diff options
Diffstat (limited to 'chromium/net/http/url_security_manager.h')
-rw-r--r-- | chromium/net/http/url_security_manager.h | 79 |
1 files changed, 79 insertions, 0 deletions
diff --git a/chromium/net/http/url_security_manager.h b/chromium/net/http/url_security_manager.h new file mode 100644 index 00000000000..4015fc26766 --- /dev/null +++ b/chromium/net/http/url_security_manager.h @@ -0,0 +1,79 @@ +// Copyright (c) 2011 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef NET_HTTP_URL_SECURITY_MANAGER_H_ +#define NET_HTTP_URL_SECURITY_MANAGER_H_ + +#include "base/basictypes.h" +#include "base/memory/scoped_ptr.h" +#include "net/base/net_export.h" + +class GURL; + +namespace net { + +class HttpAuthFilter; + +// The URL security manager controls the policies (allow, deny, prompt user) +// regarding URL actions (e.g., sending the default credentials to a server). +class NET_EXPORT URLSecurityManager { + public: + URLSecurityManager() {} + virtual ~URLSecurityManager() {} + + // Creates a platform-dependent instance of URLSecurityManager. + // + // |whitelist_default| is the whitelist of servers that default credentials + // can be used with during NTLM or Negotiate authentication. If + // |whitelist_default| is NULL and the platform is Windows, it indicates + // that security zone mapping should be used to determine whether default + // credentials sxhould be used. If |whitelist_default| is NULL and the + // platform is non-Windows, it indicates that no servers should be + // whitelisted. + // + // |whitelist_delegate| is the whitelist of servers that are allowed + // to have Delegated Kerberos tickets. If |whitelist_delegate| is NULL, + // no servers can have delegated Kerberos tickets. + // + // Both |whitelist_default| and |whitelist_delegate| will be owned by + // the created URLSecurityManager. + // + // TODO(cbentzel): Perhaps it's better to make a non-abstract HttpAuthFilter + // and just copy into the URLSecurityManager? + static URLSecurityManager* Create(const HttpAuthFilter* whitelist_default, + const HttpAuthFilter* whitelist_delegate); + + // Returns true if we can send the default credentials to the server at + // |auth_origin| for HTTP NTLM or Negotiate authentication. + virtual bool CanUseDefaultCredentials(const GURL& auth_origin) const = 0; + + // Returns true if Kerberos delegation is allowed for the server at + // |auth_origin| for HTTP Negotiate authentication. + virtual bool CanDelegate(const GURL& auth_origin) const = 0; + + private: + DISALLOW_COPY_AND_ASSIGN(URLSecurityManager); +}; + +class URLSecurityManagerWhitelist : public URLSecurityManager { + public: + // The URLSecurityManagerWhitelist takes ownership of the whitelists. + URLSecurityManagerWhitelist(const HttpAuthFilter* whitelist_default, + const HttpAuthFilter* whitelist_delegation); + virtual ~URLSecurityManagerWhitelist(); + + // URLSecurityManager methods. + virtual bool CanUseDefaultCredentials(const GURL& auth_origin) const OVERRIDE; + virtual bool CanDelegate(const GURL& auth_origin) const OVERRIDE; + + private: + scoped_ptr<const HttpAuthFilter> whitelist_default_; + scoped_ptr<const HttpAuthFilter> whitelist_delegate_; + + DISALLOW_COPY_AND_ASSIGN(URLSecurityManagerWhitelist); +}; + +} // namespace net + +#endif // NET_HTTP_URL_SECURITY_MANAGER_H_ |