RequestData.cs 51 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464
  1. /*
  2. * Copyright (c) Contributors, http://opensimulator.org/
  3. * See CONTRIBUTORS.TXT for a full list of copyright holders.
  4. *
  5. * Redistribution and use in source and binary forms, with or without
  6. * modification, are permitted provided that the following conditions are met:
  7. * * Redistributions of source code must retain the above copyright
  8. * notice, this list of conditions and the following disclaimer.
  9. * * Redistributions in binary form must reproduce the above copyright
  10. * notice, this list of conditions and the following disclaimer in the
  11. * documentation and/or other materials provided with the distribution.
  12. * * Neither the name of the OpenSim Project nor the
  13. * names of its contributors may be used to endorse or promote products
  14. * derived from this software without specific prior written permission.
  15. *
  16. * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
  17. * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
  18. * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  19. * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
  20. * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
  21. * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  22. * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
  23. * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  24. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  25. * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  26. */
  27. using System;
  28. using System.IO;
  29. using System.Reflection;
  30. using System.Text;
  31. using System.Security.Cryptography;
  32. using System.Text.RegularExpressions;
  33. using System.Collections.Generic;
  34. using System.Collections.Specialized;
  35. using OpenSim.Framework;
  36. using OpenSim.Framework.Servers;
  37. using OpenMetaverse;
  38. using System.Xml;
  39. namespace OpenSim.ApplicationPlugins.Rest.Inventory
  40. {
  41. /// <summary>
  42. /// This class represents the current REST request. It
  43. /// encapsulates the request/response state and takes care
  44. /// of response generation without exposing the REST handler
  45. /// to the actual mechanisms involved.
  46. ///
  47. /// This structure is created on entry to the Handler
  48. /// method and is disposed of upon return. It is part of
  49. /// the plug-in infrastructure, rather than the functionally
  50. /// specific REST handler, and fundamental changes to
  51. /// this should be reflected in the Rest HandlerVersion. The
  52. /// object is instantiated, and may be extended by, any
  53. /// given handler. See the inventory handler for an example
  54. /// of this.
  55. ///
  56. /// If possible, the underlying request/response state is not
  57. /// changed until the handler explicitly issues a Respond call.
  58. /// This ensures that the request/response pair can be safely
  59. /// processed by subsequent, unrelated, handlers even id the
  60. /// agent handler had completed much of its processing. Think
  61. /// of it as a transactional req/resp capability.
  62. /// </summary>
  63. public class RequestData
  64. {
  65. // HTTP Server interface data (Received values)
  66. internal OSHttpRequest request = null;
  67. internal OSHttpResponse response = null;
  68. internal string qprefix = null;
  69. // Request lifetime values
  70. // buffer is global because it is referenced by the handler
  71. // in supported of streamed requests.
  72. // If a service provider wants to construct the message
  73. // body explicitly it can use body to do this. The value
  74. // in body is used if the buffer is still null when a response
  75. // is generated.
  76. // Storing information in body will suppress the return of
  77. // statusBody which is only intended to report status on
  78. // requests which do not themselves ordinarily generate
  79. // an informational response. All of this is handled in
  80. // Respond().
  81. internal byte[] buffer = null;
  82. internal string body = null;
  83. internal string bodyType = "text/html";
  84. // The encoding in effect is set to a server default. It may
  85. // subsequently be overridden by a Content header. This
  86. // value is established during construction and is used
  87. // wherever encoding services are needed.
  88. internal Encoding encoding = Rest.Encoding;
  89. // These values are derived from the supplied URL. They
  90. // are initialized during construction.
  91. internal string path = null;
  92. internal string method = null;
  93. internal Uri uri = null;
  94. internal string query = null;
  95. internal string hostname = "localhost";
  96. internal int port = 80;
  97. // The path part of the URI is decomposed. pathNodes
  98. // is an array of every element in the URI. Parameters
  99. // is an array that contains only those nodes that
  100. // are not a part of the authority prefix
  101. private string[] pathNodes = null;
  102. private string[] parameters = null;
  103. private static readonly string[] EmptyPath = { String.Empty };
  104. // The status code gets set during the course of processing
  105. // and is the HTTP completion code. The status body is
  106. // initialized during construction, is appended to during the
  107. // course of execution, and is finalized during Respond
  108. // processing.
  109. //
  110. // Fail processing marks the request as failed and this is
  111. // then used to inhibit processing during Response processing.
  112. internal int statusCode = 0;
  113. internal string statusBody = String.Empty;
  114. internal bool fail = false;
  115. // This carries the URL to which the client should be redirected.
  116. // It is set by the service provider using the Redirect call.
  117. internal string redirectLocation = null;
  118. // These values influence response processing. They can be set by
  119. // service providers according to need. The defaults are generally
  120. // good.
  121. internal bool keepAlive = false;
  122. internal bool chunked = false;
  123. // XML related state
  124. internal XmlWriter writer = null;
  125. internal XmlReader reader = null;
  126. // Internal working state
  127. private StringBuilder sbuilder = new StringBuilder(1024);
  128. private MemoryStream xmldata = null;
  129. // This is used to make the response mechanism idempotent.
  130. internal bool handled = false;
  131. // Authentication related state
  132. //
  133. // Two supported authentication mechanisms are:
  134. // scheme = Rest.AS_BASIC;
  135. // scheme = Rest.AS_DIGEST;
  136. // Presented in that order (as required by spec)
  137. // A service provider can set the scheme variable to
  138. // force selection of a particular authentication model
  139. // (choosing from amongst those supported of course)
  140. //
  141. internal bool authenticated = false;
  142. internal string scheme = Rest.Scheme;
  143. internal string realm = Rest.Realm;
  144. internal string domain = null;
  145. internal string nonce = null;
  146. internal string cnonce = null;
  147. internal string qop = Rest.Qop_Auth;
  148. internal string opaque = null;
  149. internal string stale = null;
  150. internal string algorithm = Rest.Digest_MD5;
  151. internal string authParms = null;
  152. internal string authPrefix = null;
  153. internal string userName = String.Empty;
  154. internal string userPass = String.Empty;
  155. // Session related tables. These are only needed if QOP is set to "auth-sess"
  156. // and for now at least, it is not. Session related authentication is of
  157. // questionable merit in the context of REST anyway, but it is, arguably, more
  158. // secure.
