rubysl-webrick 1.0.0

data/lib/webrick/compat.rb

@@ -0,0 +1,15 @@
+#
+# compat.rb -- cross platform compatibility
+#
+# Author: IPR -- Internet Programming with Ruby -- writers
+# Copyright (c) 2002 GOTOU Yuuzou
+# Copyright (c) 2002 Internet Programming with Ruby writers. All rights
+# reserved.
+#
+# $IPR: compat.rb,v 1.6 2002/10/01 17:16:32 gotoyuzo Exp $
+
+module Errno
+  class EPROTO       < SystemCallError; end
+  class ECONNRESET   < SystemCallError; end
+  class ECONNABORTED < SystemCallError; end
+end

data/lib/webrick/config.rb

@@ -0,0 +1,97 @@
+#
+# config.rb -- Default configurations.
+#
+# Author: IPR -- Internet Programming with Ruby -- writers
+# Copyright (c) 2000, 2001 TAKAHASHI Masayoshi, GOTOU Yuuzou
+# Copyright (c) 2003 Internet Programming with Ruby writers. All rights
+# reserved.
+#
+# $IPR: config.rb,v 1.52 2003/07/22 19:20:42 gotoyuzo Exp $
+
+require 'webrick/version'
+require 'webrick/httpversion'
+require 'webrick/httputils'
+require 'webrick/utils'
+require 'webrick/log'
+
+module WEBrick
+  module Config
+    LIBDIR = File::dirname(__FILE__)
+
+    # for GenericServer
+    General = {
+      :ServerName     => Utils::getservername,
+      :BindAddress    => nil,   # "0.0.0.0" or "::" or nil
+      :Port           => nil,   # users MUST specifiy this!!
+      :MaxClients     => 100,   # maximum number of the concurrent connections
+      :ServerType     => nil,   # default: WEBrick::SimpleServer
+      :Logger         => nil,   # default: WEBrick::Log.new
+      :ServerSoftware => "WEBrick/#{WEBrick::VERSION} " +
+                         "(Ruby/#{RUBY_VERSION}/#{RUBY_RELEASE_DATE})",
+      :TempDir        => ENV['TMPDIR']||ENV['TMP']||ENV['TEMP']||'/tmp',
+      :DoNotListen    => false,
+      :StartCallback  => nil,
+      :StopCallback   => nil,
+      :AcceptCallback => nil,
+    }
+
+    # for HTTPServer, HTTPRequest, HTTPResponse ...
+    HTTP = General.dup.update(
+      :Port           => 80,
+      :RequestTimeout => 30,
+      :HTTPVersion    => HTTPVersion.new("1.1"),
+      :AccessLog      => nil,
+      :MimeTypes      => HTTPUtils::DefaultMimeTypes,
+      :DirectoryIndex => ["index.html","index.htm","index.cgi","index.rhtml"],
+      :DocumentRoot   => nil,
+      :DocumentRootOptions => { :FancyIndexing => true },
+      :RequestHandler => nil,
+      :RequestCallback => nil,  # alias of :RequestHandler
+      :ServerAlias    => nil,
+
+      # for HTTPProxyServer
+      :ProxyAuthProc  => nil,
+      :ProxyContentHandler => nil,
+      :ProxyVia       => true,
+      :ProxyTimeout   => true,
+      :ProxyURI       => nil,
+
+      :CGIInterpreter => nil,
+      :CGIPathEnv     => nil,
+
+      # workaround: if Request-URIs contain 8bit chars,
+      # they should be escaped before calling of URI::parse().
+      :Escape8bitURI  => false
+    )
+
+    FileHandler = {
+      :NondisclosureName => [".ht*", "*~"],
+      :FancyIndexing     => false,
+      :HandlerTable      => {},
+      :HandlerCallback   => nil,
+      :DirectoryCallback => nil,
+      :FileCallback      => nil,
+      :UserDir           => nil,  # e.g. "public_html"
+      :AcceptableLanguages => []  # ["en", "ja", ... ]
+    }
+
+    BasicAuth = {
+      :AutoReloadUserDB     => true,
+    }
+
+    DigestAuth = {
+      :Algorithm            => 'MD5-sess', # or 'MD5' 
+      :Domain               => nil,        # an array includes domain names.
+      :Qop                  => [ 'auth' ], # 'auth' or 'auth-int' or both.
+      :UseOpaque            => true,
+      :UseNextNonce         => false,
+      :CheckNc              => false,
+      :UseAuthenticationInfoHeader => true,
+      :AutoReloadUserDB     => true,
+      :NonceExpirePeriod    => 30*60,
+      :NonceExpireDelta     => 60,
+      :InternetExplorerHack => true,
+      :OperaHack            => true,
+    }
+  end
+end

