Skip to content

Commit

Permalink
fix DigestClient, should use tls responding to 401 if initial request…
Browse files Browse the repository at this point in the history
… used tls
  • Loading branch information
davehorton committed Jun 24, 2024
1 parent d6ce1b5 commit 5c5d6d7
Showing 1 changed file with 23 additions and 14 deletions.
37 changes: 23 additions & 14 deletions lib/digest-client.js
Original file line number Diff line number Diff line change
@@ -1,5 +1,12 @@
const crypto = require('crypto');

function parseTransportToken(sipString) {
if (sipString) {
const match = sipString.match(/;transport=([^;\s]+)/i);
if (match) return match[1].toLowerCase();
}
}

module.exports = class DigestClient {

constructor(res) {
Expand Down Expand Up @@ -31,17 +38,17 @@ module.exports = class DigestClient {
return callback(err);
}

var header = this.res.statusCode === 407 ? 'proxy-authenticate' : 'www-authenticate' ;
var challenge = this._parseChallenge(this.res.get(header));
const header = this.res.statusCode === 407 ? 'proxy-authenticate' : 'www-authenticate' ;
const challenge = this._parseChallenge(this.res.get(header));

var ha1 = crypto.createHash('md5');
const ha1 = crypto.createHash('md5');
ha1.update([username, challenge.realm, password].join(':'));
var ha2 = crypto.createHash('md5');
const ha2 = crypto.createHash('md5');
ha2.update([options.method, options.uri].join(':'));

// bump CSeq and preserve Call-Id
var headers = options.headers || {};
var seq = this.req.getParsedHeader('cseq').seq ;
const headers = options.headers || {};
let seq = this.req.getParsedHeader('cseq').seq ;
seq++ ;
headers['CSeq'] = '' + seq + ' ' + this.req.method ;
headers['call-id'] = this.req.get('call-id') ;
Expand All @@ -52,18 +59,18 @@ module.exports = class DigestClient {


// Generate cnonce
var cnonce = false;
var nc = false;
let cnonce = false;
let nc = false;
if (typeof challenge.qop === 'string') {
var cnonceHash = crypto.createHash('md5');
const cnonceHash = crypto.createHash('md5');
cnonceHash.update(Math.random().toString(36));
cnonce = cnonceHash.digest('hex').substr(0, 8);
cnonce = cnonceHash.digest('hex').slice(0, 8);
nc = this._updateNC();
}

// Generate response hash
var response = crypto.createHash('md5');
var responseParams = [
const response = crypto.createHash('md5');
const responseParams = [
ha1.digest('hex'),
challenge.nonce
];
Expand All @@ -80,7 +87,7 @@ module.exports = class DigestClient {
response.update(responseParams.join(':'));

// Setup response parameters
var authParams = {
const authParams = {
username: username,
realm: challenge.realm,
nonce: challenge.nonce,
Expand All @@ -105,7 +112,9 @@ module.exports = class DigestClient {
// we want to send our credentialled request to the same server that challenged us
const originalUri = options.uri;
if (!originalUri.match(/sips?:[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/)) {
const proxy = originalUri.replace(/(sips*):[^;]*/, `$1:${this.res.source_address}:${this.res.source_port}`);
const transport = parseTransportToken(options.proxy);
let proxy = originalUri.replace(/(sips*):[^;]*/, `$1:${this.res.source_address}:${this.res.source_port}`);
if (transport) proxy += `;transport=${transport}`;
Object.assign(options, {proxy});
}
this.agent.request(options, callback) ;
Expand Down

0 comments on commit 5c5d6d7

Please sign in to comment.