  159. private static Dictionary<string,string> cntable = new Dictionary<string,string>();
  160. private static Dictionary<string,string> sktable = new Dictionary<string,string>();
  161. // This dictionary is used to keep track fo all of the parameters discovered
  162. // when the authorisation header is anaylsed.
  163. private Dictionary<string,string> authparms = new Dictionary<string,string>();
  164. // These regular expressions are used to decipher the various header entries.
  165. private static Regex schema = new Regex("^\\s*(?<scheme>\\w+)\\s*.*",
  166. RegexOptions.Compiled | RegexOptions.IgnoreCase);
  167. private static Regex basicParms = new Regex("^\\s*(?:\\w+)\\s+(?<pval>\\S+)\\s*",
  168. RegexOptions.Compiled | RegexOptions.IgnoreCase);
  169. private static Regex digestParm1 = new Regex("\\s*(?<parm>\\w+)\\s*=\\s*\"(?<pval>[^\"]+)\"",
  170. RegexOptions.Compiled | RegexOptions.IgnoreCase);
  171. private static Regex digestParm2 = new Regex("\\s*(?<parm>\\w+)\\s*=\\s*(?<pval>[^\\p{P}\\s]+)",
  172. RegexOptions.Compiled | RegexOptions.IgnoreCase);
  173. private static Regex reuserPass = new Regex("(?<user>[^:]+):(?<pass>[\\S\\s]*)",
  174. RegexOptions.Compiled | RegexOptions.IgnoreCase);
  175. // For efficiency, we create static instances of these objects
  176. private static MD5 md5hash = MD5.Create();
  177. private static StringComparer sc = StringComparer.OrdinalIgnoreCase;
  178. #region properties
  179. // Just for convenience...
  180. internal string MsgId
  181. {
  182. get { return Rest.MsgId; }
  183. }
  184. /// <summary>
  185. /// Return a boolean indication of whether or no an authenticated user is
  186. /// associated with this request. This could be wholly integrated, but
  187. /// that would make authentication mandatory.
  188. /// </summary>
  189. internal bool IsAuthenticated
  190. {
  191. get
  192. {
  193. if (Rest.Authenticate)
  194. {
  195. if (!authenticated)
  196. {
  197. authenticate();
  198. }
  199. return authenticated;
  200. }
  201. else return true;
  202. }
  203. }
  204. /// <summary>
  205. /// Access to all 'nodes' in the supplied URI as an
  206. /// array of strings.
  207. /// </summary>
  208. internal string[] PathNodes
  209. {
  210. get
  211. {
  212. return pathNodes;
  213. }
  214. }
  215. /// <summary>
  216. /// Access to all non-prefix 'nodes' in the supplied URI as an
  217. /// array of strings. These identify a specific resource that
  218. /// is managed by the authority (the prefix).
  219. /// </summary>
  220. internal string[] Parameters
  221. {
  222. get
  223. {
  224. return parameters;
  225. }
  226. }
  227. #endregion properties
  228. #region constructors
  229. // Constructor
  230. internal RequestData(OSHttpRequest p_request, OSHttpResponse p_response, string p_qprefix)
  231. {
  232. request = p_request;
  233. response = p_response;
  234. qprefix = p_qprefix;
  235. sbuilder.Length = 0;
  236. encoding = request.ContentEncoding;
  237. if (encoding == null)
  238. {
  239. encoding = Rest.Encoding;
  240. }
  241. method = request.HttpMethod.ToLower();
  242. initUrl();
  243. initParameters(p_qprefix.Length);
  244. }
  245. #endregion constructors
  246. #region authentication_common
  247. /// <summary>
  248. /// The REST handler has requested authentication. Authentication
  249. /// is considered to be with respect to the current values for
  250. /// Realm, domain, etc.
  251. ///
  252. /// This method checks to see if the current request is already
  253. /// authenticated for this domain. If it is, then it returns
  254. /// true. If it is not, then it issues a challenge to the client
  255. /// and responds negatively to the request.
  256. ///
  257. /// As soon as authentication failure is detected the method calls
  258. /// DoChallenge() which terminates the request with REST exception
  259. /// for unauthroized access.
  260. /// </summary>
  261. private void authenticate()
  262. {
  263. string authdata = request.Headers.Get("Authorization");
  264. string reqscheme = String.Empty;
  265. // If we don't have an authorization header, then this
  266. // user is certainly not authorized. This is the typical
  267. // pivot for the 1st request by a client.
  268. if (authdata == null)
  269. {
  270. Rest.Log.DebugFormat("{0} Challenge reason: No authorization data", MsgId);
  271. DoChallenge();
  272. }
  273. // So, we have authentication data, now we have to check to
  274. // see what we got and whether or not it is valid for the
  275. // current domain. To do this we need to interpret the data
  276. // provided in the Authorization header. First we need to
  277. // identify the scheme being used and route accordingly.
  278. MatchCollection matches = schema.Matches(authdata);
  279. foreach (Match m in matches)
  280. {
  281. Rest.Log.DebugFormat("{0} Scheme matched : {1}", MsgId, m.Groups["scheme"].Value);
  282. reqscheme = m.Groups["scheme"].Value.ToLower();
  283. }
  284. // If we want a specific authentication mechanism, make sure
  285. // we get it. null indicates we don't care. non-null indicates
  286. // a specific scheme requirement.
