mirror of
https://github.com/roytam1/palemoon27.git
synced 2026-05-26 14:18:48 +00:00
roytam1
e39f9f88f7
- Bug 1152171 part 2 - Rename AnimationTimeline to DocumentTimeline; r=smaug (26c118319) - Bug 1152171 part 3 - Update web-platform-tests expectations; r=jgraham (b7b4032aa) - Bug 1153734 part 1 - Remove AnimationEffect; r=smaug (9cf67a02e) - Bug 1153734 part 2 - Rename Animation to KeyframeEffectReadonly; r=smaug (b69556ee6) - Bug 1153734 part 3 - Rename AnimationPlayer.source to AnimationPlayer.effect; r=smaug (50d3130ee) - Bug 1153734 part 4 - Rename other uses of 'source' and 'source content'; r=jwatt (b02c4ba36) - Bug 1153734 part 5 - Add AnimationEffectReadonly as a superinterface of KeyframeEffectReadonly; r=smaug (c3395d3f5) - Bug 1149990 - Support replaying of finished CSS transitions by supporting setting of currentTime/startTime. r=birtles (3fb2cb401) - Bug 1154615 part 1 - Rename AnimationPlayer to Animation in WebIDL; r=smaug (6c2125b49) - Bug 1154615 part 2 - Rename PendingPlayerTracker to PendingAnimationTracker; r=jwatt (8d6804def) - Bug 1154615 part 3 - Rename internal members of PendingAnimationTracker; r=jwatt (f348f6355) - Bug 1154615 part 4 - Rename references to players in dom/animation; r=jwatt (0250572e8) - Bug 1117603 part 1 - Don't assume style rules have been refreshed in GetAnimationRule; r=dbaron (a5d340d0f) - remove kungFuDeathGrip (49df758e6) - Bug 1117603 part 2 - Don't unregister from the refresh driver unless we are also queueing events; r=dbaron (715c9caa1) - Bug 1154615 part 5 - Rename AnimationPlayerCollection to AnimationCollection; r=jwatt (4c596f089) - Bug 1154615 part 6 - Rename references to players within layout/; r=jwatt (42405f3fc) - Bug 1154615 part 7 - Rename CSSAnimationPlayer and CSSTransitionPlayer; r=jwatt (49ab272ed) - Bug 1154615 part 8 - Rename references to players in animation observers; r=jwatt (c3fa26d7a) - Bug 1154615 part 9 - Rename test files; r=jwatt (9d9f03e7b) - Bug 1145439 (Part 1) - Throttle requestAnimationFrame for non-visible iframes. r=mstange,mchang (be7d183d6) - Bug 1145439 (Part 2) - Make test_scroll_event_ordering.html wait for rAF to unthrottle. r=roc (9ac8317c9) - Bug 1144324 - Try to register for, and handle, touch events when APZ is enabled. r=dvander,jimm (fb75d1665) - Bug 1144324 - Remove the codepaths that conditionally enable touch events based on touch the presence of touch listeners. r=smaug,jimm (710617e6b) - Bug 1003991 - Disable https:// only load for ServiceWorkers when Developer Tools are open. r=nsm, r=miker (9d6669814) - Bug 1153267 - part 1 - use smart-pointer .forget() instead of NS_ADDREF+assign; r=ehsan (e4555c90c) - Bug 1153267 - part 2 - use smart pointers instead of manual NS_ADDREF'ing outparams; r=ehsan (ae8b60d5a) - Bug 1153267 - fix typo that broke OS X builds on a CLOSED TREE; r=bustage (08fdb3c4f) - Bug 1146843 - Revert part of cset 33c30e283fa8 because the code is used in Fennec. r=snorp (407248257) - Bug 1151940 part 1. Make some readonly properties defined on Window by CSSOM-view replaceable. r=smaug (5cb9b91f0) - Bug 1151940 part 2. Add a convenience function in nsGlobalWindow for replacing a property on the window with a new value. r=smaug (2ba39331c) - Bug 1151940 part 3. Make some writable cssom-view attributes that we only allow setting from chrome act the way readonly replaceables would when called from content. r=smaug (b485e1b44) - Goanna -> Gecko (2c539d7be) - Goanna -> Gecko (25d34e213) - Bug 1148962 - Use TakeOwnershipOfErrorReporting in CPOW code (r=bholley) (96c997639) - pointer style (a07fbffaa) - Bug 1152577: Add 'aReason' argument to AutoEntryScript constructor, and provide plausible names for its instantiations. r=bholley (512fa27e2) - bug 1155691 - Expose WindowRoot to chrome from window in webidl. r=smaug (235281924) - Bug 404828 - No need to assert that the top window isn't reachable. r=smaug (d73154fa0) - Bug 404828 - Followup: remove assertion expectations on a CLOSED TREE. a=tomcat (a5dabe1b7) - Bug 1156102 - Mark nsGlobalWindowObserver::mWindow as MOZ_NON_OWNING_REF; r=baku (c0d4208b7) - Bug 1107801 - Improve gamepad support on MacOS. r=ted (c591bd5ac) - Goanna -> Gecko (d9b81bc9e) - Bug 852944 - Gamepad API IPC; r=ted, r=baku (521892538) - Bug 1143529 part 1. Stop manually calling WrapObject in DataStoreService::GetDataStoresResolve. r=baku (056ad6bfe) - Bug 1143529 part 2. Tighten up the assert in binding Wrap