• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef NET_HTTP_HTTP_AUTH_HANDLER_FACTORY_H_
6 #define NET_HTTP_HTTP_AUTH_HANDLER_FACTORY_H_
7 #pragma once
8 
9 #include <map>
10 #include <string>
11 #include <vector>
12 
13 #include "base/memory/scoped_ptr.h"
14 #include "net/base/net_export.h"
15 #include "net/http/http_auth.h"
16 #include "net/http/url_security_manager.h"
17 
18 class GURL;
19 
20 namespace net {
21 
22 class BoundNetLog;
23 class HostResolver;
24 class HttpAuthHandler;
25 class HttpAuthHandlerRegistryFactory;
26 
27 // An HttpAuthHandlerFactory is used to create HttpAuthHandler objects.
28 // The HttpAuthHandlerFactory object _must_ outlive any of the HttpAuthHandler
29 // objects that it creates.
30 class NET_EXPORT HttpAuthHandlerFactory {
31  public:
32   enum CreateReason {
33     CREATE_CHALLENGE,     // Create a handler in response to a challenge.
34     CREATE_PREEMPTIVE,    // Create a handler preemptively.
35   };
36 
HttpAuthHandlerFactory()37   HttpAuthHandlerFactory() : url_security_manager_(NULL) {}
~HttpAuthHandlerFactory()38   virtual ~HttpAuthHandlerFactory() {}
39 
40   // Sets an URL security manager.  HttpAuthHandlerFactory doesn't own the URL
41   // security manager, and the URL security manager should outlive this object.
set_url_security_manager(URLSecurityManager * url_security_manager)42   void set_url_security_manager(URLSecurityManager* url_security_manager) {
43     url_security_manager_ = url_security_manager;
44   }
45 
46   // Retrieves the associated URL security manager.
url_security_manager()47   URLSecurityManager* url_security_manager() {
48     return url_security_manager_;
49   }
50 
51   // Creates an HttpAuthHandler object based on the authentication
52   // challenge specified by |*challenge|. |challenge| must point to a valid
53   // non-NULL tokenizer.
54   //
55   // If an HttpAuthHandler object is successfully created it is passed back to
56   // the caller through |*handler| and OK is returned.
57   //
58   // If |*challenge| specifies an unsupported authentication scheme, |*handler|
59   // is set to NULL and ERR_UNSUPPORTED_AUTH_SCHEME is returned.
60   //
61   // If |*challenge| is improperly formed, |*handler| is set to NULL and
62   // ERR_INVALID_RESPONSE is returned.
63   //
64   // |create_reason| indicates why the handler is being created. This is used
65   // since NTLM and Negotiate schemes do not support preemptive creation.
66   //
67   // |digest_nonce_count| is specifically intended for the Digest authentication
68   // scheme, and indicates the number of handlers generated for a particular
69   // server nonce challenge.
70   //
71   // For the NTLM and Negotiate handlers:
72   // If |origin| does not match the authentication method's filters for
73   // the specified |target|, ERR_INVALID_AUTH_CREDENTIALS is returned.
74   // NOTE: This will apply to ALL |origin| values if the filters are empty.
75   //
76   // |*challenge| should not be reused after a call to |CreateAuthHandler()|,
77   virtual int CreateAuthHandler(HttpAuth::ChallengeTokenizer* challenge,
78                                 HttpAuth::Target target,
79                                 const GURL& origin,
80                                 CreateReason create_reason,
81                                 int digest_nonce_count,
82                                 const BoundNetLog& net_log,
83                                 scoped_ptr<HttpAuthHandler>* handler) = 0;
84 
85   // Creates an HTTP authentication handler based on the authentication
86   // challenge string |challenge|.
87   // This is a convenience function which creates a ChallengeTokenizer for
88   // |challenge| and calls |CreateAuthHandler|. See |CreateAuthHandler| for
89   // more details on return values.
90   int CreateAuthHandlerFromString(const std::string& challenge,
91                                   HttpAuth::Target target,
92                                   const GURL& origin,
93                                   const BoundNetLog& net_log,
94                                   scoped_ptr<HttpAuthHandler>* handler);
95 
96   // Creates an HTTP authentication handler based on the authentication
97   // challenge string |challenge|.
98   // This is a convenience function which creates a ChallengeTokenizer for
99   // |challenge| and calls |CreateAuthHandler|. See |CreateAuthHandler| for
100   // more details on return values.
101   int CreatePreemptiveAuthHandlerFromString(
102       const std::string& challenge,
103       HttpAuth::Target target,
104       const GURL& origin,
105       int digest_nonce_count,
106       const BoundNetLog& net_log,
107       scoped_ptr<HttpAuthHandler>* handler);
108 
109   // Creates a standard HttpAuthHandlerRegistryFactory. The caller is
110   // responsible for deleting the factory.
