fix(redirection): ensure nonce is used correctly

open-amt-cloud-toolkit · Nov 15, 2022 · 9507209 · 9507209
1 parent 26ed7db
commit 9507209
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 7 deletions.
diff --git a/src/utils/redirectInterceptor.test.ts b/src/utils/redirectInterceptor.test.ts
@@ -780,10 +780,11 @@ test('handleAuthenticateSession DIGEST with user, pass and digestRealm', () => {
 
   const authurl = '/RedirectionService'
   const nc = ws.authCNonceCount
+  const ncs = nc.toString(16).padStart(8, '0')
   const digest = 'digest'
 
   let r = String.fromCharCode(0x13, 0x00, 0x00, 0x00, 0x04)
-  r += Common.IntToStrX(args.user.length + amt.digestRealm.length + amt.digestNonce.length + authurl.length + ws.authCNonce.length + nc.toString().length + digest.length + amt.digestQOP.length + 8)
+  r += Common.IntToStrX(args.user.length + amt.digestRealm.length + amt.digestNonce.length + authurl.length + ws.authCNonce.length + ncs.length + digest.length + amt.digestQOP.length + 8)
   r += String.fromCharCode(args.user.length) // Username Length
   r += args.user // Username
   r += String.fromCharCode(amt.digestRealm.length) // Realm Length
@@ -794,8 +795,8 @@ test('handleAuthenticateSession DIGEST with user, pass and digestRealm', () => {
   r += authurl // Authentication URL
   r += String.fromCharCode(ws.authCNonce.length) // CNonce Length
   r += ws.authCNonce // CNonce
-  r += String.fromCharCode(nc.toString().length) // NonceCount Length
-  r += nc.toString() // NonceCount
+  r += String.fromCharCode(ncs.length) // NonceCount Length
+  r += ncs // NonceCount // NonceCount
   r += String.fromCharCode(digest.length) // Response Length
   r += digest // Response
   r += String.fromCharCode(amt.digestQOP.length) // QOP Length

diff --git a/src/utils/redirectInterceptor.ts b/src/utils/redirectInterceptor.ts
@@ -178,12 +178,13 @@ export class RedirectInterceptor {
         // We have everything we need to authenticate
         const nc = this.ws.authCNonceCount
         this.ws.authCNonceCount++
-        const digest = Common.ComputeDigesthash(this.args.user, this.args.pass, this.amt.digestRealm, 'POST', authurl, this.amt.digestQOP, this.amt.digestNonce, nc.toString(), this.ws.authCNonce)
+        const nonceCount = nc.toString(16).padStart(8, '0')
+        const digest = Common.ComputeDigesthash(this.args.user, this.args.pass, this.amt.digestRealm, 'POST', authurl, this.amt.digestQOP, this.amt.digestNonce, nonceCount, this.ws.authCNonce)
 
         // Replace this authentication digest with a server created one
         // We have everything we need to authenticate
         let r = String.fromCharCode(0x13, 0x00, 0x00, 0x00, 0x04)
-        r += Common.IntToStrX(this.args.user.length + this.amt.digestRealm.length + this.amt.digestNonce.length + authurl.length + this.ws.authCNonce.length + nc.toString().length + digest.length + this.amt.digestQOP.length + 8)
+        r += Common.IntToStrX(this.args.user.length + this.amt.digestRealm.length + this.amt.digestNonce.length + authurl.length + this.ws.authCNonce.length + nonceCount.length + digest.length + this.amt.digestQOP.length + 8)
         r += String.fromCharCode(this.args.user.length) // Username Length
         r += this.args.user // Username
         r += String.fromCharCode(this.amt.digestRealm.length) // Realm Length
@@ -194,8 +195,8 @@ export class RedirectInterceptor {
         r += authurl // Authentication URL
         r += String.fromCharCode(this.ws.authCNonce.length) // CNonce Length
         r += this.ws.authCNonce // CNonce
-        r += String.fromCharCode(nc.toString().length) // NonceCount Length
-        r += nc.toString() // NonceCount
+        r += String.fromCharCode(nonceCount.length) // NonceCount Length
+        r += nonceCount // NonceCount
         r += String.fromCharCode(digest.length) // Response Length
         r += digest // Response
         r += String.fromCharCode(this.amt.digestQOP.length) // QOP Length