3 * Copyright (c) 2010 Martin Storsjo
5 * This file is part of FFmpeg.
7 * FFmpeg is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2.1 of the License, or (at your option) any later version.
12 * FFmpeg is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with FFmpeg; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
23 #include "libavutil/base64.h"
24 #include "libavutil/avstring.h"
26 #include "libavutil/random_seed.h"
27 #include "libavutil/md5.h"
28 #include "urldecode.h"
32 static void handle_basic_params(HTTPAuthState *state, const char *key,
33 int key_len, char **dest, int *dest_len)
35 if (!strncmp(key, "realm=", key_len)) {
37 *dest_len = sizeof(state->realm);
41 static void handle_digest_params(HTTPAuthState *state, const char *key,
42 int key_len, char **dest, int *dest_len)
44 DigestParams *digest = &state->digest_params;
46 if (!strncmp(key, "realm=", key_len)) {
48 *dest_len = sizeof(state->realm);
49 } else if (!strncmp(key, "nonce=", key_len)) {
50 *dest = digest->nonce;
51 *dest_len = sizeof(digest->nonce);
52 } else if (!strncmp(key, "opaque=", key_len)) {
53 *dest = digest->opaque;
54 *dest_len = sizeof(digest->opaque);
55 } else if (!strncmp(key, "algorithm=", key_len)) {
56 *dest = digest->algorithm;
57 *dest_len = sizeof(digest->algorithm);
58 } else if (!strncmp(key, "qop=", key_len)) {
60 *dest_len = sizeof(digest->qop);
61 } else if (!strncmp(key, "stale=", key_len)) {
62 *dest = digest->stale;
63 *dest_len = sizeof(digest->stale);
67 static void handle_digest_update(HTTPAuthState *state, const char *key,
68 int key_len, char **dest, int *dest_len)
70 DigestParams *digest = &state->digest_params;
72 if (!strncmp(key, "nextnonce=", key_len)) {
73 *dest = digest->nonce;
74 *dest_len = sizeof(digest->nonce);
78 static void choose_qop(char *qop, int size)
80 char *ptr = strstr(qop, "auth");
81 char *end = ptr + strlen("auth");
83 if (ptr && (!*end || isspace(*end) || *end == ',') &&
84 (ptr == qop || isspace(ptr[-1]) || ptr[-1] == ',')) {
85 av_strlcpy(qop, "auth", size);
91 void ff_http_auth_handle_header(HTTPAuthState *state, const char *key,
94 if (!strcmp(key, "WWW-Authenticate") || !strcmp(key, "Proxy-Authenticate")) {
96 if (av_stristart(value, "Basic ", &p) &&
97 state->auth_type <= HTTP_AUTH_BASIC) {
98 state->auth_type = HTTP_AUTH_BASIC;
101 ff_parse_key_value(p, (ff_parse_key_val_cb) handle_basic_params,
103 } else if (av_stristart(value, "Digest ", &p) &&
104 state->auth_type <= HTTP_AUTH_DIGEST) {
105 state->auth_type = HTTP_AUTH_DIGEST;
106 memset(&state->digest_params, 0, sizeof(DigestParams));
109 ff_parse_key_value(p, (ff_parse_key_val_cb) handle_digest_params,
111 choose_qop(state->digest_params.qop,
112 sizeof(state->digest_params.qop));
113 if (!av_strcasecmp(state->digest_params.stale, "true"))
116 } else if (!strcmp(key, "Authentication-Info")) {
117 ff_parse_key_value(value, (ff_parse_key_val_cb) handle_digest_update,
123 static void update_md5_strings(struct AVMD5 *md5ctx, ...)
