Refactor SIP authorization digest parsing in SIPAuthorisationDigest.cs to use ReadOnlySpan<char> for improved performance and memory efficiency. Simplified header field handling by replacing regular expressions and string arrays with spans and slices. Expanded unit tests in SIPAuthorisationDigestUnitTest.cs to cover various scenarios, including basic, full, malformed, and case-insensitive headers, as well as nonce counts and QOP values.

paulomorgado · paulomorgado · commit aada3518a3d4 · 2025-02-23T22:24:22.000Z
diff --git a/src/core/SIP/SIPAuthorisationDigest.cs b/src/core/SIP/SIPAuthorisationDigest.cs
@@ -85,69 +85,103 @@ public static SIPAuthorisationDigest ParseAuthorisationDigest(SIPAuthorisationHe
         {
             SIPAuthorisationDigest authRequest = new SIPAuthorisationDigest(authorisationType);
 
-            string noDigestHeader = Regex.Replace(authorisationRequest, $@"^\s*{METHOD}\s*", "", RegexOptions.IgnoreCase);
-            string[] headerFields = noDigestHeader.Split(',');
+            //string noDigestHeader = Regex.Replace(authorisationRequest, $@"^\s*{METHOD}\s*", "", RegexOptions.IgnoreCase);
+            ReadOnlySpan<char> noDigestHeader = authorisationRequest.AsSpan().Trim();
+            if (noDigestHeader.StartsWith(METHOD.AsSpan(), StringComparison.OrdinalIgnoreCase))
+            {
+                noDigestHeader = noDigestHeader.Slice(METHOD.Length + 1);
+            }
 
-            if (headerFields != null && headerFields.Length > 0)
+            while (noDigestHeader.IsEmpty == false)
             {
-                foreach (string headerField in headerFields)
+                ReadOnlySpan<char> headerField;
+                int commaIndex = noDigestHeader.IndexOf(',');
+                if (commaIndex == -1)
+                {
+                    headerField = noDigestHeader.Trim();
+                    noDigestHeader = ReadOnlySpan<char>.Empty;
+                }
+                else
+                {
+                    headerField = noDigestHeader.Slice(0, commaIndex).Trim();
+                    noDigestHeader = noDigestHeader.Slice(commaIndex + 1);
+                }
+
+                int equalsIndex = headerField.IndexOf('=');
+
+                if (equalsIndex != -1 && equalsIndex < headerField.Length)
                 {
-                    int equalsIndex = headerField.IndexOf('=');
+                    ReadOnlySpan<char> headerName = headerField.Slice(0, equalsIndex).Trim();
+                    ReadOnlySpan<char> headerValue = headerField.Slice(equalsIndex + 1).Trim(m_headerFieldRemoveChars);
 
-                    if (equalsIndex != -1 && equalsIndex < headerField.Length)
+                    if (headerName.Equals(AuthHeaders.AUTH_REALM_KEY.AsSpan(), StringComparison.OrdinalIgnoreCase))
+                    {
+                        authRequest.Realm = headerValue.ToString();
+                    }
+                    else if (headerName.Equals(AuthHeaders.AUTH_NONCE_KEY.AsSpan(), StringComparison.OrdinalIgnoreCase))
+                    {
+                        authRequest.Nonce = headerValue.ToString();
+                    }
+                    else if (headerName.Equals(AuthHeaders.AUTH_USERNAME_KEY.AsSpan(), StringComparison.OrdinalIgnoreCase))
+                    {
+                        authRequest.Username = headerValue.ToString();
+                    }
+                    else if (headerName.Equals(AuthHeaders.AUTH_RESPONSE_KEY.AsSpan(), StringComparison.OrdinalIgnoreCase))
+                    {
+                        authRequest.Response = headerValue.ToString();
+                    }
+                    else if (headerName.Equals(AuthHeaders.AUTH_URI_KEY.AsSpan(), StringComparison.OrdinalIgnoreCase))
+                    {
+                        authRequest.URI = headerValue.ToString();
+                    }