data/lib/webrick/cookie.rb

@@ -0,0 +1,110 @@
+#
+# cookie.rb -- Cookie class
+#
+# Author: IPR -- Internet Programming with Ruby -- writers
+# Copyright (c) 2000, 2001 TAKAHASHI Masayoshi, GOTOU Yuuzou
+# Copyright (c) 2002 Internet Programming with Ruby writers. All rights
+# reserved.
+#
+# $IPR: cookie.rb,v 1.16 2002/09/21 12:23:35 gotoyuzo Exp $
+
+require 'time'
+require 'webrick/httputils'
+
+module WEBrick
+  class Cookie
+
+    attr_reader :name
+    attr_accessor :value, :version
+    attr_accessor :domain, :path, :secure
+    attr_accessor :comment, :max_age
+    #attr_accessor :comment_url, :discard, :port
+
+    def initialize(name, value)
+      @name = name
+      @value = value
+      @version = 0     # Netscape Cookie
+
+      @domain = @path = @secure = @comment = @max_age =
+      @expires = @comment_url = @discard = @port = nil
+    end
+
+    def expires=(t)
+      @expires = t && (t.is_a?(Time) ? t.httpdate : t.to_s)
+    end
+
+    def expires
+      @expires && Time.parse(@expires)
+    end
+
+    def to_s
+      ret = ""
+      ret << @name << "=" << @value
+      ret << "; " << "Version=" << @version.to_s if @version > 0
+      ret << "; " << "Domain="  << @domain  if @domain
+      ret << "; " << "Expires=" << @expires if @expires
+      ret << "; " << "Max-Age=" << @max_age.to_s if @max_age
+      ret << "; " << "Comment=" << @comment if @comment
+      ret << "; " << "Path="    << @path if @path
+      ret << "; " << "Secure"   if @secure
+      ret
+    end
+
+    # Cookie::parse()
+    #   It parses Cookie field sent from the user agent.
+    def self.parse(str)
+      if str
+        ret = []
+        cookie = nil
+        ver = 0
+        str.split(/[;,]\s+/).each{|x|
+          key, val = x.split(/=/,2)
+          val = val ? HTTPUtils::dequote(val) : ""
+          case key
+          when "$Version"; ver = val.to_i
+          when "$Path";    cookie.path = val
+          when "$Domain";  cookie.domain = val
+          when "$Port";    cookie.port = val
+          else
+            ret << cookie if cookie
+            cookie = self.new(key, val)
+            cookie.version = ver
+          end
+        }
+        ret << cookie if cookie
+        ret
+      end
+    end
+
+    def self.parse_set_cookie(str)
+      cookie_elem = str.split(/;/)
+      first_elem = cookie_elem.shift
+      first_elem.strip!
+      key, value = first_elem.split(/=/, 2)
+      cookie = new(key, HTTPUtils.dequote(value))
+      cookie_elem.each{|pair|
+        pair.strip!
+        key, value = pair.split(/=/, 2)
+        if value
+          value = HTTPUtils.dequote(value.strip)
+        end
+        case key.downcase
+        when "domain"  then cookie.domain  = value
+        when "path"    then cookie.path    = value
+        when "expires" then cookie.expires = value
+        when "max-age" then cookie.max_age = Integer(value)
+        when "comment" then cookie.comment = value
+        when "version" then cookie.version = Integer(value)
+        when "secure"  then cookie.secure = true
+        end
+      }
+      return cookie
+    end
+
+    def self.parse_set_cookies(str)
+      return str.split(/,(?=[^;,]*=)|,$/).collect{|c|
+        parse_set_cookie(c)
+      }
+    end
+  end
+end

