OLD | NEW |
---|---|
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_HTTP_HTTP_AUTH_HANDLER_FACTORY_H_ | 5 #ifndef NET_HTTP_HTTP_AUTH_HANDLER_FACTORY_H_ |
6 #define NET_HTTP_HTTP_AUTH_HANDLER_FACTORY_H_ | 6 #define NET_HTTP_HTTP_AUTH_HANDLER_FACTORY_H_ |
7 | 7 |
8 #include <map> | 8 #include <map> |
9 #include <string> | 9 #include <string> |
10 #include <vector> | 10 #include <vector> |
11 | 11 |
12 #include "base/memory/scoped_ptr.h" | 12 #include "base/memory/scoped_ptr.h" |
13 #include "net/base/net_export.h" | 13 #include "net/base/net_export.h" |
14 #include "net/http/http_auth.h" | 14 #include "net/http/http_auth.h" |
15 #include "net/http/url_security_manager.h" | 15 #include "net/http/url_security_manager.h" |
16 | 16 |
17 class GURL; | 17 class GURL; |
18 | 18 |
19 namespace net { | 19 namespace net { |
20 | 20 |
21 class BoundNetLog; | 21 class BoundNetLog; |
22 class HttpAuthPreferences; | |
22 class HostResolver; | 23 class HostResolver; |
23 class HttpAuthChallengeTokenizer; | 24 class HttpAuthChallengeTokenizer; |
24 class HttpAuthHandler; | 25 class HttpAuthHandler; |
25 class HttpAuthHandlerRegistryFactory; | 26 class HttpAuthHandlerRegistryFactory; |
26 | 27 |
27 // An HttpAuthHandlerFactory is used to create HttpAuthHandler objects. | 28 // An HttpAuthHandlerFactory is used to create HttpAuthHandler objects. |
28 // The HttpAuthHandlerFactory object _must_ outlive any of the HttpAuthHandler | 29 // The HttpAuthHandlerFactory object _must_ outlive any of the HttpAuthHandler |
29 // objects that it creates. | 30 // objects that it creates. |
30 class NET_EXPORT HttpAuthHandlerFactory { | 31 class NET_EXPORT HttpAuthHandlerFactory { |
31 public: | 32 public: |
32 enum CreateReason { | 33 enum CreateReason { |
33 CREATE_CHALLENGE, // Create a handler in response to a challenge. | 34 CREATE_CHALLENGE, // Create a handler in response to a challenge. |
34 CREATE_PREEMPTIVE, // Create a handler preemptively. | 35 CREATE_PREEMPTIVE, // Create a handler preemptively. |
35 }; | 36 }; |
36 | 37 |
37 HttpAuthHandlerFactory() : url_security_manager_(NULL) {} | 38 HttpAuthHandlerFactory() : http_auth_preferences_(NULL) {} |
38 virtual ~HttpAuthHandlerFactory() {} | 39 virtual ~HttpAuthHandlerFactory() {} |
39 | 40 |
40 // Sets an URL security manager. HttpAuthHandlerFactory doesn't own the URL | 41 // Sets the source of the HTTP authentication preferences. |
41 // security manager, and the URL security manager should outlive this object. | 42 // HttpAuthHandlerFactory doesn't own the preferences, and the |
42 void set_url_security_manager(URLSecurityManager* url_security_manager) { | 43 // HttpAuthPreference object should outlive the factory and any handlers it |
43 url_security_manager_ = url_security_manager; | 44 // creates. |
45 void set_http_auth_preferences(HttpAuthPreferences* http_auth_preferences) { | |
46 http_auth_preferences_ = http_auth_preferences; | |
44 } | 47 } |
45 | 48 |
46 // Retrieves the associated URL security manager. | 49 // Retrieves the associated URL security manager. |
47 URLSecurityManager* url_security_manager() { | 50 HttpAuthPreferences* http_auth_preferences() { |
48 return url_security_manager_; | 51 return http_auth_preferences_; |
49 } | 52 } |
50 | 53 |
51 // Creates an HttpAuthHandler object based on the authentication | 54 // Creates an HttpAuthHandler object based on the authentication |
52 // challenge specified by |*challenge|. |challenge| must point to a valid | 55 // challenge specified by |*challenge|. |challenge| must point to a valid |
53 // non-NULL tokenizer. | 56 // non-NULL tokenizer. |
54 // | 57 // |
55 // If an HttpAuthHandler object is successfully created it is passed back to | 58 // If an HttpAuthHandler object is successfully created it is passed back to |