+                    else if (headerName.Equals(AuthHeaders.AUTH_CNONCE_KEY.AsSpan(), StringComparison.OrdinalIgnoreCase))
+                    {
+                        authRequest.Cnonce = headerValue.ToString();
+                    }
+                    else if (headerName.Equals(AuthHeaders.AUTH_NONCECOUNT_KEY.AsSpan(), StringComparison.OrdinalIgnoreCase))
                     {
-                        string headerName = headerField.Substring(0, equalsIndex).Trim();
-                        string headerValue = headerField.Substring(equalsIndex + 1).Trim(m_headerFieldRemoveChars);
+#if NETCOREAPP2_1_OR_GREATER
+                        Int32.TryParse(headerValue, out authRequest.NonceCount);
+#else
+                        Int32.TryParse(headerValue.ToString(), out authRequest.NonceCount);
+#endif
+                    }
+                    else if (headerName.Equals(AuthHeaders.AUTH_QOP_KEY.AsSpan(), StringComparison.OrdinalIgnoreCase))
+                    {
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+                        authRequest.Qop = BuildQop(headerValue);
 
-                        if (Regex.Match(headerName, "^" + AuthHeaders.AUTH_REALM_KEY + "$", RegexOptions.IgnoreCase).Success)
-                        {
-                            authRequest.Realm = headerValue;
-                        }
-                        else if (Regex.Match(headerName, "^" + AuthHeaders.AUTH_NONCE_KEY + "$", RegexOptions.IgnoreCase).Success)
-                        {
-                            authRequest.Nonce = headerValue;
-                        }
-                        else if (Regex.Match(headerName, "^" + AuthHeaders.AUTH_USERNAME_KEY + "$", RegexOptions.IgnoreCase).Success)
-                        {
-                            authRequest.Username = headerValue;
-                        }
-                        else if (Regex.Match(headerName, "^" + AuthHeaders.AUTH_RESPONSE_KEY + "$", RegexOptions.IgnoreCase).Success)
-                        {
-                            authRequest.Response = headerValue;
-                        }
-                        else if (Regex.Match(headerName, "^" + AuthHeaders.AUTH_URI_KEY + "$", RegexOptions.IgnoreCase).Success)
+                        static string BuildQop(ReadOnlySpan<char> headerValue)
                         {
-                            authRequest.URI = headerValue;
+                            Span<char> chars = stackalloc char[headerValue.Length];
+                            _ = headerValue.ToLowerInvariant(chars);
+                            return new string((ReadOnlySpan<char>)chars);
                         }
-                        else if (Regex.Match(headerName, "^" + AuthHeaders.AUTH_CNONCE_KEY + "$", RegexOptions.IgnoreCase).Success)
-                        {
-                            authRequest.Cnonce = headerValue;
-                        }
-                        else if (Regex.Match(headerName, "^" + AuthHeaders.AUTH_NONCECOUNT_KEY + "$", RegexOptions.IgnoreCase).Success)
-                        {
-                            Int32.TryParse(headerValue, out authRequest.NonceCount);
-                        }
-                        else if (Regex.Match(headerName, "^" + AuthHeaders.AUTH_QOP_KEY + "$", RegexOptions.IgnoreCase).Success)
-                        {
-                            authRequest.Qop = headerValue.ToLower();
-                        }
-                        else if (Regex.Match(headerName, "^" + AuthHeaders.AUTH_OPAQUE_KEY + "$", RegexOptions.IgnoreCase).Success)
+#else
+                        authRequest.Qop = headerValue.ToString().ToLowerInvariant();
+#endif
+                    }
+                    else if (headerName.Equals(AuthHeaders.AUTH_OPAQUE_KEY.AsSpan(), StringComparison.OrdinalIgnoreCase))
+                    {
+                        authRequest.Opaque = headerValue.ToString();
+                    }
