1// Copyright (c) 2011 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef NET_HTTP_HTTP_AUTH_CACHE_H_
6#define NET_HTTP_HTTP_AUTH_CACHE_H_
7
8#include <list>
9#include <string>
10
11#include "base/gtest_prod_util.h"
12#include "base/memory/ref_counted.h"
13#include "base/time/time.h"
14#include "net/base/net_export.h"
15#include "net/http/http_auth.h"
16#include "url/gurl.h"
17
18namespace net {
19
20// HttpAuthCache stores HTTP authentication identities and challenge info.
21// For each (origin, realm, scheme) triple the cache stores a
22// HttpAuthCache::Entry, which holds:
23//   - the origin server {protocol scheme, host, port}
24//   - the last identity used (username/password)
25//   - the last auth handler used (contains realm and authentication scheme)
26//   - the list of paths which used this realm
27// Entries can be looked up by either (origin, realm, scheme) or (origin, path).
28class NET_EXPORT_PRIVATE HttpAuthCache {
29 public:
30  class NET_EXPORT_PRIVATE Entry {
31   public:
32    ~Entry();
33
34    const GURL& origin() const {
35      return origin_;
36    }
37
38    // The case-sensitive realm string of the challenge.
39    const std::string realm() const {
40      return realm_;
41    }
42
43    // The authentication scheme of the challenge.
44    HttpAuth::Scheme scheme() const {
45      return scheme_;
46    }
47
48    // The authentication challenge.
49    const std::string auth_challenge() const {
50      return auth_challenge_;
51    }
52
53    // The login credentials.
54    const AuthCredentials& credentials() const {
55      return credentials_;
56    }
57
58    int IncrementNonceCount() {
59      return ++nonce_count_;
60    }
61
62    void UpdateStaleChallenge(const std::string& auth_challenge);
63
64   private:
65    friend class HttpAuthCache;
66    FRIEND_TEST_ALL_PREFIXES(HttpAuthCacheTest, AddPath);
67    FRIEND_TEST_ALL_PREFIXES(HttpAuthCacheTest, AddToExistingEntry);
68
69    typedef std::list<std::string> PathList;
70
71    Entry();
72
73    // Adds a path defining the realm's protection space. If the path is
74    // already contained in the protection space, is a no-op.
75    void AddPath(const std::string& path);
76
77    // Returns true if |dir| is contained within the realm's protection
78    // space.  |*path_len| is set to the length of the enclosing path if
79    // such a path exists and |path_len| is non-NULL.  If no enclosing
80    // path is found, |*path_len| is left unmodified.
81    //
82    // Note that proxy auth cache entries are associated with empty
83    // paths.  Therefore it is possible for HasEnclosingPath() to return
84    // true and set |*path_len| to 0.
85    bool HasEnclosingPath(const std::string& dir, size_t* path_len);
86
87    // |origin_| contains the {protocol, host, port} of the server.
88    GURL origin_;
89    std::string realm_;
90    HttpAuth::Scheme scheme_;
91
92    // Identity.
93    std::string auth_challenge_;
94    AuthCredentials credentials_;
95
96    int nonce_count_;
97
98    // List of paths that define the realm's protection space.
99    PathList paths_;
100
101    // Times the entry was created and last used (by looking up, adding a path,
102    // or updating the challenge.)
103    base::TimeTicks creation_time_;
104    base::TimeTicks last_use_time_;
105  };
106
107  // Prevent unbounded memory growth. These are safeguards for abuse; it is
108  // not expected that the limits will be reached in ordinary usage.
109  // This also defines the worst-case lookup times (which grow linearly
110  // with number of elements in the cache).
111  enum { kMaxNumPathsPerRealmEntry = 10 };
112  enum { kMaxNumRealmEntries = 10 };
113
114  HttpAuthCache();
115  ~HttpAuthCache();
116
117  // Find the realm entry on server |origin| for realm |realm| and
118  // scheme |scheme|.
119  //   |origin| - the {scheme, host, port} of the server.
120  //   |realm|  - case sensitive realm string.
121  //   |scheme| - the authentication scheme (i.e. basic, negotiate).
122  //   returns  - the matched entry or NULL.
123  Entry* Lookup(const GURL& origin,
124                const std::string& realm,
125                HttpAuth::Scheme scheme);
126
127  // Find the entry on server |origin| whose protection space includes
128  // |path|. This uses the assumption in RFC 2617 section 2 that deeper
129  // paths lie in the same protection space.
130  //   |origin| - the {scheme, host, port} of the server.
131  //   |path|   - absolute path of the resource, or empty string in case of
132  //              proxy auth (which does not use the concept of paths).
133  //   returns  - the matched entry or NULL.
134  Entry* LookupByPath(const GURL& origin, const std::string& path);
135
136  // Add an entry on server |origin| for realm |handler->realm()| and
137  // scheme |handler->scheme()|.  If an entry for this (realm,scheme)
138  // already exists, update it rather than replace it -- this  preserves the
139  // paths list.
140  //   |origin|   - the {scheme, host, port} of the server.
141  //   |realm|    - the auth realm for the challenge.
142  //   |scheme|   - the authentication scheme (i.e. basic, negotiate).
143  //   |credentials| - login information for the realm.
144  //   |path|     - absolute path for a resource contained in the protection
145  //                space; this will be added to the list of known paths.
146  //   returns    - the entry that was just added/updated.
147  Entry* Add(const GURL& origin,
148             const std::string& realm,
149             HttpAuth::Scheme scheme,
150             const std::string& auth_challenge,
151             const AuthCredentials& credentials,
152             const std::string& path);
153
154  // Remove entry on server |origin| for realm |realm| and scheme |scheme|
155  // if one exists AND if the cached credentials matches |credentials|.
156  //   |origin|   - the {scheme, host, port} of the server.
157  //   |realm|    - case sensitive realm string.
158  //   |scheme|   - the authentication scheme (i.e. basic, negotiate).
159  //   |credentials| - the credentials to match.
160  //   returns    - true if an entry was removed.
161  bool Remove(const GURL& origin,
162              const std::string& realm,
163              HttpAuth::Scheme scheme,
164              const AuthCredentials& credentials);
165
166  // Clears the cache.
167  void Clear();
168
169  // Updates a stale digest entry on server |origin| for realm |realm| and
170  // scheme |scheme|. The cached auth challenge is replaced with
171  // |auth_challenge| and the nonce count is reset.
172  // |UpdateStaleChallenge()| returns true if a matching entry exists in the
173  // cache, false otherwise.
174  bool UpdateStaleChallenge(const GURL& origin,
175                            const std::string& realm,
176                            HttpAuth::Scheme scheme,
177                            const std::string& auth_challenge);
178
179  // Copies all entries from |other| cache.
180  void UpdateAllFrom(const HttpAuthCache& other);
181
182 private:
183  typedef std::list<Entry> EntryList;
184  EntryList entries_;
185};
186
187// An authentication realm entry.
188}  // namespace net
189
190#endif  // NET_HTTP_HTTP_AUTH_CACHE_H_
191