具体的实现方法

研究htdigest有一段时间了,在网上能找到的资料对具体的算法描述都很模糊,硬着头皮看RFC 2671对算法大概有了认识,然后参考shttpd的源代码终于搞清楚了,其实也很简单:
response=MD5(ha1:nonce:nc:cnone:qop:a2)
其中:
ha1=MD5(username:realm:password)
a2=MD5(method:uri)

学习源码是硬道理,网上写这些东西的人不是相互对抄就是对RFC 2671简单的翻译,要不然就是我太笨了,郁闷...

sniffer备注:
GET / HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: zh-cn
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: obol.kmip.net
Connection: Keep-Alive

 

 

HTTP/1.1 401 Unauthorized
WWW-Authenticate: Digest realm="My Site",
 nonce="3266a84c73f7e0e13f4fa6ba1d52d4ce",
 qop="auth"
 
Content-Type: text/html
Content-Length: 351
Date: Sun, 10 Jun 2007 23:52:57 GMT
Server: lighttpd/1.4.13

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
         "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
 <head>
  <title>401 - Unauthorized</title>
 </head>
 <body>
  <h1>401 - Unauthorized</h1>
 </body>
</html>

 

 

GET / HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: zh-cn
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: obol.kmip.net
Connection: Keep-Alive
Authorization: Digest username="test",
 realm="My Site",
 qop="auth",
 algorithm="MD5",
 uri="/",
 nonce="3266a84c73f7e0e13f4fa6ba1d52d4ce",
 nc=00000001,
 cnonce="5886b782b452993f7559cbd83b6b611b",
 response="932dd7f51f34d766997923876508e620"

 

 

HTTP/1.1 200 OK
Content-Type: text/html
ETag: "972667827"
Accept-Ranges: bytes
Last-Modified: Sun, 22 Apr 2007 05:10:52 GMT
Content-Length: 2878
Date: Sun, 10 Jun 2007 23:56:44 GMT
Server: lighttpd/1.4.13

你可能感兴趣的:(具体的实现方法)