private static string RefineDigestChallenge(string challenge, int index) { string str = null; int num4; if ((challenge == null) || (index >= challenge.Length)) { throw new ArgumentOutOfRangeException("challenge", challenge); } int startIndex = index + SignatureSize; if ((challenge.Length > startIndex) && (challenge[startIndex] != ',')) { startIndex++; } else { index = -1; } if ((index < 0) || (challenge.Length <= startIndex)) { throw new ArgumentOutOfRangeException("challenge", challenge); } str = challenge.Substring(startIndex); int num3 = 0; bool flag = true; HttpDigestChallenge challenge2 = new HttpDigestChallenge(); Label_0070: num4 = num3; index = AuthenticationManager.SplitNoQuotes(str, ref num4); if (num4 >= 0) { string str3; string name = str.Substring(num3, num4 - num3); if (index < 0) { str3 = HttpDigest.unquote(str.Substring(num4 + 1)); } else { str3 = HttpDigest.unquote(str.Substring(num4 + 1, (index - num4) - 1)); } flag = challenge2.defineAttribute(name, str3); if ((index >= 0) && flag) { num3 = ++index; goto Label_0070; } } if ((!flag || (num4 < 0)) && (num3 < str.Length)) { str = (num3 > 0) ? str.Substring(0, num3 - 1) : ""; } return(str); }
private static string RefineDigestChallenge(string challenge, int index) { string str = null; int num4; if ((challenge == null) || (index >= challenge.Length)) { throw new ArgumentOutOfRangeException("challenge", challenge); } int startIndex = index + SignatureSize; if ((challenge.Length > startIndex) && (challenge[startIndex] != ',')) { startIndex++; } else { index = -1; } if ((index < 0) || (challenge.Length <= startIndex)) { throw new ArgumentOutOfRangeException("challenge", challenge); } str = challenge.Substring(startIndex); int num3 = 0; bool flag = true; HttpDigestChallenge challenge2 = new HttpDigestChallenge(); Label_0070: num4 = num3; index = AuthenticationManager.SplitNoQuotes(str, ref num4); if (num4 >= 0) { string str3; string name = str.Substring(num3, num4 - num3); if (index < 0) { str3 = HttpDigest.unquote(str.Substring(num4 + 1)); } else { str3 = HttpDigest.unquote(str.Substring(num4 + 1, (index - num4) - 1)); } flag = challenge2.defineAttribute(name, str3); if ((index >= 0) && flag) { num3 = ++index; goto Label_0070; } } if ((!flag || (num4 < 0)) && (num3 < str.Length)) { str = (num3 > 0) ? str.Substring(0, num3 - 1) : ""; } return str; }
// // this method parses the challenge and breaks it into the // fundamental pieces that Digest defines and understands // internal static HttpDigestChallenge Interpret(string challenge, int startingPoint, HttpWebRequest httpWebRequest) { HttpDigestChallenge digestChallenge = new HttpDigestChallenge(); digestChallenge.SetFromRequest(httpWebRequest); // // define the part of the challenge we really care about // startingPoint = startingPoint==-1 ? 0 : startingPoint + DigestClient.SignatureSize; bool valid; int start, offset, index; string name, value; // forst time parse looking for a charset="utf-8" directive // not too bad, IIS 6.0, by default, sends this as the first directive. // if the server does not send this we'll end up parsing twice. start = startingPoint; for (;;) { offset = start; index = AuthenticationManager.SplitNoQuotes(challenge, ref offset); if (offset<0) { break; } name = challenge.Substring(start, offset-start); if (string.Compare(name, DA_charset, StringComparison.OrdinalIgnoreCase)==0) { if (index<0) { value = unquote(challenge.Substring(offset+1)); } else { value = unquote(challenge.Substring(offset+1, index-offset-1)); } GlobalLog.Print("HttpDigest::Interpret() server provided a hint to use [" + value + "] encoding"); if (string.Compare(value, "utf-8", StringComparison.OrdinalIgnoreCase)==0) { digestChallenge.UTF8Charset = true; break; } } if (index<0) { break; } start = ++index; } // this time go through the directives, parse them and call defineAttribute() start = startingPoint; for (;;) { offset = start; index = AuthenticationManager.SplitNoQuotes(challenge, ref offset); GlobalLog.Print("HttpDigest::Interpret() SplitNoQuotes() returning index:" + index.ToString() + " offset:" + offset.ToString()); if (offset<0) { break; } name = challenge.Substring(start, offset-start); if (index<0) { value = unquote(challenge.Substring(offset+1)); } else { value = unquote(challenge.Substring(offset+1, index-offset-1)); } if (digestChallenge.UTF8Charset) { bool isAscii = true; for (int i=0; i<value.Length; i++) { if (value[i]>(char)0x7F) { isAscii = false; break; } } if (!isAscii) { GlobalLog.Print("HttpDigest::Interpret() UTF8 decoding required value:[" + value + "]"); byte[] bytes = new byte[value.Length]; for (int i=0; i<value.Length; i++) { bytes[i] = (byte)value[i]; } value = Encoding.UTF8.GetString(bytes); GlobalLog.Print("HttpDigest::Interpret() UTF8 decoded value:[" + value + "]"); } else { GlobalLog.Print("HttpDigest::Interpret() no need for special encoding"); } } valid = digestChallenge.defineAttribute(name, value); GlobalLog.Print("HttpDigest::Interpret() defineAttribute(" + name + ", " + value + ") returns " + valid.ToString()); if (index<0 || !valid) { break; } start = ++index; } // We must absolutely have a nonce for Digest to work. if (digestChallenge.Nonce == null) { if (Logging.On) Logging.PrintError(Logging.Web, SR.GetString(SR.net_log_digest_requires_nonce)); return null; } return digestChallenge; }
// // Extract digest relevant part from a raw server blob // private static string RefineDigestChallenge(string challenge, int index) { string incoming = null; Debug.Assert(challenge != null); Debug.Assert(index >= 0 && index < challenge.Length); int blobBegin = index + SignatureSize; // // there may be multiple challenges. If the next character after the // package name is not a comma then it is challenge data // if (challenge.Length > blobBegin && challenge[blobBegin] != ',') { ++blobBegin; } else { index = -1; } if (index >= 0 && challenge.Length > blobBegin) { incoming = challenge.Substring(blobBegin); } else { Logging.PrintError(Logging.Web, SR.GetString(SR.net_log_auth_invalid_challenge, DigestClient.AuthType)); return String.Empty; // Error, no valid digest challenge, no further processing required } // now make sure there's nothing at the end of the challenge that is not part of the digest challenge // this would happen if I have a Digest challenge followed by another challenge like ",NTLM,Negotiate" // use this DCR when avaialble to do this without parsing: // 762116 2 WDigest should ignore directives that do not have a value int startingPoint = 0; int start = startingPoint; int offset; bool valid = true; string name, value; HttpDigestChallenge digestChallenge = new HttpDigestChallenge(); for (;;) { offset = start; index = AuthenticationManager.SplitNoQuotes(incoming, ref offset); GlobalLog.Print("DigestClient::XPDoAuthenticate() SplitNoQuotes() returning index:" + index + " offset:" + offset); if (offset<0) { break; } name = incoming.Substring(start, offset-start); if (index<0) { value = HttpDigest.unquote(incoming.Substring(offset+1)); } else { value = HttpDigest.unquote(incoming.Substring(offset+1, index-offset-1)); } valid = digestChallenge.defineAttribute(name, value); GlobalLog.Print("DigestClient::XPDoAuthenticate() defineAttribute(" + name + ", " + value + ") returns " + valid); if (index<0 || !valid) { break; } start = ++index; } GlobalLog.Print("DigestClient::XPDoAuthenticate() start:" + start + " offset:" + offset + " index:" + index + " valid:" + valid + " incoming.Length:" + incoming.Length + " incoming:" + incoming); if ((!valid || offset<0) && start<incoming.Length) { incoming = start > 0 ? incoming.Substring(0, start-1) : ""; // First parameter might have been invalid, leaving start at 0 } return incoming; }