+                    else if (headerName.Equals(AuthHeaders.AUTH_ALGORITHM_KEY.AsSpan(), StringComparison.OrdinalIgnoreCase))
+                    {
+                        //authRequest.Algorithm = headerValue;
+
+#if NETCOREAPP6_0_OR_GREATER
+                        var hv = headerValue.Replace("-", "");
+#else
+                        var hv = headerValue.ToString().Replace("-", "");
+#endif
+                        if (Enum.TryParse<DigestAlgorithmsEnum>(hv, true, out var alg))
                         {
-                            authRequest.Opaque = headerValue;
+                            authRequest.DigestAlgorithm = alg;
                         }
-                        else if (Regex.Match(headerName, "^" + AuthHeaders.AUTH_ALGORITHM_KEY + "$", RegexOptions.IgnoreCase).Success)
+                        else
                         {
-                            //authRequest.Algorithhm = headerValue;
-
-                            if (Enum.TryParse<DigestAlgorithmsEnum>(headerValue.Replace("-",""), true, out var alg))
-                            {
-                                authRequest.DigestAlgorithm = alg;
-                            }
-                            else
-                            {
-                                logger.LogWarning("SIPAuthorisationDigest did not recognised digest algorithm value of {DigestAlgorithms}, defaulting to {DigestAlgorithmsEnumMD5}.", headerValue, DigestAlgorithmsEnum.MD5);
-                                authRequest.DigestAlgorithm = DigestAlgorithmsEnum.MD5;
-                            }
+                            logger.LogWarning("SIPAuthorisationDigest did not recognised digest algorithm value of {DigestAlgorithms}, defaulting to {DigestAlgorithmsEnumMD5}.", headerValue.ToString(), DigestAlgorithmsEnum.MD5);
+                            authRequest.DigestAlgorithm = DigestAlgorithmsEnum.MD5;
                         }
                     }
                 }
diff --git a/test/unit/core/SIP/SIPAuthorisationDigestUnitTest.cs b/test/unit/core/SIP/SIPAuthorisationDigestUnitTest.cs
@@ -433,5 +433,109 @@ public void SIPRequestAuthRoundTripWithSHA256DIgest()
 
             Assert.True(authResult.Authenticated);
         }
-    }
+
+        private const string BASIC_AUTH_HEADER = "Digest realm=\"sip.domain.com\",nonce=\"1234\",algorithm=MD5";
+        private const string FULL_AUTH_HEADER = "Digest username=\"alice\",realm=\"sip.domain.com\",nonce=\"1234abcd\",uri=\"sip:bob@domain.com\",response=\"a1b2c3d4\",algorithm=MD5,cnonce=\"9876\",opaque=\"opaque123\",qop=auth,nc=00000001";
+        private const string SHA256_AUTH_HEADER = "Digest username=\"bob\",realm=\"sip.domain.com\",nonce=\"5678\",algorithm=SHA-256";
+        private const string MALFORMED_AUTH_HEADER = "Digest realm=missing-quotes,nonce=\"1234\"";
+        private const string MIXED_CASE_AUTH_HEADER = "DIgEsT rEaLm=\"sip.domain.com\",NoNcE=\"1234\",algorithm=md5";
+
+        [Theory]
+        [InlineData(SIPAuthorisationHeadersEnum.WWWAuthenticate, BASIC_AUTH_HEADER, "sip.domain.com", "1234", DigestAlgorithmsEnum.MD5)]
+        [InlineData(SIPAuthorisationHeadersEnum.ProxyAuthenticate, BASIC_AUTH_HEADER, "sip.domain.com", "1234", DigestAlgorithmsEnum.MD5)]
+        public void BasicAuthHeaderParseTest(SIPAuthorisationHeadersEnum authType, string header, string expectedRealm, string expectedNonce, DigestAlgorithmsEnum expectedAlgorithm)
+        {
+            var result = SIPAuthorisationDigest.ParseAuthorisationDigest(authType, header);
+
+            Assert.Equal(authType, result.AuthorisationType);
+            Assert.Equal(expectedRealm, result.Realm);
+            Assert.Equal(expectedNonce, result.Nonce);
+            Assert.Equal(expectedAlgorithm, result.DigestAlgorithm);
+        }
+
+        [Theory]
+        [InlineData(SIPAuthorisationHeadersEnum.Authorize, FULL_AUTH_HEADER)]
