OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_HTTP_HTTP_AUTH_HANDLER_H_ | 5 #ifndef NET_HTTP_HTTP_AUTH_HANDLER_H_ |
6 #define NET_HTTP_HTTP_AUTH_HANDLER_H_ | 6 #define NET_HTTP_HTTP_AUTH_HANDLER_H_ |
7 | 7 |
8 #include <string> | 8 #include <string> |
9 | 9 |
10 #include "net/base/completion_callback.h" | 10 #include "net/base/completion_callback.h" |
(...skipping 59 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
70 // invoked, but |credentials| is only used during the initial call. | 70 // invoked, but |credentials| is only used during the initial call. |
71 // | 71 // |
72 // All other return codes indicate that there was a problem generating a | 72 // All other return codes indicate that there was a problem generating a |
73 // token, and the value of |*auth_token| is unspecified. | 73 // token, and the value of |*auth_token| is unspecified. |
74 int GenerateAuthToken(const AuthCredentials* credentials, | 74 int GenerateAuthToken(const AuthCredentials* credentials, |
75 const HttpRequestInfo* request, | 75 const HttpRequestInfo* request, |
76 const CompletionCallback& callback, | 76 const CompletionCallback& callback, |
77 std::string* auth_token); | 77 std::string* auth_token); |
78 | 78 |
79 // The authentication scheme as an enumerated value. | 79 // The authentication scheme as an enumerated value. |
80 HttpAuth::Scheme auth_scheme() const { | 80 const std::string& auth_scheme() const { return auth_scheme_; } |
81 return auth_scheme_; | |
82 } | |
83 | 81 |
84 // The realm, encoded as UTF-8. This may be empty. | 82 // The realm, encoded as UTF-8. This may be empty. |
85 const std::string& realm() const { | 83 const std::string& realm() const { |
86 return realm_; | 84 return realm_; |
87 } | 85 } |
88 | 86 |
89 // The challenge which was issued when creating the handler. | 87 // The challenge which was issued when creating the handler. |
90 const std::string& challenge() const { return auth_challenge_; } | 88 const std::string& challenge() const { return auth_challenge_; } |
91 | 89 |
92 // Numeric rank based on the challenge's security level. Higher | |
93 // numbers are better. Used by HttpAuth::ChooseBestChallenge(). | |
94 int score() const { | |
95 return score_; | |
96 } | |
97 | |
98 HttpAuth::Target target() const { | 90 HttpAuth::Target target() const { |
99 return target_; | 91 return target_; |
100 } | 92 } |
101 | 93 |
102 // Returns the proxy or server which issued the authentication challenge | 94 // Returns the proxy or server which issued the authentication challenge |
103 // that this HttpAuthHandler is handling. The URL includes scheme, host, and | 95 // that this HttpAuthHandler is handling. The URL includes scheme, host, and |
104 // port, but does not include path. | 96 // port, but does not include path. |
105 const GURL& origin() const { | 97 const GURL& origin() const { |
106 return origin_; | 98 return origin_; |
107 } | 99 } |
108 | 100 |
109 // Returns true if the authentication scheme does not send the username and | |
110 // password in the clear. | |
111 bool encrypts_identity() const { | |
112 return (properties_ & ENCRYPTS_IDENTITY) != 0; | |
113 } | |
114 | |
115 // Returns true if the authentication scheme is connection-based, for | |
116 // example, NTLM. A connection-based authentication scheme does not support | |
117 // preemptive authentication, and must use the same handler object | |
118 // throughout the life of an HTTP transaction. | |
119 bool is_connection_based() const { | |
120 return (properties_ & IS_CONNECTION_BASED) != 0; | |
121 } | |
122 | |
123 // Returns true if the response to the current authentication challenge | 101 // Returns true if the response to the current authentication challenge |
124 // requires an identity. | 102 // requires an identity. |
125 // TODO(wtc): Find a better way to handle a multi-round challenge-response | 103 // TODO(wtc): Find a better way to handle a multi-round challenge-response |
126 // sequence used by a connection-based authentication scheme. | 104 // sequence used by a connection-based authentication scheme. |
127 virtual bool NeedsIdentity(); | 105 virtual bool NeedsIdentity(); |
128 | 106 |
129 // Returns whether the default credentials may be used for the |origin| passed | 107 // Returns whether the default credentials may be used for the |origin| passed |
130 // into |InitFromChallenge|. If true, the user does not need to be prompted | 108 // into |InitFromChallenge|. If true, the user does not need to be prompted |
131 // for username and password to establish credentials. | 109 // for username and password to establish credentials. |