// // this method parses the challenge and breaks it into the // fundamental pieces that Digest defines and understands // public static HttpDigestChallenge Interpret(string challenge, int startingPoint, HttpWebRequest httpWebRequest) { HttpDigestChallenge hdc = new HttpDigestChallenge(); hdc.HostName = httpWebRequest.ChallengedUri.Host; hdc.Method = httpWebRequest.CurrentMethod; hdc.Uri = httpWebRequest.Address.AbsolutePath; hdc.ChallengedUri = httpWebRequest.ChallengedUri; // // define the part of the challenge we really care about // startingPoint += DigestClient.SignatureSize; bool valid; int start, offset, index; string name, value; // forst time parse looking for a charset="utf-8" directive // not too bad, IIS 6.0, by default, sends this as the first directive. // if the server does not send this we'll end up parsing twice. start = startingPoint; for (;;) { offset = start; index = AuthenticationManager.SplitNoQuotes(challenge, ref offset); if (offset < 0) { break; } name = challenge.Substring(start, offset - start); if (string.Compare(name, DA_charset, true, CultureInfo.InvariantCulture) == 0) { if (index < 0) { value = unquote(challenge.Substring(offset + 1)); } else { value = unquote(challenge.Substring(offset + 1, index - offset - 1)); } GlobalLog.Print("HttpDigest::Interpret() server provided a hint to use [" + value + "] encoding"); if (string.Compare(value, "utf-8", true, CultureInfo.InvariantCulture) == 0) { hdc.UTF8Charset = true; break; } } if (index < 0) { break; } start = ++index; } // this time go through the directives, parse them and call defineAttribute() start = startingPoint; for (;;) { offset = start; index = AuthenticationManager.SplitNoQuotes(challenge, ref offset); GlobalLog.Print("HttpDigest::Interpret() SplitNoQuotes() returning index:" + index.ToString() + " offset:" + offset.ToString()); if (offset < 0) { break; } name = challenge.Substring(start, offset - start); if (index < 0) { value = unquote(challenge.Substring(offset + 1)); } else { value = unquote(challenge.Substring(offset + 1, index - offset - 1)); } if (hdc.UTF8Charset) { bool isAscii = true; for (int i = 0; i < value.Length; i++) { if (value[i] > (char)0x7F) { isAscii = false; break; } } if (!isAscii) { GlobalLog.Print("HttpDigest::Interpret() UTF8 decoding required value:[" + value + "]"); byte[] bytes = new byte[value.Length]; for (int i = 0; i < value.Length; i++) { bytes[i] = (byte)value[i]; } value = Encoding.UTF8.GetString(bytes); GlobalLog.Print("HttpDigest::Interpret() UTF8 decoded value:[" + value + "]"); } else { GlobalLog.Print("HttpDigest::Interpret() no need for special encoding"); } } valid = hdc.defineAttribute(name, value); GlobalLog.Print("HttpDigest::Interpret() defineAttribute(" + name + ", " + value + ") returns " + valid.ToString()); if (index < 0 || !valid) { break; } start = ++index; } return(hdc); }
internal static HttpDigestChallenge Interpret(string challenge, int startingPoint, HttpWebRequest httpWebRequest) { int num2; string str2; HttpDigestChallenge challenge2 = new HttpDigestChallenge(); challenge2.SetFromRequest(httpWebRequest); startingPoint = (startingPoint == -1) ? 0 : (startingPoint + DigestClient.SignatureSize); int startIndex = startingPoint; Label_001F: num2 = startIndex; int num3 = AuthenticationManager.SplitNoQuotes(challenge, ref num2); if (num2 >= 0) { if (string.Compare(challenge.Substring(startIndex, num2 - startIndex), "charset", StringComparison.OrdinalIgnoreCase) == 0) { if (num3 < 0) { str2 = unquote(challenge.Substring(num2 + 1)); } else { str2 = unquote(challenge.Substring(num2 + 1, (num3 - num2) - 1)); } if (string.Compare(str2, "utf-8", StringComparison.OrdinalIgnoreCase) == 0) { challenge2.UTF8Charset = true; goto Label_009E; } } if (num3 >= 0) { startIndex = ++num3; goto Label_001F; } } Label_009E: startIndex = startingPoint; Label_00A0: num2 = startIndex; num3 = AuthenticationManager.SplitNoQuotes(challenge, ref num2); if (num2 >= 0) { string name = challenge.Substring(startIndex, num2 - startIndex); if (num3 < 0) { str2 = unquote(challenge.Substring(num2 + 1)); } else { str2 = unquote(challenge.Substring(num2 + 1, (num3 - num2) - 1)); } if (challenge2.UTF8Charset) { bool flag2 = true; for (int i = 0; i < str2.Length; i++) { if (str2[i] > '\x007f') { flag2 = false; break; } } if (!flag2) { byte[] bytes = new byte[str2.Length]; for (int j = 0; j < str2.Length; j++) { bytes[j] = (byte)str2[j]; } str2 = Encoding.UTF8.GetString(bytes); } } bool flag = challenge2.defineAttribute(name, str2); if ((num3 >= 0) && flag) { startIndex = ++num3; goto Label_00A0; } } if (challenge2.Nonce != null) { return(challenge2); } if (Logging.On) { Logging.PrintError(Logging.Web, SR.GetString("net_log_digest_requires_nonce")); } return(null); }