+        public void FullAuthHeaderParseTest(SIPAuthorisationHeadersEnum authType, string header)
+        {
+            var result = SIPAuthorisationDigest.ParseAuthorisationDigest(authType, header);
+
+            Assert.Equal("alice", result.Username);
+            Assert.Equal("sip.domain.com", result.Realm);
+            Assert.Equal("1234abcd", result.Nonce);
+            Assert.Equal("sip:bob@domain.com", result.URI);
+            Assert.Equal("a1b2c3d4", result.Response);
+            Assert.Equal(DigestAlgorithmsEnum.MD5, result.DigestAlgorithm);
+            Assert.Equal("9876", result.Cnonce);
+            Assert.Equal("opaque123", result.Opaque);
+            Assert.Equal("auth", result.Qop);
+            Assert.Equal(1, result.NonceCount);
+        }
+
+        [Theory]
+        [InlineData(SIPAuthorisationHeadersEnum.ProxyAuthenticate, SHA256_AUTH_HEADER, DigestAlgorithmsEnum.SHA256)]
+        public void AlgorithmParseTest(SIPAuthorisationHeadersEnum authType, string header, DigestAlgorithmsEnum expectedAlgorithm)
+        {
+            var result = SIPAuthorisationDigest.ParseAuthorisationDigest(authType, header);
+            Assert.Equal(expectedAlgorithm, result.DigestAlgorithm);
+        }
+
+        [Theory]
+        [InlineData(SIPAuthorisationHeadersEnum.WWWAuthenticate, MIXED_CASE_AUTH_HEADER)]
+        public void CaseInsensitiveParseTest(SIPAuthorisationHeadersEnum authType, string header)
+        {
+            var result = SIPAuthorisationDigest.ParseAuthorisationDigest(authType, header);
+
+            Assert.Equal("sip.domain.com", result.Realm);
+            Assert.Equal("1234", result.Nonce);
+            Assert.Equal(DigestAlgorithmsEnum.MD5, result.DigestAlgorithm);
+        }
+
+        [Theory]
+        [InlineData(SIPAuthorisationHeadersEnum.WWWAuthenticate, "")]
+        [InlineData(SIPAuthorisationHeadersEnum.WWWAuthenticate, "NotDigest realm=\"test\"")]
+        public void EmptyOrInvalidHeaderTest(SIPAuthorisationHeadersEnum authType, string header)
+        {
+            var result = SIPAuthorisationDigest.ParseAuthorisationDigest(authType, header);
+
+            Assert.NotNull(result);
+            Assert.Equal(authType, result.AuthorisationType);
+            Assert.Null(result.Realm);
+            Assert.Null(result.Nonce);
+        }
+
+        [Theory]
+        [InlineData("Digest nc=1", 1)]
+        [InlineData("Digest nc=00000001", 1)]
+        [InlineData("Digest nc=invalid", 0)]
+        [InlineData("Digest nc=", 0)]
+        public void NonceCountParseTest(string header, int expectedCount)
+        {
+            var result = SIPAuthorisationDigest.ParseAuthorisationDigest(SIPAuthorisationHeadersEnum.Authorize, header);
+            Assert.Equal(expectedCount, result.NonceCount);
+        }
+
+        [Theory]
+        [InlineData("Digest qop=auth", "auth")]
+        [InlineData("Digest qop=AUTH", "auth")]
+        [InlineData("Digest qop=Auth", "auth")]
+        public void QopParseTest(string header, string expectedQop)
+        {
+            var result = SIPAuthorisationDigest.ParseAuthorisationDigest(SIPAuthorisationHeadersEnum.Authorize, header);
+            Assert.Equal(expectedQop, result.Qop);
+        }
+
+        [Fact]
+        public void ParseAuthorisationDigest_InvalidAlgorithm_DefaultsToMD5()
+        {
+            // Arrange
+            string authorisationRequest = "Digest username=\"user\", realm=\"realm\", nonce=\"nonce\", uri=\"uri\", response=\"response\", algorithm=\"invalid-algorithm\"";
+            SIPAuthorisationHeadersEnum authorisationType = SIPAuthorisationHeadersEnum.Authorize;
+
+            // Act
+            SIPAuthorisationDigest authDigest = SIPAuthorisationDigest.ParseAuthorisationDigest(authorisationType, authorisationRequest);
+
+            // Assert
+            Assert.Equal(DigestAlgorithmsEnum.MD5, authDigest.DigestAlgorithm);
+        }
+    }
 }