methods. r=peterv (765a13325) - Bug 1152169 - DataStoreService should check if the first revision exists, r=bent (ee371cc5d) - Bug 1152169 followup: Mark FirstRevisionIdCallback methods Run() and HandleEvent() as 'override'. rs=ehsan (8186c4168) - Bug 1143651 - don't use CallQueryInterface when the compiler can do the cast for us; r=ehsan (a50f0a54b) - Bug 1144322 - Handle tabindex in overridden IsInteractiveHTMLContent methods. r=smaug (fd4b9beed) - Bug 1086684 - Stash the full path for file inputs to avoid doing IPC at inopportune times. r=ehsan/bent/gps (b843b1efc) - Bug 1143934 - Disallow mozSetFileNameArray in content processes. r=ehsan (42e5c8c6d) - Bug 1143934 - Fix assorted forms mochitests for e10s-compatibility. r=smaug (7a3babfed) - Bug 1143934 - Work around SessionStore dependency on current brokenness. r=ttaubert (5b0fcb5ce) - Bug 956530 - Clear the delayed caret data when clicking on a selected part of a text control if the focus event handler selects the control; r=roc (2859f07b4) - Bug 956530 follow-up: Fix the test failure on Windows 8 caused by the text box having a glowing outline as a result of being clicked on (d34e8da1a) - Bug 1157898 part 1. Make code of the form "return rv.ErrorCode();" where rv is an ErrorResult use StealNSResult instead. r=peterv (800da50e2) - Bug 1157898 part 2. Make code of the form "NS_ENSURE_SUCCESS(rv.ErrorCode(), rv.ErrorCode());" use Failed and StealNSResult instead. r=peterv (472432a83) - Bug 1157898 part 3. Fix the remaining consumers of rv.ErrorCode() in NS_ENSURE_* expressions to not do that. r=peterv (d452807e7) - Bug 1122238 part 1. Switch to using the new stackframe APIs in JSStackFrame. r=bholley (9d87b261a) - Bug 1122238 part 2. Stop caching things in JSStackFrame when we're called over Xrays. r=bholley (83eda7275) - Bug 1122238 part 3. Drop all the DOMException-cloning and sanitization gunk we added in bug 1107592 and bug 1107953 and bug 1117242 . r=bholley (f237aa948) - add support for NetBSD/SPARC64 (065783b70) - Bug 1153484 - Fetch should ignore invalid headers, but still process later headers. r=nsm (8925ddd77) - Bug 1157754 part 2. Convert consumers of ErrorResult::ClearMessage() to the new better APIs we have for suppressing exceptions on ErrorResult. r=bkelly (6519fbd5e) - Bug 1157754 part 3. Make ClearMessage private on ErrorResult. r=peterv (3fb218692) - Bug 1157898 part 4. Add ErrorResult::ErrorCodeIs() and use it in various places to get rid of ErrorCode(). r=peterv (bed7bfb4c) - Bug 1130686 - Refactor PromiseHolder in the service worker clients code. r=nsm (b3dbdcbfe) - Bug 1130686 - Implement client.focus. r=baku (5dee6d850) - Bug 1149163 part 1 - Clean up nsHTMLEditRules::GetInnerContent; r=froydnj (cc8f65b54) - Bug 1149163 part 2 - Make nsDOMIterator infallible; r=froydnj (d975f6c62) - Bug 1149163 part 3 - Clean up nsHTMLEditRules::BustUpInlinesAtBRs; r=froydnj (58155adad) - Bug 1149163 part 4 - Allow use of temporary nsBoolDomIterFunctor; r=froydnj (dbafec00f) - Bug 1149163 part 5 - Clean up nsHTMLEditRules::GetNodesForOperation; r=froydnj (41179d810) - Bug 1149163 part 6 - Clean up nsHTMLEditRules::LookInsideDivBQandList; r=froydnj (0b757bf14) - Bug 1149163 part 7 - Clean up nsHTMLEditRules::PromoteRange; r=froydnj (c49c714b1) - Bug 1149163 part 8 - Clean up nsHTMLEditRules::GetPromotedRanges; r=froydnj (5163a0026) - Bug 1148228 - Stop checking ul twice (43a22088c) - Bug 1141017 - resurrect serif and monospace. r=ehsan (95a1b6fcf) - Bug 1147412 part 1 - Make methods take nsINode*, not just nsIContent*; r=ehsan (7f762cdbe) - Bug 1147412 part 2 - Clean up nsHTMLEditor::SetInlinePropertyOnTextNode; r=ehsan (faf805587) - Bug 1147412 part 3 - Fix completely broken nsHTMLCSSUtils::IsCSSEquivalentToHTMLInlineStyleSet implementation; r=ehsan (73fea67c1) - Bug 1147412 part 4 - Clean up nsHTMLEditor::GetInlinePropertyBase; r=ehsan (3265bfbce) - Bug 1147412 part 5 - Clean up nsHTMLEditor::RemoveInlinePropertyImpl; r=ehsan (0f402bd7e) - Bug 1147412 part 6 - Remove nsHTMLCSSUtils::IsCSSEditableProperty(nsIDOMNode*,...); r=ehsan (100e4038a) - Bug 1147412 part 7 - Remove nsHTMLCSSUtils::GetComputedStyle(nsIDOMElement*); r=ehsan (6c51103bc) - Bug 1147412 part 8 - Clean up nsHTMLCSSUtils::IsCSSInvertible; r=ehsan (01e60c446) - Bug 1147412 part 9 - Convert some nsHTMLEditor members to Element; r=ehsan (e7efb1ac4) - Bug 1147412 part 10 - Clean up nsHTMLCSSUtils::Get*Property, GetCSSInlinePropertyBase; r=ehsan (54154143d) - Bug 1149163 part 9 - Clean up nsHTMLEditRules::GetNodesFromSelection; r=froydnj (5186308b9) - Bug 1154701 part 1 - Clean up nsHTMLEditor::CreateListOfNodesToPaste; r=ehsan (ea95238d5) - Bug 1153629 part 1 - Clean up nsHTMLEditRules::GetListActionNodes; r=ehsan (51f3b3e95) - Bug 1153629 part 2 - Clean up nsHTMLEditRules::GetParagraphFormatNodes; r=ehsan (a27bd7751) - Bug 1153629 part 3 - Clean up nsHTMLEditRules::GetNodesFromPoint; r=ehsan (edc7e4561) - Bug 1153629 part 4 - Clean up nsHTMLEditRules::ListIsEmptyLine; r=ehsan (ce3289bc7) - Bug 1153629 part 5 - Clean up nsHTMLEditRules::GetChildNodesForOperation; r=ehsan (b3a509dbf) - Bug 1153629 part 6 - Clean up nsHTMLEditRules::MakeBlockquote; r=ehsan (cb3808182) - Bug 1153629 part 7 - Clean up nsHTMLEditRules::RemoveBlockStyle, RemovePartOfBlock; r=ehsan (660b9f76e) - Bug 1153629 part 8 - Clean up nsHTMLEditRules::ApplyBlockStyle; r=ehsan (f54f9538c) - Bug 1153629 part 9 - Clean up nsHTMLEditRules::MakeTransitionList; r=ehsan (fb63cf6d8) - Bug 1153629 part 10 - Clean up nsHTMLEditRules::AlignInnerBlocks; r=ehsan (752d2df7a) - Bug 1153629 part 11 - Clean up nsHTMLEditRules::AdjustSpecialBreaks; r=ehsan (16ef0416b) - Bug 1153629 part 12 - Clean up nsHTMLEditRules::RemoveEmptyNodes; r=ehsan (d528e70e6) - Bug 1154701 part 2 - Use more OwningNonNull in editor; r=ehsan (85b1929e6) - Bug 1154701 part 3 - Clean up nsHTMLEditor::GetListAndTableParents, DiscoverPartialListsAndTables, ScanForListAndTableStructure, ReplaceOrphanedStructure; r=ehsan (7fe31f058) - Bug 1154701 part 4 - Switch nsHTMLEditor::mContentFilters to nsTArray; r=ehsan (64e6dd160) - Bug 1154701 part 5 - Switch nsHTMLEditor::objectResizeEventListeners to nsTArray; r=ehsan (036bc65fe) - Bug 1154701 part 6 - Clean up nsHTMLEditor::SetInlinePropertyOnNodeImpl; r=ehsan (2d619ca16) - Bug 1154701 part 7 - Clean up nsHTMLEditor::SetInlineProperty; r=ehsan (7a367d31b) - Bug 1154701 part 8 - Clean up nsHTMLEditor::SetInlinePropertyOnNode; r=ehsan (707c07d93) - Bug 1154701 part 9 - Clean up nsHTMLEditor::RelativeFontChange; r=ehsan (273ae9c64) - Bug 1154701 part 10 - Switch nsEditor::mActionListeners to nsTArray; r=ehsan (d2b5732fe) - Bug 1154701 part 11 - Switch nsEditor::mEditorObservers to nsTArray; r=ehsan (25a5af12e) - Bug 1154701 part 12 - Switch nsEditor::mDocStateListeners to nsTArray; r=ehsan (665af0792) - Bug 1154701 part 13 - Clean up nsHTMLEditor::SetCSSBackgroundColor; r=ehsan (ba424ade8) - Bug 1154701 part 14 - Remove unused nsCOMArray cruft; r=ehsan (3a8679a67) - Bug 1101651 - Part 1: xpcomrt version of dom media library need for standalone webrtcs. r=jesup (ae37b5464) - Bug 1137447 - New app update telemetry for patch type (complete or partial), extended error codes, and general cleanup. r=bbondy (c736ae502)
702 lines
21 KiB
C++
702 lines
21 KiB
C++
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
|
|
*
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
// HttpLog.h should generally be included first
|
|
#include "HttpLog.h"
|
|
|
|
#include "nsHttp.h"
|
|
#include "nsHttpDigestAuth.h"
|
|
#include "nsIHttpAuthenticableChannel.h"
|
|
#include "nsISupportsPrimitives.h"
|
|
#include "nsIURI.h"
|
|
#include "nsString.h"
|
|
#include "nsEscape.h"
|
|
#include "nsNetCID.h"
|
|
#include "prprf.h"
|
|
#include "nsCRT.h"
|
|
#include "nsICryptoHash.h"
|
|
|
|
namespace mozilla {
|
|
namespace net {
|
|
|
|
//-----------------------------------------------------------------------------
|
|
// nsHttpDigestAuth <public>
|
|
//-----------------------------------------------------------------------------
|
|
|
|
nsHttpDigestAuth::nsHttpDigestAuth()
|
|
{}
|
|
|
|
nsHttpDigestAuth::~nsHttpDigestAuth()
|
|
{}
|
|
|
|
//-----------------------------------------------------------------------------
|
|
// nsHttpDigestAuth::nsISupports
|
|
//-----------------------------------------------------------------------------
|
|
|
|
NS_IMPL_ISUPPORTS(nsHttpDigestAuth, nsIHttpAuthenticator)
|
|
|
|
//-----------------------------------------------------------------------------
|
|
// nsHttpDigestAuth <protected>
|
|
//-----------------------------------------------------------------------------
|
|
|
|
nsresult
|
|
nsHttpDigestAuth::MD5Hash(const char *buf, uint32_t len)
|
|
{
|
|
nsresult rv;
|
|
|
|
// Cache a reference to the nsICryptoHash instance since we'll be calling
|
|
// this function frequently.
