Beispiel #1
0
// emitWWWAuthenticate drives a lexer to parse an RFC 2617
// Basic or Digest authentication challenge
//
// The specification defines a Basic authentication challenge as:
//
// challenge         = "Basic" realm
//
// realm             = "realm" "=" realm-value
// realm-value       = quoted-string
//
// The specification defines a Digest authentication challenge as:
//
// challenge         =  "Digest" digest-challenge
//
// digest-challenge  = 1#( realm | [ domain ] | nonce | [ opaque ] |[ stale ]
//                          | [ algorithm ] | [ qop-options ] | [auth-param] )
//
// The BNF for these constructs:
//
//  domain            = "domain" "=" <"> URI ( 1*SP URI ) <">
//  URI               = absoluteURI | abs_path
//  nonce             = "nonce" "=" nonce-value
//  nonce-value       = quoted-string
//  opaque            = "opaque" "=" quoted-string
//  stale             = "stale" "=" ( "true" | "false" )
//  algorithm         = "algorithm" "=" ( "MD5" | "MD5-sess" | token )
//  qop-options       = "qop" "=" <"> 1#qop-value <">
//  qop-value         = "auth" | "auth-int" | token
//  auth-param        = token "=" ( token | quoted-string )
//
//  token             = 1*<any CHAR except CTLs or separators>
//  separators        = "(" | ")" | "<" | ">" | "@"
//                    | "," | ";" | ":" | "\" | <">
//                    | "/" | "[" | "]" | "?" | "="
//                    | "{" | "}" | SP | HT
//
//  quoted-string     = ( <"> *(qdtext | quoted-pair ) <"> )
//  qdtext            = <any TEXT except <">>
//  quoted-pair       = "\" CHAR
//
// An example challenge:
//
//   Digest realm="Sample Digest Realm",
//			nonce="nWjG15v1BAA=744a97693b14ea8805cadf32fcc3f57f245d08eb",
//			algorithm=MD5, domain="/", qop="auth"
//
func emitWWWAuthenticate(l *lexrec.Lexer) {
	defer l.Emit(lexrec.ItemEOF)

	if l.Peek() == lexrec.EOF {
		l.Errorf("emitWWWAuthenticate: expected token character, got EOF")
		return
	}

	if l.AcceptRun(whitespace) {
		l.Skip()
	}

	if !l.ExceptRun(nontoken) {
		l.Errorf("emitWWWAuthenticate: expected token character, got %q", l.Peek())
		return
	}

	for {
		if l.Peek() == lexrec.EOF {
			return
		}

		switch strings.ToLower(string(l.Bytes())) {
		case "basic":
			l.Emit(ItemBasic)

			if l.AcceptRun(whitespace) {
				l.Skip()
			} else {
				l.Errorf("expected whitespace after 'Basic', got %q", l.Peek())
				return
			}

			emitBasicParams(l)

		case "digest":
			l.Emit(ItemDigest)

			if l.AcceptRun(whitespace) {
				l.Skip()
			} else {
				l.Errorf("expected whitespace after 'Digest', got %q", l.Peek())
				return
			}

			emitDigestParams(l)

		default:
			advanceChallenge(l)
		}
	}
}
Beispiel #2
0
// emitToken emits the token value from <name>=<value>
func emitToken(l *lexrec.Lexer, t lexrec.ItemType) {
	if !l.Accept("=") {
		l.Errorf("emitToken expected '=' after '%s', got %q'", itemName(t), l.Peek())
		return
	}

	l.Skip()

	if !l.ExceptRun(nontoken) {
		l.Errorf("emitToken expected a token character, got %q", l.Peek())
		return
	}

	l.Emit(t)
}
Beispiel #3
0
// emitBoolToken emits the token value from <name>=<value>, where the
// value is either "true" or "false" (case insensitive)
func emitBoolToken(l *lexrec.Lexer, t lexrec.ItemType) {
	if !l.Accept("=") {
		l.Errorf("emitBoolToken: expected '=' after '%s', got %q'", itemName(t), l.Peek())
		return
	}

