| OLD | NEW |
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_HTTP_HTTP_AUTH_H_ | 5 #ifndef NET_HTTP_HTTP_AUTH_H_ |
| 6 #define NET_HTTP_HTTP_AUTH_H_ | 6 #define NET_HTTP_HTTP_AUTH_H_ |
| 7 #pragma once | 7 #pragma once |
| 8 | 8 |
| 9 #include <set> | 9 #include <set> |
| 10 #include <string> | 10 #include <string> |
| 11 | 11 |
| 12 #include "base/scoped_ptr.h" | 12 #include "base/scoped_ptr.h" |
| 13 #include "base/string16.h" | 13 #include "base/string16.h" |
| 14 #include "net/http/http_util.h" | 14 #include "net/http/http_util.h" |
| 15 | 15 |
| 16 template <class T> class scoped_refptr; | 16 template <class T> class scoped_refptr; |
| 17 | 17 |
| 18 namespace net { | 18 namespace net { |
| 19 | 19 |
| 20 class BoundNetLog; | 20 class BoundNetLog; |
| 21 class HttpAuthHandler; | 21 class HttpAuthHandler; |
| 22 class HttpAuthHandlerFactory; | 22 class HttpAuthHandlerFactory; |
| 23 class HttpResponseHeaders; | 23 class HttpResponseHeaders; |
| 24 | 24 |
| 25 // Utility class for http authentication. | 25 // Utility class for http authentication. |
| 26 class HttpAuth { | 26 class HttpAuth { |
| 27 public: | 27 public: |
| 28 | |
| 29 // Http authentication can be done the the proxy server, origin server, | 28 // Http authentication can be done the the proxy server, origin server, |
| 30 // or both. This enum tracks who the target is. | 29 // or both. This enum tracks who the target is. |
| 31 enum Target { | 30 enum Target { |
| 32 AUTH_NONE = -1, | 31 AUTH_NONE = -1, |
| 33 // We depend on the valid targets (!= AUTH_NONE) being usable as indexes | 32 // We depend on the valid targets (!= AUTH_NONE) being usable as indexes |
| 34 // in an array, so start from 0. | 33 // in an array, so start from 0. |
| 35 AUTH_PROXY = 0, | 34 AUTH_PROXY = 0, |
| 36 AUTH_SERVER = 1, | 35 AUTH_SERVER = 1, |
| 37 AUTH_NUM_TARGETS = 2, | 36 AUTH_NUM_TARGETS = 2, |
| 38 }; | 37 }; |
| 39 | 38 |
| 39 // What the HTTP WWW-Authenticate/Proxy-Authenticate headers indicate about |
| 40 // the previous authorization attempt. |
| 41 enum AuthorizationResult { |
| 42 AUTHORIZATION_RESULT_ACCEPT, // The authorization attempt was accepted, |
| 43 // although there still may be additional |
| 44 // rounds of challenges. |
| 45 |
| 46 AUTHORIZATION_RESULT_REJECT, // The authorization attempt was rejected. |
| 47 |
| 48 AUTHORIZATION_RESULT_STALE, // (Digest) The nonce used in the |
| 49 // authorization attempt is stale, but |
| 50 // otherwise the attempt was valid. |
| 51 |
| 52 AUTHORIZATION_RESULT_INVALID, // The authentication challenge headers are |
| 53 // poorly formed (the authorization attempt |
| 54 // itself may have been fine). |
| 55 }; |
| 56 |
| 40 // Describes where the identity used for authentication came from. | 57 // Describes where the identity used for authentication came from. |
| 41 enum IdentitySource { | 58 enum IdentitySource { |
| 42 // Came from nowhere -- the identity is not initialized. | 59 // Came from nowhere -- the identity is not initialized. |
| 43 IDENT_SRC_NONE, | 60 IDENT_SRC_NONE, |
| 44 | 61 |
| 45 // The identity came from the auth cache, by doing a path-based | 62 // The identity came from the auth cache, by doing a path-based |
| 46 // lookup (premptive authorization). | 63 // lookup (premptive authorization). |
| 47 IDENT_SRC_PATH_LOOKUP, | 64 IDENT_SRC_PATH_LOOKUP, |
| 48 | 65 |
| 49 // The identity was extracted from a URL of the form: | 66 // The identity was extracted from a URL of the form: |
| (...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 81 // Get the name of the header where the credentials go | 98 // Get the name of the header where the credentials go |
| 82 // (either Authorization or Proxy-Authorization). | 99 // (either Authorization or Proxy-Authorization). |
| 83 static std::string GetAuthorizationHeaderName(Target target); | 100 static std::string GetAuthorizationHeaderName(Target target); |
| 84 | 101 |
| 85 // Returns a string representation of a Target value that can be used in log | 102 // Returns a string representation of a Target value that can be used in log |
| 86 // messages. | 103 // messages. |