|
|
if (!mVerifier) {
|
|
mVerifier = do_CreateInstance(NS_CRYPTO_HASH_CONTRACTID, &rv);
|
|
if (NS_FAILED(rv)) {
|
|
LOG(("nsHttpDigestAuth: no crypto hash!\n"));
|
|
return rv;
|
|
}
|
|
}
|
|
|
|
rv = mVerifier->Init(nsICryptoHash::MD5);
|
|
if (NS_FAILED(rv)) return rv;
|
|
|
|
rv = mVerifier->Update((unsigned char*)buf, len);
|
|
if (NS_FAILED(rv)) return rv;
|
|
|
|
nsAutoCString hashString;
|
|
rv = mVerifier->Finish(false, hashString);
|
|
if (NS_FAILED(rv)) return rv;
|
|
|
|
NS_ENSURE_STATE(hashString.Length() == sizeof(mHashBuf));
|
|
memcpy(mHashBuf, hashString.get(), hashString.Length());
|
|
|
|
return rv;
|
|
}
|
|
|
|
nsresult
|
|
nsHttpDigestAuth::GetMethodAndPath(nsIHttpAuthenticableChannel *authChannel,
|
|
bool isProxyAuth,
|
|
nsCString &httpMethod,
|
|
nsCString &path)
|
|
{
|
|
nsresult rv, rv2;
|
|
nsCOMPtr<nsIURI> uri;
|
|
rv = authChannel->GetURI(getter_AddRefs(uri));
|
|
if (NS_SUCCEEDED(rv)) {
|
|
bool proxyMethodIsConnect;
|
|
rv = authChannel->GetProxyMethodIsConnect(&proxyMethodIsConnect);
|
|
if (NS_SUCCEEDED(rv)) {
|
|
if (proxyMethodIsConnect && isProxyAuth) {
|
|
httpMethod.AssignLiteral("CONNECT");
|
|
//
|
|
// generate hostname:port string. (unfortunately uri->GetHostPort
|
|
// leaves out the port if it matches the default value, so we can't
|
|
// just call it.)
|
|
//
|
|
int32_t port;
|
|
rv = uri->GetAsciiHost(path);
|
|
rv2 = uri->GetPort(&port);
|
|
if (NS_SUCCEEDED(rv) && NS_SUCCEEDED(rv2)) {
|
|
path.Append(':');
|
|
path.AppendInt(port < 0 ? NS_HTTPS_DEFAULT_PORT : port);
|
|
}
|
|
}
|
|
else {
|
|
rv = authChannel->GetRequestMethod(httpMethod);
|
|
rv2 = uri->GetPath(path);
|
|
if (NS_SUCCEEDED(rv) && NS_SUCCEEDED(rv2)) {
|
|
//
|
|
// strip any fragment identifier from the URL path.
|
|
//
|
|
int32_t ref = path.RFindChar('#');
|
|
if (ref != kNotFound)
|
|
path.Truncate(ref);
|
|
//
|
|
// make sure we escape any UTF-8 characters in the URI path. the
|
|
// digest auth uri attribute needs to match the request-URI.
|
|
//
|
|
// XXX we should really ask the HTTP channel for this string
|
|
// instead of regenerating it here.
|
|
//
|
|
nsAutoCString buf;
|
|
path = NS_EscapeURL(path, esc_OnlyNonASCII, buf);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
return rv;
|
|
}
|
|
|
|
//-----------------------------------------------------------------------------
|
|
// nsHttpDigestAuth::nsIHttpAuthenticator
|
|
//-----------------------------------------------------------------------------
|
|
|
|
NS_IMETHODIMP
|
|
nsHttpDigestAuth::ChallengeReceived(nsIHttpAuthenticableChannel *authChannel,
|
|
const char *challenge,
|
|
bool isProxyAuth,
|
|
nsISupports **sessionState,
|
|
nsISupports **continuationState,
|
|
bool *result)
|
|
{
|
|
nsAutoCString realm, domain, nonce, opaque;
|
|
bool stale;
|
|
uint16_t algorithm, qop;
|
|
|
|
nsresult rv = ParseChallenge(challenge, realm, domain, nonce, opaque,
|
|
&stale, &algorithm, &qop);
|
|
if (NS_FAILED(rv)) return rv;
|
|
|
|
// if the challenge has the "stale" flag set, then the user identity is not
|
|
// necessarily invalid. by returning FALSE here we can suppress username
|
|
// and password prompting that usually accompanies a 401/407 challenge.
|
|
*result = !stale;
|
|
|
|
// clear any existing nonce_count since we have a new challenge.
