1: <?php
  2: /**
  3:  * Digest authentication
  4:  *
  5:  * CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
  6:  * Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
  7:  *
  8:  * Licensed under The MIT License
  9:  * For full copyright and license information, please see the LICENSE.txt
 10:  * Redistributions of files must retain the above copyright notice.
 11:  *
 12:  * @copyright     Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
 13:  * @link          http://cakephp.org CakePHP(tm) Project
 14:  * @package       Cake.Network.Http
 15:  * @since         CakePHP(tm) v 2.0.0
 16:  * @license       http://www.opensource.org/licenses/mit-license.php MIT License
 17:  */
 18: 
 19: /**
 20:  * Digest authentication
 21:  *
 22:  * @package       Cake.Network.Http
 23:  */
 24: class DigestAuthentication {
 25: 
 26: /**
 27:  * Authentication
 28:  *
 29:  * @param HttpSocket $http Http socket instance.
 30:  * @param array &$authInfo Authentication info.
 31:  * @return void
 32:  * @link http://www.ietf.org/rfc/rfc2617.txt
 33:  */
 34:     public static function authentication(HttpSocket $http, &$authInfo) {
 35:         if (isset($authInfo['user'], $authInfo['pass'])) {
 36:             if (!isset($authInfo['realm']) && !static::_getServerInformation($http, $authInfo)) {
 37:                 return;
 38:             }
 39:             $http->request['header']['Authorization'] = static::_generateHeader($http, $authInfo);
 40:         }
 41:     }
 42: 
 43: /**
 44:  * Retrieve information about the authentication
 45:  *
 46:  * @param HttpSocket $http Http socket instance.
 47:  * @param array &$authInfo Authentication info.
 48:  * @return bool
 49:  */
 50:     protected static function _getServerInformation(HttpSocket $http, &$authInfo) {
 51:         $originalRequest = $http->request;
 52:         $http->configAuth(false);
 53:         $http->request($http->request);
 54:         $http->request = $originalRequest;
 55:         $http->configAuth('Digest', $authInfo);
 56: 
 57:         if (empty($http->response['header']['WWW-Authenticate'])) {
 58:             return false;
 59:         }
 60:         preg_match_all('@(\w+)=(?:(?:")([^"]+)"|([^\s,$]+))@', $http->response['header']['WWW-Authenticate'], $matches, PREG_SET_ORDER);
 61:         foreach ($matches as $match) {
 62:             $authInfo[$match[1]] = $match[2];
 63:         }
 64:         if (!empty($authInfo['qop']) && empty($authInfo['nc'])) {
 65:             $authInfo['nc'] = 1;
 66:         }
 67:         return true;
 68:     }
 69: 
 70: /**
 71:  * Generate the header Authorization
 72:  *
 73:  * @param HttpSocket $http Http socket instance.
 74:  * @param array &$authInfo Authentication info.
 75:  * @return string
 76:  */
 77:     protected static function _generateHeader(HttpSocket $http, &$authInfo) {
 78:         $a1 = md5($authInfo['user'] . ':' . $authInfo['realm'] . ':' . $authInfo['pass']);
 79:         $a2 = md5($http->request['method'] . ':' . $http->request['uri']['path']);
 80: 
 81:         if (empty($authInfo['qop'])) {
 82:             $response = md5($a1 . ':' . $authInfo['nonce'] . ':' . $a2);
 83:         } else {
 84:             $authInfo['cnonce'] = uniqid();
 85:             $nc = sprintf('%08x', $authInfo['nc']++);
 86:             $response = md5($a1 . ':' . $authInfo['nonce'] . ':' . $nc . ':' . $authInfo['cnonce'] . ':auth:' . $a2);
 87:         }
 88: 
 89:         $authHeader = 'Digest ';
 90:         $authHeader .= 'username="' . str_replace(array('\\', '"'), array('\\\\', '\\"'), $authInfo['user']) . '", ';
 91:         $authHeader .= 'realm="' . $authInfo['realm'] . '", ';
 92:         $authHeader .= 'nonce="' . $authInfo['nonce'] . '", ';
 93:         $authHeader .= 'uri="' . $http->request['uri']['path'] . '", ';
 94:         $authHeader .= 'response="' . $response . '"';
 95:         if (!empty($authInfo['opaque'])) {
 96:             $authHeader .= ', opaque="' . $authInfo['opaque'] . '"';
 97:         }
 98:         if (!empty($authInfo['qop'])) {
 99:             $authHeader .= ', qop="auth", nc=' . $nc . ', cnonce="' . $authInfo['cnonce'] . '"';
100:         }
101:         return $authHeader;
102:     }
103: 
104: }
105: