[CalendarServer-changes] [15144] CalDAVClientLibrary/trunk

source_changes at macosforge.org source_changes at macosforge.org
Tue Sep 22 11:03:08 PDT 2015 

Revision: 15144
          http://trac.calendarserver.org//changeset/15144
Author:   cdaboo at apple.com
Date:     2015-09-22 11:03:08 -0700 (Tue, 22 Sep 2015)
Log Message:
-----------
Need pycalendar project reference. Fix digest auth with algo=md5-sess.

Modified Paths:
--------------
    CalDAVClientLibrary/trunk/.project
    CalDAVClientLibrary/trunk/caldavclientlibrary/protocol/http/authentication/digest.py

Modified: CalDAVClientLibrary/trunk/.project
===================================================================
--- CalDAVClientLibrary/trunk/.project	2015-09-22 14:17:15 UTC (rev 15143)
+++ CalDAVClientLibrary/trunk/.project	2015-09-22 18:03:08 UTC (rev 15144)
@@ -3,6 +3,7 @@
 	<name>CalDAVClientLibrary</name>
 	<comment></comment>
 	<projects>
+		<project>pycalendar</project>
 		<project>PyKerberos</project>
 	</projects>
 	<buildSpec>

Modified: CalDAVClientLibrary/trunk/caldavclientlibrary/protocol/http/authentication/digest.py
===================================================================
--- CalDAVClientLibrary/trunk/caldavclientlibrary/protocol/http/authentication/digest.py	2015-09-22 14:17:15 UTC (rev 15143)
+++ CalDAVClientLibrary/trunk/caldavclientlibrary/protocol/http/authentication/digest.py	2015-09-22 18:03:08 UTC (rev 15144)
@@ -19,6 +19,7 @@
 from caldavclientlibrary.protocol.http.definitions import headers
 from StringIO import StringIO
 import hashlib
+import uuid
 
 class Digest(Authenticator):
 
@@ -49,8 +50,8 @@
         os.write(" uri=\"%s\"," % (request.getURL(),))
         if "qop" in self.fields:
             os.write(" qop=auth,")
-            os.write(" nc=\"%s\"" % (self.fields['nc'],))
-            os.write(" cnonce=\"%s\"" % (self.fields['cnonce'],))
+            os.write(" nc=%s," % (self.fields['nc'],))
+            os.write(" cnonce=\"%s\"," % (self.fields['cnonce'],))
         os.write(" response=\"%s\"" % (self.response,))
 
         if "algorithm" in self.fields:
@@ -161,29 +162,46 @@
         return HA1.encode('hex')
 
 
+    # DigestCalcHA2
+    @staticmethod
+    def calcHA2(algo, pszMethod, pszDigestUri, pszQop, pszHEntity):
+        """
+        Compute H(A2) from RFC 2617.
+
+        @param pszAlg: The name of the algorithm to use to calculate the digest.
+            Currently supported are md5, md5-sess, and sha.
+        @param pszMethod: The request method.
+        @param pszDigestUri: The request URI.
+        @param pszQop: The Quality-of-Protection value.
+        @param pszHEntity: The hash of the entity body or C{None} if C{pszQop} is
+            not C{'auth-int'}.
+        @return: The hash of the A2 value for the calculation of the response
+            digest.
+        """
+        m = Digest.algorithms[algo]()
+        m.update(pszMethod)
+        m.update(":")
+        m.update(pszDigestUri)
+        if pszQop == "auth-int":
+            m.update(":")
+            m.update(pszHEntity)
+        HA2 = m.digest()
+
+        return HA2.encode('hex')
+
+
     # DigestCalcResponse
     @staticmethod
     def calcResponse(
         HA1,
+        HA2,
         algo,
         pszNonce,
         pszNonceCount,
         pszCNonce,
         pszQop,
-        pszMethod,
-        pszDigestUri,
-        pszHEntity,
     ):
         m = Digest.algorithms[algo]()
-        m.update(pszMethod)
-        m.update(":")
-        m.update(pszDigestUri)
-        if pszQop == "auth-int":
-            m.update(":")
-            m.update(pszHEntity)
-        HA2 = m.digest().encode('hex')
-
-        m = Digest.algorithms[algo]()
         m.update(HA1)
         m.update(":")
         m.update(pszNonce)
@@ -201,21 +219,36 @@
 
 
     def generateResponse(self, request):
-        self.response = Digest.calcResponse(
-            Digest.calcHA1(
-                self.fields.get("algorithm", "md5"),
-                self.fields.get("username", ""),
-                self.fields.get("realm", ""),
-                self.fields.get("password", ""),
-                self.fields.get("nonce", ""),
-                self.fields.get("cnonce", ""),
-            ),
+
+        if self.fields.get("qop", ""):
+            self.clientCount += 1
+            self.fields["cnonce"] = str(uuid.uuid4())
+            self.fields["nc"] = "%08x" % self.clientCount
+        else:
+            self.fields["cnonce"] = ""
+            self.fields["nc"] = ""
+
+        HA1 = Digest.calcHA1(
             self.fields.get("algorithm", "md5"),
+            self.fields.get("username", ""),
+            self.fields.get("realm", ""),
+            self.fields.get("password", ""),
             self.fields.get("nonce", ""),
-            self.fields.get("nc", ""),
             self.fields.get("cnonce", ""),
-            self.fields.get("qop", ""),
+        )
+        HA2 = Digest.calcHA2(
+            self.fields.get("algorithm", "md5"),
             request.method,
             request.url,
+            self.fields.get("qop", ""),
             None,
         )
+        self.response = Digest.calcResponse(
+            HA1,
+            HA2,
+            self.fields.get("algorithm", "md5"),
+            self.fields.get("nonce", ""),
+            self.fields.get("nc", ""),
+            self.fields.get("cnonce", ""),
+            self.fields.get("qop", ""),
+        )
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20150922/0b07cfa8/attachment.html>

More information about the calendarserver-changes mailing list