15821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Copyright (c) 2011 The Chromium Authors. All rights reserved. 25821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 35821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// found in the LICENSE file. 45821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 55821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#ifndef NET_HTTP_HTTP_AUTH_CONTROLLER_H_ 65821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define NET_HTTP_HTTP_AUTH_CONTROLLER_H_ 75821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 85821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <set> 95821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <string> 105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "base/basictypes.h" 125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "base/memory/ref_counted.h" 135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "base/memory/scoped_ptr.h" 145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "base/threading/non_thread_safe.h" 155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "net/base/completion_callback.h" 165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "net/base/net_export.h" 175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "net/base/net_log.h" 185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "net/http/http_auth.h" 197dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch#include "url/gurl.h" 205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)namespace net { 225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)class AuthChallengeInfo; 245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)class AuthCredentials; 255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)class HttpAuthHandler; 265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)class HttpAuthHandlerFactory; 275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)class HttpAuthCache; 285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)class HttpRequestHeaders; 295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)struct HttpRequestInfo; 305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)class NET_EXPORT_PRIVATE HttpAuthController 325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) : public base::RefCounted<HttpAuthController>, 335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) NON_EXPORTED_BASE(public base::NonThreadSafe) { 345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) public: 355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // The arguments are self explanatory except possibly for |auth_url|, which 365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // should be both the auth target and auth path in a single url argument. 375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) HttpAuthController(HttpAuth::Target target, 385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const GURL& auth_url, 395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) HttpAuthCache* http_auth_cache, 405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) HttpAuthHandlerFactory* http_auth_handler_factory); 415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Generate an authentication token for |target| if necessary. The return 435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // value is a net error code. |OK| will be returned both in the case that 445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // a token is correctly generated synchronously, as well as when no tokens 455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // were necessary. 465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) virtual int MaybeGenerateAuthToken(const HttpRequestInfo* request, 475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const CompletionCallback& callback, 485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const BoundNetLog& net_log); 495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Adds either the proxy auth header, or the origin server auth header, 515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // as specified by |target_|. 525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) virtual void AddAuthorizationHeader( 535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) HttpRequestHeaders* authorization_headers); 545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Checks for and handles HTTP status code 401 or 407. 565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // |HandleAuthChallenge()| returns OK on success, or a network error code 575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // otherwise. It may also populate |auth_info_|. 585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) virtual int HandleAuthChallenge(scoped_refptr<HttpResponseHeaders> headers, 595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool do_not_send_server_auth, 605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool establishing_tunnel, 615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const BoundNetLog& net_log); 625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Store the supplied credentials and prepare to restart the auth. 645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) virtual void ResetAuth(const AuthCredentials& credentials); 655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) virtual bool HaveAuthHandler() const; 675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) virtual bool HaveAuth() const; 695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) virtual scoped_refptr<AuthChallengeInfo> auth_info(); 715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) virtual bool IsAuthSchemeDisabled(HttpAuth::Scheme scheme) const; 735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) virtual void DisableAuthScheme(HttpAuth::Scheme scheme); 744e180b6a0b4720a9b8e9e959a882386f690f08ffTorne (Richard Coles) virtual void DisableEmbeddedIdentity(); 755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) private: 775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Actions for InvalidateCurrentHandler() 785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) enum InvalidateHandlerAction { 795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) INVALIDATE_HANDLER_AND_CACHED_CREDENTIALS, 805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) INVALIDATE_HANDLER_AND_DISABLE_SCHEME, 815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) INVALIDATE_HANDLER 825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) }; 835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // So that we can mock this object. 855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) friend class base::RefCounted<HttpAuthController>; 865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) virtual ~HttpAuthController(); 885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Searches the auth cache for an entry that encompasses the request's path. 905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // If such an entry is found, updates |identity_| and |handler_| with the 915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // cache entry's data and returns true. 925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool SelectPreemptiveAuth(const BoundNetLog& net_log); 935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Invalidates the current handler. If |action| is 955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // INVALIDATE_HANDLER_AND_CACHED_CREDENTIALS, then also invalidate 965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // the cached credentials used by the handler. 975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void InvalidateCurrentHandler(InvalidateHandlerAction action); 985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Invalidates any auth cache entries after authentication has failed. 1005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // The identity that was rejected is |identity_|. 1015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void InvalidateRejectedAuthFromCache(); 1025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Sets |identity_| to the next identity that the transaction should try. It 1045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // chooses candidates by searching the auth cache and the URL for a 1055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // username:password. Returns true if an identity was found. 1065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool SelectNextAuthIdentityToTry(); 1075821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Populates auth_info_ with the challenge information, so that 1095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // URLRequestHttpJob can prompt for credentials. 1105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void PopulateAuthChallenge(); 1115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // If |result| indicates a permanent failure, disables the current 1135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // auth scheme for this controller and returns true. Returns false 1145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // otherwise. 1155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool DisableOnAuthHandlerResult(int result); 1165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void OnIOComplete(int result); 1185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Indicates if this handler is for Proxy auth or Server auth. 1205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) HttpAuth::Target target_; 1215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Holds the {scheme, host, path, port} for the authentication target. 1235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const GURL auth_url_; 1245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Holds the {scheme, host, port} for the authentication target. 1265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const GURL auth_origin_; 1275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // The absolute path of the resource needing authentication. 1295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // For proxy authentication the path is empty. 1305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const std::string auth_path_; 1315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // |handler_| encapsulates the logic for the particular auth-scheme. 1335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // This includes the challenge's parameters. If NULL, then there is no 1345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // associated auth handler. 1355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) scoped_ptr<HttpAuthHandler> handler_; 1365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // |identity_| holds the credentials that should be used by 1385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // the handler_ to generate challenge responses. This identity can come from 1395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // a number of places (url, cache, prompt). 1405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) HttpAuth::Identity identity_; 1415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // |auth_token_| contains the opaque string to pass to the proxy or 1435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // server to authenticate the client. 1445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) std::string auth_token_; 1455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Contains information about the auth challenge. 1475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) scoped_refptr<AuthChallengeInfo> auth_info_; 1485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // True if we've used the username:password embedded in the URL. This 1505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // makes sure we use the embedded identity only once for the transaction, 1515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // preventing an infinite auth restart loop. 1525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool embedded_identity_used_; 1535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // True if default credentials have already been tried for this transaction 1555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // in response to an HTTP authentication challenge. 1565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool default_credentials_used_; 1575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // These two are owned by the HttpNetworkSession/IOThread, which own the 1595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // objects which reference |this|. Therefore, these raw pointers are valid 1605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // for the lifetime of this object. 1615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) HttpAuthCache* const http_auth_cache_; 1625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) HttpAuthHandlerFactory* const http_auth_handler_factory_; 1635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) std::set<HttpAuth::Scheme> disabled_schemes_; 1655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CompletionCallback callback_; 1675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)}; 1685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} // namespace net 1705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif // NET_HTTP_HTTP_AUTH_CONTROLLER_H_ 172