• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef NET_HTTP_HTTP_AUTH_CACHE_H_
6 #define NET_HTTP_HTTP_AUTH_CACHE_H_
7 
8 #include <list>
9 #include <string>
10 
11 #include "base/gtest_prod_util.h"
12 #include "base/memory/ref_counted.h"
13 #include "net/base/net_export.h"
14 #include "net/http/http_auth.h"
15 #include "url/gurl.h"
16 
17 namespace net {
18 
19 // HttpAuthCache stores HTTP authentication identities and challenge info.
20 // For each (origin, realm, scheme) triple the cache stores a
21 // HttpAuthCache::Entry, which holds:
22 //   - the origin server {protocol scheme, host, port}
23 //   - the last identity used (username/password)
24 //   - the last auth handler used (contains realm and authentication scheme)
25 //   - the list of paths which used this realm
26 // Entries can be looked up by either (origin, realm, scheme) or (origin, path).
27 class NET_EXPORT_PRIVATE HttpAuthCache {
28  public:
29   class NET_EXPORT_PRIVATE Entry {
30    public:
31     ~Entry();
32 
origin()33     const GURL& origin() const {
34       return origin_;
35     }
36 
37     // The case-sensitive realm string of the challenge.
realm()38     const std::string realm() const {
39       return realm_;
40     }
41 
42     // The authentication scheme of the challenge.
scheme()43     HttpAuth::Scheme scheme() const {
44       return scheme_;
45     }
46 
47     // The authentication challenge.
auth_challenge()48     const std::string auth_challenge() const {
49       return auth_challenge_;
50     }
51 
52     // The login credentials.
credentials()53     const AuthCredentials& credentials() const {
54       return credentials_;
55     }
56 
IncrementNonceCount()57     int IncrementNonceCount() {
58       return ++nonce_count_;
59     }
60 
61     void UpdateStaleChallenge(const std::string& auth_challenge);
62 
63    private:
64     friend class HttpAuthCache;
65     FRIEND_TEST_ALL_PREFIXES(HttpAuthCacheTest, AddPath);
66     FRIEND_TEST_ALL_PREFIXES(HttpAuthCacheTest, AddToExistingEntry);
67 
68     typedef std::list<std::string> PathList;
69 
70     Entry();
71 
72     // Adds a path defining the realm's protection space. If the path is
73     // already contained in the protection space, is a no-op.
74     void AddPath(const std::string& path);
75 
76     // Returns true if |dir| is contained within the realm's protection
77     // space.  |*path_len| is set to the length of the enclosing path if
78     // such a path exists and |path_len| is non-NULL.  If no enclosing
79     // path is found, |*path_len| is left unmodified.
80     //
81     // Note that proxy auth cache entries are associated with empty
82     // paths.  Therefore it is possible for HasEnclosingPath() to return
83     // true and set |*path_len| to 0.
84     bool HasEnclosingPath(const std::string& dir, size_t* path_len);
85 
86     // |origin_| contains the {protocol, host, port} of the server.
87     GURL origin_;
88     std::string realm_;
89     HttpAuth::Scheme scheme_;
90 
91     // Identity.
92     std::string auth_challenge_;
93     AuthCredentials credentials_;
94 
95     int nonce_count_;
96 
97     // List of paths that define the realm's protection space.
98     PathList paths_;
99   };
100 
101   // Prevent unbounded memory growth. These are safeguards for abuse; it is
102   // not expected that the limits will be reached in ordinary usage.
103   // This also defines the worst-case lookup times (which grow linearly
104   // with number of elements in the cache).
105   enum { kMaxNumPathsPerRealmEntry = 10 };
106   enum { kMaxNumRealmEntries = 10 };
107 
108   HttpAuthCache();
109   ~HttpAuthCache();
110 
111   // Find the realm entry on server |origin| for realm |realm| and
112   // scheme |scheme|.
113   //   |origin| - the {scheme, host, port} of the server.
114   //   |realm|  - case sensitive realm string.
115   //   |scheme| - the authentication scheme (i.e. basic, negotiate).
116   //   returns  - the matched entry or NULL.
117   Entry* Lookup(const GURL& origin,
118                 const std::string& realm,
119                 HttpAuth::Scheme scheme);
120 
121   // Find the entry on server |origin| whose protection space includes
122   // |path|. This uses the assumption in RFC 2617 section 2 that deeper
123   // paths lie in the same protection space.
124   //   |origin| - the {scheme, host, port} of the server.
125   //   |path|   - absolute path of the resource, or empty string in case of
126   //              proxy auth (which does not use the concept of paths).
127   //   returns  - the matched entry or NULL.
128   Entry* LookupByPath(const GURL& origin, const std::string& path);
129 
130   // Add an entry on server |origin| for realm |handler->realm()| and
131   // scheme |handler->scheme()|.  If an entry for this (realm,scheme)
132   // already exists, update it rather than replace it -- this  preserves the
133   // paths list.
134   //   |origin|   - the {scheme, host, port} of the server.
135   //   |realm|    - the auth realm for the challenge.
136   //   |scheme|   - the authentication scheme (i.e. basic, negotiate).
137   //   |credentials| - login information for the realm.
138   //   |path|     - absolute path for a resource contained in the protection
139   //                space; this will be added to the list of known paths.
140   //   returns    - the entry that was just added/updated.
141   Entry* Add(const GURL& origin,
142              const std::string& realm,
143              HttpAuth::Scheme scheme,
144              const std::string& auth_challenge,
145              const AuthCredentials& credentials,
146              const std::string& path);
147 
148   // Remove entry on server |origin| for realm |realm| and scheme |scheme|
149   // if one exists AND if the cached credentials matches |credentials|.
150   //   |origin|   - the {scheme, host, port} of the server.
151   //   |realm|    - case sensitive realm string.
152   //   |scheme|   - the authentication scheme (i.e. basic, negotiate).
153   //   |credentials| - the credentials to match.
154   //   returns    - true if an entry was removed.
155   bool Remove(const GURL& origin,
156               const std::string& realm,
157               HttpAuth::Scheme scheme,
158               const AuthCredentials& credentials);
159 
160   // Updates a stale digest entry on server |origin| for realm |realm| and
161   // scheme |scheme|. The cached auth challenge is replaced with
162   // |auth_challenge| and the nonce count is reset.
163   // |UpdateStaleChallenge()| returns true if a matching entry exists in the
164   // cache, false otherwise.
165   bool UpdateStaleChallenge(const GURL& origin,
166                             const std::string& realm,
167                             HttpAuth::Scheme scheme,
168                             const std::string& auth_challenge);
169 
170   // Copies all entries from |other| cache.
171   void UpdateAllFrom(const HttpAuthCache& other);
172 
173  private:
174   typedef std::list<Entry> EntryList;
175   EntryList entries_;
176 };
177 
178 // An authentication realm entry.
179 }  // namespace net
180 
181 #endif  // NET_HTTP_HTTP_AUTH_CACHE_H_
182