Digest authorization in SIP with MD5 Challenge

During a SIP request if the server responds with 401 Proxy Authentication Required or 401 Unauthorized then it means the client has to replay the same request again with MD5 challenge.

The client should use nonce value from the response header WWW-Authenticate.

[code]

WWW-Authenticate: Digest realm="sip.linphone.org", nonce="JbAO1QAAAAA3aDI0AADMobiT7toAAAAA", opaque="+GNywA==", algorithm=MD5, qop="auth"

[/code]

The client should use nonce to generate the MD5 challenge and make the original request again with the Authorization header.

Steps to create the MD5 Challenge

1. Create first MD5 hash using username + ":" + realm + ":" + password

[java]

String a1 = username + ":" + realm + ":" + password;
String ha1 = toHexString(mdigest.digest(a1.getBytes()));
[/java]

2. Create second MD5 hash using request_method + ":" + request_uri

[java]

String a2 = request_method.toUpperCase() + ":" + request_uri;
String ha2 = toHexString(mdigest.digest(a2.getBytes()));
[/java]

3. If qop in the response header is "auth" then the final MD5 hash is calculated using step 3a else if it is undefined or empty refer step 3b.

3a. Create the final MD5 string using ha1 + ":" + nonce + ":" + nonceCount + ":" + cNonce + ":" + qop + ":" + ha2

[java]

String finalStr = ha1 + ":" + nonce + ":" + nonceCount + ":" + cNonce + ":" + qop + ":" + ha2;
String response = toHexString(mdigest.digest(finalStr.getBytes()));
[/java]

3b. Create the final MD5 string using ha1 + ":" + nonce + ":" + ha2

[java]
String finalStr = ha1 + ":" + nonce + ":" + ha2;
String response = toHexString(mdigest.digest(finalStr.getBytes()));
[/java]

Download the complete source code from here