[Serusers] http digest authentication
Holger Kinkelin
holger.kinkelin at gmail.com
Tue Oct 3 10:28:26 CEST 2006
Hello list!
I wonder how a UAC calculates the response to a 401 "Unauthorized"
message from a server.
I know that it works much like http digest authentication, but it's
not exactely the same, since I do NOT have the Quality of Protection
(qop) value. (Or am I wrong? My assumption is based on the fact that I
don't see a qop-value in the REGISTER message my kphone sends after
the 401)
I've written some piece of code that is (in pseudo code) like that:
HA1 = md5(username + ":" + realm + ":" + password)
HA2 = md5(digestURI)
response = md5(HA1 + ":" + nonce + ":" + recCounter + ":" + cNonce +
":" + qualOfProt + ":" + HA2)
username = "1000"
realm = "192.168.0.31"
password = "1000"
digestURI = "sip:192.168.0.31" <--- IS THIS CORRECT?? Or is it s.th
like "REGISTER sip: ..."?
nonce = "4520e111333a24d8c4f3d20c6171cc37dfa2be33"
recCounter = "00000001"
cNonce = "abcdefghi"
qualOfProt IS MISSING!
I know that my code is working for "normal" http digest authentication
but not for "sip digest authentication". So what am I doing wrong?
Thanks for replies in advance!
Regards,
Holger
More information about the sr-users
mailing list