/** * Digest Authentication Provider * * Implements HTTP Digest Authentication (RFC 2617). * Handles challenge-response flow with nonce handling. * * P1 Feature: Digest Auth is more secure than Basic Auth as it doesn't send * the password in plaintext. Instead, it uses a challenge-response mechanism * with MD5 hashing. * * Algorithm: * 1. Client makes request without auth * 2. Server responds with 401 and WWW-Authenticate header containing: * - realm: Protection space * - nonce: Server-generated unique value * - qop: Quality of protection (auth or auth-int) * - opaque: Client should return unchanged * 3. Client calculates response using MD5 and retries * * Response calculation: * HA1 = MD5(username:realm:password) * HA2 = MD5(method:digestURI) * response = MD5(HA1:nonce:HA2) // simplified */ import type { AuthProvider, AuthResult } from './index.js'; import { type DigestAuthConfig } from './index.js'; /** * Parsed WWW-Authenticate header */ interface DigestChallenge { realm: string; nonce: string; qop?: string; opaque?: string; algorithm?: string; stale?: string; } /** * Digest Authentication credentials */ export interface DigestCredentials { type: 'digest'; username: string; realm: string; nonce: string; uri: string; response: string; qop?: string; opaque?: string; nc: string; cnonce: string; algorithm: string; headers: Record; } /** * Parses WWW-Authenticate header for Digest challenge * @example * parseDigestHeader('Digest realm="test", nonce="abc123", qop="auth"') * // => { realm: 'test', nonce: 'abc123', qop: 'auth' } */ export declare function parseDigestHeader(header: string): DigestChallenge | null; /** * Calculates Digest response * @param username Username * @param password Password * @param realm Realm from challenge * @param nonce Nonce from challenge * @param method HTTP method * @param uri Request URI * @param qop Quality of protection * @param opaque Opaque value from challenge * @param nc Nonce count * @param cnonce Client nonce */ export declare function calculateDigestResponse(username: string, password: string, realm: string, nonce: string, method: string, uri: string, qop?: string, opaque?: string, nc?: string, cnonce?: string): string; /** * Digest Authentication Provider */ export declare class DigestAuthProvider implements AuthProvider { readonly type: "digest"; private storedChallenges; private nonceCounters; authenticate(config: DigestAuthConfig): Promise; /** * Stores a Digest challenge received from server */ storeChallenge(url: string, challenge: DigestChallenge): void; /** * Retrieves stored challenge for a URL */ getChallenge(url: string): DigestChallenge | undefined; /** * Builds Authorization header for a request using stored challenge */ buildAuthorizationHeader(url: string, method: string, config: DigestAuthConfig): Promise; /** * Gets next nonce count for a given nonce */ private getNonceCount; /** * Handles 401 response and returns new request headers */ handleChallenge(url: string, method: string, authenticateHeader: string, config: DigestAuthConfig): Promise | null>; clear(config: DigestAuthConfig): Promise; validate(config: DigestAuthConfig): Promise; private getCacheKey; /** * Clears stored challenges and counters */ clearState(): void; } /** * Creates a Digest auth provider instance */ export declare function createDigestAuthProvider(): DigestAuthProvider; export {};