15821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Copyright (c) 2010 The Chromium Authors. All rights reserved. 25821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 35821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// found in the LICENSE file. 45821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 57d4cd473f85ac64c3747c96c277f9e506a0d2246Torne (Richard Coles)#include "base/strings/string_util.h" 67dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch#include "net/http/http_auth_filter.h" 77dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch#include "url/gurl.h" 85821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 95821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)namespace net { 105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Using a std::set<> has the benefit of removing duplicates automatically. 12c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)typedef std::set<base::string16> RegistryWhitelist; 135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// TODO(ahendrickson) -- Determine if we want separate whitelists for HTTP and 155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// HTTPS, one for both, or only an HTTP one. My understanding is that the HTTPS 165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// entries in the registry mean that you are only allowed to connect to the site 175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// via HTTPS and still be considered 'safe'. 185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)HttpAuthFilterWhitelist::HttpAuthFilterWhitelist( 205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const std::string& server_whitelist) { 215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SetWhitelist(server_whitelist); 225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)HttpAuthFilterWhitelist::~HttpAuthFilterWhitelist() { 255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Add a new domain |filter| to the whitelist, if it's not already there 285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)bool HttpAuthFilterWhitelist::AddFilter(const std::string& filter, 295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) HttpAuth::Target target) { 305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if ((target != HttpAuth::AUTH_SERVER) && (target != HttpAuth::AUTH_PROXY)) 315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return false; 325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // All proxies pass 335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (target == HttpAuth::AUTH_PROXY) 345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return true; 355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) rules_.AddRuleFromString(filter); 365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return true; 375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void HttpAuthFilterWhitelist::AddRuleToBypassLocal() { 405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) rules_.AddRuleToBypassLocal(); 415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)bool HttpAuthFilterWhitelist::IsValid(const GURL& url, 445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) HttpAuth::Target target) const { 455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if ((target != HttpAuth::AUTH_SERVER) && (target != HttpAuth::AUTH_PROXY)) 465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return false; 475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // All proxies pass 485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (target == HttpAuth::AUTH_PROXY) 495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return true; 505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return rules_.Matches(url); 515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void HttpAuthFilterWhitelist::SetWhitelist( 545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const std::string& server_whitelist) { 555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) rules_.ParseFromString(server_whitelist); 565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} // namespace net 59