data/lib/webrick/htmlutils.rb

@@ -0,0 +1,25 @@
+#
+# htmlutils.rb -- HTMLUtils Module
+#
+# Author: IPR -- Internet Programming with Ruby -- writers
+# Copyright (c) 2000, 2001 TAKAHASHI Masayoshi, GOTOU Yuuzou
+# Copyright (c) 2002 Internet Programming with Ruby writers. All rights
+# reserved.
+#
+# $IPR: htmlutils.rb,v 1.7 2002/09/21 12:23:35 gotoyuzo Exp $
+
+module WEBrick
+  module HTMLUtils
+
+    def escape(string)
+      str = string ? string.dup : ""
+      str.gsub!(/&/n, '&')
+      str.gsub!(/\"/n, '"')
+      str.gsub!(/>/n, '>')
+      str.gsub!(/</n, '&lt;')
+      str
+    end
+    module_function :escape
+
+  end
+end

data/lib/webrick/httpauth.rb

@@ -0,0 +1,45 @@
+#
+# httpauth.rb -- HTTP access authentication
+#
+# Author: IPR -- Internet Programming with Ruby -- writers
+# Copyright (c) 2000, 2001 TAKAHASHI Masayoshi, GOTOU Yuuzou
+# Copyright (c) 2002 Internet Programming with Ruby writers. All rights
+# reserved.
+#
+# $IPR: httpauth.rb,v 1.14 2003/07/22 19:20:42 gotoyuzo Exp $
+
+require 'webrick/httpauth/basicauth'
+require 'webrick/httpauth/digestauth'
+require 'webrick/httpauth/htpasswd'
+require 'webrick/httpauth/htdigest'
+require 'webrick/httpauth/htgroup'
+
+module WEBrick
+  module HTTPAuth
+    module_function
+
+    def _basic_auth(req, res, realm, req_field, res_field, err_type, block)
+      user = pass = nil
+      if /^Basic\s+(.*)/o =~ req[req_field]
+        userpass = $1
+        user, pass = userpass.unpack("m*")[0].split(":", 2)
+      end
+      if block.call(user, pass)
+        req.user = user
+        return
+      end
+      res[res_field] = "Basic realm=\"#{realm}\""
+      raise err_type
+    end
+
+    def basic_auth(req, res, realm, &block)
+      _basic_auth(req, res, realm, "Authorization", "WWW-Authenticate",
+                  HTTPStatus::Unauthorized, block)
+    end
+
+    def proxy_basic_auth(req, res, realm, &block)
+      _basic_auth(req, res, realm, "Proxy-Authorization", "Proxy-Authenticate",
+                  HTTPStatus::ProxyAuthenticationRequired, block)
+    end
+  end
+end

