• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2011 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include "net/http/http_auth.h"
6 
7 #include <algorithm>
8 
9 #include "base/strings/string_tokenizer.h"
10 #include "base/strings/string_util.h"
11 #include "base/values.h"
12 #include "net/base/net_errors.h"
13 #include "net/dns/host_resolver.h"
14 #include "net/http/http_auth_challenge_tokenizer.h"
15 #include "net/http/http_auth_handler.h"
16 #include "net/http/http_auth_handler_factory.h"
17 #include "net/http/http_auth_scheme.h"
18 #include "net/http/http_request_headers.h"
19 #include "net/http/http_response_headers.h"
20 #include "net/http/http_util.h"
21 #include "net/log/net_log.h"
22 #include "net/log/net_log_values.h"
23 
24 namespace net {
25 
26 namespace {
27 const char* const kSchemeNames[] = {kBasicAuthScheme,     kDigestAuthScheme,
28                                     kNtlmAuthScheme,      kNegotiateAuthScheme,
29                                     kSpdyProxyAuthScheme, kMockAuthScheme};
30 }  // namespace
31 
32 HttpAuth::Identity::Identity() = default;
33 
34 // static
ChooseBestChallenge(HttpAuthHandlerFactory * http_auth_handler_factory,const HttpResponseHeaders & response_headers,const SSLInfo & ssl_info,const NetworkAnonymizationKey & network_anonymization_key,Target target,const url::SchemeHostPort & scheme_host_port,const std::set<Scheme> & disabled_schemes,const NetLogWithSource & net_log,HostResolver * host_resolver,std::unique_ptr<HttpAuthHandler> * handler)35 void HttpAuth::ChooseBestChallenge(
36     HttpAuthHandlerFactory* http_auth_handler_factory,
37     const HttpResponseHeaders& response_headers,
38     const SSLInfo& ssl_info,
39     const NetworkAnonymizationKey& network_anonymization_key,
40     Target target,
41     const url::SchemeHostPort& scheme_host_port,
42     const std::set<Scheme>& disabled_schemes,
43     const NetLogWithSource& net_log,
44     HostResolver* host_resolver,
45     std::unique_ptr<HttpAuthHandler>* handler) {
46   DCHECK(http_auth_handler_factory);
47   DCHECK(handler->get() == nullptr);
48 
49   // Choose the challenge whose authentication handler gives the maximum score.
50   std::unique_ptr<HttpAuthHandler> best;
51   const std::string header_name = GetChallengeHeaderName(target);
52   std::string cur_challenge;
53   size_t iter = 0;
54   while (response_headers.EnumerateHeader(&iter, header_name, &cur_challenge)) {
55     std::unique_ptr<HttpAuthHandler> cur;
56     int rv = http_auth_handler_factory->CreateAuthHandlerFromString(
57         cur_challenge, target, ssl_info, network_anonymization_key,
58         scheme_host_port, net_log, host_resolver, &cur);
59     if (rv != OK) {
60       VLOG(1) << "Unable to create AuthHandler. Status: "
61               << ErrorToString(rv) << " Challenge: " << cur_challenge;
62       continue;
63     }
64     if (cur.get() && (!best.get() || best->score() < cur->score()) &&
65         (disabled_schemes.find(cur->auth_scheme()) == disabled_schemes.end()))
66       best.swap(cur);
67   }
68   handler->swap(best);
69 }
70 
71 // static
HandleChallengeResponse(HttpAuthHandler * handler,const HttpResponseHeaders & response_headers,Target target,const std::set<Scheme> & disabled_schemes,std::string * challenge_used)72 HttpAuth::AuthorizationResult HttpAuth::HandleChallengeResponse(
73     HttpAuthHandler* handler,
74     const HttpResponseHeaders& response_headers,
75     Target target,
76     const std::set<Scheme>& disabled_schemes,
77     std::string* challenge_used) {
78   DCHECK(handler);
79   DCHECK(challenge_used);
80 
81   challenge_used->clear();
82   HttpAuth::Scheme current_scheme = handler->auth_scheme();
83   if (disabled_schemes.find(current_scheme) != disabled_schemes.end())
84     return HttpAuth::AUTHORIZATION_RESULT_REJECT;
85   const char* current_scheme_name = SchemeToString(current_scheme);
86   const std::string header_name = GetChallengeHeaderName(target);
87   size_t iter = 0;
88   std::string challenge;
89   HttpAuth::AuthorizationResult authorization_result =
90       HttpAuth::AUTHORIZATION_RESULT_INVALID;
91   while (response_headers.EnumerateHeader(&iter, header_name, &challenge)) {
92     HttpAuthChallengeTokenizer challenge_tokens(challenge.begin(),
93                                                 challenge.end());
94     if (challenge_tokens.auth_scheme() != current_scheme_name)
95       continue;
96     authorization_result = handler->HandleAnotherChallenge(&challenge_tokens);
97     if (authorization_result != HttpAuth::AUTHORIZATION_RESULT_INVALID) {
98       *challenge_used = challenge;
99       return authorization_result;
100     }
101   }
102   // Finding no matches is equivalent to rejection.