|
|
NS_IF_RELEASE(*sessionState);
|
|
return NS_OK;
|
|
}
|
|
|
|
NS_IMETHODIMP
|
|
nsHttpDigestAuth::GenerateCredentials(nsIHttpAuthenticableChannel *authChannel,
|
|
const char *challenge,
|
|
bool isProxyAuth,
|
|
const char16_t *userdomain,
|
|
const char16_t *username,
|
|
const char16_t *password,
|
|
nsISupports **sessionState,
|
|
nsISupports **continuationState,
|
|
uint32_t *aFlags,
|
|
char **creds)
|
|
|
|
{
|
|
LOG(("nsHttpDigestAuth::GenerateCredentials [challenge=%s]\n", challenge));
|
|
|
|
NS_ENSURE_ARG_POINTER(creds);
|
|
|
|
*aFlags = 0;
|
|
|
|
bool isDigestAuth = !PL_strncasecmp(challenge, "digest ", 7);
|
|
NS_ENSURE_TRUE(isDigestAuth, NS_ERROR_UNEXPECTED);
|
|
|
|
// IIS implementation requires extra quotes
|
|
bool requireExtraQuotes = false;
|
|
{
|
|
nsAutoCString serverVal;
|
|
authChannel->GetServerResponseHeader(serverVal);
|
|
if (!serverVal.IsEmpty()) {
|
|
requireExtraQuotes = !PL_strncasecmp(serverVal.get(), "Microsoft-IIS", 13);
|
|
}
|
|
}
|
|
|
|
nsresult rv;
|
|
nsAutoCString httpMethod;
|
|
nsAutoCString path;
|
|
rv = GetMethodAndPath(authChannel, isProxyAuth, httpMethod, path);
|
|
if (NS_FAILED(rv)) return rv;
|
|
|
|
nsAutoCString realm, domain, nonce, opaque;
|
|
bool stale;
|
|
uint16_t algorithm, qop;
|
|
|
|
rv = ParseChallenge(challenge, realm, domain, nonce, opaque,
|
|
&stale, &algorithm, &qop);
|
|
if (NS_FAILED(rv)) {
|
|
LOG(("nsHttpDigestAuth::GenerateCredentials [ParseChallenge failed rv=%x]\n", rv));
|
|
return rv;
|
|
}
|
|
|
|
char ha1_digest[EXPANDED_DIGEST_LENGTH+1];
|
|
char ha2_digest[EXPANDED_DIGEST_LENGTH+1];
|
|
char response_digest[EXPANDED_DIGEST_LENGTH+1];
|
|
char upload_data_digest[EXPANDED_DIGEST_LENGTH+1];
|
|
|
|
if (qop & QOP_AUTH_INT) {
|
|
// we do not support auth-int "quality of protection" currently
|
|
qop &= ~QOP_AUTH_INT;
|
|
|
|
NS_WARNING("no support for Digest authentication with data integrity quality of protection");
|
|
|
|
/* TODO: to support auth-int, we need to get an MD5 digest of
|
|
* TODO: the data uploaded with this request.
|
|
* TODO: however, i am not sure how to read in the file in without
|
|
* TODO: disturbing the channel''s use of it. do i need to copy it
|
|
* TODO: somehow?
|
|
*/
|
|
#if 0
|
|
if (http_channel != nullptr)
|
|
{
|
|
nsIInputStream * upload;
|
|
nsCOMPtr<nsIUploadChannel> uc = do_QueryInterface(http_channel);
|
|
NS_ENSURE_TRUE(uc, NS_ERROR_UNEXPECTED);
|
|
uc->GetUploadStream(&upload);
|
|
if (upload) {
|
|
char * upload_buffer;
|
|
int upload_buffer_length = 0;
|
|
//TODO: read input stream into buffer
|
|
const char * digest = (const char*)
|
|
nsNetwerkMD5Digest(upload_buffer, upload_buffer_length);
|
|
ExpandToHex(digest, upload_data_digest);
|
|
NS_RELEASE(upload);
|
|
}
|
|
}
|
|
#endif
|
|
}
|
|
|
|
if (!(algorithm & ALGO_MD5 || algorithm & ALGO_MD5_SESS)) {
|
|
// they asked only for algorithms that we do not support
|
|
NS_WARNING("unsupported algorithm requested by Digest authentication");
|
|
return NS_ERROR_NOT_IMPLEMENTED;
|
|
}
|
|
|
|
//
|
|
// the following are for increasing security. see RFC 2617 for more
|
|
// information.
|
|
//
|
|
// nonce_count allows the server to keep track of auth challenges (to help
|
|
// prevent spoofing). we increase this count every time.
|
|
//
|
|
char nonce_count[NONCE_COUNT_LENGTH+1] = "00000001"; // in hex
|
|
if (*sessionState) {
|
|
nsCOMPtr<nsISupportsPRUint32> v(do_QueryInterface(*sessionState));
|
|
if (v) {
|
|
uint32_t nc;
|
|
v->GetData(&nc);
|
|
PR_snprintf(nonce_count, sizeof(nonce_count), "%08x", ++nc);
|
|
v->SetData(nc);
|
|
}
|
|
}
|
|
else {
|
|
nsCOMPtr<nsISupportsPRUint32> v(
|
|
do_CreateInstance(NS_SUPPORTS_PRUINT32_CONTRACTID));
|
|
if (v) {
|
|
v->SetData(1);
|
|
v.forget(sessionState);
|
|
}
|
|
}
|
|
LOG((" nonce_count=%s\n", nonce_count));
|
|
|
|
//
|
|
// this lets the client verify the server response (via a server
|
|
// returned Authentication-Info header). also used for session info.
