• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef NET_HTTP_HTTP_AUTH_CONTROLLER_H_
6 #define NET_HTTP_HTTP_AUTH_CONTROLLER_H_
7 
8 #include <set>
9 #include <string>
10 
11 #include "base/basictypes.h"
12 #include "base/memory/ref_counted.h"
13 #include "base/memory/scoped_ptr.h"
14 #include "base/threading/non_thread_safe.h"
15 #include "net/base/completion_callback.h"
16 #include "net/base/net_export.h"
17 #include "net/base/net_log.h"
18 #include "net/http/http_auth.h"
19 #include "url/gurl.h"
20 
21 namespace net {
22 
23 class AuthChallengeInfo;
24 class AuthCredentials;
25 class HttpAuthHandler;
26 class HttpAuthHandlerFactory;
27 class HttpAuthCache;
28 class HttpRequestHeaders;
29 struct HttpRequestInfo;
30 
31 class NET_EXPORT_PRIVATE HttpAuthController
32     : public base::RefCounted<HttpAuthController>,
33       NON_EXPORTED_BASE(public base::NonThreadSafe) {
34  public:
35   // The arguments are self explanatory except possibly for |auth_url|, which
36   // should be both the auth target and auth path in a single url argument.
37   HttpAuthController(HttpAuth::Target target,
38                      const GURL& auth_url,
39                      HttpAuthCache* http_auth_cache,
40                      HttpAuthHandlerFactory* http_auth_handler_factory);
41 
42   // Generate an authentication token for |target| if necessary. The return
43   // value is a net error code. |OK| will be returned both in the case that
44   // a token is correctly generated synchronously, as well as when no tokens
45   // were necessary.
46   virtual int MaybeGenerateAuthToken(const HttpRequestInfo* request,
47                                      const CompletionCallback& callback,
48                                      const BoundNetLog& net_log);
49 
50   // Adds either the proxy auth header, or the origin server auth header,
51   // as specified by |target_|.
52   virtual void AddAuthorizationHeader(
53       HttpRequestHeaders* authorization_headers);
54 
55   // Checks for and handles HTTP status code 401 or 407.
56   // |HandleAuthChallenge()| returns OK on success, or a network error code
57   // otherwise. It may also populate |auth_info_|.
58   virtual int HandleAuthChallenge(scoped_refptr<HttpResponseHeaders> headers,
59                                   bool do_not_send_server_auth,
60                                   bool establishing_tunnel,
61                                   const BoundNetLog& net_log);
62 
63   // Store the supplied credentials and prepare to restart the auth.
64   virtual void ResetAuth(const AuthCredentials& credentials);
65 
66   virtual bool HaveAuthHandler() const;
67 
68   virtual bool HaveAuth() const;
69 
70   virtual scoped_refptr<AuthChallengeInfo> auth_info();
71 
72   virtual bool IsAuthSchemeDisabled(HttpAuth::Scheme scheme) const;
73   virtual void DisableAuthScheme(HttpAuth::Scheme scheme);
74   virtual void DisableEmbeddedIdentity();
75 
76  private:
77   // Actions for InvalidateCurrentHandler()
78   enum InvalidateHandlerAction {
79     INVALIDATE_HANDLER_AND_CACHED_CREDENTIALS,
80     INVALIDATE_HANDLER_AND_DISABLE_SCHEME,
81     INVALIDATE_HANDLER
82   };
83 
84   // So that we can mock this object.
85   friend class base::RefCounted<HttpAuthController>;
86 
87   virtual ~HttpAuthController();
88 
89   // Searches the auth cache for an entry that encompasses the request's path.
90   // If such an entry is found, updates |identity_| and |handler_| with the
91   // cache entry's data and returns true.
92   bool SelectPreemptiveAuth(const BoundNetLog& net_log);
93 
94   // Invalidates the current handler.  If |action| is
95   // INVALIDATE_HANDLER_AND_CACHED_CREDENTIALS, then also invalidate
96   // the cached credentials used by the handler.
97   void InvalidateCurrentHandler(InvalidateHandlerAction action);
98 
99   // Invalidates any auth cache entries after authentication has failed.
100   // The identity that was rejected is |identity_|.
101   void InvalidateRejectedAuthFromCache();
102 
103   // Sets |identity_| to the next identity that the transaction should try. It
104   // chooses candidates by searching the auth cache and the URL for a
105   // username:password. Returns true if an identity was found.
106   bool SelectNextAuthIdentityToTry();
107 
108   // Populates auth_info_ with the challenge information, so that
109   // URLRequestHttpJob can prompt for credentials.
110   void PopulateAuthChallenge();
111 
112   // If |result| indicates a permanent failure, disables the current
113   // auth scheme for this controller and returns true.  Returns false
114   // otherwise.
115   bool DisableOnAuthHandlerResult(int result);
116 
117   void OnIOComplete(int result);
118 
119   // Indicates if this handler is for Proxy auth or Server auth.
120   HttpAuth::Target target_;
121 
122   // Holds the {scheme, host, path, port} for the authentication target.
123   const GURL auth_url_;
124 
125   // Holds the {scheme, host, port} for the authentication target.
126   const GURL auth_origin_;
127 
128   // The absolute path of the resource needing authentication.
129   // For proxy authentication the path is empty.
130   const std::string auth_path_;
131 
132   // |handler_| encapsulates the logic for the particular auth-scheme.
133   // This includes the challenge's parameters. If NULL, then there is no
134   // associated auth handler.
135   scoped_ptr<HttpAuthHandler> handler_;
136 
137   // |identity_| holds the credentials that should be used by
138   // the handler_ to generate challenge responses. This identity can come from
139   // a number of places (url, cache, prompt).
140   HttpAuth::Identity identity_;
141 
142   // |auth_token_| contains the opaque string to pass to the proxy or
143   // server to authenticate the client.
144   std::string auth_token_;
145 
146   // Contains information about the auth challenge.
147   scoped_refptr<AuthChallengeInfo> auth_info_;
148 
149   // True if we've used the username:password embedded in the URL.  This
150   // makes sure we use the embedded identity only once for the transaction,
151   // preventing an infinite auth restart loop.
152   bool embedded_identity_used_;
153 
154   // True if default credentials have already been tried for this transaction
155   // in response to an HTTP authentication challenge.
156   bool default_credentials_used_;
157 
158   // These two are owned by the HttpNetworkSession/IOThread, which own the
159   // objects which reference |this|.  Therefore, these raw pointers are valid
160   // for the lifetime of this object.
161   HttpAuthCache* const http_auth_cache_;
162   HttpAuthHandlerFactory* const http_auth_handler_factory_;
163 
164   std::set<HttpAuth::Scheme> disabled_schemes_;
165 
166   CompletionCallback callback_;
167 };
168 
169 }  // namespace net
170 
171 #endif  // NET_HTTP_HTTP_AUTH_CONTROLLER_H_
172