103   return HttpAuth::AUTHORIZATION_RESULT_REJECT;
104 }
105 
106 // static
GetChallengeHeaderName(Target target)107 std::string HttpAuth::GetChallengeHeaderName(Target target) {
108   switch (target) {
109     case AUTH_PROXY:
110       return "Proxy-Authenticate";
111     case AUTH_SERVER:
112       return "WWW-Authenticate";
113     default:
114       NOTREACHED();
115       return std::string();
116   }
117 }
118 
119 // static
GetAuthorizationHeaderName(Target target)120 std::string HttpAuth::GetAuthorizationHeaderName(Target target) {
121   switch (target) {
122     case AUTH_PROXY:
123       return HttpRequestHeaders::kProxyAuthorization;
124     case AUTH_SERVER:
125       return HttpRequestHeaders::kAuthorization;
126     default:
127       NOTREACHED();
128       return std::string();
129   }
130 }
131 
132 // static
GetAuthTargetString(Target target)133 std::string HttpAuth::GetAuthTargetString(Target target) {
134   switch (target) {
135     case AUTH_PROXY:
136       return "proxy";
137     case AUTH_SERVER:
138       return "server";
139     default:
140       NOTREACHED();
141       return std::string();
142   }
143 }
144 
145 // static
SchemeToString(Scheme scheme)146 const char* HttpAuth::SchemeToString(Scheme scheme) {
147   static_assert(std::size(kSchemeNames) == AUTH_SCHEME_MAX,
148                 "http auth scheme names incorrect size");
149   if (scheme < AUTH_SCHEME_BASIC || scheme >= AUTH_SCHEME_MAX) {
150     NOTREACHED();
151     return "invalid_scheme";
152   }
153   return kSchemeNames[scheme];
154 }
155 
156 // static
StringToScheme(const std::string & str)157 HttpAuth::Scheme HttpAuth::StringToScheme(const std::string& str) {
158   for (uint8_t i = 0; i < std::size(kSchemeNames); i++) {
159     if (str == kSchemeNames[i])
160       return static_cast<Scheme>(i);
161   }
162   NOTREACHED();
163   return AUTH_SCHEME_MAX;
164 }
165 
166 // static
AuthorizationResultToString(AuthorizationResult authorization_result)167 const char* HttpAuth::AuthorizationResultToString(
168     AuthorizationResult authorization_result) {
169   switch (authorization_result) {
170     case AUTHORIZATION_RESULT_ACCEPT:
171       return "accept";
172     case AUTHORIZATION_RESULT_REJECT:
173       return "reject";
174     case AUTHORIZATION_RESULT_STALE:
175       return "stale";
176     case AUTHORIZATION_RESULT_INVALID:
177       return "invalid";
178     case AUTHORIZATION_RESULT_DIFFERENT_REALM:
179       return "different_realm";
180   }
181   NOTREACHED();
182   return "(invalid result)";
183 }
184 
185 // static
NetLogAuthorizationResultParams(const char * name,AuthorizationResult authorization_result)186 base::Value::Dict HttpAuth::NetLogAuthorizationResultParams(
187     const char* name,
188     AuthorizationResult authorization_result) {
189   return NetLogParamsWithString(
190       name, AuthorizationResultToString(authorization_result));
191 }
192 
193 }  // namespace net
194