111   // The default factory supports Basic, Digest, NTLM, and Negotiate schemes.
112   //
113   // |resolver| is used by the Negotiate authentication handler to perform
114   // CNAME lookups to generate a Kerberos SPN for the server. It must be
115   // non-NULL.  |resolver| must remain valid for the lifetime of the
116   // HttpAuthHandlerRegistryFactory and any HttpAuthHandlers created by said
117   // factory.
118   static HttpAuthHandlerRegistryFactory* CreateDefault(HostResolver* resolver);
119 
120  private:
121   // The URL security manager
122   URLSecurityManager* url_security_manager_;
123 
124   DISALLOW_COPY_AND_ASSIGN(HttpAuthHandlerFactory);
125 };
126 
127 // The HttpAuthHandlerRegistryFactory dispatches create requests out
128 // to other factories based on the auth scheme.
129 class NET_EXPORT HttpAuthHandlerRegistryFactory
130     : public HttpAuthHandlerFactory {
131  public:
132   HttpAuthHandlerRegistryFactory();
133   virtual ~HttpAuthHandlerRegistryFactory();
134 
135   // Sets an URL security manager into the factory associated with |scheme|.
136   void SetURLSecurityManager(const std::string& scheme,
137                              URLSecurityManager* url_security_manager);
138 
139   // Registers a |factory| that will be used for a particular HTTP
140   // authentication scheme such as Basic, Digest, or Negotiate.
141   // The |*factory| object is assumed to be new-allocated, and its lifetime
142   // will be managed by this HttpAuthHandlerRegistryFactory object (including
143   // deleting it when it is no longer used.
144   // A NULL |factory| value means that HttpAuthHandlers's will not be created
145   // for |scheme|. If a factory object used to exist for |scheme|, it will be
146   // deleted.
147   void RegisterSchemeFactory(const std::string& scheme,
148                              HttpAuthHandlerFactory* factory);
149 
150   // Retrieve the factory for the specified |scheme|. If no factory exists
151   // for the |scheme|, NULL is returned. The returned factory must not be
152   // deleted by the caller, and it is guaranteed to be valid until either
153   // a new factory is registered for the same scheme, or until this
154   // registry factory is destroyed.
155   HttpAuthHandlerFactory* GetSchemeFactory(const std::string& scheme) const;
156 
157   // Creates an HttpAuthHandlerRegistryFactory.
158   //
159   // |supported_schemes| is a list of authentication schemes. Valid values
160   // include "basic", "digest", "ntlm", and "negotiate", where case matters.
161   //
162   // |security_manager| is used by the NTLM and Negotiate authenticators
163   // to determine which servers Integrated Authentication can be used with. If
164   // NULL, Integrated Authentication will not be used with any server.
165   //
166   // |host_resolver| is used by the Negotiate authentication handler to perform
167   // CNAME lookups to generate a Kerberos SPN for the server. If the "negotiate"
168   // scheme is used and |negotiate_disable_cname_lookup| is false,
169   // |host_resolver| must not be NULL.
170   //
171   // |gssapi_library_name| specifies the name of the GSSAPI library that will
172   // be loaded on all platforms except Windows.
173   //
174   // |negotiate_disable_cname_lookup| and |negotiate_enable_port| both control
175   // how Negotiate does SPN generation, by default these should be false.
176   static HttpAuthHandlerRegistryFactory* Create(
177       const std::vector<std::string>& supported_schemes,
178       URLSecurityManager* security_manager,
179       HostResolver* host_resolver,
180       const std::string& gssapi_library_name,
181       bool negotiate_disable_cname_lookup,
182       bool negotiate_enable_port);
183 
184   // Creates an auth handler by dispatching out to the registered factories
185   // based on the first token in |challenge|.
186   virtual int CreateAuthHandler(HttpAuth::ChallengeTokenizer* challenge,
187                                 HttpAuth::Target target,
188                                 const GURL& origin,
189                                 CreateReason reason,
190                                 int digest_nonce_count,
191                                 const BoundNetLog& net_log,
192                                 scoped_ptr<HttpAuthHandler>* handler);
193 
194  private:
195   typedef std::map<std::string, HttpAuthHandlerFactory*> FactoryMap;
196 
197   FactoryMap factory_map_;
198   DISALLOW_COPY_AND_ASSIGN(HttpAuthHandlerRegistryFactory);
199 };
200 
201 }  // namespace net
202 
203 #endif  // NET_HTTP_HTTP_AUTH_HANDLER_FACTORY_H_
204