戯術者の日記

[2005-07-18-2]の続き。情報元は同じくHTTP 認証: 基本アクセス認証及びダイジェストアクセス認証(RFC2617 日本語訳)
サーバ側の digest 認証の設定は[2005-07-08-3], [2005-05-29-2]

パケットキャプチャすると、サーバ側(Apache 1.3.33/debian)のレスポンスは

HTTP/1.1 401 Authorization Required
Date: Tue, 09 Aug 2005 06:20:01 GMT
Server: Apache/1.3.33 (Debian GNU/Linux) PHP/4.3.10-15 mod_jk/1.2.5 mod_fastcgi/2.4.2 mod_ssl/2.8.22 OpenSSL/0.9.7d
WWW-Authenticate: Digest realm="relm", nonce="98ca43d0f7a1e2641ea305f44db89cca1123568401"
Keep-Alive: timeout=15, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1

こんな感じ。
RFC2617に載っている、'algorithm' や 'qop' といった指示子がないな。ま、使用す[べきである]だから、いいのか(qop-options)。必要なのは realm と nonce かな。
algorithm がない場合は、"MD5" 扱いとのこと。

 challenge = "Digest" digest-challenge

 digest-challenge = 1#( realm | [ domain ] | nonce |
                     [ opaque ] |[ stale ] | [ algorithm ] |
                     [ qop-options ] | [auth-param] )

んで、クライアント(mozilla 1.7.6)のリクエスト

GET /~zaki/auth/digest/ HTTP/1.1
Host: www.example.org
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ja-JP; rv:1.7.6) Gecko/20050319
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: ja,en-us;q=0.7,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: Shift_JIS,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Authorization: Digest username="zaki", realm="relm", nonce="98ca43d0f7a1e2641ea305f44db89cca1123568401", uri="/~zaki/auth/digest/", response="52b08746ab144ba29cf2fd6fe31174ca"

認証のための HTTP リクエストは Authorization ヘッダ。

 credentials = "Digest" digest-response
 digest-response = 1#( username | realm | nonce | digest-uri
                 | response | [ algorithm ] | [cnonce] |
                 [opaque] | [message-qop] |
                     [nonce-count] | [auth-param] )

んで、

username 使用するユーザ名 (username="zaki")
realm 使用するrealm(レスポンスヘッダにある) (realm="relm" <- スペルミスった)
nonce レスポンスにある nonce そのまま (nonce="98..."
digest-uri リクエストするファイル (uri="/~zaki/auth/digest/")
response ダイジェスト (response="52...")

でもって、response は、

"qop" が "auth" か "auth-int" である場合:
 request-digest = <"> < KD ( H(A1), unq(nonce-value)
                                     ":" nc-value
                                     ":" unq(cnonce-value)
                                     ":" unq(qop-value)
                                     ":" H(A2)
                             ) <">

"qop" 指示子が与えられない場合 (RFC 2069 との互換性のための構文)
    request-digest =
               <"> < KD ( H(A1), unq(nonce-value) ":" H(A2) ) > <">

A1 と A2 についての定義は以下を見よ。

とゆーことなので、 "KD(H(A1), unq(nonce-value) ":" H(A2)" ということ。

KD(xx, xx) は

 H(data) = MD5(data)
また
 KD(secret, data) = H(concat(secret, ":", data))

なので、"xx:xx" の md5sum 値

H(xxx) は、"xxx" の md5sum 値

A1 は

 A1 = unq(username-value) ":" unq(realm-value) ":" passwd

で、ユーザ名:zaki, パス:zaki、realm:relm であれば、

$ printf 'zaki:relm:zaki' | md5sum
f85142f6a9b00f64cd3afb151ba80505

こうなる。

A2 は

"qop" 指示子の値が "auth" か指定されない場合、A2 は:
A2 = Method ":" digest-uri-value

"qop" の値が "auth-int" ならば、A2 は:
A2 = Method ":" digest-uri-value ":" H(entity-body)

で、/~zaki/auth/digest/ への GET リクエストであれば、

$ printf 'GET:/~zaki/auth/digest/' | md5sum
b513229595a7eff3223d5412614d2ba4

となる。

で、元の "KD(H(A1), unq(nonce-value) ":" H(A2)" に戻ると、サーバのレスポンスの nonce が "98ca43d0f7a1e2641ea305f44db89cca1123568401" なので

$ printf 'f85142f6a9b00f64cd3afb151ba80505:98ca43d0f7a1e2641ea305f44db89cca1123568401:b513229595a7eff3223d5412614d2ba4' | md5sum
52b08746ab144ba29cf2fd6fe31174ca