127 va_start(vl, md5ctx);
129 const char* str = va_arg(vl, const char*);
132 av_md5_update(md5ctx, str, strlen(str));
137 /* Generate a digest reply, according to RFC 2617. */
138 static char *make_digest_auth(HTTPAuthState *state, const char *username,
139 const char *password, const char *uri,
142 DigestParams *digest = &state->digest_params;
144 uint32_t cnonce_buf[2];
148 char A1hash[33], A2hash[33], response[33];
149 struct AVMD5 *md5ctx;
154 snprintf(nc, sizeof(nc), "%08x", digest->nc);
156 /* Generate a client nonce. */
157 for (i = 0; i < 2; i++)
158 cnonce_buf[i] = av_get_random_seed();
159 ff_data_to_hex(cnonce, (const uint8_t*) cnonce_buf, sizeof(cnonce_buf), 1);
160 cnonce[2*sizeof(cnonce_buf)] = 0;
162 md5ctx = av_md5_alloc();
167 update_md5_strings(md5ctx, username, ":", state->realm, ":", password, NULL);
168 av_md5_final(md5ctx, hash);
169 ff_data_to_hex(A1hash, hash, 16, 1);
172 if (!strcmp(digest->algorithm, "") || !strcmp(digest->algorithm, "MD5")) {
173 } else if (!strcmp(digest->algorithm, "MD5-sess")) {
175 update_md5_strings(md5ctx, A1hash, ":", digest->nonce, ":", cnonce, NULL);
176 av_md5_final(md5ctx, hash);
177 ff_data_to_hex(A1hash, hash, 16, 1);
180 /* Unsupported algorithm */
186 update_md5_strings(md5ctx, method, ":", uri, NULL);
187 av_md5_final(md5ctx, hash);
188 ff_data_to_hex(A2hash, hash, 16, 1);
192 update_md5_strings(md5ctx, A1hash, ":", digest->nonce, NULL);
193 if (!strcmp(digest->qop, "auth") || !strcmp(digest->qop, "auth-int")) {
194 update_md5_strings(md5ctx, ":", nc, ":", cnonce, ":", digest->qop, NULL);
196 update_md5_strings(md5ctx, ":", A2hash, NULL);
197 av_md5_final(md5ctx, hash);
198 ff_data_to_hex(response, hash, 16, 1);
203 if (!strcmp(digest->qop, "") || !strcmp(digest->qop, "auth")) {
204 } else if (!strcmp(digest->qop, "auth-int")) {
205 /* qop=auth-int not supported */
208 /* Unsupported qop value. */
212 len = strlen(username) + strlen(state->realm) + strlen(digest->nonce) +
213 strlen(uri) + strlen(response) + strlen(digest->algorithm) +
214 strlen(digest->opaque) + strlen(digest->qop) + strlen(cnonce) +
217 authstr = av_malloc(len);
220 snprintf(authstr, len, "Authorization: Digest ");
222 /* TODO: Escape the quoted strings properly. */
223 av_strlcatf(authstr, len, "username=\"%s\"", username);
224 av_strlcatf(authstr, len, ",realm=\"%s\"", state->realm);
225 av_strlcatf(authstr, len, ",nonce=\"%s\"", digest->nonce);
226 av_strlcatf(authstr, len, ",uri=\"%s\"", uri);
227 av_strlcatf(authstr, len, ",response=\"%s\"", response);
228 if (digest->algorithm[0])
229 av_strlcatf(authstr, len, ",algorithm=%s", digest->algorithm);
230 if (digest->opaque[0])
231 av_strlcatf(authstr, len, ",opaque=\"%s\"", digest->opaque);
232 if (digest->qop[0]) {
233 av_strlcatf(authstr, len, ",qop=\"%s\"", digest->qop);
234 av_strlcatf(authstr, len, ",cnonce=\"%s\"", cnonce);
235 av_strlcatf(authstr, len, ",nc=%s", nc);
238 av_strlcatf(authstr, len, "\r\n");
243 char *ff_http_auth_create_response(HTTPAuthState *state, const char *auth,
244 const char *path, const char *method)
246 char *authstr = NULL;
248 /* Clear the stale flag, we assume the auth is ok now. It is reset
249 * by the server headers if there's a new issue. */
251 if (!auth || !strchr(auth, ':'))
254 if (state->auth_type == HTTP_AUTH_BASIC) {
255 int auth_b64_len, len;
256 char *ptr, *decoded_auth = ff_urldecode(auth);
261 auth_b64_len = AV_BASE64_SIZE(strlen(decoded_auth));
262 len = auth_b64_len + 30;
264 authstr = av_malloc(len);
266 av_free(decoded_auth);
270 snprintf(authstr, len, "Authorization: Basic ");
271 ptr = authstr + strlen(authstr);
272 av_base64_encode(ptr, auth_b64_len, decoded_auth, strlen(decoded_auth));
273 av_strlcat(ptr, "\r\n", len - (ptr - authstr));
274 av_free(decoded_auth);
275 } else if (state->auth_type == HTTP_AUTH_DIGEST) {
276 char *username = ff_urldecode(auth), *password;
281 if ((password = strchr(username, ':'))) {
283 authstr = make_digest_auth(state, username, password, path, method);