function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
j4jamshaidj4jamshaid 

Does Apex have native support for HTTP digest authentication?

Apex Crypto class have "generateDigest()" method which converts the given String to the Digest according to the given algorithm(MD5 etc). It does not implement the Http Digest Authentication cycle. Different languages provides native support fro Http Digest Authentication, which implements RFC2617. Does Apex have native support for the HTTP Digest Authentication? Or any other alternate to use Http Digest Authentication in Apex code?

--Jamshaid..
RamanaRamana
hi Jamshaid,
I know this is a very old post. But were you able to use Digest Authentication in Apex? If so, can you please let me know the process?
Aleksandrs SavkinsAleksandrs Savkins
hope this helps
  
HttpRequest req = new HttpRequest();
req.setEndpoint('YOUR ENDPOINT');
req.setMethod('GET');

Http http = new Http();
HTTPResponse res = http.send(req); 

// get nonce and opaque from the first request
String resp = res.getHeader('WWW-Authenticate');
System.debug(resp);
String[] splitResp = resp.split(',');

String nonce = '';
String opaque = '';
for (String s : splitResp)
{
	if (s.contains('nonce'))
		nonce = s.substring('nonce="'.length(), s.length() - 1);
	else if (s.contains('opaque'))
		opaque = s.substring('opaque="'.length(), s.length() - 1);
}   
System.debug('nonce ' + nonce);  
System.debug('opaque ' + opaque);  

// generate random client nonce string
String dateStr = String.valueOf(DateTime.now());
String cnonce = EncodingUtil.convertToHex(Blob.valueOf(dateStr));
System.debug('cnonce ' + cnonce);

//HA1=MD5(username:realm:password)
Blob targetBlob = Blob.valueOf('your login:server realms:pw');
Blob h1 = Crypto.generateDigest('MD5', targetBlob);
String h1str = EncodingUtil.convertToHex(h1);
System.debug('HA1 ' + h1str);

//HA2=MD5(method:digestURI)
targetBlob = Blob.valueOf('METHOD:URI');  // uri format '/some/res/ping'
Blob h2 = Crypto.generateDigest('MD5', targetBlob);
String h2str = EncodingUtil.convertToHex(h2);
System.debug('HA2 ' + h2str);

//response=MD5(HA1:nonce:nonceCount:cnonce:qop:HA2)
String responseRaw = h1str + ':' + nonce + ':00000001:' + cnonce + ':auth:' + h2str;
System.debug('responseRaw ' + responseRaw);
targetBlob = Blob.valueOf(responseRaw);
Blob auth = Crypto.generateDigest('MD5', targetBlob);
String response = EncodingUtil.convertToHex(auth);
System.debug('encoded response ' + response);

String authHeader = 'Digest ' 
				+ 'username="your login"'
				+ ', realm="server realm"'
				+ ', nonce="' + nonce + '"' 
				+ ', uri="uri"'
				+ ', response="' + response + '"' 
				+ ', opaque="' + opaque + '"'
				+ ', qop=auth' 
				+ ', nc=00000001'
				+ ', cnonce="' + cnonce + '"';
System.debug('authHeader ' + authHeader);


req = new HttpRequest();
req.setEndpoint('YOUR ENDPOINT');
req.setMethod('GET');
req.setHeader('Authorization', authHeader);

http = new Http();
res = http.send(req);

System.debug('res body ' + res.getBody());
System.debug('res code ' + res.getStatusCode());