になる。

---

んーと、Digest認証は、パスワードが平文でネットワークを流れないから安全・サーバ上にパスワードを平文で保存しないので安全って聞くけど、前者は良いとして、後者は、パスワードファイル(例えば .htpasswd)の中身が

zaki:relm:f85142f6a9b00f64cd3afb151ba80505

こーなってんだよね…。'zaki'って生パスワードではないけど、強調するほど安全じゃないよな。このファイル(のハッシュ値)と nonce 値さえ取られてしまえば、あとは md5sum 計算するだけだし。

多分

オレオレ CA 付で、新規に CA とサーバ鍵を生成する。
参考 Apache+mod SSLのインストールと設定
非 root で作業(ぉぃ

$ mkdir -p ~/local/src/apache
$ cd ~/local/src/apache
$ wget http://www.modssl.org/source/mod_ssl-2.8.23-1.3.33.tar.gz
$ wget http://www.meisei-u.ac.jp/mirror/apache/dist/httpd/apache_1.3.33.tar.gz
$ gzip -dc mod_ssl-2.8.23-1.3.33.tar.gz | tar xvf -
$ gzip -dc apache_1.3.33.tar.gz | tar xvf -

つか、mod_ssl の INSTALL にインストール手順が載ってるので、そのまんま作業すれば良い。

(↓ prefix の指定方法を間違ってます。後述)

$ cd mod_ssl-2.8.23-1.3.33
$ ./configure --with-apache=../apache_1.3.33 --with-ssl=/usr/local/ssl --prefix=~/local/apache-ssl
Configuring mod_ssl/2.8.23 for Apache/1.3.33
 + Apache location: ../apache_1.3.33 (Version 1.3.33)
 + OpenSSL location: /usr/local/ssl
 + Auxiliary patch tool: ./etc/patch/patch (local)
 + Applying packages to Apache source tree:
   o Extended API (EAPI)
   o Distribution Documents
   o SSL Module Source
   o SSL Support
   o SSL Configuration Additions
   o SSL Module Documentation
   o Addons
Done: source extension and patches successfully applied.

Configuring for Apache, Version 1.3.33
 + using installation path layout: Apache (config.layout)
Creating Makefile
Creating Configuration.apaci in src
Creating Makefile in src
 + configured for Solaris 280 platform
 + setting C compiler to gcc
 + setting C pre-processor to gcc -E
 + using "tr [a-z] [A-Z]" to uppercase
 + checking for system header files
 + adding selected modules
    o ssl_module uses ConfigStart/End
      + SSL interface: mod_ssl/2.8.23
      + SSL interface build type: OBJ
      + SSL interface compatibility: enabled
      + SSL interface experimental code: disabled
      + SSL interface conservative code: disabled
      + SSL interface vendor extensions: disabled
      + SSL interface plugin: Vendor DBM (libc)
      + SSL library path: /opt/usr/local/ssl
      + SSL library version: OpenSSL 0.9.7b 10 Apr 2003
      + SSL library type: installed package (stand-alone)
 + enabling Extended API (EAPI)
 + using system Expat
 + checking sizeof various data types
 + doing sanity check on compiler and options
Creating Makefile in src/support
Creating Makefile in src/os/unix
Creating Makefile in src/ap
Creating Makefile in src/main
Creating Makefile in src/modules/standard
Creating Makefile in src/modules/ssl

Now proceed with the following commands:
 $ cd ../apache_1.3.33
 $ make
 $ make certificate
 $ make install

で

$ cd ../apache_1.3.33
$ make
:
(コンパイル)
:

TYPE=custom で、CA とサーバ鍵をセットで作る(作ったサーバ証明書をCAに署名させる)

$ make certificate TYPE=custom
make[1]: Entering directory `/export/home/miyazaki/local/src/apache/apache_1.3.3
3/src'
SSL Certificate Generation Utility (mkcert.sh)
Copyright (c) 1998-2000 Ralf S. Engelschall, All Rights Reserved.

Generating custom certificate signed by own CA [CUSTOM]
______________________________________________________________________

STEP 0: Decide the signature algorithm used for certificates
The generated X.509 certificates can contain either
RSA or DSA based ingredients. Select the one you want to use.
Signature Algorithm ((R)SA or (D)SA) [R]:
______________________________________________________________________

STEP 1: Generating RSA private key for CA (1024 bit) [ca.key]
1578372 semi-random bytes loaded
Generating RSA private key, 1024 bit long modulus
.....................++++++
...++++++
e is 65537 (0x10001)
______________________________________________________________________

STEP 2: Generating X.509 certificate signing request for CA [ca.csr]
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
1. Country Name             (2 letter code) [XY]:JP
2. State or Province Name   (full name)     [Snake Desert]:Kanagawa
3. Locality Name            (eg, city)      [Snake Town]:Yokohama
4. Organization Name        (eg, company)   [Snake Oil, Ltd]:home
5. Organizational Unit Name (eg, section)   [Certificate Authority]:admin
6. Common Name              (eg, CA name)   [Snake Oil CA]:foo
7. Email Address            (eg, name@FQDN) [ca@snakeoil.dom]:www@www.example.org
8. Certificate Validity     (days)          [365]:
______________________________________________________________________

