Move data reduction proxy to Chrome-Proxy header for authentication

components/data_reduction_proxy/browser/data_reduction_proxy_auth_request_handler.h

Index: components/data_reduction_proxy/browser/data_reduction_proxy_auth_request_handler.h
diff --git a/components/data_reduction_proxy/browser/data_reduction_proxy_auth_request_handler.h b/components/data_reduction_proxy/browser/data_reduction_proxy_auth_request_handler.h
index 92128d4e3bc1f9cd16672bcc57f822a7d736be45..9177660d31b9fb289bef2bc56d4f66c3c475d6a6 100644
--- a/components/data_reduction_proxy/browser/data_reduction_proxy_auth_request_handler.h
+++ b/components/data_reduction_proxy/browser/data_reduction_proxy_auth_request_handler.h
@@ -6,74 +6,77 @@
 #define COMPONENTS_DATA_REDUCTION_PROXY_BROWSER_DATA_REDUCTION_PROXY_AUTH_REQUEST_HANDLER_H_
 
 #include "base/gtest_prod_util.h"
+#include "base/memory/ref_counted.h"
 #include "base/strings/string16.h"
 #include "base/time/time.h"
-#include "components/data_reduction_proxy/browser/data_reduction_proxy_settings.h"
-
+#include "url/gurl.h"
 
 namespace net {
-class AuthChallengeInfo;
+class HttpRequestHeaders;
+class HttpResponseHeaders;
+class ProxyServer;
+class URLRequest;
 }
 
 namespace data_reduction_proxy {
 
-class DataReductionProxySettings;
+extern const char kProtocolVersion[];
+
+extern const char kClientAndroidWebview[];
+extern const char kClientChromeAndroid[];
+extern const char kClientChromeIOS[];
+
+class DataReductionProxyParams;
 
 class DataReductionProxyAuthRequestHandler {
  public:
-  enum TryHandleResult {
-    TRY_HANDLE_RESULT_IGNORE,
-    TRY_HANDLE_RESULT_PROCEED,
-    TRY_HANDLE_RESULT_CANCEL
-  };
-
-  // Constructs an authentication request handler and takes a pointer to a
-  // |settings| object, which must outlive the handler.
+  static bool IsKeySetOnCommandLine();
+
+  // Constructs an authentication request handler.
   explicit DataReductionProxyAuthRequestHandler(
-      DataReductionProxySettings* settings);
+      DataReductionProxyParams* params);
   virtual ~DataReductionProxyAuthRequestHandler();
 
-  // Returns |PROCEED| if the authentication challenge provided is one that the
-  // data reduction proxy should handle and |IGNORE| if not. Returns |CANCEL| if
-  // there are a string of |MAX_BACK_TO_BACK_FAILURES| successive retries.
-  TryHandleResult TryHandleAuthentication(net::AuthChallengeInfo* auth_info,
-                                          base::string16* user,
-                                          base::string16* password);
+  void MaybeAddRequestHeader(net::URLRequest* request,

[marq (ping after 24h), 2014/06/25 16:39:27]

All methods in public header files must have comments.

[bengr, 2014/06/25 17:15:19]

Done.

+                             const net::ProxyServer& proxy_server,
+                             net::HttpRequestHeaders* request_headers);
+
+  void SetKey(const std::string& key,
+              const std::string& client,
+              const std::string& version);
 
  protected:
-  // Visible for testing.
-  virtual bool IsAcceptableAuthChallenge(net::AuthChallengeInfo* auth_info);
+  void Init();
+  void InitAuthentication(const std::string& key);
 
+  void AddAuthorizationHeader(net::HttpRequestHeaders* headers);
+
+  // Returns a UTF16 string that's the hash of the configured authentication
+  // |key| and |salt|. Returns an empty UTF16 string if no key is configured or
+  // the data reduction proxy feature isn't available.
+  static base::string16 AuthHashForSalt(int64 salt,
+                                        const std::string& key);
   // Visible for testing.
-  virtual base::string16 GetTokenForAuthChallenge(
-      net::AuthChallengeInfo* auth_info);
+  virtual base::Time Now() const;
+  virtual void RandBytes(void* output, size_t length);
 
   // Visible for testing.
-  virtual base::TimeTicks Now();
+  virtual std::string GetDefaultKey() const;
 
  private:
   FRIEND_TEST_ALL_PREFIXES(DataReductionProxyAuthRequestHandlerTest,
-                           CancelAfterSuccessiveAuthAttempts);
-
-
-
-  // System timestamp of the last data reduction proxy authentication request.
-  // This is used to cancel data reduction proxy auth requests that are denied
-  // rather than loop forever trying a rejected token.
-  static int64 auth_request_timestamp_;
-
-  // The number of back to back data reduction proxy authentication failures
-  // that occurred with no more than |MIN_AUTH_REQUEST_INTERVAL_MS| between each
-  // adjacent pair of them.
-  static int back_to_back_failure_count_;
+                           Authorization);
+  FRIEND_TEST_ALL_PREFIXES(DataReductionProxyAuthRequestHandlerTest,
+                           AuthHashForSalt);
 
-  // System timestamp of the last data reduction proxy auth token invalidation.
-  // This is used to expire old tokens on back-to-back failures, and distinguish
-  // invalidation from repeat failures due to the client not being authorized.
-  static int64 auth_token_invalidation_timestamp_;
+  // Authentication state.
+  std::string key_;
+  std::string session_;
+  std::string credentials_;
+  std::string client_;

[marq (ping after 24h), 2014/06/25 16:39:27]

From reading the .cc, client_ is a string identifying the OS of the client.
client_os_ might be clearer. Also, it's not part of the authentication state if
I understand correctly, so the comments here need to be cleaned up.

[bengr, 2014/06/25 17:15:19]

Done. Client can be things other than an OS, e.g. Android Webview.

+  std::string version_;
 
-  // Settings object for the data reduction proxy. Must outlive the handler.
-  DataReductionProxySettings* settings_;
+  DataReductionProxyParams* data_reduction_proxy_params_;
 
   DISALLOW_COPY_AND_ASSIGN(DataReductionProxyAuthRequestHandler);
 };