1 // Copyright 2015 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/http/http_auth_multi_round_parse.h"
6
7 #include <string_view>
8
9 #include "base/base64.h"
10 #include "base/strings/string_util.h"
11 #include "net/http/http_auth_challenge_tokenizer.h"
12
13 namespace net {
14
15 namespace {
16
17 // Check that the scheme in the challenge matches the expected scheme
SchemeIsValid(HttpAuth::Scheme scheme,HttpAuthChallengeTokenizer * challenge)18 bool SchemeIsValid(HttpAuth::Scheme scheme,
19 HttpAuthChallengeTokenizer* challenge) {
20 return challenge->auth_scheme() == HttpAuth::SchemeToString(scheme);
21 }
22
23 } // namespace
24
ParseFirstRoundChallenge(HttpAuth::Scheme scheme,HttpAuthChallengeTokenizer * challenge)25 HttpAuth::AuthorizationResult ParseFirstRoundChallenge(
26 HttpAuth::Scheme scheme,
27 HttpAuthChallengeTokenizer* challenge) {
28 if (!SchemeIsValid(scheme, challenge))
29 return HttpAuth::AUTHORIZATION_RESULT_INVALID;
30
31 std::string_view encoded_auth_token = challenge->base64_param();
32 if (!encoded_auth_token.empty()) {
33 return HttpAuth::AUTHORIZATION_RESULT_INVALID;
34 }
35 return HttpAuth::AUTHORIZATION_RESULT_ACCEPT;
36 }
37
ParseLaterRoundChallenge(HttpAuth::Scheme scheme,HttpAuthChallengeTokenizer * challenge,std::string * encoded_token,std::string * decoded_token)38 HttpAuth::AuthorizationResult ParseLaterRoundChallenge(
39 HttpAuth::Scheme scheme,
40 HttpAuthChallengeTokenizer* challenge,
41 std::string* encoded_token,
42 std::string* decoded_token) {
43 if (!SchemeIsValid(scheme, challenge))
44 return HttpAuth::AUTHORIZATION_RESULT_INVALID;
45
46 *encoded_token = challenge->base64_param();
47 if (encoded_token->empty())
48 return HttpAuth::AUTHORIZATION_RESULT_REJECT;
49
50 if (!base::Base64Decode(*encoded_token, decoded_token))
51 return HttpAuth::AUTHORIZATION_RESULT_INVALID;
52 return HttpAuth::AUTHORIZATION_RESULT_ACCEPT;
53 }
54
55 } // namespace net
56