Skip to content

Commit

Permalink
Calculate a our own nonce for cnonce rather than using the server's n…
Browse files Browse the repository at this point in the history
…once. More secure, and more compatible.
  • Loading branch information
bterlson committed Mar 27, 2009
1 parent 0d33f1d commit 6d0df73
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions lib/httpclient/auth.rb
Original file line number Diff line number Diff line change
Expand Up @@ -317,20 +317,21 @@ def challenge(uri, param_str)
def calc_cred(method, uri, user, passwd, param)
a_1 = "#{user}:#{param['realm']}:#{passwd}"
a_2 = "#{method}:#{uri.path}"
cnonce = Digest::MD5.hexdigest(Time.now.to_s + rand(65535).to_s)
@nonce_count += 1
message_digest = []
message_digest << Digest::MD5.hexdigest(a_1)
message_digest << param['nonce']
message_digest << ('%08x' % @nonce_count)
message_digest << param['nonce']
message_digest << cnonce
message_digest << param['qop']
message_digest << Digest::MD5.hexdigest(a_2)
header = []
header << "username=\"#{user}\""
header << "realm=\"#{param['realm']}\""
header << "nonce=\"#{param['nonce']}\""
header << "uri=\"#{uri.path}\""
header << "cnonce=\"#{param['nonce']}\""
header << "cnonce=\"#{cnonce}\""
header << "nc=#{'%08x' % @nonce_count}"
header << "qop=\"#{param['qop']}\""
header << "response=\"#{Digest::MD5.hexdigest(message_digest.join(":"))}\""
Expand Down

0 comments on commit 6d0df73

Please sign in to comment.