Attachment #8821683 for bug #41489

Attachment #8821683: patch for test digest for bug #41489

View | Details | Raw Unified | Return to bug 41489
Collapse All | Expand All





  return httpserv.identity.primaryPort;
});

const FLAG_RETURN_FALSE   = 1 << 0;
const FLAG_WRONG_PASSWORD = 1 << 1;
const FLAG_BOGUS_USER = 1 << 2;
const FLAG_PREVIOUS_FAILED = 1 << 3;
const CROSS_ORIGIN = 1 << 4;
const FLAG_UTF8_USER = 1 << 5;

const nsIAuthPrompt2 = Components.interfaces.nsIAuthPrompt2;
const nsIAuthInformation = Components.interfaces.nsIAuthInformation;


function AuthPrompt1(flags) {
  this.flags = flags;
}

    if (this.flags & FLAG_RETURN_FALSE)
    {
      this.flags |= FLAG_PREVIOUS_FAILED;
      return false;
    }

    if (this.flags & FLAG_BOGUS_USER)
      this.user = "foo\nbar";
    if (this.flags & FLAG_UTF8_USER)
      this.user = "\u0443\u0442\u04448";

    authInfo.username = this.user;
    if (this.flags & FLAG_WRONG_PASSWORD) {
      authInfo.password = this.pass + ".wrong";
      this.flags |= FLAG_PREVIOUS_FAILED;
      // Now clear the flag to avoid an infinite loop
      this.flags &= ~FLAG_WRONG_PASSWORD;
    } else {

      contentPolicyType: Components.interfaces.nsIContentPolicy.TYPE_OTHER
    });
}

var tests = [test_noauth, test_returnfalse1, test_wrongpw1, test_prompt1,
             test_prompt1CrossOrigin, test_prompt2CrossOrigin,
             test_returnfalse2, test_wrongpw2, test_prompt2, test_ntlm,
             test_basicrealm, test_digest_noauth, test_digest,
             test_digest_bogus_user, test_large_realm, test_large_domain,
             test_userhash, test_charset];

var current_test = 0;

var httpserv = null;

function run_test() {
  httpserv = new HttpServer();

  httpserv.registerPathHandler("/auth", authHandler);
  httpserv.registerPathHandler("/auth/ntlm/simple", authNtlmSimple);
  httpserv.registerPathHandler("/auth/realm", authRealm);
  httpserv.registerPathHandler("/auth/digest", authDigest);
  httpserv.registerPathHandler("/largeRealm", largeRealm);
  httpserv.registerPathHandler("/largeDomain", largeDomain);
  httpserv.registerPathHandler("/auth/digest/authUserhash", authUserhash);
  httpserv.registerPathHandler("/auth/digest/authCharset", authCharset);

  httpserv.start(-1);

  tests[0]();
}

function test_noauth() {
  var chan = makeChan(URL + "/auth", URL);

  var chan = makeChan(URL + "/auth/digest", URL);
  chan.notificationCallbacks =  new Requestor(FLAG_BOGUS_USER, 2);
  listener.expectedCode = 401; // unauthorized
  chan.asyncOpen2(listener);

  do_test_pending();
}

function test_userhash() {
  var chan = makeChan(URL + "/auth/digest/authUserhash", URL);

  chan.notificationCallbacks = new Requestor(0, 2);
  listener.expectedCode = 200; // OK
  chan.asyncOpen2(listener);

  do_test_pending();
}

function test_charset() {
  var chan = makeChan(URL + "/auth/digest/authCharset", URL);

  chan.notificationCallbacks = new Requestor(FLAG_UTF8_USER, 2);
  listener.expectedCode = 200; // OK
  chan.asyncOpen2(listener);

  do_test_pending();
}

// PATH HANDLERS

// /auth
function authHandler(metadata, response) {
  // btoa("guest:guest"), but that function is not available here
  var expectedHeader = "Basic Z3Vlc3Q6Z3Vlc3Q=";

  var body;

 return data;
}

// return the two-digit hexadecimal code for a byte
function toHexString(charCode) {
 return ("0" + charCode.toString(16)).slice(-2);
}

function H(str, algorithm) {
 var data = bytesFromString(str);
 var ch = Components.classes["@mozilla.org/security/hash;1"]
            .createInstance(Components.interfaces.nsICryptoHash);
 if (algorithm == "MD5") {
   ch.init(Components.interfaces.nsICryptoHash.MD5);
 } else if (algorithm == "SHA-256") {
   ch.init(Components.interfaces.nsICryptoHash.SHA256);
 } else {
   do_throw("Algorithm not set!");
 }
 ch.update(data, data.length);
 var hash = ch.finish(false);
 return Array.from(hash, (c, i) => toHexString(hash.charCodeAt(i))).join("");
}

