15821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Copyright (c) 2011 The Chromium Authors. All rights reserved. 25821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 35821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// found in the LICENSE file. 45821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 55821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#ifndef NET_HTTP_URL_SECURITY_MANAGER_H_ 65821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define NET_HTTP_URL_SECURITY_MANAGER_H_ 75821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 85821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "base/basictypes.h" 95821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "base/memory/scoped_ptr.h" 105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "net/base/net_export.h" 115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)class GURL; 135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)namespace net { 155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)class HttpAuthFilter; 175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// The URL security manager controls the policies (allow, deny, prompt user) 195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// regarding URL actions (e.g., sending the default credentials to a server). 205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)class NET_EXPORT URLSecurityManager { 215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) public: 225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) URLSecurityManager() {} 235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) virtual ~URLSecurityManager() {} 245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Creates a platform-dependent instance of URLSecurityManager. 265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // 275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // |whitelist_default| is the whitelist of servers that default credentials 285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // can be used with during NTLM or Negotiate authentication. If 295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // |whitelist_default| is NULL and the platform is Windows, it indicates 305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // that security zone mapping should be used to determine whether default 315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // credentials sxhould be used. If |whitelist_default| is NULL and the 325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // platform is non-Windows, it indicates that no servers should be 335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // whitelisted. 345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // 355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // |whitelist_delegate| is the whitelist of servers that are allowed 365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // to have Delegated Kerberos tickets. If |whitelist_delegate| is NULL, 375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // no servers can have delegated Kerberos tickets. 385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // 395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Both |whitelist_default| and |whitelist_delegate| will be owned by 405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // the created URLSecurityManager. 415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // 425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // TODO(cbentzel): Perhaps it's better to make a non-abstract HttpAuthFilter 435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // and just copy into the URLSecurityManager? 445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) static URLSecurityManager* Create(const HttpAuthFilter* whitelist_default, 455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const HttpAuthFilter* whitelist_delegate); 465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Returns true if we can send the default credentials to the server at 485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // |auth_origin| for HTTP NTLM or Negotiate authentication. 495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) virtual bool CanUseDefaultCredentials(const GURL& auth_origin) const = 0; 505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Returns true if Kerberos delegation is allowed for the server at 525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // |auth_origin| for HTTP Negotiate authentication. 535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) virtual bool CanDelegate(const GURL& auth_origin) const = 0; 545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) private: 565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DISALLOW_COPY_AND_ASSIGN(URLSecurityManager); 575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)}; 585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)class URLSecurityManagerWhitelist : public URLSecurityManager { 605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) public: 615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // The URLSecurityManagerWhitelist takes ownership of the whitelists. 625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) URLSecurityManagerWhitelist(const HttpAuthFilter* whitelist_default, 635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const HttpAuthFilter* whitelist_delegation); 645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) virtual ~URLSecurityManagerWhitelist(); 655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // URLSecurityManager methods. 675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) virtual bool CanUseDefaultCredentials(const GURL& auth_origin) const OVERRIDE; 685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) virtual bool CanDelegate(const GURL& auth_origin) const OVERRIDE; 695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) private: 715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) scoped_ptr<const HttpAuthFilter> whitelist_default_; 725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) scoped_ptr<const HttpAuthFilter> whitelist_delegate_; 735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DISALLOW_COPY_AND_ASSIGN(URLSecurityManagerWhitelist); 755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)}; 765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} // namespace net 785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif // NET_HTTP_URL_SECURITY_MANAGER_H_ 80