def checkHash(self, digestHash):
"""
Verify that the credentials represented by this object agree with the
credentials represented by the I{H(A1)} given in C{digestHash}.
@param digestHash: A precomputed H(A1) value based on the username,
realm, and password associate with this credentials object.
"""
response = self.fields.get("response")
uri = self.fields.get("uri")
nonce = self.fields.get("nonce")
cnonce = self.fields.get("cnonce")
nc = self.fields.get("nc")
algo = self.fields.get("algorithm", b"md5").lower()
qop = self.fields.get("qop", b"auth")
expected = calcResponse(
calcHA1(algo, None, None, None, nonce, cnonce, preHA1=digestHash),
calcHA2(algo, self.method, uri, qop, None),
algo,
nonce,
nc,
cnonce,
qop,
)
return expected == response
def generate_digest(username, password, realm=version.project_internal_codename):
r"""
Generate the htdigest-similar digest for the username, password
and the realm (version.project_name by default).
The username is considered case-insensitive, so, for the purposes of both
backward-compatibility and the insensitivity, it is forcibly converted
to lowercase.
>>> _realm = settings.HTTP_AUTH_REALM_NODE
>>> generate_digest('alpha', 'alphapwd', _realm)
'44b1c5ba49573a5bf4931a4e877aba187385b560'
>>> generate_digest('AlpHa', 'alphapwd', _realm)
'44b1c5ba49573a5bf4931a4e877aba187385b560'
>>> # Logins are case-insensitive, passwords are not
>>> (generate_digest('AlpHa', 'alphapwd', _realm) == \
... generate_digest('alpha', 'alphapwd', _realm),
... generate_digest('alpha', 'alphapwd', _realm) == \
... generate_digest('alpha', 'AlphaPwd', _realm))
(True, False)
@type username: str
@type password: basestring
@type realm: str
@returns: The digest password, equal to one as if the similar arguments
are passed to htdigest command line tool.
@rtype: str
"""
return digest_auth.calcHA1(
pszAlg="sha", pszUserName=username.lower(), pszRealm=realm, pszPassword=password, pszNonce=None, pszCNonce=None
)
def checkPassword(self, password):
"""
Verify that the credentials represented by this object agree with the
given plaintext C{password} by hashing C{password} in the same way the
response hash represented by this object was generated and comparing
the results.
"""
response = self.fields.get("response")
uri = self.fields.get("uri")
nonce = self.fields.get("nonce")
cnonce = self.fields.get("cnonce")
nc = self.fields.get("nc")
algo = self.fields.get("algorithm", b"md5").lower()
qop = self.fields.get("qop", b"auth")
expected = calcResponse(
calcHA1(algo, self.username, self.realm, password, nonce, cnonce),
calcHA2(algo, self.method, uri, qop, None),
algo,
nonce,
nc,
cnonce,
qop,
)
return expected == response
def authResponse(self, wwwauth):
if wwwauth.startswith('Digest '):
wwwauth = wwwauth.replace('Digest ', '', 1)
fields = {}
for field in wwwauth.split(','):
k, v = field.split('=')
fields[k] = v.strip('"')
auth = {}
auth['Username'] = self.account.username
auth['realm'] = fields['realm']
auth['nonce'] = fields['nonce']
auth['uri'] = 'sip:{0}'.format(self.account.host)
auth['algorithm'] = fields['algorithm']
ha1 = calcHA1(fields['algorithm'].lower(), self.account.username, fields['realm'], self.account.password,
fields['nonce'], None)
ha2 = calcHA2(fields['algorithm'].lower(), 'REGISTER', 'sip:{0}'.format(self.account.host), None, None)
r = calcResponse(ha1, ha2, fields['algorithm'].lower(), fields['nonce'], None, None, None)
auth['response'] = r
auth['opaque'] = fields['opaque']
header = []
for k,v in zip(auth.keys(), auth.values()):
header.append('{0}="{1}"'.format(k, v))
header = ', '.join(header)
return 'Digest {0}'.format(header)
def getAuthorization(self, user, pwd_digest, method, uri):
algo = self.algorithmName
cnonce = DigestAuthentication.calculateCnonce()
_ha1 = calcHA1(algo, None, None, None, self.nonce, cnonce,
preHA1=pwd_digest)
_ha2 = calcHA2(algo, method, uri, self.qop, None)
resp = calcResponse(_ha1, _ha2, algo,
self.nonce, '{:08x}'.format(self.nonce_count),
cnonce, self.qop)
header = 'Digest username="******", realm="{1}", ' \
'nonce="{2}", uri="{3}", ' \
'response="{4}", algorithm="{5}"' \
.format(user,
self.realm,
self.nonce,
uri,
resp,
self.algorithmName)
if self.opaque is not None:
header += ', opaque="{}"'.format(self.opaque)
if self.qop is not None:
header += ', qop="{0}", nc="{1:08x}", cnonce="{2}"' \
.format(self.qop, self.nonce_count, cnonce)
return header
def checkHash(self, digestHash):
"""
Verify that the credentials represented by this object agree with the
credentials represented by the I{H(A1)} given in C{digestHash}.
@param digestHash: A precomputed H(A1) value based on the username,
realm, and password associate with this credentials object.
