1// Copyright (c) 2011 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef NET_HTTP_URL_SECURITY_MANAGER_H_
6#define NET_HTTP_URL_SECURITY_MANAGER_H_
7#pragma once
8
9#include "base/basictypes.h"
10#include "base/memory/scoped_ptr.h"
11
12class GURL;
13
14namespace net {
15
16class HttpAuthFilter;
17
18// The URL security manager controls the policies (allow, deny, prompt user)
19// regarding URL actions (e.g., sending the default credentials to a server).
20class URLSecurityManager {
21 public:
22  URLSecurityManager() {}
23  virtual ~URLSecurityManager() {}
24
25  // Creates a platform-dependent instance of URLSecurityManager.
26  //
27  // |whitelist_default| is the whitelist of servers that default credentials
28  // can be used with during NTLM or Negotiate authentication. If
29  // |whitelist_default| is NULL and the platform is Windows, it indicates
30  // that security zone mapping should be used to determine whether default
31  // credentials sxhould be used. If |whitelist_default| is NULL and the
32  // platform is non-Windows, it indicates that no servers should be
33  // whitelisted.
34  //
35  // |whitelist_delegate| is the whitelist of servers that are allowed
36  // to have Delegated Kerberos tickets. If |whitelist_delegate| is NULL,
37  // no servers can have delegated Kerberos tickets.
38  //
39  // Both |whitelist_default| and |whitelist_delegate| will be owned by
40  // the created URLSecurityManager.
41  //
42  // TODO(cbentzel): Perhaps it's better to make a non-abstract HttpAuthFilter
43  //                 and just copy into the URLSecurityManager?
44  static URLSecurityManager* Create(const HttpAuthFilter* whitelist_default,
45                                    const HttpAuthFilter* whitelist_delegate);
46
47  // Returns true if we can send the default credentials to the server at
48  // |auth_origin| for HTTP NTLM or Negotiate authentication.
49  virtual bool CanUseDefaultCredentials(const GURL& auth_origin) const = 0;
50
51  // Returns true if Kerberos delegation is allowed for the server at
52  // |auth_origin| for HTTP Negotiate authentication.
53  virtual bool CanDelegate(const GURL& auth_origin) const = 0;
54
55 private:
56  DISALLOW_COPY_AND_ASSIGN(URLSecurityManager);
57};
58
59class URLSecurityManagerWhitelist : public URLSecurityManager {
60 public:
61  // The URLSecurityManagerWhitelist takes ownership of the whitelists.
62  URLSecurityManagerWhitelist(const HttpAuthFilter* whitelist_default,
63                              const HttpAuthFilter* whitelist_delegation);
64  virtual ~URLSecurityManagerWhitelist();
65
66  // URLSecurityManager methods.
67  virtual bool CanUseDefaultCredentials(const GURL& auth_origin) const;
68  virtual bool CanDelegate(const GURL& auth_origin) const;
69
70 private:
71  scoped_ptr<const HttpAuthFilter> whitelist_default_;
72  scoped_ptr<const HttpAuthFilter> whitelist_delegate_;
73
74  DISALLOW_COPY_AND_ASSIGN(URLSecurityManagerWhitelist);
75};
76
77}  // namespace net
78
79#endif  // NET_HTTP_URL_SECURITY_MANAGER_H_
80