|
|
//
|
|
nsAutoCString cnonce;
|
|
static const char hexChar[] = "0123456789abcdef";
|
|
for (int i=0; i<16; ++i) {
|
|
cnonce.Append(hexChar[(int)(15.0 * rand()/(RAND_MAX + 1.0))]);
|
|
}
|
|
LOG((" cnonce=%s\n", cnonce.get()));
|
|
|
|
//
|
|
// calculate credentials
|
|
//
|
|
|
|
NS_ConvertUTF16toUTF8 cUser(username), cPass(password);
|
|
rv = CalculateHA1(cUser, cPass, realm, algorithm, nonce, cnonce, ha1_digest);
|
|
if (NS_FAILED(rv)) return rv;
|
|
|
|
rv = CalculateHA2(httpMethod, path, qop, upload_data_digest, ha2_digest);
|
|
if (NS_FAILED(rv)) return rv;
|
|
|
|
rv = CalculateResponse(ha1_digest, ha2_digest, nonce, qop, nonce_count,
|
|
cnonce, response_digest);
|
|
if (NS_FAILED(rv)) return rv;
|
|
|
|
//
|
|
// Values that need to match the quoted-string production from RFC 2616:
|
|
//
|
|
// username
|
|
// realm
|
|
// nonce
|
|
// opaque
|
|
// cnonce
|
|
//
|
|
|
|
nsAutoCString authString;
|
|
|
|
authString.AssignLiteral("Digest username=");
|
|
rv = AppendQuotedString(cUser, authString);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
authString.AppendLiteral(", realm=");
|
|
rv = AppendQuotedString(realm, authString);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
authString.AppendLiteral(", nonce=");
|
|
rv = AppendQuotedString(nonce, authString);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
authString.AppendLiteral(", uri=\"");
|
|
authString += path;
|
|
if (algorithm & ALGO_SPECIFIED) {
|
|
authString.AppendLiteral("\", algorithm=");
|
|
if (algorithm & ALGO_MD5_SESS)
|
|
authString.AppendLiteral("MD5-sess");
|
|
else
|
|
authString.AppendLiteral("MD5");
|
|
} else {
|
|
authString += '\"';
|
|
}
|
|
authString.AppendLiteral(", response=\"");
|
|
authString += response_digest;
|
|
authString += '\"';
|
|
|
|
if (!opaque.IsEmpty()) {
|
|
authString.AppendLiteral(", opaque=");
|
|
rv = AppendQuotedString(opaque, authString);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
}
|
|
|
|
if (qop) {
|
|
authString.AppendLiteral(", qop=");
|
|
if (requireExtraQuotes)
|
|
authString += '\"';
|
|
authString.AppendLiteral("auth");
|
|
if (qop & QOP_AUTH_INT)
|
|
authString.AppendLiteral("-int");
|
|
if (requireExtraQuotes)
|
|
authString += '\"';
|
|
authString.AppendLiteral(", nc=");
|
|
authString += nonce_count;
|
|
|
|
authString.AppendLiteral(", cnonce=");
|
|
rv = AppendQuotedString(cnonce, authString);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
}
|
|
|
|
|
|
*creds = ToNewCString(authString);
|
|
return NS_OK;
|
|
}
|
|
|
|
NS_IMETHODIMP
|
|
nsHttpDigestAuth::GetAuthFlags(uint32_t *flags)
|
|
{
|
|
*flags = REQUEST_BASED | REUSABLE_CHALLENGE | IDENTITY_ENCRYPTED;
|
|
//
|
|
// NOTE: digest auth credentials must be uniquely computed for each request,
|
|
// so we do not set the REUSABLE_CREDENTIALS flag.
|
|
//
|
|
return NS_OK;
|
|
}
|
|
|
|
nsresult
|
|
nsHttpDigestAuth::CalculateResponse(const char * ha1_digest,
|
|
const char * ha2_digest,
|
|
const nsAFlatCString & nonce,
|
|
uint16_t qop,
|
|
const char * nonce_count,
|
|
const nsAFlatCString & cnonce,
|
|
char * result)
|
|
{
|
|
uint32_t len = 2*EXPANDED_DIGEST_LENGTH + nonce.Length() + 2;
|
|
|
|
if (qop & QOP_AUTH || qop & QOP_AUTH_INT) {
|
|
len += cnonce.Length() + NONCE_COUNT_LENGTH + 3;
|
|
if (qop & QOP_AUTH_INT)
|
|
len += 8; // length of "auth-int"
|
|
else
|
|
len += 4; // length of "auth"
|
|
}
|
|
|
|
nsAutoCString contents;
|
|
contents.SetCapacity(len);
|
|
|
|
contents.Assign(ha1_digest, EXPANDED_DIGEST_LENGTH);
|
|
contents.Append(':');
|
|
contents.Append(nonce);
|
|
contents.Append(':');
|
|
|
|
if (qop & QOP_AUTH || qop & QOP_AUTH_INT) {
|
|
contents.Append(nonce_count, NONCE_COUNT_LENGTH);
|
|
contents.Append(':');
|
|
contents.Append(cnonce);
|
|
