Assignment 4

Due Date: 2022-11-16

Available Points: 20

Additional Methods

• No new methods

Additional Status Codes

• 401 Unauthorized

Additional Request Headers

• Authorization

Additional Response Headers

• WWW-Authenticate
• Authorization-Info

Encodings

• No new encodings

Notes

• Implement Basic and Digest Authentication as per Lecture 8 slides (and RFCs 7617 and 7616)
• In your server configuration file: provide private key (any word or phrase) to use in generating nonce & opaque values (though, this is not the safest way to do this)
• Provide a configurable value for how to protect directories
  • Default name is = WeMustProtectThisHouse!
  • All functions combined in a single file for simplicity (you would normally separate them)
  • This file protects the directory it is in, and recursively protects all of its sub-directories
• Sample file:

# Hashed lines are comments and order is not important
#
# Following are two special lines:
authorization-type=Basic
realm="Lane Stadium"
# Always quote realm since it might have spaces
#
# User format => name:md5(password)
mln:d3b07384d113edec49eaa6238ad5ff00
bda:c157a79031e1c40f85931829bc5fc552
jbollen:66e0459d0abbc8cd8bd9a88cd226a9b2

Submission and Evaluation

• Extract sample test files tarball into your web server’s document root
• Place your Dockerfile at the root of your repository (not inside of a nested folder)
• Make your Dockerfile run your server on port 80 by default
• Release your implementation with the a4 tag
• Submissions will be evaluated using a variation of cs531a4 test suite from our testing service and some manual inspection of responses and source code (if necessary)
• Tests will be performed based on the contents and structure of the a4-test folder of the sample test files
• One point will be awarded for passing test cases of each of the previous assignments (except certain test cases where there are obvious backward compatibility conflicts)