| 87 static std::string GetAuthTargetString(Target target); | 104 static std::string GetAuthTargetString(Target target); |
| 88 | 105 |
| 89 // Iterate through the challenge headers, and pick the best one that | 106 // Iterate through the challenge headers, and pick the best one that |
| 90 // we support. Obtains the implementation class for handling the challenge, | 107 // we support. Obtains the implementation class for handling the challenge, |
| 91 // and passes it back in |*handler|. If the existing handler in |*handler| | 108 // and passes it back in |*handler|. If no supported challenge was found, |
| 92 // should continue to be used (such as for the NTLM authentication scheme), | 109 // |*handler| is set to NULL. |
| 93 // |*handler| is unchanged. If no supported challenge was found, |*handler| | |
| 94 // is set to NULL. | |
| 95 // | 110 // |
| 96 // |disabled_schemes| is the set of schemes that we should not use. | 111 // |disabled_schemes| is the set of schemes that we should not use. |
| 97 // | 112 // |
| 98 // |origin| is used by the NTLM authentication scheme to construct the | 113 // |origin| is used by the NTLM and Negotiation authentication scheme to |
| 99 // service principal name. It is ignored by other schemes. | 114 // construct the service principal name. It is ignored by other schemes. |
| 100 // | |
| 101 // TODO(wtc): Continuing to use the existing handler in |*handler| (for | |
| 102 // NTLM) is new behavior. Rename ChooseBestChallenge to fully encompass | |
| 103 // what it does now. | |
| 104 static void ChooseBestChallenge( | 115 static void ChooseBestChallenge( |
| 105 HttpAuthHandlerFactory* http_auth_handler_factory, | 116 HttpAuthHandlerFactory* http_auth_handler_factory, |
| 106 const HttpResponseHeaders* headers, | 117 const HttpResponseHeaders* headers, |
| 107 Target target, | 118 Target target, |
| 108 const GURL& origin, | 119 const GURL& origin, |
| 109 const std::set<std::string>& disabled_schemes, | 120 const std::set<std::string>& disabled_schemes, |
| 110 const BoundNetLog& net_log, | 121 const BoundNetLog& net_log, |
| 111 scoped_ptr<HttpAuthHandler>* handler); | 122 scoped_ptr<HttpAuthHandler>* handler); |
| 112 | 123 |
| 124 // Handle a response to a previous authentication attempt. |
| 125 static AuthorizationResult HandleChallengeResponse( |
| 126 HttpAuthHandler* handler, |
| 127 const HttpResponseHeaders* headers, |
| 128 Target target, |
| 129 const std::set<std::string>& disabled_schemes); |
| 130 |
| 113 // ChallengeTokenizer breaks up a challenge string into the the auth scheme | 131 // ChallengeTokenizer breaks up a challenge string into the the auth scheme |
| 114 // and parameter list, according to RFC 2617 Sec 1.2: | 132 // and parameter list, according to RFC 2617 Sec 1.2: |
| 115 // challenge = auth-scheme 1*SP 1#auth-param | 133 // challenge = auth-scheme 1*SP 1#auth-param |
| 116 // | 134 // |
| 117 // Check valid() after each iteration step in case it was malformed. | 135 // Check valid() after each iteration step in case it was malformed. |
| 118 // Also note that value() will give whatever is to the right of the equals | 136 // Also note that value() will give whatever is to the right of the equals |
| 119 // sign, quotemarks and all. Use unquoted_value() to get the logical value. | 137 // sign, quotemarks and all. Use unquoted_value() to get the logical value. |
| 120 class ChallengeTokenizer { | 138 class ChallengeTokenizer { |
| 121 public: | 139 public: |
| 122 ChallengeTokenizer(std::string::const_iterator begin, | 140 ChallengeTokenizer(std::string::const_iterator begin, |
| (...skipping 79 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 202 std::string::const_iterator value_end_; | 220 std::string::const_iterator value_end_; |
| 203 | 221 |
| 204 bool value_is_quoted_; | 222 bool value_is_quoted_; |
| 205 bool expect_base64_token_; | 223 bool expect_base64_token_; |
| 206 }; | 224 }; |
| 207 }; | 225 }; |
| 208 | 226 |
| 209 } // namespace net | 227 } // namespace net |
| 210 | 228 |
| 211 #endif // NET_HTTP_HTTP_AUTH_H_ | 229 #endif // NET_HTTP_HTTP_AUTH_H_ |
| OLD | NEW |