contents.Append(':');
|
|
if (qop & QOP_AUTH_INT)
|
|
contents.AppendLiteral("auth-int:");
|
|
else
|
|
contents.AppendLiteral("auth:");
|
|
}
|
|
|
|
contents.Append(ha2_digest, EXPANDED_DIGEST_LENGTH);
|
|
|
|
nsresult rv = MD5Hash(contents.get(), contents.Length());
|
|
if (NS_SUCCEEDED(rv))
|
|
rv = ExpandToHex(mHashBuf, result);
|
|
return rv;
|
|
}
|
|
|
|
nsresult
|
|
nsHttpDigestAuth::ExpandToHex(const char * digest, char * result)
|
|
{
|
|
int16_t index, value;
|
|
|
|
for (index = 0; index < DIGEST_LENGTH; index++) {
|
|
value = (digest[index] >> 4) & 0xf;
|
|
if (value < 10)
|
|
result[index*2] = value + '0';
|
|
else
|
|
result[index*2] = value - 10 + 'a';
|
|
|
|
value = digest[index] & 0xf;
|
|
if (value < 10)
|
|
result[(index*2)+1] = value + '0';
|
|
else
|
|
result[(index*2)+1] = value - 10 + 'a';
|
|
}
|
|
|
|
result[EXPANDED_DIGEST_LENGTH] = 0;
|
|
return NS_OK;
|
|
}
|
|
|
|
nsresult
|
|
nsHttpDigestAuth::CalculateHA1(const nsAFlatCString & username,
|
|
const nsAFlatCString & password,
|
|
const nsAFlatCString & realm,
|
|
uint16_t algorithm,
|
|
const nsAFlatCString & nonce,
|
|
const nsAFlatCString & cnonce,
|
|
char * result)
|
|
{
|
|
int16_t len = username.Length() + password.Length() + realm.Length() + 2;
|
|
if (algorithm & ALGO_MD5_SESS) {
|
|
int16_t exlen = EXPANDED_DIGEST_LENGTH + nonce.Length() + cnonce.Length() + 2;
|
|
if (exlen > len)
|
|
len = exlen;
|
|
}
|
|
|
|
nsAutoCString contents;
|
|
contents.SetCapacity(len + 1);
|
|
|
|
contents.Assign(username);
|
|
contents.Append(':');
|
|
contents.Append(realm);
|
|
contents.Append(':');
|
|
contents.Append(password);
|
|
|
|
nsresult rv;
|
|
rv = MD5Hash(contents.get(), contents.Length());
|
|
if (NS_FAILED(rv))
|
|
return rv;
|
|
|
|
if (algorithm & ALGO_MD5_SESS) {
|
|
char part1[EXPANDED_DIGEST_LENGTH+1];
|
|
ExpandToHex(mHashBuf, part1);
|
|
|
|
contents.Assign(part1, EXPANDED_DIGEST_LENGTH);
|
|
contents.Append(':');
|
|
contents.Append(nonce);
|
|
contents.Append(':');
|
|
contents.Append(cnonce);
|
|
|
|
rv = MD5Hash(contents.get(), contents.Length());
|
|
if (NS_FAILED(rv))
|
|
return rv;
|
|
}
|
|
|
|
return ExpandToHex(mHashBuf, result);
|
|
}
|
|
|
|
nsresult
|
|
nsHttpDigestAuth::CalculateHA2(const nsAFlatCString & method,
|
|
const nsAFlatCString & path,
|
|
uint16_t qop,
|
|
const char * bodyDigest,
|
|
char * result)
|
|
{
|
|
uint16_t methodLen = method.Length();
|
|
uint32_t pathLen = path.Length();
|
|
uint32_t len = methodLen + pathLen + 1;
|
|
|
|
if (qop & QOP_AUTH_INT) {
|
|
len += EXPANDED_DIGEST_LENGTH + 1;
|
|
}
|
|
|
|
nsAutoCString contents;
|
|
contents.SetCapacity(len);
|
|
|
|
contents.Assign(method);
|
|
contents.Append(':');
|
|
contents.Append(path);
|
|
|
|
if (qop & QOP_AUTH_INT) {
|
|
contents.Append(':');
|
|
contents.Append(bodyDigest, EXPANDED_DIGEST_LENGTH);
|
|
}
|
|
|
|
nsresult rv = MD5Hash(contents.get(), contents.Length());
|
|
if (NS_SUCCEEDED(rv))
|
|
rv = ExpandToHex(mHashBuf, result);
|
|
return rv;
|
|
}
|
|
|
|
nsresult
|
|
nsHttpDigestAuth::ParseChallenge(const char * challenge,
|
|
nsACString & realm,
|
|
nsACString & domain,
|
|
nsACString & nonce,
|
|
nsACString & opaque,
|
|
bool * stale,
|
|
uint16_t * algorithm,
|
|
uint16_t * qop)
|
|
{
|
|
// put an absurd, but maximum, length cap on the challenge so
|
|
// that calculations are 32 bit safe
|
|
if (strlen(challenge) > 16000000) {
|
|
return NS_ERROR_INVALID_ARG;
|
|
}
|
|
|
|
const char *p = challenge + 6; // first 6 characters are "Digest"
|
|
|
|
*stale = false;
|
|
*algorithm = ALGO_MD5; // default is MD5
|
|
*qop = 0;
|
|
|
|
for (;;) {
|
|
while (*p && (*p == ',' || nsCRT::IsAsciiSpace(*p)))
|
|
++p;
|
|
if (!*p)
|
|
break;
|
|
|
|
// name
|
|
int32_t nameStart = (p - challenge);
|
|
