Hello,

I've been trying to implement (client-side) Digest Authentication
capabilities to Net:HTTP (as stated in RFC2617)  and am having trouble
modifying the headers before I send the request to the server.

So far I'm just starting, and am relatively new to ruby. But I am able
to request a page from the server, receive the 401 Forbidden message,
and extract the needed information from the header. Now I use that
information, plus a username and password to formulate a proper header
to use in my next request.  But I don't know how to do that.

ugly code below:

require 'net/http'
require 'digest/md5'

def unq(str) // unquote a string
	str.gsub(/"/, '')
end

def unwrap(wstr) // unserialize the auth header value into a hash
   wa_hash = Hash.new
   wa_ary = wstr.split /, /

    wa_ary.each do |str|
    	k,v = str.split '='
    	wa_hash[k] = v
    end
    return wa_hash
end

def wrap(whsh) // serialize a hash for use as a Auth header value
	str = String.new
	whsh.each do |k ,v|
		if(k == "qop" || k == "nc")
			str += k + '=' + v + ', '
		else
			str += k + '="' + v + '", '
		end
	end
	return str.chop.chop
end

response = nil
    Net::HTTP.start('192.168.123.72', 81) {|http|
      response = http.request_get("/hierarch.htm")
    }
    response.each_header { |k, v| puts k + ": " + v }

    wa_hash = unwrap( response["www-authenticate"] )

    wa_hash.each do |k,v|
    	puts k + ": " + v
    end

    dig_resp = Digest::MD5.hexdigest("admin" + ":" +
    	unq(wa_hash["Digest realm"]) + ":" +
    	"0000" + ":" +
    	unq(wa_hash["nonce"]) + ":" +
    	"00000001" + ":" +
    	unq("c202ce") + ":" +
    	unq(wa_hash["qop"]) + ":" +
    	Digest::MD5.hexdigest( "GET" + ":" + "/hierarch.htm" ))

    auth = wrap(Hash["Digest username" => "admin",
    		"realm" => unq(wa_hash["Digest realm"]),
    		"nonce" => unq(wa_hash["nonce"]),
    		"uri" => "/hierarch.htm",
    		"response" => dig_resp,
    		"qop" => unq(wa_hash["qop"]),
    		"nc" => "00000001",
		"cnonce" => "c202ce"] )



    res = Net::HTTP.start('192.168.123.72', 81) {|http|
      response = http.head('/hierarch.htm')
      response.add_field("Authorization", auth)  //not working
      http.get('/hierarch.htm')
    }
    puts res.body