summaryrefslogtreecommitdiff
path: root/chromium/net/http/http_auth.h
diff options
context:
space:
mode:
Diffstat (limited to 'chromium/net/http/http_auth.h')
-rw-r--r--chromium/net/http/http_auth.h216
1 files changed, 216 insertions, 0 deletions
diff --git a/chromium/net/http/http_auth.h b/chromium/net/http/http_auth.h
new file mode 100644
index 00000000000..1a03bb1fe1f
--- /dev/null
+++ b/chromium/net/http/http_auth.h
@@ -0,0 +1,216 @@
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef NET_HTTP_HTTP_AUTH_H_
+#define NET_HTTP_HTTP_AUTH_H_
+
+#include <set>
+#include <string>
+
+#include "base/memory/scoped_ptr.h"
+#include "net/base/auth.h"
+#include "net/base/net_export.h"
+#include "net/http/http_util.h"
+
+template <class T> class scoped_refptr;
+
+namespace net {
+
+class BoundNetLog;
+class HttpAuthHandler;
+class HttpAuthHandlerFactory;
+class HttpResponseHeaders;
+
+// Utility class for http authentication.
+class NET_EXPORT_PRIVATE HttpAuth {
+ public:
+ // Http authentication can be done the the proxy server, origin server,
+ // or both. This enum tracks who the target is.
+ enum Target {
+ AUTH_NONE = -1,
+ // We depend on the valid targets (!= AUTH_NONE) being usable as indexes
+ // in an array, so start from 0.
+ AUTH_PROXY = 0,
+ AUTH_SERVER = 1,
+ AUTH_NUM_TARGETS = 2,
+ };
+
+ // What the HTTP WWW-Authenticate/Proxy-Authenticate headers indicate about
+ // the previous authorization attempt.
+ enum AuthorizationResult {
+ AUTHORIZATION_RESULT_ACCEPT, // The authorization attempt was accepted,
+ // although there still may be additional
+ // rounds of challenges.
+
+ AUTHORIZATION_RESULT_REJECT, // The authorization attempt was rejected.
+
+ AUTHORIZATION_RESULT_STALE, // (Digest) The nonce used in the
+ // authorization attempt is stale, but
+ // otherwise the attempt was valid.
+
+ AUTHORIZATION_RESULT_INVALID, // The authentication challenge headers are
+ // poorly formed (the authorization attempt
+ // itself may have been fine).
+
+ AUTHORIZATION_RESULT_DIFFERENT_REALM, // The authorization
+ // attempt was rejected,
+ // but the realm associated
+ // with the new challenge
+ // is different from the
+ // previous attempt.
+ };
+
+ // Describes where the identity used for authentication came from.
+ enum IdentitySource {
+ // Came from nowhere -- the identity is not initialized.
+ IDENT_SRC_NONE,
+
+ // The identity came from the auth cache, by doing a path-based
+ // lookup (premptive authorization).
+ IDENT_SRC_PATH_LOOKUP,
+
+ // The identity was extracted from a URL of the form:
+ // http://<username>:<password>@host:port
+ IDENT_SRC_URL,
+
+ // The identity was retrieved from the auth cache, by doing a
+ // realm lookup.
+ IDENT_SRC_REALM_LOOKUP,
+
+ // The identity was provided by RestartWithAuth -- it likely
+ // came from a prompt (or maybe the password manager).
+ IDENT_SRC_EXTERNAL,
+
+ // The identity used the default credentials for the computer,
+ // on schemes that support single sign-on.
+ IDENT_SRC_DEFAULT_CREDENTIALS,
+ };
+
+ enum Scheme {
+ AUTH_SCHEME_BASIC = 0,
+ AUTH_SCHEME_DIGEST,
+ AUTH_SCHEME_NTLM,
+ AUTH_SCHEME_NEGOTIATE,
+ AUTH_SCHEME_SPDYPROXY,
+ AUTH_SCHEME_MOCK,
+ AUTH_SCHEME_MAX,
+ };
+
+ // Helper structure used by HttpNetworkTransaction to track
+ // the current identity being used for authorization.
+ struct Identity {
+ Identity();
+
+ IdentitySource source;
+ bool invalid;
+ AuthCredentials credentials;
+ };
+
+ // Get the name of the header containing the auth challenge
+ // (either WWW-Authenticate or Proxy-Authenticate).