  287. if (scheme != null && scheme.ToLower() != reqscheme)
  288. {
  289. Rest.Log.DebugFormat("{0} Challenge reason: Requested scheme not acceptable", MsgId);
  290. DoChallenge();
  291. }
  292. // In the future, these could be made into plug-ins...
  293. // But for now at least we have no reason to use anything other
  294. // then MD5. TLS/SSL are taken care of elsewhere.
  295. switch (reqscheme)
  296. {
  297. case "digest" :
  298. Rest.Log.DebugFormat("{0} Digest authentication offered", MsgId);
  299. DoDigest(authdata);
  300. break;
  301. case "basic" :
  302. Rest.Log.DebugFormat("{0} Basic authentication offered", MsgId);
  303. DoBasic(authdata);
  304. break;
  305. }
  306. // If the current header is invalid, then a challenge is still needed.
  307. if (!authenticated)
  308. {
  309. Rest.Log.DebugFormat("{0} Challenge reason: Authentication failed", MsgId);
  310. DoChallenge();
  311. }
  312. }
  313. /// <summary>
  314. /// Construct the necessary WWW-Authenticate headers and fail the request
  315. /// with a NOT AUTHORIZED response. The parameters are the union of values
  316. /// required by the supported schemes.
  317. /// </summary>
  318. private void DoChallenge()
  319. {
  320. Flush();
  321. nonce = Rest.NonceGenerator(); // should be unique per 401 (and it is)
  322. Challenge(scheme, realm, domain, nonce, opaque, stale, algorithm, qop, authParms);
  323. Fail(Rest.HttpStatusCodeNotAuthorized);
  324. }
  325. /// <summary>
  326. /// The Flush() call is here to support a problem encountered with the
  327. /// client where an authentication rejection was lost because the rejection
  328. /// may flow before the clienthas finished sending us the inbound data stream,
  329. /// in which case the client responds to the socket error on out put, and
  330. /// never sees the authentication challenge. The client should be fixed,
  331. /// because this solution leaves the server prone to DOS attacks. A message
  332. /// will be issued whenever flushing occurs. It can be enabled/disabled from
  333. /// the configuration file.
  334. /// </summary>
  335. private void Flush()
  336. {
  337. if (Rest.FlushEnabled)
  338. {
  339. byte[] dbuffer = new byte[8192];
  340. Rest.Log.WarnFormat("{0} REST server is flushing the inbound data stream", MsgId);
  341. while (request.InputStream.Read(dbuffer,0,dbuffer.Length) != 0);
  342. }
  343. return;
  344. }
  345. // Indicate that authentication is required
  346. private void Challenge(string scheme, string realm, string domain, string nonce,
  347. string opaque, string stale, string alg,
  348. string qop, string auth)
  349. {
  350. sbuilder.Length = 0;
  351. // The service provider can force a particular scheme by
  352. // assigning a value to scheme.
  353. // Basic authentication is pretty simple.
  354. // Just specify the realm in question.
  355. if (scheme == null || scheme == Rest.AS_BASIC)
  356. {
  357. sbuilder.Append(Rest.AS_BASIC);
  358. if (realm != null)
  359. {
  360. sbuilder.Append(" realm=");
  361. sbuilder.Append(Rest.CS_DQUOTE);
  362. sbuilder.Append(realm);
  363. sbuilder.Append(Rest.CS_DQUOTE);
  364. }
  365. AddHeader(Rest.HttpHeaderWWWAuthenticate,sbuilder.ToString());
  366. }
  367. sbuilder.Length = 0;
  368. // Digest authentication takes somewhat more
  369. // to express.
  370. if (scheme == null || scheme == Rest.AS_DIGEST)
  371. {
  372. sbuilder.Append(Rest.AS_DIGEST);
  373. sbuilder.Append(" ");
  374. // Specify the effective realm. This should
  375. // never be null if we are uthenticating, as it is required for all
  376. // authentication schemes. It defines, in conjunction with the
  377. // absolute URI information, the domain to which the authentication
  378. // applies. It is an arbitrary string. I *believe* this allows an
  379. // authentication to apply to disjoint resources within the same
  380. // server.
  381. if (realm != null)
  382. {
  383. sbuilder.Append("realm=");
  384. sbuilder.Append(Rest.CS_DQUOTE);
  385. sbuilder.Append(realm);
  386. sbuilder.Append(Rest.CS_DQUOTE);
  387. sbuilder.Append(Rest.CS_COMMA);
  388. }
  389. // Share our nonce. This is *uniquely* generated each time a 401 is
  390. // returned. We do not generate a very sophisticated nonce at the
  391. // moment (it's simply a base64 encoded UUID).
  392. if (nonce != null)
  393. {
  394. sbuilder.Append("nonce=");
  395. sbuilder.Append(Rest.CS_DQUOTE);
  396. sbuilder.Append(nonce);
  397. sbuilder.Append(Rest.CS_DQUOTE);
  398. sbuilder.Append(Rest.CS_COMMA);
  399. }
  400. // The opaque string should be returned by the client unchanged in all
  401. // subsequent requests.
  402. if (opaque != null)
  403. {
  404. sbuilder.Append("opaque=");
  405. sbuilder.Append(Rest.CS_DQUOTE);
  406. sbuilder.Append(opaque);
  407. sbuilder.Append(Rest.CS_DQUOTE);
  408. sbuilder.Append(Rest.CS_COMMA);
  409. }
  410. // This flag indicates that the authentication was rejected because the
  411. // included nonce was stale. The server might use timestamp information
  412. // in the nonce to determine this. We do not.
  413. if (stale != null)
  414. {
  415. sbuilder.Append("stale=");
  416. sbuilder.Append(Rest.CS_DQUOTE);
  417. sbuilder.Append(stale);
  418. sbuilder.Append(Rest.CS_DQUOTE);
  419. sbuilder.Append(Rest.CS_COMMA);
  420. }
  421. // Identifies the algorithm used to produce the digest and checksum.
