Added Intel AMT auth-int support, except in interceptor.

amt/amt-wsman-comm.js

@@ -164,7 +164,7 @@ var CreateWsmanComm = function (host, port, user, pass, tls, tlsoptions, mpsConn
                 obj.kerberosDone = 1;
             }
         } else if (obj.challengeParams != null) {
-            var response = hex_md5(hex_md5(obj.user + ':' + obj.challengeParams['realm'] + ':' + obj.pass) + ':' + obj.challengeParams['nonce'] + ':' + obj.noncecounter + ':' + obj.cnonce + ':' + obj.challengeParams['qop'] + ':' + hex_md5(action + ':' + url));
+            var response = hex_md5(hex_md5(obj.user + ':' + obj.challengeParams['realm'] + ':' + obj.pass) + ':' + obj.challengeParams['nonce'] + ':' + obj.noncecounter + ':' + obj.cnonce + ':' + obj.challengeParams['qop'] + ':' + hex_md5(action + ':' + url + ((obj.challengeParams['qop'] == 'auth-int') ? (':' + hex_md5(postdata)) : '')));
             h += 'Authorization: ' + obj.renderDigest({ 'username': obj.user, 'realm': obj.challengeParams['realm'], 'nonce': obj.challengeParams['nonce'], 'uri': url, 'qop': obj.challengeParams['qop'], 'response': response, 'nc': obj.noncecounter++, 'cnonce': obj.cnonce }) + '\r\n';
         }
         h += 'Host: ' + obj.host + ':' + obj.port + '\r\nContent-Length: ' + postdata.length + '\r\n\r\n' + postdata; // Use Content-Length
@@ -423,6 +423,11 @@ var CreateWsmanComm = function (host, port, user, pass, tls, tlsoptions, mpsConn
         if (isNaN(s)) s = 500;
         if (s == 401 && ++(obj.authcounter) < 3) {
             obj.challengeParams = obj.parseDigest(header['www-authenticate']); // Set the digest parameters, after this, the socket will close and we will auto-retry            
+            if (obj.challengeParams['qop'] != null) {
+                var qopList = obj.challengeParams['qop'].split(',');
+                for (var i in qopList) { qopList[i] = qopList[i].trim(); }
+                if (qopList.indexOf('auth-int') >= 0) { obj.challengeParams['qop'] = 'auth-int'; } else { obj.challengeParams['qop'] = 'auth'; }
+            }
             if (obj.mpsConnection == null) { obj.socket.end(); } else { obj.socket.close(); }
         } else {
             var r = obj.pendingAjaxCall.shift();

interceptor.js

@@ -166,6 +166,17 @@ module.exports.CreateHttpInterceptor = function (args) {
             if (obj.args.user && obj.args.pass && HttpInterceptorAuthentications[obj.args.host + ':' + obj.args.port]) {
                 // We have authentication data, lets use it.
                 var AuthArgs = obj.GetAuthArgs(HttpInterceptorAuthentications[obj.args.host + ':' + obj.args.port]);
+
+                AuthArgs.qop = 'auth'; // If different QOP options are proposed, always use 'auth' for now.
+                // In the future, we should support auth-int, but that will required the body of the request to be accumulated and hashed.
+                /*
+                if (AuthArgs.qop != null) { // If Intel AMT supports auth-int, use it.
+                    var qopList = AuthArgs.qop.split(',');
+                    for (var i in qopList) { qopList[i] = qopList[i].trim(); }
+                    if (qopList.indexOf('auth-int') >= 0) { AuthArgs.qop = 'auth-int'; } else { AuthArgs.qop = 'auth'; }
+                }
+                */
+
                 var hash = obj.ComputeDigesthash(obj.args.user, obj.args.pass, AuthArgs.realm, obj.ws.directive[0], obj.ws.directive[1], AuthArgs.qop, AuthArgs.nonce, obj.ws.authCNonceCount, obj.ws.authCNonce);
                 var authstr = 'Digest username="' + obj.args.user + '",realm="' + AuthArgs.realm + '",nonce="' + AuthArgs.nonce + '",uri="' + obj.ws.directive[1] + '",qop=' + AuthArgs.qop + ',nc=' + obj.ws.authCNonceCount + ',cnonce="' + obj.ws.authCNonce + '",response="' + hash + '"';
                 if (AuthArgs.opaque) { authstr += (',opaque="' + AuthArgs.opaque + '"'); }
@@ -311,7 +322,7 @@ module.exports.CreateRedirInterceptor = function (args) {
                     var authstatus = obj.amt.acc.charCodeAt(1);
                     var authType = obj.amt.acc.charCodeAt(4);
 
-                    if (authType == obj.AuthenticationType.DIGEST && authstatus == obj.AuthenticationStatus.FALIURE) {
+                    if ((authType == obj.AuthenticationType.DIGEST) && (authstatus == obj.AuthenticationStatus.FALIURE)) {
                         // Grab and keep all authentication parameters
                         var realmlen = obj.amt.acc.charCodeAt(9);
                         obj.amt.digestRealm = obj.amt.acc.substring(10, 10 + realmlen);