132 // NOTE: SSO is a potential security risk. | 110 // NOTE: SSO is a potential security risk. |
133 // TODO(cbentzel): Add a pointer to Firefox documentation about risk. | 111 // TODO(cbentzel): Add a pointer to Firefox documentation about risk. |
134 virtual bool AllowsDefaultCredentials(); | 112 virtual bool AllowsDefaultCredentials(); |
135 | 113 |
136 // Returns whether explicit credentials can be used with this handler. If | 114 // Returns whether explicit credentials can be used with this handler. If |
137 // true the user may be prompted for credentials if an implicit identity | 115 // true the user may be prompted for credentials if an implicit identity |
138 // cannot be determined. | 116 // cannot be determined. |
139 virtual bool AllowsExplicitCredentials(); | 117 virtual bool AllowsExplicitCredentials(); |
140 | 118 |
141 protected: | 119 protected: |
142 enum Property { | |
143 ENCRYPTS_IDENTITY = 1 << 0, | |
144 IS_CONNECTION_BASED = 1 << 1, | |
145 }; | |
146 | |
147 // Initializes the handler using a challenge issued by a server. | 120 // Initializes the handler using a challenge issued by a server. |
148 // |challenge| must be non-NULL and have already tokenized the | 121 // |challenge| must be non-NULL and have already tokenized the |
149 // authentication scheme, but none of the tokens occurring after the | 122 // authentication scheme, but none of the tokens occurring after the |
150 // authentication scheme. | 123 // authentication scheme. |
151 // Implementations are expected to initialize the following members: | 124 // Implementations are expected to initialize the following members: |
152 // scheme_, realm_, score_, properties_ | 125 // scheme_, realm_ |
153 virtual bool Init(HttpAuthChallengeTokenizer* challenge) = 0; | 126 virtual bool Init(HttpAuthChallengeTokenizer* challenge) = 0; |
154 | 127 |
155 // |GenerateAuthTokenImpl()} is the auth-scheme specific implementation | 128 // |GenerateAuthTokenImpl()} is the auth-scheme specific implementation |
156 // of generating the next auth token. Callers should use |GenerateAuthToken()| | 129 // of generating the next auth token. Callers should use |GenerateAuthToken()| |
157 // which will in turn call |GenerateAuthTokenImpl()| | 130 // which will in turn call |GenerateAuthTokenImpl()| |
158 virtual int GenerateAuthTokenImpl(const AuthCredentials* credentials, | 131 virtual int GenerateAuthTokenImpl(const AuthCredentials* credentials, |
159 const HttpRequestInfo* request, | 132 const HttpRequestInfo* request, |
160 const CompletionCallback& callback, | 133 const CompletionCallback& callback, |
161 std::string* auth_token) = 0; | 134 std::string* auth_token) = 0; |
162 | 135 |
163 // The auth-scheme as an enumerated value. | 136 // The auth-scheme as a lowercase ASCII RFC 2616 2.2 token. |
164 HttpAuth::Scheme auth_scheme_; | 137 std::string auth_scheme_; |
165 | 138 |
166 // The realm, encoded as UTF-8. Used by "basic" and "digest". | 139 // The realm, encoded as UTF-8. Used by "basic" and "digest". |
167 std::string realm_; | 140 std::string realm_; |
168 | 141 |
169 // The auth challenge. | 142 // The auth challenge. |
170 std::string auth_challenge_; | 143 std::string auth_challenge_; |
171 | 144 |
172 // The {scheme, host, port} for the authentication target. Used by "ntlm" | 145 // The {scheme, host, port} for the authentication target. Used by "ntlm" |
173 // and "negotiate" to construct the service principal name. | 146 // and "negotiate" to construct the service principal name. |
174 GURL origin_; | 147 GURL origin_; |
175 | 148 |
176 // The score for this challenge. Higher numbers are better. | |
177 int score_; | |
178 | |
179 // Whether this authentication request is for a proxy server, or an | 149 // Whether this authentication request is for a proxy server, or an |
180 // origin server. | 150 // origin server. |
181 HttpAuth::Target target_; | 151 HttpAuth::Target target_; |
182 | 152 |
183 // A bitmask of the properties of the authentication scheme. | |
184 int properties_; | |
185 | |
186 BoundNetLog net_log_; | 153 BoundNetLog net_log_; |
187 | 154 |
188 private: | 155 private: |
189 void OnGenerateAuthTokenComplete(int rv); | 156 void OnGenerateAuthTokenComplete(int rv); |
190 void FinishGenerateAuthToken(); | 157 void FinishGenerateAuthToken(); |
191 | 158 |
192 CompletionCallback callback_; | 159 CompletionCallback callback_; |
193 }; | 160 }; |
194 | 161 |
195 } // namespace net | 162 } // namespace net |
196 | 163 |
197 #endif // NET_HTTP_HTTP_AUTH_HANDLER_H_ | 164 #endif // NET_HTTP_HTTP_AUTH_HANDLER_H_ |
OLD | NEW |