  422. // The default is MD5.
  423. if (alg != null)
  424. {
  425. sbuilder.Append("algorithm=");
  426. sbuilder.Append(alg);
  427. sbuilder.Append(Rest.CS_COMMA);
  428. }
  429. // Theoretically QOP is optional, but it is required by a compliant
  430. // with current versions of the scheme. In fact IE requires that QOP
  431. // be specified and will refuse to authenticate otherwise.
  432. if (qop != String.Empty)
  433. {
  434. sbuilder.Append("qop=");
  435. sbuilder.Append(Rest.CS_DQUOTE);
  436. sbuilder.Append(qop);
  437. sbuilder.Append(Rest.CS_DQUOTE);
  438. sbuilder.Append(Rest.CS_COMMA);
  439. }
  440. // This parameter allows for arbitrary extensions to the protocol.
  441. // Unrecognized values should be simply ignored.
  442. if (auth != null)
  443. {
  444. sbuilder.Append(auth);
  445. sbuilder.Append(Rest.CS_COMMA);
  446. }
  447. // We don't know the userid that will be used
  448. // so we cannot make any authentication domain
  449. // assumptions. So the prefix will determine
  450. // this.
  451. sbuilder.Append("domain=");
  452. sbuilder.Append(Rest.CS_DQUOTE);
  453. sbuilder.Append(qprefix);
  454. sbuilder.Append(Rest.CS_DQUOTE);
  455. // Generate the authenticate header and we're basically
  456. // done.
  457. AddHeader(Rest.HttpHeaderWWWAuthenticate,sbuilder.ToString());
  458. }
  459. }
  460. #endregion authentication_common
  461. #region authentication_basic
  462. /// <summary>
  463. /// Interpret a BASIC authorization claim. Some clients can only
  464. /// understand this and also expect it to be the first one
  465. /// offered. So we do.
  466. /// OpenSim also needs this, as it is the only scheme that allows
  467. /// authentication using the hashed passwords stored in the
  468. /// user database.
  469. /// </summary>
  470. private void DoBasic(string authdata)
  471. {
  472. string response = null;
  473. MatchCollection matches = basicParms.Matches(authdata);
  474. // In the case of basic authentication there is
  475. // only expected to be a single argument.
  476. foreach (Match m in matches)
  477. {
  478. authparms.Add("response",m.Groups["pval"].Value);
  479. Rest.Log.DebugFormat("{0} Parameter matched : {1} = {2}",
  480. MsgId, "response", m.Groups["pval"].Value);
  481. }
  482. // Did we get a valid response?
  483. if (authparms.TryGetValue("response", out response))
  484. {
  485. // Decode
  486. response = Rest.Base64ToString(response);
  487. Rest.Log.DebugFormat("{0} Auth response is: <{1}>", MsgId, response);
  488. // Extract user & password
  489. Match m = reuserPass.Match(response);
  490. userName = m.Groups["user"].Value;
  491. userPass = m.Groups["pass"].Value;
  492. // Validate against user database
  493. authenticated = Validate(userName,userPass);
  494. }
  495. }
  496. /// <summary>
  497. /// This method provides validation in support of the BASIC
  498. /// authentication method. This is not normaly expected to be
  499. /// used, but is included for completeness (and because I tried
  500. /// it first).
  501. /// </summary>
  502. private bool Validate(string user, string pass)
  503. {
  504. Rest.Log.DebugFormat("{0} Simple User Validation", MsgId);
  505. // Both values are required
  506. if (user == null || pass == null)
  507. return false;
  508. // Eliminate any leading or trailing spaces
  509. user = user.Trim();
  510. return vetPassword(user, pass);
  511. }
  512. /// <summary>
  513. /// This is used by the BASIC authentication scheme to calculate
  514. /// the double hash used by OpenSim to encode user's passwords.
  515. /// It returns true, if the supplied password is actually correct.
  516. /// If the specified user-id is not recognized, but the password
  517. /// matches the God password, then this is accepted as an admin
  518. /// session.
  519. /// </summary>
  520. private bool vetPassword(string user, string pass)
  521. {
  522. int x;
  523. string HA1;
  524. string first;
  525. string last;
  526. // Distinguish the parts, if necessary
  527. if ((x=user.IndexOf(Rest.C_SPACE)) != -1)
  528. {
  529. first = user.Substring(0,x);
  530. last = user.Substring(x+1);
  531. }
  532. else
  533. {
  534. first = user;
  535. last = String.Empty;
  536. }
  537. UserProfileData udata = Rest.UserServices.GetUserProfile(first, last);
  538. // If we don't recognize the user id, perhaps it is god?
  539. if (udata == null)
  540. return pass == Rest.GodKey;
  541. HA1 = HashToString(pass);
  542. HA1 = HashToString(String.Format("{0}:{1}",HA1,udata.PasswordSalt));
  543. return (0 == sc.Compare(HA1, udata.PasswordHash));
  544. }
  545. #endregion authentication_basic
  546. #region authentication_digest
  547. /// <summary>
  548. /// This is an RFC2617 compliant HTTP MD5 Digest authentication
  549. /// implementation. It has been tested with Firefox, Java HTTP client,
  550. /// and Microsoft's Internet Explorer V7.
  551. /// </summary>
  552. private void DoDigest(string authdata)
  553. {
  554. string response = null;
  555. // Find all of the values of the for x = "y"
  556. MatchCollection matches = digestParm1.Matches(authdata);
  557. foreach (Match m in matches)
  558. {
  559. authparms.Add(m.Groups["parm"].Value,m.Groups["pval"].Value);
  560. Rest.Log.DebugFormat("{0} String Parameter matched : {1} = {2}",
  561. MsgId, m.Groups["parm"].Value,m.Groups["pval"].Value);
  562. }
  563. // Find all of the values of the for x = y
  564. matches = digestParm2.Matches(authdata);
  565. foreach (Match m in matches)
  566. {
  567. authparms.Add(m.Groups["parm"].Value,m.Groups["pval"].Value);
  568. Rest.Log.DebugFormat("{0} Tokenized Parameter matched : {1} = {2}",
  569. MsgId, m.Groups["parm"].Value,m.Groups["pval"].Value);
  570. }
  571. // A response string MUST be returned, otherwise we are
  572. // NOT authenticated.
