diff options
author | Matthias Benkard <code@mail.matthias.benkard.de> | 2009-10-08 22:48:52 +0200 |
---|---|---|
committer | Matthias Benkard <code@mail.matthias.benkard.de> | 2009-10-08 22:48:52 +0200 |
commit | 0de8ffe16893478124133182bccfadfe382aa7c4 (patch) | |
tree | 11d85fdbbd6dd91bd5e5dd321ebc9bbe91265fa9 | |
parent | 2f15876fc8c8f35cc409d7e5476b42a39e43273f (diff) |
Make WSSE authentication more robust.
Ignore-this: 3f4ac5b5cf14401c9d410d1fb4878437
darcs-hash:6a6ad14132a6a2bb4f22e4743c96d12a5cfe6c90
-rw-r--r-- | utils.lisp | 24 |
1 files changed, 17 insertions, 7 deletions
@@ -396,21 +396,31 @@ ELEMENT-TYPE as the stream's." (nonce (cdr (assoc "nonce" params :test 'equalp))) (user (cdr (assoc "username" params :test 'equalp))) (their-digest (cdr (assoc "passworddigest" params :test 'equalp))) - (our-digest (cl-base64:string-to-base64-string - (ironclad:digest-sequence - :sha1 - (format nil "~A~A~A" nonce timestamp *wsse-key*))))) + (our-digest (and (stringp nonce) + (stringp timestamp) + (stringp *wsse-key*) + (cl-base64:string-to-base64-string + (ironclad:digest-sequence + :sha1 + (format nil "~A~A~A" nonce timestamp *wsse-key*)))))) (declare (ignore user)) - (if (and (string= their-digest our-digest) + (if (and (stringp our-digest) + (stringp their-digest) + (numberp time) + (string= their-digest our-digest) (<= (abs (- (get-universal-time) time)) (* 5 60))) (funcall thunk) (progn (http-add-header "Status" "401 Unauthorized") (http-add-header "WWW-Authenticate" "WSSE realm=\"Mulk Journal\", profile=\"UsernameToken\"") (http-add-header "X-Authentication-Message" - (if (string= their-digest our-digest) + (if (and (stringp their-digest) + (stringp our-digest) + (string= their-digest our-digest)) "Time stamp too old." - "Wrong user name or password."))))))) + "Wrong user name or password.")) + (http-send-headers) + #+clisp (ext:quit 0)))))) (defmacro with-wsse-authentication (() &body body) |