http_auth_controller.h revision 7dbb3d5cf0c15f500944d211057644d6a2f37371
1// Copyright (c) 2011 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef NET_HTTP_HTTP_AUTH_CONTROLLER_H_ 6#define NET_HTTP_HTTP_AUTH_CONTROLLER_H_ 7 8#include <set> 9#include <string> 10 11#include "base/basictypes.h" 12#include "base/memory/ref_counted.h" 13#include "base/memory/scoped_ptr.h" 14#include "base/threading/non_thread_safe.h" 15#include "net/base/completion_callback.h" 16#include "net/base/net_export.h" 17#include "net/base/net_log.h" 18#include "net/http/http_auth.h" 19#include "url/gurl.h" 20 21namespace net { 22 23class AuthChallengeInfo; 24class AuthCredentials; 25class HttpAuthHandler; 26class HttpAuthHandlerFactory; 27class HttpAuthCache; 28class HttpRequestHeaders; 29struct HttpRequestInfo; 30 31class NET_EXPORT_PRIVATE HttpAuthController 32 : public base::RefCounted<HttpAuthController>, 33 NON_EXPORTED_BASE(public base::NonThreadSafe) { 34 public: 35 // The arguments are self explanatory except possibly for |auth_url|, which 36 // should be both the auth target and auth path in a single url argument. 37 HttpAuthController(HttpAuth::Target target, 38 const GURL& auth_url, 39 HttpAuthCache* http_auth_cache, 40 HttpAuthHandlerFactory* http_auth_handler_factory); 41 42 // Generate an authentication token for |target| if necessary. The return 43 // value is a net error code. |OK| will be returned both in the case that 44 // a token is correctly generated synchronously, as well as when no tokens 45 // were necessary. 46 virtual int MaybeGenerateAuthToken(const HttpRequestInfo* request, 47 const CompletionCallback& callback, 48 const BoundNetLog& net_log); 49 50 // Adds either the proxy auth header, or the origin server auth header, 51 // as specified by |target_|. 52 virtual void AddAuthorizationHeader( 53 HttpRequestHeaders* authorization_headers); 54 55 // Checks for and handles HTTP status code 401 or 407. 56 // |HandleAuthChallenge()| returns OK on success, or a network error code 57 // otherwise. It may also populate |auth_info_|. 58 virtual int HandleAuthChallenge(scoped_refptr<HttpResponseHeaders> headers, 59 bool do_not_send_server_auth, 60 bool establishing_tunnel, 61 const BoundNetLog& net_log); 62 63 // Store the supplied credentials and prepare to restart the auth. 64 virtual void ResetAuth(const AuthCredentials& credentials); 65 66 virtual bool HaveAuthHandler() const; 67 68 virtual bool HaveAuth() const; 69 70 virtual scoped_refptr<AuthChallengeInfo> auth_info(); 71 72 virtual bool IsAuthSchemeDisabled(HttpAuth::Scheme scheme) const; 73 virtual void DisableAuthScheme(HttpAuth::Scheme scheme); 74 75 private: 76 // Actions for InvalidateCurrentHandler() 77 enum InvalidateHandlerAction { 78 INVALIDATE_HANDLER_AND_CACHED_CREDENTIALS, 79 INVALIDATE_HANDLER_AND_DISABLE_SCHEME, 80 INVALIDATE_HANDLER 81 }; 82 83 // So that we can mock this object. 84 friend class base::RefCounted<HttpAuthController>; 85 86 virtual ~HttpAuthController(); 87 88 // Searches the auth cache for an entry that encompasses the request's path. 89 // If such an entry is found, updates |identity_| and |handler_| with the 90 // cache entry's data and returns true. 91 bool SelectPreemptiveAuth(const BoundNetLog& net_log); 92 93 // Invalidates the current handler. If |action| is 94 // INVALIDATE_HANDLER_AND_CACHED_CREDENTIALS, then also invalidate 95 // the cached credentials used by the handler. 96 void InvalidateCurrentHandler(InvalidateHandlerAction action); 97 98 // Invalidates any auth cache entries after authentication has failed. 99 // The identity that was rejected is |identity_|. 100 void InvalidateRejectedAuthFromCache(); 101 102 // Sets |identity_| to the next identity that the transaction should try. It 103 // chooses candidates by searching the auth cache and the URL for a 104 // username:password. Returns true if an identity was found. 105 bool SelectNextAuthIdentityToTry(); 106 107 // Populates auth_info_ with the challenge information, so that 108 // URLRequestHttpJob can prompt for credentials. 109 void PopulateAuthChallenge(); 110 111 // If |result| indicates a permanent failure, disables the current 112 // auth scheme for this controller and returns true. Returns false 113 // otherwise. 114 bool DisableOnAuthHandlerResult(int result); 115 116 void OnIOComplete(int result); 117 118 // Indicates if this handler is for Proxy auth or Server auth. 119 HttpAuth::Target target_; 120 121 // Holds the {scheme, host, path, port} for the authentication target. 122 const GURL auth_url_; 123 124 // Holds the {scheme, host, port} for the authentication target. 125 const GURL auth_origin_; 126 127 // The absolute path of the resource needing authentication. 128 // For proxy authentication the path is empty. 129 const std::string auth_path_; 130 131 // |handler_| encapsulates the logic for the particular auth-scheme. 132 // This includes the challenge's parameters. If NULL, then there is no 133 // associated auth handler. 134 scoped_ptr<HttpAuthHandler> handler_; 135 136 // |identity_| holds the credentials that should be used by 137 // the handler_ to generate challenge responses. This identity can come from 138 // a number of places (url, cache, prompt). 139 HttpAuth::Identity identity_; 140 141 // |auth_token_| contains the opaque string to pass to the proxy or 142 // server to authenticate the client. 143 std::string auth_token_; 144 145 // Contains information about the auth challenge. 146 scoped_refptr<AuthChallengeInfo> auth_info_; 147 148 // True if we've used the username:password embedded in the URL. This 149 // makes sure we use the embedded identity only once for the transaction, 150 // preventing an infinite auth restart loop. 151 bool embedded_identity_used_; 152 153 // True if default credentials have already been tried for this transaction 154 // in response to an HTTP authentication challenge. 155 bool default_credentials_used_; 156 157 // These two are owned by the HttpNetworkSession/IOThread, which own the 158 // objects which reference |this|. Therefore, these raw pointers are valid 159 // for the lifetime of this object. 160 HttpAuthCache* const http_auth_cache_; 161 HttpAuthHandlerFactory* const http_auth_handler_factory_; 162 163 std::set<HttpAuth::Scheme> disabled_schemes_; 164 165 CompletionCallback callback_; 166}; 167 168} // namespace net 169 170#endif // NET_HTTP_HTTP_AUTH_CONTROLLER_H_ 171