OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_HTTP_HTTP_AUTH_H_ | 5 #ifndef NET_HTTP_HTTP_AUTH_H_ |
6 #define NET_HTTP_HTTP_AUTH_H_ | 6 #define NET_HTTP_HTTP_AUTH_H_ |
7 | 7 |
8 #include <set> | 8 #include <set> |
9 #include <string> | 9 #include <string> |
10 | 10 |
11 #include "base/memory/scoped_ptr.h" | 11 #include "base/memory/scoped_ptr.h" |
12 #include "net/base/auth.h" | 12 #include "net/base/auth.h" |
13 #include "net/base/net_export.h" | 13 #include "net/base/net_export.h" |
14 #include "net/http/http_util.h" | 14 #include "net/http/http_util.h" |
15 | 15 |
16 template <class T> class scoped_refptr; | |
17 | |
18 namespace net { | 16 namespace net { |
19 | 17 |
20 class BoundNetLog; | 18 class BoundNetLog; |
21 class HttpAuthHandler; | 19 class HttpAuthHandler; |
22 class HttpAuthHandlerFactory; | 20 class HttpAuthHandlerFactory; |
| 21 class HttpAuthSchemeSet; |
23 class HttpResponseHeaders; | 22 class HttpResponseHeaders; |
24 | 23 |
25 // Utility class for http authentication. | 24 // Utility class for http authentication. |
26 class NET_EXPORT_PRIVATE HttpAuth { | 25 class NET_EXPORT_PRIVATE HttpAuth { |
27 public: | 26 public: |
28 // Http authentication can be done the the proxy server, origin server, | 27 // Http authentication can be done the the proxy server, origin server, |
29 // or both. This enum tracks who the target is. | 28 // or both. This enum tracks who the target is. |
30 enum Target { | 29 enum Target { |
31 AUTH_NONE = -1, | 30 AUTH_NONE = -1, |
32 // We depend on the valid targets (!= AUTH_NONE) being usable as indexes | 31 // We depend on the valid targets (!= AUTH_NONE) being usable as indexes |
(...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
80 | 79 |
81 // The identity was provided by RestartWithAuth -- it likely | 80 // The identity was provided by RestartWithAuth -- it likely |
82 // came from a prompt (or maybe the password manager). | 81 // came from a prompt (or maybe the password manager). |
83 IDENT_SRC_EXTERNAL, | 82 IDENT_SRC_EXTERNAL, |
84 | 83 |
85 // The identity used the default credentials for the computer, | 84 // The identity used the default credentials for the computer, |
86 // on schemes that support single sign-on. | 85 // on schemes that support single sign-on. |
87 IDENT_SRC_DEFAULT_CREDENTIALS, | 86 IDENT_SRC_DEFAULT_CREDENTIALS, |
88 }; | 87 }; |
89 | 88 |
90 enum Scheme { | 89 // Helper structure used by HttpNetworkTransaction to track the current |
91 AUTH_SCHEME_BASIC = 0, | 90 // identity being used for authorization. |
92 AUTH_SCHEME_DIGEST, | |
93 AUTH_SCHEME_NTLM, | |
94 AUTH_SCHEME_NEGOTIATE, | |
95 AUTH_SCHEME_SPDYPROXY, | |
96 AUTH_SCHEME_MOCK, | |
97 AUTH_SCHEME_MAX, | |
98 }; | |
99 | |
100 // Helper structure used by HttpNetworkTransaction to track | |
101 // the current identity being used for authorization. | |
102 struct Identity { | 91 struct Identity { |
103 Identity(); | 92 Identity(); |
| 93 ~Identity(); |
104 | 94 |
105 IdentitySource source; | 95 IdentitySource source; |
106 bool invalid; | 96 bool invalid; |
107 AuthCredentials credentials; | 97 AuthCredentials credentials; |
108 }; | 98 }; |
109 | 99 |
110 // Get the name of the header containing the auth challenge | 100 // Get the name of the header containing the auth challenge (either |
111 // (either WWW-Authenticate or Proxy-Authenticate). | 101 // WWW-Authenticate or Proxy-Authenticate). |
112 static std::string GetChallengeHeaderName(Target target); | 102 static std::string GetChallengeHeaderName(Target target); |
113 | 103 |
114 // Get the name of the header where the credentials go | 104 // Get the name of the header where the credentials go |
115 // (either Authorization or Proxy-Authorization). | 105 // (either Authorization or Proxy-Authorization). |
116 static std::string GetAuthorizationHeaderName(Target target); | 106 static std::string GetAuthorizationHeaderName(Target target); |
117 | 107 |
118 // Returns a string representation of a Target value that can be used in log | 108 // Returns a string representation of a Target value that can be used in log |
119 // messages. | 109 // messages. |
120 static std::string GetAuthTargetString(Target target); | 110 static std::string GetAuthTargetString(Target target); |
121 | 111 |
122 // Returns a string representation of an authentication Scheme. | 112 // Iterate through the challenge headers, and pick the best one that we |
123 static const char* SchemeToString(Scheme scheme); | 113 // support. Obtains the implementation class for handling the challenge, and |
124 | 114 // passes it back in |*handler|. If no supported challenge was found, |
