OPSI.web2.auth.digest module

Implementation of RFC2617: HTTP Digest Authentication

http://www.faqs.org/rfcs/rfc2617.html

class OPSI.web2.auth.digest.DigestCredentialFactory(algorithm, realm)

Bases: object

Support for RFC2617 HTTP Digest Authentication

@cvar CHALLENGE_LIFETIME_SECS: The number of seconds for which an

opaque should be valid.

@ivar privateKey: A random string used for generating the secure opaque.

CHALLENGE_LIFETIME_SECS = 900

decode(response, request)

Decode the given response and attempt to generate a L{DigestedCredentials} from it.

@type response: C{str} @param response: A string of comma seperated key=value pairs

@type request: L{OPSI.web2.server.Request} @param request: the request being processed

@return: L{DigestedCredentials}

@raise: L{error.LoginFailed} if the response does not contain a

username, a nonce, an opaque, or if the opaque is invalid.

generateNonce()

generateOpaque(nonce, clientip)

Generate an opaque to be returned to the client. This should be a unique string that can be returned to us and verified.

getChallenge(peer)

Generate the challenge for use in the WWW-Authenticate header

@param peer: The L{IAddress} of the requesting client.

@return: The C{dict} that can be used to generate a WWW-Authenticate

header.

scheme = 'digest'

verifyOpaque(opaque, nonce, clientip)

Given the opaque and nonce from the request, as well as the clientip that made the request, verify that the opaque was generated by us. And that it’s not too old.”

@param opaque: The opaque value from the Digest response @param nonce: The nonce value from the Digest response @param clientip: The remote IP address of the client making the request

@return: Return True if the opaque was successfully verified

@raise L{twisted.cred.error.LoginFailed}

class OPSI.web2.auth.digest.DigestedCredentials(username, method, realm, fields)

Yet Another Simple HTTP Digest authentication scheme

checkHash(digestHash)

checkPassword(password)

OPSI.web2.auth.digest.calcHA1(pszAlg, pszUserName, pszRealm, pszPassword, pszNonce, pszCNonce, preHA1=None)

@param pszAlg: The name of the algorithm to use to calculate the digest.

Currently supported are md5 md5-sess and sha.

@param pszUserName: The username @param pszRealm: The realm @param pszPassword: The password @param pszNonce: The nonce @param pszCNonce: The cnonce

@param preHA1: If available this is a str containing a previously

calculated HA1 as a hex string. If this is given then the values for pszUserName, pszRealm, and pszPassword are ignored.

OPSI.web2.auth.digest.calcResponse(HA1, algo, pszNonce, pszNonceCount, pszCNonce, pszQop, pszMethod, pszDigestUri, pszHEntity)