#import "HTTPAuthenticationRequest.h"
#import "HTTPMessage.h"
#if ! __has_feature(objc_arc)
#warning This file must be compiled with ARC. Use -fobjc-arc flag (or convert project to ARC).
#endif
@interface HTTPAuthenticationRequest (PrivateAPI)
- (NSString *)quotedSubHeaderFieldValue:(NSString *)param fromHeaderFieldValue:(NSString *)header;
- (NSString *)nonquotedSubHeaderFieldValue:(NSString *)param fromHeaderFieldValue:(NSString *)header;
@end
@implementation HTTPAuthenticationRequest
- (id)initWithRequest:(HTTPMessage *)request
{
if ((self = [super init]))
{
NSString *authInfo = [request headerField:@"Authorization"];
isBasic = NO;
if ([authInfo length] >= 6)
{
isBasic = [[authInfo substringToIndex:6] caseInsensitiveCompare:@"Basic "] == NSOrderedSame;
}
isDigest = NO;
if ([authInfo length] >= 7)
{
isDigest = [[authInfo substringToIndex:7] caseInsensitiveCompare:@"Digest "] == NSOrderedSame;
}
if (isBasic)
{
NSMutableString *temp = [[authInfo substringFromIndex:6] mutableCopy];
CFStringTrimWhitespace((__bridge CFMutableStringRef)temp);
base64Credentials = [temp copy];
}
if (isDigest)
{
username = [self quotedSubHeaderFieldValue:@"username" fromHeaderFieldValue:authInfo];
realm = [self quotedSubHeaderFieldValue:@"realm" fromHeaderFieldValue:authInfo];
nonce = [self quotedSubHeaderFieldValue:@"nonce" fromHeaderFieldValue:authInfo];
uri = [self quotedSubHeaderFieldValue:@"uri" fromHeaderFieldValue:authInfo];
// It appears from RFC 2617 that the qop is to be given unquoted
// Tests show that Firefox performs this way, but Safari does not
// Thus we'll attempt to retrieve the value as nonquoted, but we'll verify it doesn't start with a quote
qop = [self nonquotedSubHeaderFieldValue:@"qop" fromHeaderFieldValue:authInfo];
if(qop && ([qop characterAtIndex:0] == '"'))
{
qop = [self quotedSubHeaderFieldValue:@"qop" fromHeaderFieldValue:authInfo];
}
nc = [self nonquotedSubHeaderFieldValue:@"nc" fromHeaderFieldValue:authInfo];
cnonce = [self quotedSubHeaderFieldValue:@"cnonce" fromHeaderFieldValue:authInfo];
response = [self quotedSubHeaderFieldValue:@"response" fromHeaderFieldValue:authInfo];
}
}
return self;
}
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
#pragma mark Accessors:
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
- (BOOL)isBasic {
return isBasic;
}
- (BOOL)isDigest {
return isDigest;
}
- (NSString *)base64Credentials {
return base64Credentials;
}
- (NSString *)username {
return username;
}
- (NSString *)realm {
return realm;
}
- (NSString *)nonce {
return nonce;
}
- (NSString *)uri {
return uri;
}
- (NSString *)qop {
return qop;
}
- (NSString *)nc {
return nc;
}
- (NSString *)cnonce {
return cnonce;
}
- (NSString *)response {
return response;
}
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
#pragma mark Private API:
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
/**
* Retrieves a "Sub Header Field Value" from a given header field value.
* The sub header field is expected to be quoted.
*
* In the following header field:
* Authorization: Digest username="Mufasa", qop=auth, response="6629fae4939"
* The sub header field titled 'username' is quoted, and this method would return the value @"Mufasa".
**/
- (NSString *)quotedSubHeaderFieldValue:(NSString *)param fromHeaderFieldValue:(NSString *)header
{
NSRange startRange = [header rangeOfString:[NSString stringWithFormat:@"%@=\"", param]];
if(startRange.location == NSNotFound)
{
// The param was not found anywhere in the header
return nil;
}
NSUInteger postStartRangeLocation = startRange.location + startRange.length;
NSUInteger postStartRangeLength = [header length] - postStartRangeLocation;
NSRange postStartRange = NSMakeRange(postStartRangeLocation, postStartRangeLength);
NSRange endRange = [header rangeOfString:@"\"" options:0 range:postStartRange];
if(endRange.location == NSNotFound)
{
// The ending double-quote was not found anywhere in the header
return nil;
}
NSRange subHeaderRange = NSMakeRange(postStartRangeLocation, endRange.location - postStartRangeLocation);
return [header substringWithRange:subHeaderRange];
}
/**
* Retrieves a "Sub Header Field Value" from a given header field value.
* The sub header field is expected to not be quoted.
*
* In the following header field:
* Authorization: Digest username="Mufasa", qop=auth, response="6629fae4939"
* The sub header field titled 'qop' is nonquoted, and this method would return the value @"auth".
**/
- (NSString *)nonquotedSubHeaderFieldValue:(NSString *)param fromHeaderFieldValue:(NSString *)header
{
NSRange startRange = [header rangeOfString:[NSString stringWithFormat:@"%@=", param]];
if(startRange.location == NSNotFound)
{
// The param was not found anywhere in the header
return nil;
}
NSUInteger postStartRangeLocation = startRange.location + startRange.length;
NSUInteger postStartRangeLength = [header length] - postStartRangeLocation;
NSRange postStartRange = NSMakeRange(postStartRangeLocation, postStartRangeLength);
NSRange endRange = [header rangeOfString:@"," options:0 range:postStartRange];
if(endRange.location == NSNotFound)
{
// The ending comma was not found anywhere in the header
// However, if the nonquoted param is at the end of the string, there would be no comma
// This is only possible if there are no spaces anywhere
NSRange endRange2 = [header rangeOfString:@" " options:0 range:postStartRange];
if(endRange2.location != NSNotFound)
{
return nil;
}
else
{
return [header substringWithRange:postStartRange];
}
}
else
{
NSRange subHeaderRange = NSMakeRange(postStartRangeLocation, endRange.location - postStartRangeLocation);
return [header substringWithRange:subHeaderRange];
}
}
@end