//
// Digest handler
//
// /auth/digest
function authDigest(metadata, response) {
 var nonce = "6f93719059cf8d568005727f3250e798";
 var opaque = "1234opaque1234";
 var cnonceRE = /cnonce="(\w+)"/;
 var responseRE = /response="(\w+)"/;
 var usernameRE = /username="(\w+)"/;
 var algorithmRE = /algorithm=(\w+[-\d]*)/;
 var authenticate = 'Digest realm="secret", domain="/",  qop=auth,' +
                    'algorithm=MD5, nonce="' + nonce+ '" opaque="' + 
                     opaque + '"' + ', algorithm=SHA-256';
 var body;
 // check creds if we have them
 if (metadata.hasHeader("Authorization")) {
   var auth = metadata.getHeader("Authorization");
   var cnonce = (auth.match(cnonceRE))[1];
   var clientDigest = (auth.match(responseRE))[1];
   var username = (auth.match(usernameRE))[1];
   var algorithm = (auth.match(algorithmRE))[1];
   var nc = "00000001";
   
   if (username != "guest") {
     response.setStatusLine(metadata.httpVersion, 400, "bad request");
     body = "should never get here";
   } else {
     // see RFC2617 for the description of this calculation
     var A1 = "guest:secret:guest";
     var A2 = "GET:/auth/digest";
     var noncebits = [nonce, nc, cnonce, "auth", H(A2, algorithm)].join(":");
     var digest = H([H(A1, algorithm), noncebits].join(":"), algorithm);

     if (clientDigest == digest) {
       response.setStatusLine(metadata.httpVersion, 200, "OK, authorized");
       body = "success";
     } else {
       response.setStatusLine(metadata.httpVersion, 401, "Unauthorized");
       response.setHeader("WWW-Authenticate", authenticate, false);
       body = "auth failed";

		     "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" +
		     "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" +
		     '"');

  body = "need to authenticate";
  response.bodyOutputStream.write(body, body.length);
}

function authUserhash(metadata, response) {
  var usernameRE = /username="(\w+)"/;
  var algorithmRE = /algorithm=(\w+[-\d]*)/;
  var userhashRE = /userhash=(\w+)/;
  var authenticate = 'Digest realm="secret", algorithm=SHA-256, userhash=true';
  var body;
  if (metadata.hasHeader("Authorization")) {
    var auth = metadata.getHeader("Authorization");
    var username = (auth.match(usernameRE))[1];
    var algorithm = (auth.match(algorithmRE))[1];
    var userhash = (auth.match(userhashRE))[1];
    if (userhash == "true") {
      if (username != H("guest:secret", algorithm)) {
        response.setStatusLine(metadata.httpVersion, 400, "bad request");
        body = "should never get here";
      } else {
        response.setStatusLine(metadata.httpVersion, 200, "OK, authorized");
        body = "success";
      }
    } else {
      response.setStatusLine(metadata.httpVersion, 400, "bad request");
      body = "need userhash";
    }
  } else {
    response.setStatusLine(metadata.httpVersion, 401, "Unauthorized");
    response.setHeader("WWW-Authenticate", authenticate, false);
    var body = "failed, no header";
  }
  response.bodyOutputStream.write(body, body.length);
}

function authCharset(metadata, response) {
  var usernameRE = /username\*=UTF-8''([%\w]+)/;
  var authenticate = 'Digest realm="secret", charset=UTF-8';
  var body;
  if (metadata.hasHeader("Authorization")) {
    var auth = metadata.getHeader("Authorization");
    var username = decodeURI((auth.match(usernameRE))[1]);
    if (username != "\u0443\u0442\u04448") {
      response.setStatusLine(metadata.httpVersion, 400, "bad request");
      body = "should never get here";
    } else {
      response.setStatusLine(metadata.httpVersion, 200, "OK, authorized");
      body = "success";
    }
  } else {
    response.setStatusLine(metadata.httpVersion, 401, "Unauthorized");
    response.setHeader("WWW-Authenticate", authenticate, false);
    var body = "failed, no header";
  }
  response.bodyOutputStream.write(body, body.length);
}

function test_large_realm() {
  var chan = makeChan(URL + "/largeRealm", URL);

  listener.expectedCode = 401; // Unauthorized
  chan.asyncOpen2(listener);

  do_test_pending();
}

Return to bug 41489

Bugzilla

Quick Search

Attachment #8821683: patch for test digest for bug #41489