B4A Library SD DigestServer (httpServer+Digest Auth) with Source Code

I have extended the HttpServer Library functions by adding Digest authentication.
This is a demonstration version, it allows normal http connections (such as httpserver) and activating the digest protocol on a specific folder will display (if you enter the correct credentials) a standard page.

You can ask for the full version privately which allows you to send your http pages to requests for authenticated pages
(Here b4i version)

DigestServerDemo

Author:
Star-Dust
Version: 0.11
  • SecurityServer
    • Events:
      • HandleDigestRequest (Request As ServletRequest, Response As ServletResponse)
      • HandleRequest (Request As ServletRequest, Response As ServletResponse)
      • LogIn (UserName As String, Address As String)
      • RefusedNoCredential (Address As String)
      • RefusedWrongCredential (UserName As String, Address As String)
      • RefusedWrongNC (UserName As String, Address As String)
    • Fields:
      • DigestAuthentication As Boolean
      • DigestPath As String
      • HeaderParameter As Map
      • IgnoreNC As Boolean
      • LogActive As Boolean
      • LogFirstRefuse As Boolean
      • realm As String
    • Functions:
      • Class_Globals As String
      • Initialize (CallBack As Object, EventName As String) As String
        Initializes the object. You can add parameters to this method if needed.
      • IsInitialized As Boolean
        Verifica se l'oggetto sia stato inizializzato.
      • SetHeaderDigestSecurity (Response As ServletResponse) As String
        es. Response.SetHeader("WWW-Authenticate",Server.GetHeaderDigestString(ovaqueValue))
      • Start (Port As Int) As String
      • Stop As String
    • Properties:
      • htdigestlist
  • tUser
    • Fields:
      • Address As String
      • IsInitialized As Boolean
        Verifica se l'oggetto sia stato inizializzato.
      • LastRequest As Long
      • nc As Int
      • nonce As String
      • opaque As String
      • realm As String
    • Functions:
      • Initialize
        Inizializza i campi al loro valore predefinito.

HTDigest file format is Text list:
User1:real: Password1
User2:real: Password2DigestServerDemo
 

Attachments

  • DigestServerDemo 0.11.zip
    9.3 KB · Views: 125
  • DigestServerDemoSample.zip
    9.9 KB · Views: 142
Last edited:

Star-Dust

Expert
Licensed User
Update 0.08
  • LogIn (UserName As String, opaque As String)
    Modified event to receive the opaque value to be used later for secure communications.
  • Add GetHeaderDigestString (opaque As String) As String
    It is used if you want to send data outside the HeaderDigsetRequest event. Set the Header to send securely
B4X:
Response.SetHeader("WWW-Authenticate",Server.GetHeaderDigestString(opaqueValue))
Response.SetContentType("text/html")
Response.SendString(Body)

NB. GetHeaderDigestString method can be used after logIn in (and raising the event) and assigning an opaque value to the connection
 
Last edited:

Star-Dust

Expert
Licensed User
Update 0.09
  • modified LogIn (UserName As String, Address As String)
  • New event: AssignedOpaque (Response As ServletResponse, opaque As String)

The previous modification did not fulfill its purpose when there are multiple concurrent connections. So it required an additional update.

Each access request will raise a new event that will assign the opaque value to the ServletResponse. So that if you want to send safe data outside the HeaderDisgetRequest event, you can set safe parameters in the Header


B4X:
Dim MapOpaque as Map ' Global

Private Sub Server_AssignedOpaque(Response As ServletResponse, opaque As String)
    MapOpaque.Put(Response,opaque)
End Sub

Public Sub SendMessage(Response As ServletResponse, Message As String)
    If MapOpaque.ContainsKey(Response) Then
        Dim opaqueValue As String = MapOpaque.Get(Response)
        Response.SetHeader("WWW-Authenticate",Server.GetHeaderDigestString(opaqueValue))
        Response.SetContentType("text/html")
        Response.SendString(Message)
    End If
End Sub
Each time AssignedOpaque is raised it will be necessary to save the values of ServletResponse and Opaque, preferably in a Map, as in the example. So when you want to send a message outside the event you can retrieve the opaque value related to ServletResponse obtaining it from the Map and then set the Header for the response

NB. Updated example
 
Last edited:

Star-Dust

Expert
Licensed User
Update 0.11
FIX BUG​
B4X:
Public Sub SendMessage(Response As ServletResponse, Message As String)
    Server.SetHeaderDigestsecurity(Response)
    Response.SetContentType("text/html")
    Response.SendString(Message)
End Sub

New method to send secure messages out of the HeaderDigestResponse event. The AssignedOpaque event no longer exists. It's not necessary any more
 

Star-Dust

Expert
Licensed User
How to carry out the tests:
  1. After starting the example on the mobile device, you can access the page from the browser of your pc by indicating the ip address of the mobile device and the port chosen. (better if it is on a local network)
    For example: http://192.168.1.100:51051

  2. Or using the CURL command from windows:

    For example: curl --location --request POST "http://192.168.1.100:51051" --header "Content-Type: application/x-www-form-urlencoded" --data-urlencode "device=mydevice" --data-urlencode "idConnection=000000002" --data-urlencode "command=CON" --data-urlencode "timeOutLimit=3600" --digest -u User:MyPassword -v
 
Top