OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_HTTP_HTTP_AUTH_H_ | 5 #ifndef NET_HTTP_HTTP_AUTH_H_ |
6 #define NET_HTTP_HTTP_AUTH_H_ | 6 #define NET_HTTP_HTTP_AUTH_H_ |
7 | 7 |
8 #include <set> | 8 #include <set> |
9 #include <string> | 9 #include <string> |
10 | 10 |
(...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
86 IDENT_SRC_DEFAULT_CREDENTIALS, | 86 IDENT_SRC_DEFAULT_CREDENTIALS, |
87 }; | 87 }; |
88 | 88 |
89 // Helper structure used by HttpNetworkTransaction to track the current | 89 // Helper structure used by HttpNetworkTransaction to track the current |
90 // identity being used for authorization. | 90 // identity being used for authorization. |
91 struct Identity { | 91 struct Identity { |
92 Identity(); | 92 Identity(); |
93 ~Identity(); | 93 ~Identity(); |
94 | 94 |
95 IdentitySource source; | 95 IdentitySource source; |
96 bool invalid; | 96 bool invalid; // TODO(asanka): Invert this. |
97 AuthCredentials credentials; | 97 AuthCredentials credentials; |
98 }; | 98 }; |
99 | 99 |
100 // Get the name of the header containing the auth challenge (either | 100 // Get the name of the header containing the auth challenge (either |
101 // WWW-Authenticate or Proxy-Authenticate). | 101 // WWW-Authenticate or Proxy-Authenticate). |
102 static std::string GetChallengeHeaderName(Target target); | 102 static std::string GetChallengeHeaderName(Target target); |
103 | 103 |
104 // Get the name of the header where the credentials go | 104 // Get the name of the header where the credentials go |
105 // (either Authorization or Proxy-Authorization). | 105 // (either Authorization or Proxy-Authorization). |
106 static std::string GetAuthorizationHeaderName(Target target); | 106 static std::string GetAuthorizationHeaderName(Target target); |
107 | 107 |
108 // Returns a string representation of a Target value that can be used in log | 108 // Returns a string representation of a Target value that can be used in log |
109 // messages. | 109 // messages. |
110 static std::string GetAuthTargetString(Target target); | 110 static std::string GetAuthTargetString(Target target); |
111 | 111 |
112 // Iterate through the challenge headers, and pick the best one that we | |
113 // support. Obtains the implementation class for handling the challenge, and | |
114 // passes it back in |*handler|. If no supported challenge was found, | |
115 // |*handler| is set to NULL. | |
116 // | |
117 // |disabled_schemes| is the set of schemes that we should not use. | |
118 // | |
119 // |origin| is used by the NTLM and Negotiation authentication scheme to | |
120 // construct the service principal name. It is ignored by other schemes. | |
121 static void ChooseBestChallenge( | |
122 HttpAuthHandlerFactory* http_auth_handler_factory, | |
123 const HttpResponseHeaders* headers, | |
124 Target target, | |
125 const GURL& origin, | |
126 const HttpAuthSchemeSet& disabled_schemes, | |
127 const BoundNetLog& net_log, | |
128 scoped_ptr<HttpAuthHandler>* handler); | |
129 | |
130 // Handle a 401/407 response from a server/proxy after a previous | |
131 // authentication attempt. For connection-based authentication schemes, the | |
132 // new response may be another round in a multi-round authentication sequence. | |
133 // For request-based schemes, a 401/407 response is typically treated like a | |
134 // rejection of the previous challenge, except in the Digest case when a | |
135 // "stale" attribute is present. | |
136 // | |
137 // |handler| must be non-NULL, and is the HttpAuthHandler from the previous | |
138 // authentication round. | |
139 // | |
140 // |headers| must be non-NULL and contain the new HTTP response. | |
141 // | |
142 // |target| specifies whether the authentication challenge response came | |
143 // from a server or a proxy. | |
144 // | |
145 // |disabled_schemes| are the authentication schemes to ignore. | |
146 // | |
147 // |challenge_used| is the text of the authentication challenge used in | |
148 // support of the returned AuthorizationResult. If no headers were used for | |
149 // the result (for example, all headers have unknown authentication schemes), | |
150 // the value is cleared. | |
151 static AuthorizationResult HandleChallengeResponse( | |
152 HttpAuthHandler* handler, | |
153 const HttpResponseHeaders* headers, | |
154 Target target, | |
155 const HttpAuthSchemeSet& disabled_schemes, | |
156 std::string* challenge_used); | |
157 | |
158 // RFC 7235 states that an authentication scheme is a case insensitive token. | 112 // RFC 7235 states that an authentication scheme is a case insensitive token. |
159 // This function checks whether |scheme| is a token AND is lowercase. | 113 // This function checks whether |scheme| is a token AND is lowercase. |
160 static bool IsValidNormalizedScheme(const std::string& scheme); | 114 static bool IsValidNormalizedScheme(const std::string& scheme); |
161 }; | 115 }; |
162 | 116 |
163 } // namespace net | 117 } // namespace net |
164 | 118 |
165 #endif // NET_HTTP_HTTP_AUTH_H_ | 119 #endif // NET_HTTP_HTTP_AUTH_H_ |
OLD | NEW |