data/lib/webrick/httpauth/authenticator.rb

@@ -0,0 +1,79 @@
+#
+# httpauth/authenticator.rb -- Authenticator mix-in module.
+#
+# Author: IPR -- Internet Programming with Ruby -- writers
+# Copyright (c) 2003 Internet Programming with Ruby writers. All rights
+# reserved.
+#
+# $IPR: authenticator.rb,v 1.3 2003/02/20 07:15:47 gotoyuzo Exp $
+
+module WEBrick
+  module HTTPAuth
+    module Authenticator
+      RequestField      = "Authorization"
+      ResponseField     = "WWW-Authenticate"
+      ResponseInfoField = "Authentication-Info"
+      AuthException     = HTTPStatus::Unauthorized
+      AuthScheme        = nil # must override by the derived class
+
+      attr_reader :realm, :userdb, :logger
+
+      private
+
+      def check_init(config)
+        [:UserDB, :Realm].each{|sym|
+          unless config[sym]
+            raise ArgumentError, "Argument #{sym.inspect} missing."
+          end
+        } 
+        @realm     = config[:Realm]
+        @userdb    = config[:UserDB]
+        @logger    = config[:Logger] || Log::new($stderr)
+        @reload_db = config[:AutoReloadUserDB]
+        @request_field   = self::class::RequestField
+        @response_field  = self::class::ResponseField
+        @resp_info_field = self::class::ResponseInfoField
+        @auth_exception  = self::class::AuthException
+        @auth_scheme     = self::class::AuthScheme
+      end
+
+      def check_scheme(req)
+        unless credentials = req[@request_field]
+          error("no credentials in the request.")
+          return nil 
+        end  
+        unless match = /^#{@auth_scheme}\s+/.match(credentials)
+          error("invalid scheme in %s.", credentials)
+          info("%s: %s", @request_field, credentials) if $DEBUG
+          return nil
+        end
+        return match.post_match
+      end
+
+      def log(meth, fmt, *args)
+        msg = format("%s %s: ", @auth_scheme, @realm)
+        msg << fmt % args
+        @logger.send(meth, msg)
+      end
+
+      def error(fmt, *args)
+        if @logger.error?
+          log(:error, fmt, *args)
+        end
+      end                             
+
+      def info(fmt, *args)
+        if @logger.info?
+          log(:info, fmt, *args)
+        end
+      end
+    end
+
+    module ProxyAuthenticator
+      RequestField  = "Proxy-Authorization"
+      ResponseField = "Proxy-Authenticate"
+      InfoField     = "Proxy-Authentication-Info"
+      AuthException = HTTPStatus::ProxyAuthenticationRequired
+    end
+  end
+end

data/lib/webrick/httpauth/basicauth.rb

@@ -0,0 +1,65 @@
+#
+# httpauth/basicauth.rb -- HTTP basic access authentication
+#
+# Author: IPR -- Internet Programming with Ruby -- writers
+# Copyright (c) 2003 Internet Programming with Ruby writers. All rights
+# reserved.
+#
+# $IPR: basicauth.rb,v 1.5 2003/02/20 07:15:47 gotoyuzo Exp $
+
+require 'webrick/config'
+require 'webrick/httpstatus'
+require 'webrick/httpauth/authenticator'
+
+module WEBrick
+  module HTTPAuth
+    class BasicAuth
+      include Authenticator
+
+      AuthScheme = "Basic"
+
+      def self.make_passwd(realm, user, pass)
+        pass ||= ""
+        pass.crypt(Utils::random_string(2))
+      end
+
+      attr_reader :realm, :userdb, :logger
+
+      def initialize(config, default=Config::BasicAuth)
+        check_init(config)
+        @config = default.dup.update(config)
+      end
+
+      def authenticate(req, res)
+        unless basic_credentials = check_scheme(req)
+          challenge(req, res)
+        end
+        userid, password = basic_credentials.unpack("m*")[0].split(":", 2) 
+        password ||= ""
+        if userid.empty?
+          error("user id was not given.")
+          challenge(req, res)
+        end
+        unless encpass = @userdb.get_passwd(@realm, userid, @reload_db)
+          error("%s: the user is not allowed.", userid)
+          challenge(req, res)
+        end
+        if password.crypt(encpass) != encpass
+          error("%s: password unmatch.", userid)
+          challenge(req, res)
+        end
+        info("%s: authentication succeeded.", userid)
+        req.user = userid
+      end
+
+      def challenge(req, res)
+        res[@response_field] = "#{@auth_scheme} realm=\"#{@realm}\""
+        raise @auth_exception
+      end
+    end
+
+    class ProxyBasicAuth < BasicAuth
+      include ProxyAuthenticator
+    end
+  end
+end

