Moved the ha1 and ha2 calculation into the calc_response function.
This commit is contained in:
parent
af7af3943a
commit
ca22b9731c
@ -60,34 +60,10 @@ def calc_response(
|
|||||||
algorithm, when the body is missing with the auth-int qop, or when the
|
algorithm, when the body is missing with the auth-int qop, or when the
|
||||||
cnonce or nc is missing with the auth or auth-int qop.
|
cnonce or nc is missing with the auth or auth-int qop.
|
||||||
"""
|
"""
|
||||||
ha1: str = __calc_ha1(password_hash, nonce, algorithm, cnonce)
|
|
||||||
ha2: str = __calc_ha2(method, uri, qop, body)
|
|
||||||
if qop is None:
|
|
||||||
return md5(f"{ha1}:{nonce}:{ha2}".encode("utf8")).hexdigest()
|
|
||||||
if qop == "auth" or qop == "auth-int":
|
|
||||||
if cnonce is None:
|
|
||||||
raise UnauthorizedException(
|
|
||||||
f"Missing \"cnonce\" with the qop=\"{qop}\"")
|
|
||||||
if nc is None:
|
|
||||||
raise UnauthorizedException(
|
|
||||||
f"Missing \"nc\" with the qop=\"{qop}\"")
|
|
||||||
return md5(f"{ha1}:{nonce}:{nc}:{cnonce}:{qop}:{ha2}".encode("utf8"))\
|
|
||||||
.hexdigest()
|
|
||||||
if cnonce is None:
|
|
||||||
raise UnauthorizedException(
|
|
||||||
f"Unsupported qop=\"{qop}\"")
|
|
||||||
|
|
||||||
|
def calc_ha1() -> str:
|
||||||
def __calc_ha1(password_hash: str, nonce: str,
|
|
||||||
algorithm: t.Optional[t.Literal["MD5", "MD5-sess"]] = None,
|
|
||||||
cnonce: t.Optional[str] = None) -> str:
|
|
||||||
"""Calculates and returns the first hash.
|
"""Calculates and returns the first hash.
|
||||||
|
|
||||||
:param password_hash: The password hash for the HTTP digest authentication.
|
|
||||||
:param nonce: The nonce.
|
|
||||||
:param algorithm: The algorithm, either "MD5", "MD5-sess", or None.
|
|
||||||
:param cnonce: The client nonce. It must be provided when the algorithm is
|
|
||||||
"MD5-sess".
|
|
||||||
:return: The first hash.
|
:return: The first hash.
|
||||||
:raise UnauthorizedException: When the cnonce is missing with the MD5-sess
|
:raise UnauthorizedException: When the cnonce is missing with the MD5-sess
|
||||||
algorithm.
|
algorithm.
|
||||||
@ -103,25 +79,37 @@ def __calc_ha1(password_hash: str, nonce: str,
|
|||||||
raise UnauthorizedException(
|
raise UnauthorizedException(
|
||||||
f"Unsupported algorithm=\"{algorithm}\"")
|
f"Unsupported algorithm=\"{algorithm}\"")
|
||||||
|
|
||||||
|
def calc_ha2() -> str:
|
||||||
def __calc_ha2(method: str, uri: str,
|
|
||||||
qop: t.Optional[t.Literal["auth", "auth-int"]] = None,
|
|
||||||
body: t.Optional[bytes] = None) -> str:
|
|
||||||
"""Calculates the second hash.
|
"""Calculates the second hash.
|
||||||
|
|
||||||
:param method: The request method.
|
|
||||||
:param uri: The request URI.
|
|
||||||
:param qop: The quality of protection, either "auth", "auth-int" or None.
|
|
||||||
:param body: The request body. It must be provided when the quality of
|
|
||||||
protection is "auth-int".
|
|
||||||
:return: The second hash.
|
:return: The second hash.
|
||||||
:raise UnauthorizedException: When the body is missing with qop="auth-int".
|
:raise UnauthorizedException: When the body is missing with
|
||||||
|
qop="auth-int".
|
||||||
"""
|
"""
|
||||||
if qop is None or qop == "auth":
|
if qop is None or qop == "auth":
|
||||||
return md5(f"{method}:{uri}".encode("utf8")).hexdigest()
|
return md5(f"{method}:{uri}".encode("utf8")).hexdigest()
|
||||||
if qop == "auth-int":
|
if qop == "auth-int":
|
||||||
if body is None:
|
if body is None:
|
||||||
raise UnauthorizedException(f"Missing \"body\" with qop=\"{qop}\"")
|
raise UnauthorizedException(
|
||||||
return md5(f"{method}:{uri}:{md5(body).hexdigest()}".encode("utf8"))\
|
f"Missing \"body\" with qop=\"{qop}\"")
|
||||||
|
return md5(
|
||||||
|
f"{method}:{uri}:{md5(body).hexdigest()}".encode("utf8")) \
|
||||||
.hexdigest()
|
.hexdigest()
|
||||||
raise UnauthorizedException(f"Unsupported qop=\"{qop}\"")
|
raise UnauthorizedException(f"Unsupported qop=\"{qop}\"")
|
||||||
|
|
||||||
|
ha1: str = calc_ha1()
|
||||||
|
ha2: str = calc_ha2()
|
||||||
|
if qop is None:
|
||||||
|
return md5(f"{ha1}:{nonce}:{ha2}".encode("utf8")).hexdigest()
|
||||||
|
if qop == "auth" or qop == "auth-int":
|
||||||
|
if cnonce is None:
|
||||||
|
raise UnauthorizedException(
|
||||||
|
f"Missing \"cnonce\" with the qop=\"{qop}\"")
|
||||||
|
if nc is None:
|
||||||
|
raise UnauthorizedException(
|
||||||
|
f"Missing \"nc\" with the qop=\"{qop}\"")
|
||||||
|
return md5(f"{ha1}:{nonce}:{nc}:{cnonce}:{qop}:{ha2}".encode("utf8"))\
|
||||||
|
.hexdigest()
|
||||||
|
if cnonce is None:
|
||||||
|
raise UnauthorizedException(
|
||||||
|
f"Unsupported qop=\"{qop}\"")
|
||||||
|
Loading…
Reference in New Issue
Block a user