OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_HTTP_HTTP_AUTH_H_ | 5 #ifndef NET_HTTP_HTTP_AUTH_H_ |
6 #define NET_HTTP_HTTP_AUTH_H_ | 6 #define NET_HTTP_HTTP_AUTH_H_ |
7 | 7 |
8 #include <set> | 8 #include <set> |
9 #include <string> | 9 #include <string> |
10 | 10 |
11 #include "base/memory/scoped_ptr.h" | 11 #include "base/memory/scoped_ptr.h" |
12 #include "net/base/auth.h" | 12 #include "net/base/auth.h" |
13 #include "net/base/net_export.h" | 13 #include "net/base/net_export.h" |
14 #include "net/http/http_util.h" | 14 #include "net/http/http_util.h" |
15 | 15 |
16 template <class T> class scoped_refptr; | 16 template <class T> class scoped_refptr; |
17 | 17 |
18 namespace net { | 18 namespace net { |
19 | 19 |
20 class BoundNetLog; | 20 class BoundNetLog; |
21 class HttpAuthHandler; | 21 class HttpAuthHandler; |
22 class HttpAuthHandlerFactory; | 22 class HttpAuthHandlerFactory; |
23 class HttpResponseHeaders; | 23 class HttpResponseHeaders; |
| 24 class SSLInfo; |
24 | 25 |
25 // Utility class for http authentication. | 26 // Utility class for http authentication. |
26 class NET_EXPORT_PRIVATE HttpAuth { | 27 class NET_EXPORT_PRIVATE HttpAuth { |
27 public: | 28 public: |
28 // Http authentication can be done the the proxy server, origin server, | 29 // Http authentication can be done the the proxy server, origin server, |
29 // or both. This enum tracks who the target is. | 30 // or both. This enum tracks who the target is. |
30 enum Target { | 31 enum Target { |
31 AUTH_NONE = -1, | 32 AUTH_NONE = -1, |
32 // We depend on the valid targets (!= AUTH_NONE) being usable as indexes | 33 // We depend on the valid targets (!= AUTH_NONE) being usable as indexes |
33 // in an array, so start from 0. | 34 // in an array, so start from 0. |
(...skipping 81 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
115 // (either Authorization or Proxy-Authorization). | 116 // (either Authorization or Proxy-Authorization). |
116 static std::string GetAuthorizationHeaderName(Target target); | 117 static std::string GetAuthorizationHeaderName(Target target); |
117 | 118 |
118 // Returns a string representation of a Target value that can be used in log | 119 // Returns a string representation of a Target value that can be used in log |
119 // messages. | 120 // messages. |
120 static std::string GetAuthTargetString(Target target); | 121 static std::string GetAuthTargetString(Target target); |
121 | 122 |
122 // Returns a string representation of an authentication Scheme. | 123 // Returns a string representation of an authentication Scheme. |
123 static const char* SchemeToString(Scheme scheme); | 124 static const char* SchemeToString(Scheme scheme); |
124 | 125 |
125 // Iterate through the challenge headers, and pick the best one that | 126 // Iterate through |response_headers|, and pick the best one that we support. |
126 // we support. Obtains the implementation class for handling the challenge, | 127 // Obtains the implementation class for handling the challenge, and passes it |
127 // and passes it back in |*handler|. If no supported challenge was found, | 128 // back in |*handler|. If no supported challenge was found, |*handler| is set |
128 // |*handler| is set to NULL. | 129 // to NULL. |
129 // | 130 // |
130 // |disabled_schemes| is the set of schemes that we should not use. | 131 // |disabled_schemes| is the set of schemes that we should not use. |
131 // | 132 // |
132 // |origin| is used by the NTLM and Negotiation authentication scheme to | 133 // |origin| is used by the NTLM and Negotiation authentication scheme to |
133 // construct the service principal name. It is ignored by other schemes. | 134 // construct the service principal name. It is ignored by other schemes. |
| 135 // |
| 136 // |ssl_info| is passed through to the scheme specific authentication handlers |
| 137 // to use as appropriate. |
134 static void ChooseBestChallenge( | 138 static void ChooseBestChallenge( |
135 HttpAuthHandlerFactory* http_auth_handler_factory, | 139 HttpAuthHandlerFactory* http_auth_handler_factory, |
136 const HttpResponseHeaders* headers, | 140 const HttpResponseHeaders& response_headers, |
| 141 const SSLInfo& ssl_info, |
137 Target target, | 142 Target target, |
138 const GURL& origin, | 143 const GURL& origin, |
139 const std::set<Scheme>& disabled_schemes, | 144 const std::set<Scheme>& disabled_schemes, |
140 const BoundNetLog& net_log, | 145 const BoundNetLog& net_log, |
141 scoped_ptr<HttpAuthHandler>* handler); | 146 scoped_ptr<HttpAuthHandler>* handler); |
142 | 147 |
143 // Handle a 401/407 response from a server/proxy after a previous | 148 // Handle a 401/407 response from a server/proxy after a previous |
144 // authentication attempt. For connection-based authentication schemes, the | 149 // authentication attempt. For connection-based authentication schemes, the |
145 // new response may be another round in a multi-round authentication sequence. | 150 // new response may be another round in a multi-round authentication sequence. |
146 // For request-based schemes, a 401/407 response is typically treated like a | 151 // For request-based schemes, a 401/407 response is typically treated like a |
147 // rejection of the previous challenge, except in the Digest case when a | 152 // rejection of the previous challenge, except in the Digest case when a |
148 // "stale" attribute is present. | 153 // "stale" attribute is present. |
149 // | 154 // |
150 // |handler| must be non-NULL, and is the HttpAuthHandler from the previous | 155 // |handler| must be non-NULL, and is the HttpAuthHandler from the previous |
151 // authentication round. | 156 // authentication round. |
152 // | 157 // |
153 // |headers| must be non-NULL and contain the new HTTP response. | 158 // |response_headers| must contain the new HTTP response. |
154 // | 159 // |
155 // |target| specifies whether the authentication challenge response came | 160 // |target| specifies whether the authentication challenge response came |
156 // from a server or a proxy. | 161 // from a server or a proxy. |
157 // | 162 // |
158 // |disabled_schemes| are the authentication schemes to ignore. | 163 // |disabled_schemes| are the authentication schemes to ignore. |
159 // | 164 // |
160 // |challenge_used| is the text of the authentication challenge used in | 165 // |challenge_used| is the text of the authentication challenge used in |
161 // support of the returned AuthorizationResult. If no headers were used for | 166 // support of the returned AuthorizationResult. If no headers were used for |
162 // the result (for example, all headers have unknown authentication schemes), | 167 // the result (for example, all headers have unknown authentication schemes), |
163 // the value is cleared. | 168 // the value is cleared. |
164 static AuthorizationResult HandleChallengeResponse( | 169 static AuthorizationResult HandleChallengeResponse( |
165 HttpAuthHandler* handler, | 170 HttpAuthHandler* handler, |
166 const HttpResponseHeaders* headers, | 171 const HttpResponseHeaders& response_headers, |
167 Target target, | 172 Target target, |
168 const std::set<Scheme>& disabled_schemes, | 173 const std::set<Scheme>& disabled_schemes, |
169 std::string* challenge_used); | 174 std::string* challenge_used); |
170 }; | 175 }; |
171 | 176 |
172 } // namespace net | 177 } // namespace net |
173 | 178 |
174 #endif // NET_HTTP_HTTP_AUTH_H_ | 179 #endif // NET_HTTP_HTTP_AUTH_H_ |
OLD | NEW |