while (*p && !nsCRT::IsAsciiSpace(*p) && *p != '=')
|
|
++p;
|
|
if (!*p)
|
|
return NS_ERROR_INVALID_ARG;
|
|
int32_t nameLength = (p - challenge) - nameStart;
|
|
|
|
while (*p && (nsCRT::IsAsciiSpace(*p) || *p == '='))
|
|
++p;
|
|
if (!*p)
|
|
return NS_ERROR_INVALID_ARG;
|
|
|
|
bool quoted = false;
|
|
if (*p == '"') {
|
|
++p;
|
|
quoted = true;
|
|
}
|
|
|
|
// value
|
|
int32_t valueStart = (p - challenge);
|
|
int32_t valueLength = 0;
|
|
if (quoted) {
|
|
while (*p && *p != '"')
|
|
++p;
|
|
if (*p != '"')
|
|
return NS_ERROR_INVALID_ARG;
|
|
valueLength = (p - challenge) - valueStart;
|
|
++p;
|
|
} else {
|
|
while (*p && !nsCRT::IsAsciiSpace(*p) && *p != ',')
|
|
++p;
|
|
valueLength = (p - challenge) - valueStart;
|
|
}
|
|
|
|
// extract information
|
|
if (nameLength == 5 &&
|
|
nsCRT::strncasecmp(challenge+nameStart, "realm", 5) == 0)
|
|
{
|
|
realm.Assign(challenge+valueStart, valueLength);
|
|
}
|
|
else if (nameLength == 6 &&
|
|
nsCRT::strncasecmp(challenge+nameStart, "domain", 6) == 0)
|
|
{
|
|
domain.Assign(challenge+valueStart, valueLength);
|
|
}
|
|
else if (nameLength == 5 &&
|
|
nsCRT::strncasecmp(challenge+nameStart, "nonce", 5) == 0)
|
|
{
|
|
nonce.Assign(challenge+valueStart, valueLength);
|
|
}
|
|
else if (nameLength == 6 &&
|
|
nsCRT::strncasecmp(challenge+nameStart, "opaque", 6) == 0)
|
|
{
|
|
opaque.Assign(challenge+valueStart, valueLength);
|
|
}
|
|
else if (nameLength == 5 &&
|
|
nsCRT::strncasecmp(challenge+nameStart, "stale", 5) == 0)
|
|
{
|
|
if (nsCRT::strncasecmp(challenge+valueStart, "true", 4) == 0)
|
|
*stale = true;
|
|
else
|
|
*stale = false;
|
|
}
|
|
else if (nameLength == 9 &&
|
|
nsCRT::strncasecmp(challenge+nameStart, "algorithm", 9) == 0)
|
|
{
|
|
// we want to clear the default, so we use = not |= here
|
|
*algorithm = ALGO_SPECIFIED;
|
|
if (valueLength == 3 &&
|
|
nsCRT::strncasecmp(challenge+valueStart, "MD5", 3) == 0)
|
|
*algorithm |= ALGO_MD5;
|
|
else if (valueLength == 8 &&
|
|
nsCRT::strncasecmp(challenge+valueStart, "MD5-sess", 8) == 0)
|
|
*algorithm |= ALGO_MD5_SESS;
|
|
}
|
|
else if (nameLength == 3 &&
|
|
nsCRT::strncasecmp(challenge+nameStart, "qop", 3) == 0)
|
|
{
|
|
int32_t ipos = valueStart;
|
|
while (ipos < valueStart+valueLength) {
|
|
while (ipos < valueStart+valueLength &&
|
|
(nsCRT::IsAsciiSpace(challenge[ipos]) ||
|
|
challenge[ipos] == ','))
|
|
ipos++;
|
|
int32_t algostart = ipos;
|
|
while (ipos < valueStart+valueLength &&
|
|
!nsCRT::IsAsciiSpace(challenge[ipos]) &&
|
|
challenge[ipos] != ',')
|
|
ipos++;
|
|
if ((ipos - algostart) == 4 &&
|
|
nsCRT::strncasecmp(challenge+algostart, "auth", 4) == 0)
|
|
*qop |= QOP_AUTH;
|
|
else if ((ipos - algostart) == 8 &&
|
|
nsCRT::strncasecmp(challenge+algostart, "auth-int", 8) == 0)
|
|
*qop |= QOP_AUTH_INT;
|
|
}
|
|
}
|
|
}
|
|
return NS_OK;
|
|
}
|
|
|
|
nsresult
|
|
nsHttpDigestAuth::AppendQuotedString(const nsACString & value,
|
|
nsACString & aHeaderLine)
|
|
{
|
|
nsAutoCString quoted;
|
|
nsACString::const_iterator s, e;
|
|
value.BeginReading(s);
|
|
value.EndReading(e);
|
|
|
|
//
|
|
// Encode string according to RFC 2616 quoted-string production
|
|
//
|
|
quoted.Append('"');
|
|
for ( ; s != e; ++s) {
|
|
//
|
|
// CTL = <any US-ASCII control character (octets 0 - 31) and DEL (127)>
|
|
//
|
|
if (*s <= 31 || *s == 127) {
|
|
return NS_ERROR_FAILURE;
|
|
}
|
|
|
|
// Escape two syntactically significant characters
|
|
if (*s == '"' || *s == '\\') {
|
|
quoted.Append('\\');
|
|
}
|
|
|
|
quoted.Append(*s);
|
|
}
|
|
// FIXME: bug 41489
|
|
// We should RFC2047-encode non-Latin-1 values according to spec
|
|
quoted.Append('"');
|
|
aHeaderLine.Append(quoted);
|
|
return NS_OK;
|
|
}
|
|
|
|
} // namespace net
|
|
} // namespace mozilla
|
|
|
|
// vim: ts=2 sw=2
|