
}
public void MatchesCredentials_ThrowsOnNullRealm()
{
var header = new DigestHeader();
Assert.Throws<ArgumentNullException>(() => { header.MatchesCredentials(null, string.Empty, string.Empty); });
}
static DigestHeader GetDigestHeader(ICommunicationContext context)
{
string header = context.Request.Headers["Authorization"];
return(string.IsNullOrEmpty(header) ? null : DigestHeader.Parse(header));
}
public bool Validate(DigestHeader digestHeader, string password)
{
DigestEncoderBase digestEncoder = digestEncoders.GetEncoder(digestHeader.Qop);
string expectedResponse = digestEncoder.Encode(digestHeader, password);
return expectedResponse == digestHeader.Response;
}
public void MatchesCredentials_ThrowsOnNullRealm()
{
var header = new DigestHeader();
Assert.Throws <ArgumentNullException>(() => { header.MatchesCredentials(null, string.Empty, string.Empty); });
}