56 // the caller through |*handler| and OK is returned. | 59 // the caller through |*handler| and OK is returned. |
57 // | 60 // |
58 // If |*challenge| specifies an unsupported authentication scheme, |*handler| | 61 // If |*challenge| specifies an unsupported authentication scheme, |*handler| |
(...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
99 // |challenge| and calls |CreateAuthHandler|. See |CreateAuthHandler| for | 102 // |challenge| and calls |CreateAuthHandler|. See |CreateAuthHandler| for |
100 // more details on return values. | 103 // more details on return values. |
101 int CreatePreemptiveAuthHandlerFromString( | 104 int CreatePreemptiveAuthHandlerFromString( |
102 const std::string& challenge, | 105 const std::string& challenge, |
103 HttpAuth::Target target, | 106 HttpAuth::Target target, |
104 const GURL& origin, | 107 const GURL& origin, |
105 int digest_nonce_count, | 108 int digest_nonce_count, |
106 const BoundNetLog& net_log, | 109 const BoundNetLog& net_log, |
107 scoped_ptr<HttpAuthHandler>* handler); | 110 scoped_ptr<HttpAuthHandler>* handler); |
108 | 111 |
112 // For appropriate factories |SetNegotiateDisableCnameLookup()| sets whether | |
113 // the auth handlers generated by this factory should skip looking up the | |
114 // canonical DNS name of the the host that they are authenticating to when | |
115 // generating the SPN. The default value is false. | |
116 virtual void SetNegotiateDisableCnameLookup(bool disable_cname_lookup) {} | |
asanka
2015/11/20 15:32:09
Why have individual setters? Wouldn't the callers
aberent
2015/11/23 16:34:01
Done.
| |
117 | |
118 // Sets the android account type to use, if relevant for this authenticator | |
119 virtual void SetAndroidAuthNegotiateAccountType( | |
120 const std::string& account_type) {} | |
121 | |
122 // For appropriate factories |SetNegotiateEnablePort()| get/set whether the | |
123 // auth handlers | |
124 // generated by this factory should include the port number of the server | |
125 // they are authenticating to when constructing a Kerberos SPN. The default | |
126 // value is false. | |
127 virtual void SetNegotiateEnablePort(bool use_port) {} | |
128 | |
109 // Creates a standard HttpAuthHandlerRegistryFactory. The caller is | 129 // Creates a standard HttpAuthHandlerRegistryFactory. The caller is |
110 // responsible for deleting the factory. | 130 // responsible for deleting the factory. |
111 // The default factory supports Basic, Digest, NTLM, and Negotiate schemes. | 131 // The default factory supports Basic, Digest, NTLM, and Negotiate schemes. |
112 // | 132 // |
113 // |resolver| is used by the Negotiate authentication handler to perform | 133 // |resolver| is used by the Negotiate authentication handler to perform |
114 // CNAME lookups to generate a Kerberos SPN for the server. It must be | 134 // CNAME lookups to generate a Kerberos SPN for the server. It must be |
115 // non-NULL. |resolver| must remain valid for the lifetime of the | 135 // non-NULL. |resolver| must remain valid for the lifetime of the |
116 // HttpAuthHandlerRegistryFactory and any HttpAuthHandlers created by said | 136 // HttpAuthHandlerRegistryFactory and any HttpAuthHandlers created by said |
117 // factory. | 137 // factory. |
118 static scoped_ptr<HttpAuthHandlerRegistryFactory> CreateDefault( | 138 static scoped_ptr<HttpAuthHandlerRegistryFactory> CreateDefault( |
119 HostResolver* resolver); | 139 HostResolver* resolver); |
120 | 140 |
121 private: | 141 private: |
122 // The URL security manager | 142 // The preferences for HTTP authentication. |