data/lib/webrick/httpauth/digestauth.rb

@@ -0,0 +1,343 @@
+#
+# httpauth/digestauth.rb -- HTTP digest access authentication
+#
+# Author: IPR -- Internet Programming with Ruby -- writers
+# Copyright (c) 2003 Internet Programming with Ruby writers.
+# Copyright (c) 2003 H.M.
+#
+# The original implementation is provided by H.M.
+#   URL: http://rwiki.jin.gr.jp/cgi-bin/rw-cgi.rb?cmd=view;name=
+#        %C7%A7%BE%DA%B5%A1%C7%BD%A4%F2%B2%FE%C2%A4%A4%B7%A4%C6%A4%DF%A4%EB
+#
+# $IPR: digestauth.rb,v 1.5 2003/02/20 07:15:47 gotoyuzo Exp $
+
+require 'webrick/config'
+require 'webrick/httpstatus'
+require 'webrick/httpauth/authenticator'
+require 'digest/md5'
+require 'digest/sha1'
+
+module WEBrick
+  module HTTPAuth
+    class DigestAuth
+      include Authenticator
+
+      AuthScheme = "Digest"
+      OpaqueInfo = Struct.new(:time, :nonce, :nc)
+      attr_reader :algorithm, :qop
+
+      def self.make_passwd(realm, user, pass)
+        pass ||= ""
+        Digest::MD5::hexdigest([user, realm, pass].join(":"))
+      end
+
+      def initialize(config, default=Config::DigestAuth)
+        check_init(config)
+        @config                 = default.dup.update(config)
+        @algorithm              = @config[:Algorithm]
+        @domain                 = @config[:Domain]
+        @qop                    = @config[:Qop]
+        @use_opaque             = @config[:UseOpaque]
+        @use_next_nonce         = @config[:UseNextNonce]
+        @check_nc               = @config[:CheckNc]
+        @use_auth_info_header   = @config[:UseAuthenticationInfoHeader]
+        @nonce_expire_period    = @config[:NonceExpirePeriod]
+        @nonce_expire_delta     = @config[:NonceExpireDelta]
+        @internet_explorer_hack = @config[:InternetExplorerHack]
+        @opera_hack             = @config[:OperaHack]
+
+        case @algorithm
+        when 'MD5','MD5-sess'
+          @h = Digest::MD5
+        when 'SHA1','SHA1-sess'  # it is a bonus feature :-)
+          @h = Digest::SHA1
+        else
+          msg = format('Alogrithm "%s" is not supported.', @algorithm)
+          raise ArgumentError.new(msg)
+        end
+
+        @instance_key = hexdigest(self.__id__, Time.now.to_i, Process.pid)
+        @opaques = {}
+        @last_nonce_expire = Time.now
+        @mutex = Mutex.new
+      end
+
+      def authenticate(req, res)
+        unless result = @mutex.synchronize{ _authenticate(req, res) }
+          challenge(req, res)
+        end
+        if result == :nonce_is_stale
+          challenge(req, res, true)
+        end
+        return true
+      end
+
+      def challenge(req, res, stale=false)
+        nonce = generate_next_nonce(req)
+        if @use_opaque
+          opaque = generate_opaque(req)
+          @opaques[opaque].nonce = nonce
+        end
+
+        param = Hash.new
+        param["realm"]  = HTTPUtils::quote(@realm)
+        param["domain"] = HTTPUtils::quote(@domain.to_a.join(" ")) if @domain
+        param["nonce"]  = HTTPUtils::quote(nonce)
+        param["opaque"] = HTTPUtils::quote(opaque) if opaque
+        param["stale"]  = stale.to_s
+        param["algorithm"] = @algorithm
+        param["qop"]    = HTTPUtils::quote(@qop.to_a.join(",")) if @qop
+
+        res[@response_field] =
+          "#{@auth_scheme} " + param.map{|k,v| "#{k}=#{v}" }.join(", ")
+        info("%s: %s", @response_field, res[@response_field]) if $DEBUG
+        raise @auth_exception
+      end
+
+      private
+
+      MustParams = ['username','realm','nonce','uri','response']
+      MustParamsAuth = ['cnonce','nc']
+
+      def _authenticate(req, res)
+        unless digest_credentials = check_scheme(req)
+          return false
+        end
+
+        auth_req = split_param_value(digest_credentials)
+        if auth_req['qop'] == "auth" || auth_req['qop'] == "auth-int"
+          req_params = MustParams + MustParamsAuth
+        else
+          req_params = MustParams
+        end
