1// Copyright (c) 2011 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef NET_HTTP_HTTP_AUTH_HANDLER_FACTORY_H_
6#define NET_HTTP_HTTP_AUTH_HANDLER_FACTORY_H_
7#pragma once
8
9#include <map>
10#include <string>
11#include <vector>
12
13#include "base/memory/scoped_ptr.h"
14#include "net/base/net_export.h"
15#include "net/http/http_auth.h"
16#include "net/http/url_security_manager.h"
17
18class GURL;
19
20namespace net {
21
22class BoundNetLog;
23class HostResolver;
24class HttpAuthHandler;
25class HttpAuthHandlerRegistryFactory;
26
27// An HttpAuthHandlerFactory is used to create HttpAuthHandler objects.
28// The HttpAuthHandlerFactory object _must_ outlive any of the HttpAuthHandler
29// objects that it creates.
30class NET_EXPORT HttpAuthHandlerFactory {
31 public:
32  enum CreateReason {
33    CREATE_CHALLENGE,     // Create a handler in response to a challenge.
34    CREATE_PREEMPTIVE,    // Create a handler preemptively.
35  };
36
37  HttpAuthHandlerFactory() : url_security_manager_(NULL) {}
38  virtual ~HttpAuthHandlerFactory() {}
39
40  // Sets an URL security manager.  HttpAuthHandlerFactory doesn't own the URL
41  // security manager, and the URL security manager should outlive this object.
42  void set_url_security_manager(URLSecurityManager* url_security_manager) {
43    url_security_manager_ = url_security_manager;
44  }
45
46  // Retrieves the associated URL security manager.
47  URLSecurityManager* url_security_manager() {
48    return url_security_manager_;
49  }
50
51  // Creates an HttpAuthHandler object based on the authentication
52  // challenge specified by |*challenge|. |challenge| must point to a valid
53  // non-NULL tokenizer.
54  //
55  // If an HttpAuthHandler object is successfully created it is passed back to
56  // the caller through |*handler| and OK is returned.
57  //
58  // If |*challenge| specifies an unsupported authentication scheme, |*handler|
59  // is set to NULL and ERR_UNSUPPORTED_AUTH_SCHEME is returned.
60  //
61  // If |*challenge| is improperly formed, |*handler| is set to NULL and
62  // ERR_INVALID_RESPONSE is returned.
63  //
64  // |create_reason| indicates why the handler is being created. This is used
65  // since NTLM and Negotiate schemes do not support preemptive creation.
66  //
67  // |digest_nonce_count| is specifically intended for the Digest authentication
68  // scheme, and indicates the number of handlers generated for a particular
69  // server nonce challenge.
70  //
71  // For the NTLM and Negotiate handlers:
72  // If |origin| does not match the authentication method's filters for
73  // the specified |target|, ERR_INVALID_AUTH_CREDENTIALS is returned.
74  // NOTE: This will apply to ALL |origin| values if the filters are empty.
75  //
76  // |*challenge| should not be reused after a call to |CreateAuthHandler()|,
77  virtual int CreateAuthHandler(HttpAuth::ChallengeTokenizer* challenge,
78                                HttpAuth::Target target,
79                                const GURL& origin,
80                                CreateReason create_reason,
81                                int digest_nonce_count,
82                                const BoundNetLog& net_log,
83                                scoped_ptr<HttpAuthHandler>* handler) = 0;
84
85  // Creates an HTTP authentication handler based on the authentication
86  // challenge string |challenge|.
87  // This is a convenience function which creates a ChallengeTokenizer for
88  // |challenge| and calls |CreateAuthHandler|. See |CreateAuthHandler| for
89  // more details on return values.
90  int CreateAuthHandlerFromString(const std::string& challenge,
91                                  HttpAuth::Target target,
92                                  const GURL& origin,
93                                  const BoundNetLog& net_log,
94                                  scoped_ptr<HttpAuthHandler>* handler);
95
96  // Creates an HTTP authentication handler based on the authentication
97  // challenge string |challenge|.
98  // This is a convenience function which creates a ChallengeTokenizer for
99  // |challenge| and calls |CreateAuthHandler|. See |CreateAuthHandler| for
100  // more details on return values.
101  int CreatePreemptiveAuthHandlerFromString(
102      const std::string& challenge,
103      HttpAuth::Target target,
104      const GURL& origin,
105      int digest_nonce_count,
106      const BoundNetLog& net_log,
107      scoped_ptr<HttpAuthHandler>* handler);
108
109  // Creates a standard HttpAuthHandlerRegistryFactory. The caller is
110  // responsible for deleting the factory.