  573. Rest.Log.DebugFormat("{0} Validating authorization parameters", MsgId);
  574. if (authparms.TryGetValue("response", out response))
  575. {
  576. string temp = null;
  577. do
  578. {
  579. string nck = null;
  580. string ncl = null;
  581. // The userid is sent in clear text. Needed for the
  582. // verification.
  583. authparms.TryGetValue("username", out userName);
  584. // All URI's of which this is a prefix are
  585. // optimistically considered to be authenticated by the
  586. // client. This is also needed to verify the response.
  587. authparms.TryGetValue("uri", out authPrefix);
  588. // There MUST be a nonce string present. We're not preserving any server
  589. // side state and we can't validate the MD5 unless the client returns it
  590. // to us, as it should.
  591. if (!authparms.TryGetValue("nonce", out nonce) || nonce == null)
  592. {
  593. Rest.Log.WarnFormat("{0} Authentication failed: nonce missing", MsgId);
  594. break;
  595. }
  596. // If there is an opaque string present, it had better
  597. // match what we sent.
  598. if (authparms.TryGetValue("opaque", out temp))
  599. {
  600. if (temp != opaque)
  601. {
  602. Rest.Log.WarnFormat("{0} Authentication failed: bad opaque value", MsgId);
  603. break;
  604. }
  605. }
  606. // If an algorithm string is present, it had better
  607. // match what we sent.
  608. if (authparms.TryGetValue("algorithm", out temp))
  609. {
  610. if (temp != algorithm)
  611. {
  612. Rest.Log.WarnFormat("{0} Authentication failed: bad algorithm value", MsgId);
  613. break;
  614. }
  615. }
  616. // Quality of protection considerations...
  617. if (authparms.TryGetValue("qop", out temp))
  618. {
  619. qop = temp.ToLower(); // replace with actual value used
  620. // if QOP was specified then
  621. // these MUST be present.
  622. if (!authparms.ContainsKey("cnonce"))
  623. {
  624. Rest.Log.WarnFormat("{0} Authentication failed: cnonce missing", MsgId);
  625. Fail(Rest.HttpStatusCodeBadRequest);
  626. break;
  627. }
  628. cnonce = authparms["cnonce"];
  629. if (!authparms.TryGetValue("nc", out nck) || nck == null)
  630. {
  631. Rest.Log.WarnFormat("{0} Authentication failed: cnonce counter missing", MsgId);
  632. Fail(Rest.HttpStatusCodeBadRequest);
  633. break;
  634. }
  635. Rest.Log.DebugFormat("{0} Comparing nonce indices", MsgId);
  636. if (cntable.TryGetValue(nonce, out ncl))
  637. {
  638. Rest.Log.DebugFormat("{0} nonce values: Verify that request({1}) > Reference({2})", MsgId, nck, ncl);
  639. if (Rest.Hex2Int(ncl) >= Rest.Hex2Int(nck))
  640. {
  641. Rest.Log.WarnFormat("{0} Authentication failed: bad cnonce counter", MsgId);
  642. Fail(Rest.HttpStatusCodeBadRequest);
  643. break;
  644. }
  645. cntable[nonce] = nck;
  646. }
  647. else
  648. {
  649. lock (cntable) cntable.Add(nonce, nck);
  650. }
  651. }
  652. else
  653. {
  654. qop = String.Empty;
  655. // if QOP was not specified then
  656. // these MUST NOT be present.
  657. if (authparms.ContainsKey("cnonce"))
  658. {
  659. Rest.Log.WarnFormat("{0} Authentication failed: invalid cnonce", MsgId);
  660. Fail(Rest.HttpStatusCodeBadRequest);
  661. break;
  662. }
  663. if (authparms.ContainsKey("nc"))
  664. {
  665. Rest.Log.WarnFormat("{0} Authentication failed: invalid cnonce counter[2]", MsgId);
  666. Fail(Rest.HttpStatusCodeBadRequest);
  667. break;
  668. }
  669. }
  670. // Validate the supplied userid/password info
  671. authenticated = ValidateDigest(userName, nonce, cnonce, nck, authPrefix, response);
  672. }
  673. while (false);
  674. }
  675. else
  676. Fail(Rest.HttpStatusCodeBadRequest);
  677. }
  678. /// <summary>
  679. /// This mechanism is used by the digest authentication mechanism
  680. /// to return the user's password. In fact, because the OpenSim
  681. /// user's passwords are already hashed, and the HTTP mechanism
  682. /// does not supply an open password, the hashed passwords cannot
  683. /// be used unless the client has used the same salting mechanism
  684. /// to has the password before using it in the authentication
  685. /// algorithn. This is not inconceivable...
  686. /// </summary>
  687. private string getPassword(string user)
  688. {
  689. int x;
  690. string first;
  691. string last;
  692. // Distinguish the parts, if necessary
  693. if ((x=user.IndexOf(Rest.C_SPACE)) != -1)
  694. {
  695. first = user.Substring(0,x);
  696. last = user.Substring(x+1);
  697. }
  698. else
  699. {
  700. first = user;
  701. last = String.Empty;
  702. }
  703. UserProfileData udata = Rest.UserServices.GetUserProfile(first, last);
  704. // If we don;t recognize the user id, perhaps it is god?