+        req_params.each{|key|
+          unless auth_req.has_key?(key)
+            error('%s: parameter missing. "%s"', auth_req['username'], key)
+            raise HTTPStatus::BadRequest
+          end
+        }
+
+        if !check_uri(req, auth_req)
+          raise HTTPStatus::BadRequest  
+        end
+
+        if auth_req['realm'] != @realm  
+          error('%s: realm unmatch. "%s" for "%s"',
+                auth_req['username'], auth_req['realm'], @realm)
+          return false
+        end
+
+        auth_req['algorithm'] ||= 'MD5' 
+        if auth_req['algorithm'] != @algorithm &&
+           (@opera_hack && auth_req['algorithm'] != @algorithm.upcase)
+          error('%s: algorithm unmatch. "%s" for "%s"',
+                auth_req['username'], auth_req['algorithm'], @algorithm)
+          return false
+        end
+
+        if (@qop.nil? && auth_req.has_key?('qop')) ||
+           (@qop && (! @qop.member?(auth_req['qop'])))
+          error('%s: the qop is not allowed. "%s"',
+                auth_req['username'], auth_req['qop'])
+          return false
+        end
+
+        password = @userdb.get_passwd(@realm, auth_req['username'], @reload_db)
+        unless password
+          error('%s: the user is not allowd.', auth_req['username'])
+          return false
+        end
+
+        nonce_is_invalid = false
+        if @use_opaque
+          info("@opaque = %s", @opaque.inspect) if $DEBUG
+          if !(opaque = auth_req['opaque'])
+            error('%s: opaque is not given.', auth_req['username'])
+            nonce_is_invalid = true
+          elsif !(opaque_struct = @opaques[opaque])
+            error('%s: invalid opaque is given.', auth_req['username'])
+            nonce_is_invalid = true
+          elsif !check_opaque(opaque_struct, req, auth_req)
+            @opaques.delete(auth_req['opaque'])
+            nonce_is_invalid = true
+          end
+        elsif !check_nonce(req, auth_req)
+          nonce_is_invalid = true
+        end
+
+        if /-sess$/ =~ auth_req['algorithm'] ||
+           (@opera_hack && /-SESS$/ =~ auth_req['algorithm'])
+          ha1 = hexdigest(password, auth_req['nonce'], auth_req['cnonce'])
+        else
+          ha1 = password
+        end
+
+        if auth_req['qop'] == "auth" || auth_req['qop'] == nil
+          ha2 = hexdigest(req.request_method, auth_req['uri'])
+          ha2_res = hexdigest("", auth_req['uri'])
+        elsif auth_req['qop'] == "auth-int"
+          ha2 = hexdigest(req.request_method, auth_req['uri'],
+                          hexdigest(req.body))
+          ha2_res = hexdigest("", auth_req['uri'], hexdigest(res.body))
+        end
+
+        if auth_req['qop'] == "auth" || auth_req['qop'] == "auth-int"
+          param2 = ['nonce', 'nc', 'cnonce', 'qop'].map{|key|
+            auth_req[key]
+          }.join(':')
+          digest     = hexdigest(ha1, param2, ha2)
+          digest_res = hexdigest(ha1, param2, ha2_res)
+        else
+          digest     = hexdigest(ha1, auth_req['nonce'], ha2)
+          digest_res = hexdigest(ha1, auth_req['nonce'], ha2_res)
+        end
+
+        if digest != auth_req['response']
+          error("%s: digest unmatch.", auth_req['username'])
+          return false
+        elsif nonce_is_invalid
+          error('%s: digest is valid, but nonce is not valid.',
+                auth_req['username'])
+          return :nonce_is_stale
+        elsif @use_auth_info_header
+          auth_info = {
+            'nextnonce' => generate_next_nonce(req),
+            'rspauth'   => digest_res
+          }
+          if @use_opaque
+            opaque_struct.time  = req.request_time
+            opaque_struct.nonce = auth_info['nextnonce']
+            opaque_struct.nc    = "%08x" % (auth_req['nc'].hex + 1)
+          end
+          if auth_req['qop'] == "auth" || auth_req['qop'] == "auth-int"
+            ['qop','cnonce','nc'].each{|key|
+              auth_info[key] = auth_req[key]
