historical/toontown-classic.git/panda/include/httpDigestAuthorization.h

/**
 * PANDA 3D SOFTWARE
 * Copyright (c) Carnegie Mellon University.  All rights reserved.
 *
 * All use of this software is subject to the terms of the revised BSD
 * license.  You should have received a copy of this license along
 * with this source code in a file named "LICENSE."
 *
 * @file httpDigestAuthorization.h
 * @author drose
 * @date 2002-10-25
 */

#ifndef HTTPDIGESTAUTHORIZATION_H
#define HTTPDIGESTAUTHORIZATION_H

#include "pandabase.h"

// This module requires OpenSSL to compile, even though it doesn't actually
// use any OpenSSL code, because it is a support module for HTTPChannel, which
// *does* use OpenSSL code.

#ifdef HAVE_OPENSSL

#include "httpAuthorization.h"

/**
 * Implements the "Digest" type of HTTP authorization.  This is designed to be
 * an improvement over "Basic" authorization, in that it does not send
 * passwords over the net in cleartext, and it is harder to spoof.
 */
class HTTPDigestAuthorization : public HTTPAuthorization {
public:
  HTTPDigestAuthorization(const Tokens &tokens, const URLSpec &url,
                          bool is_proxy);
  virtual ~HTTPDigestAuthorization();

  virtual const std::string &get_mechanism() const;
  virtual bool is_valid();

  virtual std::string generate(HTTPEnum::Method method, const std::string &request_path,
                          const std::string &username, const std::string &body);

public:
  enum Algorithm {
    A_unknown,
    A_md5,
    A_md5_sess,
  };
  enum Qop {
    // These are used as a bitfield.
    Q_unused   = 0x000,
    Q_auth     = 0x001,
    Q_auth_int = 0x002,
  };

private:
  static int match_qop_token(const std::string &token);

  std::string calc_request_digest(const std::string &username, const std::string &password,
                             HTTPEnum::Method method,
                             const std::string &request_path, const std::string &body);
  std::string calc_h(const std::string &data) const;
  std::string calc_kd(const std::string &secret, const std::string &data) const;
  std::string get_a1(const std::string &username, const std::string &password);
  std::string get_a2(HTTPEnum::Method method, const std::string &request_path,
                const std::string &body);
  std::string get_hex_nonce_count() const;

  static std::string calc_md5(const std::string &source);
  INLINE static char hexdigit(int value);

  std::string _cnonce;
  std::string _nonce;
  int _nonce_count;
  std::string _opaque;

  Algorithm _algorithm;
  std::string _a1;

  int _qop;
  Qop _chosen_qop;

  static const std::string _mechanism;
};

std::ostream &operator << (std::ostream &out, HTTPDigestAuthorization::Algorithm algorithm);
std::ostream &operator << (std::ostream &out, HTTPDigestAuthorization::Qop qop);

#include "httpDigestAuthorization.I"

#endif  // HAVE_OPENSSL

#endif
phht hahahahaah 2024-01-16 11:20:27 -06:00			`/**`
			`* PANDA 3D SOFTWARE`
			`* Copyright (c) Carnegie Mellon University. All rights reserved.`
			`*`
			`* All use of this software is subject to the terms of the revised BSD`
			`* license. You should have received a copy of this license along`
			`* with this source code in a file named "LICENSE."`
			`*`
			`* @file httpDigestAuthorization.h`
			`* @author drose`
			`* @date 2002-10-25`
			`*/`

			`#ifndef HTTPDIGESTAUTHORIZATION_H`
			`#define HTTPDIGESTAUTHORIZATION_H`

			`#include "pandabase.h"`

			`// This module requires OpenSSL to compile, even though it doesn't actually`
			`// use any OpenSSL code, because it is a support module for HTTPChannel, which`
			`// does use OpenSSL code.`

			`#ifdef HAVE_OPENSSL`

			`#include "httpAuthorization.h"`

			`/**`
			`* Implements the "Digest" type of HTTP authorization. This is designed to be`
			`* an improvement over "Basic" authorization, in that it does not send`
			`* passwords over the net in cleartext, and it is harder to spoof.`
			`*/`
			`class HTTPDigestAuthorization : public HTTPAuthorization {`
			`public:`
			`HTTPDigestAuthorization(const Tokens &tokens, const URLSpec &url,`
			`bool is_proxy);`
			`virtual ~HTTPDigestAuthorization();`

			`virtual const std::string &get_mechanism() const;`
			`virtual bool is_valid();`

			`virtual std::string generate(HTTPEnum::Method method, const std::string &request_path,`
			`const std::string &username, const std::string &body);`

			`public:`
			`enum Algorithm {`
			`A_unknown,`
			`A_md5,`
			`A_md5_sess,`
			`};`
			`enum Qop {`
			`// These are used as a bitfield.`
			`Q_unused = 0x000,`
			`Q_auth = 0x001,`
			`Q_auth_int = 0x002,`
			`};`

			`private:`
			`static int match_qop_token(const std::string &token);`

			`std::string calc_request_digest(const std::string &username, const std::string &password,`
			`HTTPEnum::Method method,`
			`const std::string &request_path, const std::string &body);`
			`std::string calc_h(const std::string &data) const;`
			`std::string calc_kd(const std::string &secret, const std::string &data) const;`
			`std::string get_a1(const std::string &username, const std::string &password);`
			`std::string get_a2(HTTPEnum::Method method, const std::string &request_path,`
			`const std::string &body);`
			`std::string get_hex_nonce_count() const;`

			`static std::string calc_md5(const std::string &source);`
			`INLINE static char hexdigit(int value);`

			`std::string _cnonce;`
			`std::string _nonce;`
			`int _nonce_count;`
			`std::string _opaque;`

			`Algorithm _algorithm;`
			`std::string _a1;`

			`int _qop;`
			`Qop _chosen_qop;`

			`static const std::string _mechanism;`
			`};`

			`std::ostream &operator << (std::ostream &out, HTTPDigestAuthorization::Algorithm algorithm);`
			`std::ostream &operator << (std::ostream &out, HTTPDigestAuthorization::Qop qop);`

			`#include "httpDigestAuthorization.I"`

			`#endif // HAVE_OPENSSL`

			`#endif`