125 // Iterate through the challenge headers, and pick the best one that | |
126 // we support. Obtains the implementation class for handling the challenge, | |
127 // and passes it back in |*handler|. If no supported challenge was found, | |
128 // |*handler| is set to NULL. | 115 // |*handler| is set to NULL. |
129 // | 116 // |
130 // |disabled_schemes| is the set of schemes that we should not use. | 117 // |disabled_schemes| is the set of schemes that we should not use. |
131 // | 118 // |
132 // |origin| is used by the NTLM and Negotiation authentication scheme to | 119 // |origin| is used by the NTLM and Negotiation authentication scheme to |
133 // construct the service principal name. It is ignored by other schemes. | 120 // construct the service principal name. It is ignored by other schemes. |
134 static void ChooseBestChallenge( | 121 static void ChooseBestChallenge( |
135 HttpAuthHandlerFactory* http_auth_handler_factory, | 122 HttpAuthHandlerFactory* http_auth_handler_factory, |
136 const HttpResponseHeaders* headers, | 123 const HttpResponseHeaders* headers, |
137 Target target, | 124 Target target, |
138 const GURL& origin, | 125 const GURL& origin, |
139 const std::set<Scheme>& disabled_schemes, | 126 const HttpAuthSchemeSet& disabled_schemes, |
140 const BoundNetLog& net_log, | 127 const BoundNetLog& net_log, |
141 scoped_ptr<HttpAuthHandler>* handler); | 128 scoped_ptr<HttpAuthHandler>* handler); |
142 | 129 |
143 // Handle a 401/407 response from a server/proxy after a previous | 130 // Handle a 401/407 response from a server/proxy after a previous |
144 // authentication attempt. For connection-based authentication schemes, the | 131 // authentication attempt. For connection-based authentication schemes, the |
145 // new response may be another round in a multi-round authentication sequence. | 132 // new response may be another round in a multi-round authentication sequence. |
146 // For request-based schemes, a 401/407 response is typically treated like a | 133 // For request-based schemes, a 401/407 response is typically treated like a |
147 // rejection of the previous challenge, except in the Digest case when a | 134 // rejection of the previous challenge, except in the Digest case when a |
148 // "stale" attribute is present. | 135 // "stale" attribute is present. |
149 // | 136 // |
150 // |handler| must be non-NULL, and is the HttpAuthHandler from the previous | 137 // |handler| must be non-NULL, and is the HttpAuthHandler from the previous |
151 // authentication round. | 138 // authentication round. |
152 // | 139 // |
153 // |headers| must be non-NULL and contain the new HTTP response. | 140 // |headers| must be non-NULL and contain the new HTTP response. |
154 // | 141 // |
155 // |target| specifies whether the authentication challenge response came | 142 // |target| specifies whether the authentication challenge response came |
156 // from a server or a proxy. | 143 // from a server or a proxy. |
157 // | 144 // |
158 // |disabled_schemes| are the authentication schemes to ignore. | 145 // |disabled_schemes| are the authentication schemes to ignore. |
159 // | 146 // |
160 // |challenge_used| is the text of the authentication challenge used in | 147 // |challenge_used| is the text of the authentication challenge used in |
161 // support of the returned AuthorizationResult. If no headers were used for | 148 // support of the returned AuthorizationResult. If no headers were used for |
162 // the result (for example, all headers have unknown authentication schemes), | 149 // the result (for example, all headers have unknown authentication schemes), |
163 // the value is cleared. | 150 // the value is cleared. |
164 static AuthorizationResult HandleChallengeResponse( | 151 static AuthorizationResult HandleChallengeResponse( |
165 HttpAuthHandler* handler, | 152 HttpAuthHandler* handler, |
166 const HttpResponseHeaders* headers, | 153 const HttpResponseHeaders* headers, |
167 Target target, | 154 Target target, |
168 const std::set<Scheme>& disabled_schemes, | 155 const HttpAuthSchemeSet& disabled_schemes, |
169 std::string* challenge_used); | 156 std::string* challenge_used); |
| 157 |
| 158 // RFC 7235 states that an authentication scheme is a case insensitive token. |
| 159 // This function checks whether |scheme| is a token AND is lowercase. |
| 160 static bool IsValidNormalizedScheme(const std::string& scheme); |
170 }; | 161 }; |
171 | 162 |
172 } // namespace net | 163 } // namespace net |
173 | 164 |
174 #endif // NET_HTTP_HTTP_AUTH_H_ | 165 #endif // NET_HTTP_HTTP_AUTH_H_ |
OLD | NEW |