+            }
+          end
+          res[@resp_info_field] = auth_info.keys.map{|key|
+            if key == 'nc'
+              key + '=' + auth_info[key]
+            else
+              key + "=" + HTTPUtils::quote(auth_info[key])
+            end
+          }.join(', ')
+        end
+        info('%s: authentication scceeded.', auth_req['username'])
+        req.user = auth_req['username']
+        return true
+      end
+
+      def split_param_value(string)
+        ret = {}
+        while string.size != 0
+          case string           
+          when /^\s*([\w\-\.\*\%\!]+)=\s*\"((\\.|[^\"])*)\"\s*,?/
+            key = $1
+            matched = $2
+            string = $'
+            ret[key] = matched.gsub(/\\(.)/, "\\1")
+          when /^\s*([\w\-\.\*\%\!]+)=\s*([^,\"]*),?/
+            key = $1
+            matched = $2
+            string = $'
+            ret[key] = matched.clone
+          when /^s*^,/
+            string = $'
+          else
+            break
+          end
+        end
+        ret
+      end
+
+      def generate_next_nonce(req)
+        now = "%012d" % req.request_time.to_i
+        pk  = hexdigest(now, @instance_key)[0,32]
+        nonce = [now + ":" + pk].pack("m*").chop # it has 60 length of chars.
+        nonce
+      end
+
+      def check_nonce(req, auth_req)
+        username = auth_req['username']
+        nonce = auth_req['nonce']
+
+        pub_time, pk = nonce.unpack("m*")[0].split(":", 2)
+        if (!pub_time || !pk)
+          error("%s: empty nonce is given", username)
+          return false
+        elsif (hexdigest(pub_time, @instance_key)[0,32] != pk)
+          error("%s: invalid private-key: %s for %s",
+                username, hexdigest(pub_time, @instance_key)[0,32], pk)
+          return false
+        end
+
+        diff_time = req.request_time.to_i - pub_time.to_i
+        if (diff_time < 0)
+          error("%s: difference of time-stamp is negative.", username)
+          return false
+        elsif diff_time > @nonce_expire_period
+          error("%s: nonce is expired.", username)
+          return false
+        end
+
+        return true
+      end
+
+      def generate_opaque(req)
+        @mutex.synchronize{
+          now = req.request_time
+          if now - @last_nonce_expire > @nonce_expire_delta
+            @opaques.delete_if{|key,val|
+              (now - val.time) > @nonce_expire_period
+            }
+            @last_nonce_expire = now
+          end
+          begin
+            opaque = Utils::random_string(16)
+          end while @opaques[opaque]
+          @opaques[opaque] = OpaqueInfo.new(now, nil, '00000001')
+          opaque
+        }
+      end
+
+      def check_opaque(opaque_struct, req, auth_req)
+        if (@use_next_nonce && auth_req['nonce'] != opaque_struct.nonce)
+          error('%s: nonce unmatched. "%s" for "%s"',
+                auth_req['username'], auth_req['nonce'], opaque_struct.nonce)
+          return false
+        elsif !check_nonce(req, auth_req)
+          return false
+        end
+        if (@check_nc && auth_req['nc'] != opaque_struct.nc)
+          error('%s: nc unmatched."%s" for "%s"',
+                auth_req['username'], auth_req['nc'], opaque_struct.nc)
+          return false
+        end
+        true
+      end
+
+      def check_uri(req, auth_req)
+        uri = auth_req['uri']
+        if uri != req.request_uri.to_s && uri != req.unparsed_uri &&
+           (@internet_explorer_hack && uri != req.path)
+          error('%s: uri unmatch. "%s" for "%s"', auth_req['username'], 
+                auth_req['uri'], req.request_uri.to_s)
+          return false
+        end
+        true
+      end
+
+      def hexdigest(*args)
+        @h.hexdigest(args.join(":"))
+      end
+    end
+
+    class ProxyDigestAuth < DigestAuth
+      include ProxyAuthenticator
+
+      def check_uri(req, auth_req)
+        return true
+      end
+    end
+  end
+end