  705. if (udata == null)
  706. {
  707. Rest.Log.DebugFormat("{0} Administrator", MsgId);
  708. return Rest.GodKey;
  709. }
  710. else
  711. {
  712. Rest.Log.DebugFormat("{0} Normal User {1}", MsgId, user);
  713. return udata.PasswordHash;
  714. }
  715. }
  716. // Validate the request-digest
  717. private bool ValidateDigest(string user, string nonce, string cnonce, string nck, string uri, string response)
  718. {
  719. string patt = null;
  720. string payl = String.Empty;
  721. string KDS = null;
  722. string HA1 = null;
  723. string HA2 = null;
  724. string pass = getPassword(user);
  725. // Generate H(A1)
  726. if (algorithm == Rest.Digest_MD5Sess)
  727. {
  728. if (!sktable.ContainsKey(cnonce))
  729. {
  730. patt = String.Format("{0}:{1}:{2}:{3}:{4}", user, realm, pass, nonce, cnonce);
  731. HA1 = HashToString(patt);
  732. sktable.Add(cnonce, HA1);
  733. }
  734. else
  735. {
  736. HA1 = sktable[cnonce];
  737. }
  738. }
  739. else
  740. {
  741. patt = String.Format("{0}:{1}:{2}", user, realm, pass);
  742. HA1 = HashToString(patt);
  743. }
  744. // Generate H(A2)
  745. if (qop == "auth-int")
  746. {
  747. patt = String.Format("{0}:{1}:{2}", request.HttpMethod, uri, HashToString(payl));
  748. }
  749. else
  750. {
  751. patt = String.Format("{0}:{1}", request.HttpMethod, uri);
  752. }
  753. HA2 = HashToString(patt);
  754. // Generate Digest
  755. if (qop != String.Empty)
  756. {
  757. patt = String.Format("{0}:{1}:{2}:{3}:{4}:{5}", HA1, nonce, nck, cnonce, qop, HA2);
  758. }
  759. else
  760. {
  761. patt = String.Format("{0}:{1}:{2}", HA1, nonce, HA2);
  762. }
  763. KDS = HashToString(patt);
  764. // Compare the generated sequence with the original
  765. return (0 == sc.Compare(KDS, response));
  766. }
  767. private string HashToString(string pattern)
  768. {
  769. Rest.Log.DebugFormat("{0} Generate <{1}>", MsgId, pattern);
  770. byte[] hash = md5hash.ComputeHash(encoding.GetBytes(pattern));
  771. sbuilder.Length = 0;
  772. for (int i = 0; i < hash.Length; i++)
  773. {
  774. sbuilder.Append(hash[i].ToString("x2"));
  775. }
  776. Rest.Log.DebugFormat("{0} Hash = <{1}>", MsgId, sbuilder.ToString());
  777. return sbuilder.ToString();
  778. }
  779. #endregion authentication_digest
  780. #region service_interface
  781. /// <summary>
  782. /// Conditionally set a normal completion code. This allows a normal
  783. /// execution path to default.
  784. /// </summary>
  785. internal void Complete()
  786. {
  787. if (statusCode == 0)
  788. {
  789. statusCode = Rest.HttpStatusCodeOK;
  790. }
  791. }
  792. /// <summary>
  793. /// Indicate a functionally-dependent conclusion to the
  794. /// request. See Rest.cs for a list of possible values.
  795. /// </summary>
  796. internal void Complete(int code)
  797. {
  798. statusCode = code;
  799. }
  800. /// <summary>
  801. /// Indicate that a request should be redirected, using
  802. /// the HTTP completion codes. Permanent and temporary
  803. /// redirections may be indicated. The supplied URL is
  804. /// the new location of the resource.
  805. /// </summary>
  806. internal void Redirect(string Url, bool temp)
  807. {
  808. redirectLocation = Url;
  809. if (temp)
  810. {
  811. statusCode = Rest.HttpStatusCodeTemporaryRedirect;
  812. }
  813. else
  814. {
  815. statusCode = Rest.HttpStatusCodePermanentRedirect;
  816. }
  817. Fail(statusCode, String.Empty, true);
  818. }
  819. /// <summary>
  820. /// Fail for an arbitrary reason. Just a failure with
  821. /// headers. The supplied message will be returned in the
  822. /// message body.
  823. /// </summary>
  824. internal void Fail(int code)
  825. {
  826. Fail(code, String.Empty, false);
  827. }
  828. /// <summary>
  829. /// For the more adventurous. This failure also includes a
  830. /// specified entity to be appended to the code-related
  831. /// status string.
  832. /// </summary>
  833. internal void Fail(int code, string addendum)
  834. {
  835. Fail(code, addendum, false);
  836. }
  837. internal void Fail(int code, string addendum, bool reset)
  838. {
  839. statusCode = code;
  840. appendStatus(String.Format("({0}) : {1}", code, Rest.HttpStatusDesc[code]));
  841. // Add any final addendum to the status information
  842. if (addendum != String.Empty)
  843. {
  844. appendStatus(String.Format(addendum));
  845. }
  846. // Help us understand why the request is being rejected
  847. if (Rest.DEBUG)
  848. {
  849. Rest.Log.DebugFormat("{0} Request Failure State Dump", MsgId);
  850. Rest.Log.DebugFormat("{0} Scheme = {1}", MsgId, scheme);
  851. Rest.Log.DebugFormat("{0} Realm = {1}", MsgId, realm);
  852. Rest.Log.DebugFormat("{0} Domain = {1}", MsgId, domain);
  853. Rest.Log.DebugFormat("{0} Nonce = {1}", MsgId, nonce);
  854. Rest.Log.DebugFormat("{0} CNonce = {1}", MsgId, cnonce);
  855. Rest.Log.DebugFormat("{0} Opaque = {1}", MsgId, opaque);
  856. Rest.Log.DebugFormat("{0} Stale = {1}", MsgId, stale);
  857. Rest.Log.DebugFormat("{0} Algorithm = {1}", MsgId, algorithm);
  858. Rest.Log.DebugFormat("{0} QOP = {1}", MsgId, qop);
  859. Rest.Log.DebugFormat("{0} AuthPrefix = {1}", MsgId, authPrefix);
  860. Rest.Log.DebugFormat("{0} UserName = {1}", MsgId, userName);
  861. Rest.Log.DebugFormat("{0} UserPass = {1}", MsgId, userPass);
  862. }
  863. fail = true;
  864. // Respond to the client's request, tag the response (for the
  865. // benefit of trace) to indicate the reason.
