1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef NET_HTTP_HTTP_AUTH_HANDLER_H_ 6 #define NET_HTTP_HTTP_AUTH_HANDLER_H_ 7 8 #include <string> 9 10 #include "base/ref_counted.h" 11 #include "net/http/http_auth.h" 12 13 namespace net { 14 15 class HttpRequestInfo; 16 class ProxyInfo; 17 18 // HttpAuthHandler is the interface for the authentication schemes 19 // (basic, digest, ...) 20 // The registry mapping auth-schemes to implementations is hardcoded in 21 // HttpAuth::CreateAuthHandler(). 22 class HttpAuthHandler : public base::RefCounted<HttpAuthHandler> { 23 public: 24 // Initialize the handler by parsing a challenge string. 25 bool InitFromChallenge(std::string::const_iterator begin, 26 std::string::const_iterator end, 27 HttpAuth::Target target, 28 const GURL& origin); 29 30 // Lowercase name of the auth scheme scheme()31 const std::string& scheme() const { 32 return scheme_; 33 } 34 35 // The realm value that was parsed during Init(). realm()36 const std::string& realm() const { 37 return realm_; 38 } 39 40 // Numeric rank based on the challenge's security level. Higher 41 // numbers are better. Used by HttpAuth::ChooseBestChallenge(). score()42 int score() const { 43 return score_; 44 } 45 target()46 HttpAuth::Target target() const { 47 return target_; 48 } 49 50 // Returns true if the authentication scheme does not send the username and 51 // password in the clear. encrypts_identity()52 bool encrypts_identity() const { 53 return (properties_ & ENCRYPTS_IDENTITY) != 0; 54 } 55 56 // Returns true if the authentication scheme is connection-based, for 57 // example, NTLM. A connection-based authentication scheme does not support 58 // preemptive authentication, and must use the same handler object 59 // throughout the life of an HTTP transaction. is_connection_based()60 bool is_connection_based() const { 61 return (properties_ & IS_CONNECTION_BASED) != 0; 62 } 63 64 // Returns true if the response to the current authentication challenge 65 // requires an identity. 66 // TODO(wtc): Find a better way to handle a multi-round challenge-response 67 // sequence used by a connection-based authentication scheme. NeedsIdentity()68 virtual bool NeedsIdentity() { return true; } 69 70 // Returns true if this is the final round of the authentication sequence. 71 // For Basic and Digest, the method always returns true because they are 72 // single-round schemes. IsFinalRound()73 virtual bool IsFinalRound() { return true; } 74 75 // Generate the Authorization header value. 76 virtual std::string GenerateCredentials(const std::wstring& username, 77 const std::wstring& password, 78 const HttpRequestInfo* request, 79 const ProxyInfo* proxy) = 0; 80 81 protected: 82 enum Property { 83 ENCRYPTS_IDENTITY = 1 << 0, 84 IS_CONNECTION_BASED = 1 << 1, 85 }; 86 87 friend class base::RefCounted<HttpAuthHandler>; 88 ~HttpAuthHandler()89 virtual ~HttpAuthHandler() { } 90 91 // Initialize the handler by parsing a challenge string. 92 // Implementations are expcted to initialize the following members: 93 // scheme_, realm_, score_, properties_ 94 virtual bool Init(std::string::const_iterator challenge_begin, 95 std::string::const_iterator challenge_end) = 0; 96 97 // The lowercase auth-scheme {"basic", "digest", "ntlm", ...} 98 std::string scheme_; 99 100 // The realm. Used by "basic" and "digest". 101 std::string realm_; 102 103 // The {scheme, host, port} for the authentication target. Used by "ntlm" 104 // to construct the service principal name. 105 GURL origin_; 106 107 // The score for this challenge. Higher numbers are better. 108 int score_; 109 110 // Whether this authentication request is for a proxy server, or an 111 // origin server. 112 HttpAuth::Target target_; 113 114 // A bitmask of the properties of the authentication scheme. 115 int properties_; 116 }; 117 118 } // namespace net 119 120 #endif // NET_HTTP_HTTP_AUTH_HANDLER_H_ 121