+ static std::string GetChallengeHeaderName(Target target);
+
+ // Get the name of the header where the credentials go
+ // (either Authorization or Proxy-Authorization).
+ static std::string GetAuthorizationHeaderName(Target target);
+
+ // Returns a string representation of a Target value that can be used in log
+ // messages.
+ static std::string GetAuthTargetString(Target target);
+
+ // Returns a string representation of an authentication Scheme.
+ static const char* SchemeToString(Scheme scheme);
+
+ // Iterate through the challenge headers, and pick the best one that
+ // we support. Obtains the implementation class for handling the challenge,
+ // and passes it back in |*handler|. If no supported challenge was found,
+ // |*handler| is set to NULL.
+ //
+ // |disabled_schemes| is the set of schemes that we should not use.
+ //
+ // |origin| is used by the NTLM and Negotiation authentication scheme to
+ // construct the service principal name. It is ignored by other schemes.
+ static void ChooseBestChallenge(
+ HttpAuthHandlerFactory* http_auth_handler_factory,
+ const HttpResponseHeaders* headers,
+ Target target,
+ const GURL& origin,
+ const std::set<Scheme>& disabled_schemes,
+ const BoundNetLog& net_log,
+ scoped_ptr<HttpAuthHandler>* handler);
+
+ // Handle a 401/407 response from a server/proxy after a previous
+ // authentication attempt. For connection-based authentication schemes, the
+ // new response may be another round in a multi-round authentication sequence.
+ // For request-based schemes, a 401/407 response is typically treated like a
+ // rejection of the previous challenge, except in the Digest case when a
+ // "stale" attribute is present.
+ //
+ // |handler| must be non-NULL, and is the HttpAuthHandler from the previous
+ // authentication round.
+ //
+ // |headers| must be non-NULL and contain the new HTTP response.
+ //
+ // |target| specifies whether the authentication challenge response came
+ // from a server or a proxy.
+ //
+ // |disabled_schemes| are the authentication schemes to ignore.
+ //
+ // |challenge_used| is the text of the authentication challenge used in
+ // support of the returned AuthorizationResult. If no headers were used for
+ // the result (for example, all headers have unknown authentication schemes),
+ // the value is cleared.
+ static AuthorizationResult HandleChallengeResponse(
+ HttpAuthHandler* handler,
+ const HttpResponseHeaders* headers,
+ Target target,
+ const std::set<Scheme>& disabled_schemes,
+ std::string* challenge_used);
+
+ // Breaks up a challenge string into the the auth scheme and parameter list,
+ // according to RFC 2617 Sec 1.2:
+ // challenge = auth-scheme 1*SP 1#auth-param
+ //
+ // Depending on the challenge scheme, it may be appropriate to interpret the
+ // parameters as either a base-64 encoded string or a comma-delimited list
+ // of name-value pairs. param_pairs() and base64_param() methods are provided
+ // to support either usage.
+ class NET_EXPORT_PRIVATE ChallengeTokenizer {
+ public:
+ ChallengeTokenizer(std::string::const_iterator begin,
+ std::string::const_iterator end);
+
+ // Get the original text.
+ std::string challenge_text() const {
+ return std::string(begin_, end_);
+ }
+
+ // Get the auth scheme of the challenge.
+ std::string::const_iterator scheme_begin() const { return scheme_begin_; }
+ std::string::const_iterator scheme_end() const { return scheme_end_; }
+ std::string scheme() const {
+ return std::string(scheme_begin_, scheme_end_);
+ }
+
+ HttpUtil::NameValuePairsIterator param_pairs() const;
+ std::string base64_param() const;
+
+ private:
+ void Init(std::string::const_iterator begin,
+ std::string::const_iterator end);
+
+ std::string::const_iterator begin_;
+ std::string::const_iterator end_;
+
+ std::string::const_iterator scheme_begin_;
+ std::string::const_iterator scheme_end_;
+
+ std::string::const_iterator params_begin_;
+ std::string::const_iterator params_end_;
+ };
+};
+
+} // namespace net
+
+#endif // NET_HTTP_HTTP_AUTH_H_
View Lorry Controller Status