http_auth_controller.h revision 4e180b6a0b4720a9b8e9e959a882386f690f08ff 
1// Copyright (c) 2011 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef NET_HTTP_HTTP_AUTH_CONTROLLER_H_
6#define NET_HTTP_HTTP_AUTH_CONTROLLER_H_
7
8#include <set>
9#include <string>
10
11#include "base/basictypes.h"
12#include "base/memory/ref_counted.h"
13#include "base/memory/scoped_ptr.h"
14#include "base/threading/non_thread_safe.h"
15#include "net/base/completion_callback.h"
16#include "net/base/net_export.h"
17#include "net/base/net_log.h"
18#include "net/http/http_auth.h"
19#include "url/gurl.h"
20
21namespace net {
22
23class AuthChallengeInfo;
24class AuthCredentials;
25class HttpAuthHandler;
26class HttpAuthHandlerFactory;
27class HttpAuthCache;
28class HttpRequestHeaders;
29struct HttpRequestInfo;
30
31class NET_EXPORT_PRIVATE HttpAuthController
32    : public base::RefCounted<HttpAuthController>,
33      NON_EXPORTED_BASE(public base::NonThreadSafe) {
34 public:
35  // The arguments are self explanatory except possibly for |auth_url|, which
36  // should be both the auth target and auth path in a single url argument.
37  HttpAuthController(HttpAuth::Target target,
38                     const GURL& auth_url,
39                     HttpAuthCache* http_auth_cache,
40                     HttpAuthHandlerFactory* http_auth_handler_factory);
41
42  // Generate an authentication token for |target| if necessary. The return
43  // value is a net error code. |OK| will be returned both in the case that
44  // a token is correctly generated synchronously, as well as when no tokens
45  // were necessary.
46  virtual int MaybeGenerateAuthToken(const HttpRequestInfo* request,
47                                     const CompletionCallback& callback,
48                                     const BoundNetLog& net_log);
49
50  // Adds either the proxy auth header, or the origin server auth header,
51  // as specified by |target_|.
52  virtual void AddAuthorizationHeader(
53      HttpRequestHeaders* authorization_headers);
54
55  // Checks for and handles HTTP status code 401 or 407.
56  // |HandleAuthChallenge()| returns OK on success, or a network error code
57  // otherwise. It may also populate |auth_info_|.
58  virtual int HandleAuthChallenge(scoped_refptr<HttpResponseHeaders> headers,
59                                  bool do_not_send_server_auth,
60                                  bool establishing_tunnel,
61                                  const BoundNetLog& net_log);
62
63  // Store the supplied credentials and prepare to restart the auth.
64  virtual void ResetAuth(const AuthCredentials& credentials);
65
66  virtual bool HaveAuthHandler() const;
67
68  virtual bool HaveAuth() const;
69
70  virtual scoped_refptr<AuthChallengeInfo> auth_info();
71
72  virtual bool IsAuthSchemeDisabled(HttpAuth::Scheme scheme) const;
73  virtual void DisableAuthScheme(HttpAuth::Scheme scheme);
74  virtual void DisableEmbeddedIdentity();
75
76 private:
77  // Actions for InvalidateCurrentHandler()
78  enum InvalidateHandlerAction {
79    INVALIDATE_HANDLER_AND_CACHED_CREDENTIALS,
80    INVALIDATE_HANDLER_AND_DISABLE_SCHEME,
81    INVALIDATE_HANDLER
82  };
83
84  // So that we can mock this object.
85  friend class base::RefCounted<HttpAuthController>;
86
87  virtual ~HttpAuthController();
88
89  // Searches the auth cache for an entry that encompasses the request's path.
90  // If such an entry is found, updates |identity_| and |handler_| with the
91  // cache entry's data and returns true.
92  bool SelectPreemptiveAuth(const BoundNetLog& net_log);
93
94  // Invalidates the current handler.  If |action| is
95  // INVALIDATE_HANDLER_AND_CACHED_CREDENTIALS, then also invalidate
96  // the cached credentials used by the handler.
97  void InvalidateCurrentHandler(InvalidateHandlerAction action);
98
99  // Invalidates any auth cache entries after authentication has failed.
100  // The identity that was rejected is |identity_|.
101  void InvalidateRejectedAuthFromCache();
102
103  // Sets |identity_| to the next identity that the transaction should try. It
104  // chooses candidates by searching the auth cache and the URL for a
105  // username:password. Returns true if an identity was found.
106  bool SelectNextAuthIdentityToTry();
107
108  // Populates auth_info_ with the challenge information, so that
109  // URLRequestHttpJob can prompt for credentials.
110  void PopulateAuthChallenge();
111
112  // If |result| indicates a permanent failure, disables the current
113  // auth scheme for this controller and returns true.  Returns false
114  // otherwise.
115  bool DisableOnAuthHandlerResult(int result);
116
117  void OnIOComplete(int result);
118
119  // Indicates if this handler is for Proxy auth or Server auth.
120  HttpAuth::Target target_;
121
122  // Holds the {scheme, host, path, port} for the authentication target.
123  const GURL auth_url_;
124
125  // Holds the {scheme, host, port} for the authentication target.
126  const GURL auth_origin_;
127
128  // The absolute path of the resource needing authentication.
129  // For proxy authentication the path is empty.
130  const std::string auth_path_;
131
132  // |handler_| encapsulates the logic for the particular auth-scheme.
133  // This includes the challenge's parameters. If NULL, then there is no
134  // associated auth handler.
135  scoped_ptr<HttpAuthHandler> handler_;
136
137  // |identity_| holds the credentials that should be used by
138  // the handler_ to generate challenge responses. This identity can come from
139  // a number of places (url, cache, prompt).
140  HttpAuth::Identity identity_;
141
142  // |auth_token_| contains the opaque string to pass to the proxy or
143  // server to authenticate the client.
144  std::string auth_token_;
145
146  // Contains information about the auth challenge.
147  scoped_refptr<AuthChallengeInfo> auth_info_;
148
149  // True if we've used the username:password embedded in the URL.  This
150  // makes sure we use the embedded identity only once for the transaction,
151  // preventing an infinite auth restart loop.
152  bool embedded_identity_used_;
153
154  // True if default credentials have already been tried for this transaction
155  // in response to an HTTP authentication challenge.
156  bool default_credentials_used_;
157
158  // These two are owned by the HttpNetworkSession/IOThread, which own the
159  // objects which reference |this|.  Therefore, these raw pointers are valid
160  // for the lifetime of this object.
161  HttpAuthCache* const http_auth_cache_;
162  HttpAuthHandlerFactory* const http_auth_handler_factory_;
163
164  std::set<HttpAuth::Scheme> disabled_schemes_;
165
166  CompletionCallback callback_;
167};
168
169}  // namespace net
170
171#endif  // NET_HTTP_HTTP_AUTH_CONTROLLER_H_
172