	l.Skip()

	if !l.ExceptRun(nontoken) {
		l.Errorf("emitBoolToken: expected a token character, got %q", l.Peek())
		return
	}

	s := strings.ToLower(string(l.Bytes()))
	if s == "true" || s == "false" {
		l.Emit(t)
		return
	} else {
		l.Errorf("emitBoolToken: expected token to be 'true' or 'false', got %q", s)
	}
}
Beispiel #4
0
// ignoreToken skips past <name>=<value>, where the value may be a
// token or a quoted-string.
func ignoreToken(l *lexrec.Lexer) {

	p := string(l.Bytes())
	l.Skip()

	if !l.Accept("=") {
		l.Errorf("ignoreToken: after '%s' expected '=', got %q'", p, l.Peek())
		return
	} else {
		l.Skip()
	}

	if l.Peek() == '"' {
		if lexrec.Quote(l, ItemAuthParam, false) {
			l.Skip()
		}
	} else {
		if l.ExceptRun(nontoken) {
			l.Skip()
		} else {
			l.Errorf("ignoreToken: expected a token character, got %q", l.Peek())
		}
	}
}
Beispiel #5
0
// emitDigestParam expects to be positioned at the start of a Digest
// authentication parameter, <name>=<value>, where <name> is a valid
// token and where <value> is either a token or a quoted-string.
func emitDigestParams(l *lexrec.Lexer) {

	expectParam := true

	for expectParam {
		if !l.ExceptRun(nontoken) {
			l.Errorf("emitDigestParams: expected a token character, got %p", l.Peek())
			return
		}

		switch strings.ToLower(string(l.Bytes())) {
		case "realm":
			emitQuotedToken(l, ItemRealm)
		case "domain":
			emitQuotedToken(l, ItemDomain)
		case "nonce":
			emitQuotedToken(l, ItemNonce)
		case "opaque":
			emitQuotedToken(l, ItemOpaque)
		case "stale":
			emitBoolToken(l, ItemStale)
		case "algorithm":
			emitToken(l, ItemAlgorithm)
		case "qop":
			emitQuotedToken(l, ItemQop)
		default:
			r := l.Peek()
			if r == ',' || isSpace(r) || r == lexrec.EOF {
				return
			}
			ignoreToken(l)
		}

		expectParam = advanceParam(l)
	}
}
Beispiel #6
0
// emitBasicParams expects to be positioned at the start of the
// 'realm' Basic authentication parameter.
func emitBasicParams(l *lexrec.Lexer) {

	expectParam := true

	for expectParam {
		if !l.ExceptRun(nontoken) {
			l.Errorf("emitBasicParams: expected a token character, got %p", l.Peek())
			return
		}

		switch string(l.Bytes()) {
		case "realm":
			emitQuotedToken(l, ItemRealm)
		default:
			r := l.Peek()
			if r == ',' || isSpace(r) || r == lexrec.EOF {
				return
			}
			ignoreToken(l)
		}

		expectParam = advanceParam(l)
	}
}
Beispiel #7
0
// advanceChallenge skips over an unrecognized WWW-Authenticate challenge.
func advanceChallenge(l *lexrec.Lexer) {
	if l.AcceptRun(whitespace) {
		l.Skip()
	}

	expectParam := true
	for expectParam {
		if l.ExceptRun(nontoken) {
			r := l.Peek()
			if r == '=' {
				l.Accept("=")
				l.Skip()
				if l.Peek() == '"' {
					if lexrec.Quote(l, ItemAuthParam, false) {
						l.Skip()
					}
				} else {
					if l.ExceptRun(nontoken) {
						l.Skip()
					} else {
						l.Errorf("advanceChallenge: expected a token character, got %q", l.Peek())
					}
				}
			} else if isSpace(r) {
				return
			} else {
				l.Errorf("advanceChallenge: expected either whitespace or '=', got %q", l.Peek())
				return
			}

			expectParam = advanceParam(l)
		} else {
			return
		}
	}
}