"""
response = self.fields.get("response")
uri = self.fields.get("uri")
nonce = self.fields.get("nonce")
cnonce = self.fields.get("cnonce")
nc = self.fields.get("nc")
algo = self.fields.get("algorithm", "md5").lower()
qop = self.fields.get("qop", "auth")
expected = calcResponse(
calcHA1(algo, None, None, None, nonce, cnonce, preHA1=digestHash),
calcHA2(algo, self.method, uri, qop, None),
algo,
nonce,
nc,
cnonce,
qop,
)
return expected == response
def checkPassword(self, password):
"""
Verify that the credentials represented by this object agree with the
given plaintext C{password} by hashing C{password} in the same way the
response hash represented by this object was generated and comparing
the results.
"""
response = self.fields.get("response")
uri = self.fields.get("uri")
nonce = self.fields.get("nonce")
cnonce = self.fields.get("cnonce")
nc = self.fields.get("nc")
algo = self.fields.get("algorithm", "md5").lower()
qop = self.fields.get("qop", "auth")
expected = calcResponse(
calcHA1(algo, self.username, self.realm, password, nonce, cnonce),
calcHA2(algo, self.method, uri, qop, None),
algo,
nonce,
nc,
cnonce,
qop,
)
return expected == response
def checkPassword(self, password):
"""
Verify that the credentials represented by this object agree with the
given plaintext C{password} by hashing C{password} in the same way the
response hash represented by this object was generated and comparing
the results.
"""
response = self.fields.get('response')
uri = self.fields.get('uri')
nonce = self.fields.get('nonce')
cnonce = self.fields.get('cnonce')
nc = self.fields.get('nc')
algo = self.fields.get('algorithm', b'md5').lower()
qop = self.fields.get('qop', b'auth')
expected = calcResponse(
calcHA1(algo, self.username, self.realm, password, nonce, cnonce),
calcHA2(algo, self.method, uri, qop, None), algo, nonce, nc,
cnonce, qop)
return expected == response
def checkPassword(self, password):
"""
Verify that the credentials represented by this object agree with the
given plaintext C{password} by hashing C{password} in the same way the
response hash represented by this object was generated and comparing
the results.
"""
response = self.fields.get('response')
uri = self.fields.get('uri')
nonce = self.fields.get('nonce')
cnonce = self.fields.get('cnonce')
nc = self.fields.get('nc')
algo = self.fields.get('algorithm', b'md5').lower()
qop = self.fields.get('qop', b'auth')
expected = calcResponse(
calcHA1(algo, self.username, self.realm, password, nonce, cnonce),
calcHA2(algo, self.method, uri, qop, None),
algo, nonce, nc, cnonce, qop)
return expected == response
def generate_digest(username,
password,
realm=version.project_internal_codename):
r"""
Generate the htdigest-similar digest for the username, password
and the realm (version.project_name by default).
The username is considered case-insensitive, so, for the purposes of both
backward-compatibility and the insensitivity, it is forcibly converted
to lowercase.
>>> _realm = settings.HTTP_AUTH_REALM_NODE
>>> generate_digest('alpha', 'alphapwd', _realm)
'44b1c5ba49573a5bf4931a4e877aba187385b560'
>>> generate_digest('AlpHa', 'alphapwd', _realm)
'44b1c5ba49573a5bf4931a4e877aba187385b560'
>>> # Logins are case-insensitive, passwords are not
>>> (generate_digest('AlpHa', 'alphapwd', _realm) == \
... generate_digest('alpha', 'alphapwd', _realm),
... generate_digest('alpha', 'alphapwd', _realm) == \
... generate_digest('alpha', 'AlphaPwd', _realm))
(True, False)
@type username: str
@type password: basestring
@type realm: str
@returns: The digest password, equal to one as if the similar arguments
are passed to htdigest command line tool.
@rtype: str
"""
return digest_auth.calcHA1(pszAlg='sha',
pszUserName=username.lower(),
pszRealm=realm,
pszPassword=password,
pszNonce=None,
pszCNonce=None)
def checkHash(self, digestHash):
"""
Verify that the credentials represented by this object agree with the
credentials represented by the I{H(A1)} given in C{digestHash}.
@param digestHash: A precomputed H(A1) value based on the username,
realm, and password associate with this credentials object.
"""
response = self.fields.get('response')
uri = self.fields.get('uri')
nonce = self.fields.get('nonce')
cnonce = self.fields.get('cnonce')
nc = self.fields.get('nc')
algo = self.fields.get('algorithm', b'md5').lower()
qop = self.fields.get('qop', b'auth')
expected = calcResponse(
calcHA1(algo, None, None, None, nonce, cnonce, preHA1=digestHash),
calcHA2(algo, self.method, uri, qop, None), algo, nonce, nc,
cnonce, qop)
return expected == response
def checkHash(self, digestHash):
"""
Verify that the credentials represented by this object agree with the
credentials represented by the I{H(A1)} given in C{digestHash}.
@param digestHash: A precomputed H(A1) value based on the username,
realm, and password associate with this credentials object.
"""
response = self.fields.get('response')
uri = self.fields.get('uri')
nonce = self.fields.get('nonce')
cnonce = self.fields.get('cnonce')
nc = self.fields.get('nc')
algo = self.fields.get('algorithm', b'md5').lower()
qop = self.fields.get('qop', b'auth')
expected = calcResponse(
calcHA1(algo, None, None, None, nonce, cnonce, preHA1=digestHash),
calcHA2(algo, self.method, uri, qop, None),
algo, nonce, nc, cnonce, qop)
return expected == response