  866. Respond(String.Format("Failure response: ({0}) : {1} ",
  867. code, Rest.HttpStatusDesc[code]));
  868. // Finally initialize and the throw a RestException. All of the
  869. // handler's infrastructure knows that this is a "normal"
  870. // completion from a code point-of-view.
  871. RestException re = new RestException(Rest.HttpStatusDesc[code]+" <"+code+">");
  872. re.statusCode = code;
  873. re.statusDesc = Rest.HttpStatusDesc[code];
  874. re.httpmethod = method;
  875. re.httppath = path;
  876. throw re;
  877. }
  878. // Reject this request
  879. internal void Reject()
  880. {
  881. Fail(Rest.HttpStatusCodeNotImplemented, "request rejected (not implemented)");
  882. }
  883. // This MUST be called by an agent handler before it returns
  884. // control to Handle, otherwise the request will be ignored.
  885. // This is called implciitly for the REST stream handlers and
  886. // is harmless if it is called twice.
  887. internal virtual bool Respond(string reason)
  888. {
  889. Rest.Log.DebugFormat("{0} Respond ENTRY, handled = {1}, reason = {2}", MsgId, handled, reason);
  890. // We do this to try and make multiple Respond requests harmless,
  891. // as it is sometimes convenient to isse a response without
  892. // certain knowledge that it has not previously been done.
  893. if (!handled)
  894. {
  895. Rest.Log.DebugFormat("{0} Generating Response", MsgId);
  896. Rest.Log.DebugFormat("{0} Method is {1}", MsgId, method);
  897. // A Head request can NOT have a body! So don't waste time on
  898. // formatting if we're going to reject it anyway!
  899. if (method != Rest.HEAD)
  900. {
  901. Rest.Log.DebugFormat("{0} Response is not abbreviated", MsgId);
  902. // If the writer is non-null then we know that an XML
  903. // data component exists. Flush and close the writer and
  904. // then convert the result to the expected buffer format
  905. // unless the request has already been failed for some
  906. // reason.
  907. if (writer != null)
  908. {
  909. Rest.Log.DebugFormat("{0} XML Response handler extension ENTRY", MsgId);
  910. Rest.Log.DebugFormat("{0} XML Response exists", MsgId);
  911. writer.Flush();
  912. writer.Close();
  913. if (!fail)
  914. {
  915. buffer = xmldata.ToArray();
  916. AddHeader("Content-Type","application/xml");
  917. }
  918. xmldata.Close();
  919. Rest.Log.DebugFormat("{0} XML Response encoded", MsgId);
  920. Rest.Log.DebugFormat("{0} XML Response handler extension EXIT", MsgId);
  921. }
  922. if (buffer == null && body != null)
  923. {
  924. buffer = encoding.GetBytes(body);
  925. AddHeader("Content-Type",bodyType);
  926. }
  927. // OK, if the buffer contains something, regardless of how
  928. // it got there, set various response headers accordingly.
  929. if (buffer != null)
  930. {
  931. Rest.Log.DebugFormat("{0} Buffer-based entity", MsgId);
  932. }
  933. else
  934. {
  935. if (statusBody != String.Empty)
  936. {
  937. statusBody += Rest.statusTail;
  938. buffer = encoding.GetBytes(statusBody);
  939. AddHeader("Content-Type","text/html");
  940. }
  941. else
  942. {
  943. statusBody = Rest.statusHead;
  944. appendStatus(String.Format(": ({0}) {1}",
  945. statusCode, Rest.HttpStatusDesc[statusCode]));
  946. statusBody += Rest.statusTail;
  947. buffer = encoding.GetBytes(statusBody);
  948. AddHeader("Content-Type","text/html");
  949. }
  950. }
  951. response.ContentLength64 = buffer.Length;
  952. if (response.ContentEncoding == null)
  953. response.ContentEncoding = encoding;
  954. response.SendChunked = chunked;
  955. response.KeepAlive = keepAlive;
  956. }
  957. // Set the status code & description. If nothing has been stored,
  958. // we consider that a success.
  959. if (statusCode == 0)
  960. {
  961. Complete();
  962. }
  963. // Set the response code in the actual carrier
  964. response.StatusCode = statusCode;
  965. // For a redirect we need to set the relocation header accordingly
  966. if (response.StatusCode == (int) Rest.HttpStatusCodeTemporaryRedirect ||
  967. response.StatusCode == (int) Rest.HttpStatusCodePermanentRedirect)
  968. {
  969. Rest.Log.DebugFormat("{0} Re-direct location is {1}", MsgId, redirectLocation);
  970. response.RedirectLocation = redirectLocation;
  971. }
  972. // And include the status description if provided.
  973. response.StatusDescription = Rest.HttpStatusDesc[response.StatusCode];
  974. // Finally we send back our response.
  975. // We've left the setting of handled' until the
  976. // last minute because the header settings included
  977. // above are pretty harmless. But everything from
  978. // here on down probably leaves the response
  979. // element unusable by anyone else.
  980. handled = true;
  981. // DumpHeaders();
  982. // if (request.InputStream != null)
  983. // {
  984. // Rest.Log.DebugFormat("{0} Closing input stream", MsgId);
  985. // request.InputStream.Close();
  986. // }
  987. if (buffer != null && buffer.Length != 0)
  988. {
  989. Rest.Log.DebugFormat("{0} Entity buffer, length = {1} : <{2}>",
  990. MsgId, buffer.Length, encoding.GetString(buffer));
  991. response.OutputStream.Write(buffer, 0, buffer.Length);
  992. }
  993. // Closing the outputstream should complete the transmission process
  994. Rest.Log.DebugFormat("{0} Sending response", MsgId);
  995. // response.OutputStream.Close();
  996. response.Send();
  997. }
  998. Rest.Log.DebugFormat("{0} Respond EXIT, handled = {1}, reason = {2}", MsgId, handled, reason);
  999. return handled;
  1000. }
  1001. /// <summary>
  1002. /// These methods allow a service provider to manipulate the
  1003. /// request/response headers. The DumpHeaders method is intended
  1004. /// for problem diagnosis.
  1005. /// </summary>
  1006. internal void AddHeader(string hdr, string data)
  1007. {
  1008. if (Rest.DEBUG) Rest.Log.DebugFormat("{0} Adding header: <{1}: {2}>", MsgId, hdr, data);
  1009. response.AddHeader(hdr, data);
  1010. }
  1011. // internal void RemoveHeader(string hdr)
  1012. // {
  1013. // if (Rest.DEBUG)
  1014. // {
  1015. // Rest.Log.DebugFormat("{0} Removing header: <{1}>", MsgId, hdr);
  1016. // if (response.Headers.Get(hdr) == null)
  1017. // {
  1018. // Rest.Log.DebugFormat("{0} No such header existed",
  1019. // MsgId, hdr);
  1020. // }
  1021. // }
  1022. // response.Headers.Remove(hdr);
  1023. // }
  1024. // internal void DumpHeaders()
  1025. // {
  1026. // if (Rest.DEBUG)
  1027. // {
  1028. // for (int i=0;i<response.Headers.Count;i++)
  1029. // {
  1030. // Rest.Log.DebugFormat("{0} Header[{1}] : {2}", MsgId, i,
  1031. // response.Headers.Get(i));
  1032. // }
  1033. // }
  1034. // }
  1035. // Setup the XML writer for output
  1036. internal void initXmlWriter()
  1037. {
  1038. XmlWriterSettings settings = new XmlWriterSettings();
  1039. xmldata = new MemoryStream();
  1040. settings.Indent = true;
  1041. settings.IndentChars = " ";
  1042. settings.Encoding = encoding;
  1043. settings.CloseOutput = false;
  1044. settings.OmitXmlDeclaration = true;
  1045. settings.ConformanceLevel = ConformanceLevel.Fragment;
  1046. writer = XmlWriter.Create(xmldata, settings);
  1047. }
  1048. internal void initXmlReader()
  1049. {
  1050. XmlReaderSettings settings = new XmlReaderSettings();
  1051. settings.ConformanceLevel = ConformanceLevel.Fragment;
  1052. settings.IgnoreComments = true;
  1053. settings.IgnoreWhitespace = true;
  1054. settings.IgnoreProcessingInstructions = true;
  1055. settings.ValidationType = ValidationType.None;
  1056. reader = XmlReader.Create(request.InputStream,settings);
  1057. }
  1058. internal void appendStatus(string msg)
  1059. {
  1060. if (statusBody == String.Empty)
  1061. {
  1062. statusBody = String.Format(Rest.statusHead, request.HttpMethod);
  1063. }
  1064. statusBody = String.Format("{0} {1}", statusBody, msg);
  1065. }
  1066. #endregion service_interface
  1067. #region internal_methods
  1068. /// <summary>
  1069. /// Helper methods for deconstructing and reconstructing
  1070. /// URI path data.
  1071. /// </summary>
  1072. private void initUrl()
  1073. {
  1074. uri = request.Url;
  1075. if (query == null)
  1076. {
  1077. query = uri.Query;
  1078. }
  1079. // If the path has not been previously initialized,
  1080. // do so now.
  1081. if (path == null)
  1082. {
  1083. path = uri.AbsolutePath;
  1084. if (path.EndsWith(Rest.UrlPathSeparator))
  1085. path = path.Substring(0,path.Length-1);
  1086. }
  1087. // If we succeeded in getting a path, perform any
  1088. // additional pre-processing required.
  1089. if (path != null)
  1090. {
  1091. if (Rest.ExtendedEscape)
  1092. {
  1093. // Handle "+". Not a standard substitution, but
  1094. // common enough...
  1095. path = path.Replace(Rest.C_PLUS,Rest.C_SPACE);
  1096. }
  1097. pathNodes = path.Split(Rest.CA_PATHSEP);
  1098. }
  1099. else
  1100. {
  1101. pathNodes = EmptyPath;
  1102. }
  1103. // Elimiate any %-escaped values. This is left until here
  1104. // so that escaped "+' are not mistakenly replaced.
  1105. path = Uri.UnescapeDataString(path);
  1106. // Request server context info
  1107. hostname = uri.Host;
  1108. port = uri.Port;
  1109. }
  1110. private int initParameters(int prfxlen)
  1111. {
  1112. if (prfxlen < path.Length-1)
  1113. {
  1114. parameters = path.Substring(prfxlen+1).Split(Rest.CA_PATHSEP);
  1115. }
  1116. else
  1117. {
  1118. parameters = new string[0];
  1119. }
  1120. // Generate a debug list of the decoded parameters
  1121. if (Rest.DEBUG && prfxlen < path.Length-1)
  1122. {
  1123. Rest.Log.DebugFormat("{0} URI: Parameters: {1}", MsgId, path.Substring(prfxlen));
  1124. for (int i = 0; i < parameters.Length; i++)
  1125. {
  1126. Rest.Log.DebugFormat("{0} Parameter[{1}]: {2}", MsgId, i, parameters[i]);
  1127. }
  1128. }
  1129. return parameters.Length;
  1130. }
  1131. #endregion internal_methods
  1132. }
  1133. }