123 URLSecurityManager* url_security_manager_; | 143 HttpAuthPreferences* http_auth_preferences_; |
124 | 144 |
125 DISALLOW_COPY_AND_ASSIGN(HttpAuthHandlerFactory); | 145 DISALLOW_COPY_AND_ASSIGN(HttpAuthHandlerFactory); |
126 }; | 146 }; |
127 | 147 |
128 // The HttpAuthHandlerRegistryFactory dispatches create requests out | 148 // The HttpAuthHandlerRegistryFactory dispatches create requests out |
129 // to other factories based on the auth scheme. | 149 // to other factories based on the auth scheme. |
130 class NET_EXPORT HttpAuthHandlerRegistryFactory | 150 class NET_EXPORT HttpAuthHandlerRegistryFactory |
131 : public HttpAuthHandlerFactory { | 151 : public HttpAuthHandlerFactory { |
132 public: | 152 public: |
133 HttpAuthHandlerRegistryFactory(); | 153 HttpAuthHandlerRegistryFactory(); |
134 ~HttpAuthHandlerRegistryFactory() override; | 154 ~HttpAuthHandlerRegistryFactory() override; |
135 | 155 |
136 // Sets an URL security manager into the factory associated with |scheme|. | 156 // Sets the preferences into the factory associated with |scheme|. |
137 void SetURLSecurityManager(const std::string& scheme, | 157 void SetHttpAuthPreferences(const std::string& scheme, |
138 URLSecurityManager* url_security_manager); | 158 HttpAuthPreferences* prefs); |
139 | 159 |
140 // Registers a |factory| that will be used for a particular HTTP | 160 // Registers a |factory| that will be used for a particular HTTP |
141 // authentication scheme such as Basic, Digest, or Negotiate. | 161 // authentication scheme such as Basic, Digest, or Negotiate. |
142 // The |*factory| object is assumed to be new-allocated, and its lifetime | 162 // The |*factory| object is assumed to be new-allocated, and its lifetime |
143 // will be managed by this HttpAuthHandlerRegistryFactory object (including | 163 // will be managed by this HttpAuthHandlerRegistryFactory object (including |
144 // deleting it when it is no longer used. | 164 // deleting it when it is no longer used. |
145 // A NULL |factory| value means that HttpAuthHandlers's will not be created | 165 // A NULL |factory| value means that HttpAuthHandlers's will not be created |
146 // for |scheme|. If a factory object used to exist for |scheme|, it will be | 166 // for |scheme|. If a factory object used to exist for |scheme|, it will be |
147 // deleted. | 167 // deleted. |
148 void RegisterSchemeFactory(const std::string& scheme, | 168 void RegisterSchemeFactory(const std::string& scheme, |
149 HttpAuthHandlerFactory* factory); | 169 HttpAuthHandlerFactory* factory); |
150 | 170 |
151 // Retrieve the factory for the specified |scheme|. If no factory exists | 171 // Retrieve the factory for the specified |scheme|. If no factory exists |
152 // for the |scheme|, NULL is returned. The returned factory must not be | 172 // for the |scheme|, NULL is returned. The returned factory must not be |
153 // deleted by the caller, and it is guaranteed to be valid until either | 173 // deleted by the caller, and it is guaranteed to be valid until either |
154 // a new factory is registered for the same scheme, or until this | 174 // a new factory is registered for the same scheme, or until this |
155 // registry factory is destroyed. | 175 // registry factory is destroyed. |
156 HttpAuthHandlerFactory* GetSchemeFactory(const std::string& scheme) const; | 176 HttpAuthHandlerFactory* GetSchemeFactory(const std::string& scheme) const; |
157 | 177 |
158 // Creates an HttpAuthHandlerRegistryFactory. | 178 // Creates an HttpAuthHandlerRegistryFactory. |
159 // | 179 // |
160 // |supported_schemes| is a list of authentication schemes. Valid values | 180 // |prefs| is a pointer to the (single) authentication preferences object. |
