#ifndef __DIGEST_H__
#define __DIGEST_H__

#include "md5.h"

#define DIGEST_NONCE_LEN sizeof(time_t) + sizeof(unsigned int) + MD5_LEN
#define DIGEST_SECRET_LEN 16

/* Parsed Digest response from the client */
typedef struct digest_header
{
    const char* scheme;
    const char* realm;
    const char* username;
    const char* nonce;
    const char* uri;
    const char* method;
    const char* digest;
    const char* algorithm;
    const char* cnonce;
    const char* opaque;
    const char* qop;
    const char* nc;
}
digest_header_t;

typedef struct digest_context
{
    digest_header_t client;

    long server_nc;
    const char* server_uri;
    const char* server_method;

    unsigned char ha1[MD5_LEN];
}
digest_context_t;

void digest_makeha1(unsigned char* digest, const char* user,
                    const char* realm, const char* password);

int digest_parse(const char* header, ha_buffer_t* buf, digest_header_t* dg);

const char* digest_challenge(ha_buffer_t* buf, const char* nonce_str,
                             const char* realm, const char* domains, int stale);

/*
 * Validate digest headers once they've been parsed. Note that it's up
 * to the caller to validate the 'username' and 'nonce' fields.
 */
int digest_check(digest_context_t* dg, const ha_context_t* opts, ha_buffer_t* buf);
int digest_pre_check(digest_context_t* dg, const ha_context_t* opts, ha_buffer_t* buf);

/* This assumes a digest_context that's been prechecked successfully */
int digest_complete_check(digest_context_t* dg, ha_buffer_t* buf);

/* This assumes a digest_context that's been checked and validated successfully */
const char* digest_respond(digest_context_t* dg, ha_buffer_t* buf, unsigned char* next);

#endif /* __DIGEST_H__ */