111  // The default factory supports Basic, Digest, NTLM, and Negotiate schemes.
112  //
113  // |resolver| is used by the Negotiate authentication handler to perform
114  // CNAME lookups to generate a Kerberos SPN for the server. It must be
115  // non-NULL.  |resolver| must remain valid for the lifetime of the
116  // HttpAuthHandlerRegistryFactory and any HttpAuthHandlers created by said
117  // factory.
118  static HttpAuthHandlerRegistryFactory* CreateDefault(HostResolver* resolver);
119
120 private:
121  // The URL security manager
122  URLSecurityManager* url_security_manager_;
123
124  DISALLOW_COPY_AND_ASSIGN(HttpAuthHandlerFactory);
125};
126
127// The HttpAuthHandlerRegistryFactory dispatches create requests out
128// to other factories based on the auth scheme.
129class NET_EXPORT HttpAuthHandlerRegistryFactory
130    : public HttpAuthHandlerFactory {
131 public:
132  HttpAuthHandlerRegistryFactory();
133  virtual ~HttpAuthHandlerRegistryFactory();
134
135  // Sets an URL security manager into the factory associated with |scheme|.
136  void SetURLSecurityManager(const std::string& scheme,
137                             URLSecurityManager* url_security_manager);
138
139  // Registers a |factory| that will be used for a particular HTTP
140  // authentication scheme such as Basic, Digest, or Negotiate.
141  // The |*factory| object is assumed to be new-allocated, and its lifetime
142  // will be managed by this HttpAuthHandlerRegistryFactory object (including
143  // deleting it when it is no longer used.
144  // A NULL |factory| value means that HttpAuthHandlers's will not be created
145  // for |scheme|. If a factory object used to exist for |scheme|, it will be
146  // deleted.
147  void RegisterSchemeFactory(const std::string& scheme,
148                             HttpAuthHandlerFactory* factory);
149
150  // Retrieve the factory for the specified |scheme|. If no factory exists
151  // for the |scheme|, NULL is returned. The returned factory must not be
152  // deleted by the caller, and it is guaranteed to be valid until either
153  // a new factory is registered for the same scheme, or until this
154  // registry factory is destroyed.
155  HttpAuthHandlerFactory* GetSchemeFactory(const std::string& scheme) const;
156
157  // Creates an HttpAuthHandlerRegistryFactory.
158  //
159  // |supported_schemes| is a list of authentication schemes. Valid values
160  // include "basic", "digest", "ntlm", and "negotiate", where case matters.
161  //
162  // |security_manager| is used by the NTLM and Negotiate authenticators
163  // to determine which servers Integrated Authentication can be used with. If
164  // NULL, Integrated Authentication will not be used with any server.
165  //
166  // |host_resolver| is used by the Negotiate authentication handler to perform
167  // CNAME lookups to generate a Kerberos SPN for the server. If the "negotiate"
168  // scheme is used and |negotiate_disable_cname_lookup| is false,
169  // |host_resolver| must not be NULL.
170  //
171  // |gssapi_library_name| specifies the name of the GSSAPI library that will
172  // be loaded on all platforms except Windows.
173  //
174  // |negotiate_disable_cname_lookup| and |negotiate_enable_port| both control
175  // how Negotiate does SPN generation, by default these should be false.
176  static HttpAuthHandlerRegistryFactory* Create(
177      const std::vector<std::string>& supported_schemes,
178      URLSecurityManager* security_manager,
179      HostResolver* host_resolver,
180      const std::string& gssapi_library_name,
181      bool negotiate_disable_cname_lookup,
182      bool negotiate_enable_port);
183
184  // Creates an auth handler by dispatching out to the registered factories
185  // based on the first token in |challenge|.
186  virtual int CreateAuthHandler(HttpAuth::ChallengeTokenizer* challenge,
187                                HttpAuth::Target target,
188                                const GURL& origin,
189                                CreateReason reason,
190                                int digest_nonce_count,
191                                const BoundNetLog& net_log,
192                                scoped_ptr<HttpAuthHandler>* handler);
193
194 private:
195  typedef std::map<std::string, HttpAuthHandlerFactory*> FactoryMap;
196
197  FactoryMap factory_map_;
198  DISALLOW_COPY_AND_ASSIGN(HttpAuthHandlerRegistryFactory);
199};
200
201}  // namespace net
202
203#endif  // NET_HTTP_HTTP_AUTH_HANDLER_FACTORY_H_
204