161 // include "basic", "digest", "ntlm", and "negotiate", where case matters. | 181 // That object tracks preference, and hence policy, updates relevant to HTTP |
162 // | 182 // authentication, and provides the current values of the preferences. |
163 // |security_manager| is used by the NTLM and Negotiate authenticators | |
164 // to determine which servers Integrated Authentication can be used with. If | |
165 // NULL, Integrated Authentication will not be used with any server. | |
166 // | 183 // |
167 // |host_resolver| is used by the Negotiate authentication handler to perform | 184 // |host_resolver| is used by the Negotiate authentication handler to perform |
168 // CNAME lookups to generate a Kerberos SPN for the server. If the "negotiate" | 185 // CNAME lookups to generate a Kerberos SPN for the server. If the "negotiate" |
169 // scheme is used and |negotiate_disable_cname_lookup| is false, | 186 // scheme is used and |negotiate_disable_cname_lookup| is false, |
170 // |host_resolver| must not be NULL. | 187 // |host_resolver| must not be NULL. |
171 // | 188 static scoped_ptr<HttpAuthHandlerRegistryFactory> Create( |
172 // |gssapi_library_name| specifies the name of the GSSAPI library that will | 189 HttpAuthPreferences* prefs, |
173 // be loaded on Posix platforms other than Android. |gssapi_library_name| is | 190 HostResolver* host_resolver); |
174 // ignored on Android and Windows. | 191 #if defined(OS_ANDROID) |
175 // | 192 void SetAndroidAuthNegotiateAccountType( |
176 // |auth_android_negotiate_account_type| is an Android account type, used to | 193 const std::string& account_type) override; |
177 // find the appropriate authenticator service on Android. It is ignored on | 194 #endif |
178 // non-Android platforms. | |
179 // | |
180 // |negotiate_disable_cname_lookup| and |negotiate_enable_port| both control | |
181 // how Negotiate does SPN generation, by default these should be false. | |
182 static HttpAuthHandlerRegistryFactory* Create( | |
183 const std::vector<std::string>& supported_schemes, | |
184 URLSecurityManager* security_manager, | |
185 HostResolver* host_resolver, | |
186 const std::string& gssapi_library_name, | |
187 const std::string& auth_android_negotiate_account_type, | |
188 bool negotiate_disable_cname_lookup, | |
189 bool negotiate_enable_port); | |
190 | |
191 // Creates an auth handler by dispatching out to the registered factories | 195 // Creates an auth handler by dispatching out to the registered factories |
192 // based on the first token in |challenge|. | 196 // based on the first token in |challenge|. |
193 int CreateAuthHandler(HttpAuthChallengeTokenizer* challenge, | 197 int CreateAuthHandler(HttpAuthChallengeTokenizer* challenge, |
194 HttpAuth::Target target, | 198 HttpAuth::Target target, |
195 const GURL& origin, | 199 const GURL& origin, |
196 CreateReason reason, | 200 CreateReason reason, |
197 int digest_nonce_count, | 201 int digest_nonce_count, |
198 const BoundNetLog& net_log, | 202 const BoundNetLog& net_log, |
199 scoped_ptr<HttpAuthHandler>* handler) override; | 203 scoped_ptr<HttpAuthHandler>* handler) override; |
200 | 204 |
201 private: | 205 private: |
202 typedef std::map<std::string, HttpAuthHandlerFactory*> FactoryMap; | 206 typedef std::map<std::string, HttpAuthHandlerFactory*> FactoryMap; |
203 | 207 |
204 FactoryMap factory_map_; | 208 FactoryMap factory_map_; |
205 DISALLOW_COPY_AND_ASSIGN(HttpAuthHandlerRegistryFactory); | 209 DISALLOW_COPY_AND_ASSIGN(HttpAuthHandlerRegistryFactory); |
206 }; | 210 }; |
207 | 211 |
208 } // namespace net | 212 } // namespace net |
209 | 213 |
210 #endif // NET_HTTP_HTTP_AUTH_HANDLER_FACTORY_H_ | 214 #endif // NET_HTTP_HTTP_AUTH_HANDLER_FACTORY_H_ |
OLD | NEW |