STEP 3: Generating X.509 certificate for CA signed by itself [ca.crt]
Certificate Version (1 or 3) [3]:
Signature ok
subject=/C=JP/ST=Kanagawa/L=Yokohama/O=home/OU=admin/CN=foo/emailAddress=www@www.example
.org
Getting Private key
Verify: matching certificate & key modulus
Verify: matching certificate signature
../conf/ssl.crt/ca.crt: /C=JP/ST=Kanagawa/L=Yokohama/O=home/OU=admin/CN=foo/emailAddress
=www@www.example.org
error 18 at 0 depth lookup:self signed certificate
OK
______________________________________________________________________

STEP 4: Generating RSA private key for SERVER (1024 bit) [server.key]
1578471 semi-random bytes loaded
Generating RSA private key, 1024 bit long modulus
..............++++++
...............................++++++
e is 65537 (0x10001)
______________________________________________________________________

STEP 5: Generating X.509 certificate signing request for SERVER [server.csr]
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
1. Country Name             (2 letter code) [XY]:JP
2. State or Province Name   (full name)     [Snake Desert]:Kanagawa
3. Locality Name            (eg, city)      [Snake Town]:Yokohama
4. Organization Name        (eg, company)   [Snake Oil, Ltd]:home
5. Organizational Unit Name (eg, section)   [Webserver Team]:foo
6. Common Name              (eg, FQDN)      [www.snakeoil.dom]:www.example.org
7. Email Address            (eg, name@fqdn) [www@snakeoil.dom]:www@www.example.org
8. Certificate Validity     (days)          [365]:
______________________________________________________________________

STEP 6: Generating X.509 certificate signed by own CA [server.crt]
Certificate Version (1 or 3) [3]:
Signature ok
subject=/C=JP/ST=Kanagawa/L=Yokohama/O=home/OU=foo/CN=www.example.org/emailAddress
=www@www.example.org
Getting CA Private Key
Verify: matching certificate & key modulus
Verify: matching certificate signature
../conf/ssl.crt/server.crt: OK
______________________________________________________________________

STEP 7: Enrypting RSA private key of CA with a pass phrase for security [ca.key]
The contents of the ca.key file (the generated private key) has to be
kept secret. So we strongly recommend you to encrypt the server.key file
with a Triple-DES cipher and a Pass Phrase.
Encrypt the private key now? [Y/n]: n
Warning, you're using an unencrypted private key.
Please notice this fact and do this on your own risk.
______________________________________________________________________

STEP 8: Enrypting RSA private key of SERVER with a pass phrase for security [ser
ver.key]
The contents of the server.key file (the generated private key) has to be
kept secret. So we strongly recommend you to encrypt the server.key file
with a Triple-DES cipher and a Pass Phrase.
Encrypt the private key now? [Y/n]: n
Warning, you're using an unencrypted RSA private key.
Please notice this fact and do this on your own risk.
______________________________________________________________________

RESULT: CA and Server Certification Files

o  conf/ssl.key/ca.key
   The PEM-encoded RSA private key file of the CA which you can
   use to sign other servers or clients. KEEP THIS FILE PRIVATE!

o  conf/ssl.crt/ca.crt
   The PEM-encoded X.509 certificate file of the CA which you use to
   sign other servers or clients. When you sign clients with it (for
   SSL client authentication) you can configure this file with the
   'SSLCACertificateFile' directive.

o  conf/ssl.key/server.key
   The PEM-encoded RSA private key file of the server which you configure
   with the 'SSLCertificateKeyFile' directive (automatically done
   when you install via APACI). KEEP THIS FILE PRIVATE!

o  conf/ssl.crt/server.crt
   The PEM-encoded X.509 certificate file of the server which you configure
   with the 'SSLCertificateFile' directive (automatically done
   when you install via APACI).

o  conf/ssl.csr/server.csr
   The PEM-encoded X.509 certificate signing request of the server file which
   you can send to an official Certificate Authority (CA) in order
   to request a real server certificate (signed by this CA instead
   of our own CA) which later can replace the conf/ssl.crt/server.crt
   file.

Congratulations that you establish your server with real certificates.

make[1]: Leaving directory `/export/home/miyazaki/local/src/apache/apache_1.3.33
/src'

インストール

$ make install

…うまくいってるように見えたけど、~/local/apache-ssl がない。
探してみると、作業ディレクトリ直下に '~' ディレクトリができてる… orz

つーわけで、--prefix は絶対ディレクトリ指定にすれば OK
でもって、インストールディレクトリ(~/local/apache-ssl)以下にある conf/ssl.crt/ca.crt をクライアント(ブラウザ) にインポートしてやれば、OK

debian での apache + mod-ssl インストール[2005-03-25-1]と似たようなものか。