• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef NET_HTTP_HTTP_AUTH_CACHE_H_
6 #define NET_HTTP_HTTP_AUTH_CACHE_H_
7 
8 #include <list>
9 #include <string>
10 
11 #include "base/gtest_prod_util.h"
12 #include "base/memory/ref_counted.h"
13 #include "base/time/time.h"
14 #include "net/base/net_export.h"
15 #include "net/http/http_auth.h"
16 #include "url/gurl.h"
17 
18 namespace net {
19 
20 // HttpAuthCache stores HTTP authentication identities and challenge info.
21 // For each (origin, realm, scheme) triple the cache stores a
22 // HttpAuthCache::Entry, which holds:
23 //   - the origin server {protocol scheme, host, port}
24 //   - the last identity used (username/password)
25 //   - the last auth handler used (contains realm and authentication scheme)
26 //   - the list of paths which used this realm
27 // Entries can be looked up by either (origin, realm, scheme) or (origin, path).
28 class NET_EXPORT_PRIVATE HttpAuthCache {
29  public:
30   class NET_EXPORT_PRIVATE Entry {
31    public:
32     ~Entry();
33 
origin()34     const GURL& origin() const {
35       return origin_;
36     }
37 
38     // The case-sensitive realm string of the challenge.
realm()39     const std::string realm() const {
40       return realm_;
41     }
42 
43     // The authentication scheme of the challenge.
scheme()44     HttpAuth::Scheme scheme() const {
45       return scheme_;
46     }
47 
48     // The authentication challenge.
auth_challenge()49     const std::string auth_challenge() const {
50       return auth_challenge_;
51     }
52 
53     // The login credentials.
credentials()54     const AuthCredentials& credentials() const {
55       return credentials_;
56     }
57 
IncrementNonceCount()58     int IncrementNonceCount() {
59       return ++nonce_count_;
60     }
61 
62     void UpdateStaleChallenge(const std::string& auth_challenge);
63 
64    private:
65     friend class HttpAuthCache;
66     FRIEND_TEST_ALL_PREFIXES(HttpAuthCacheTest, AddPath);
67     FRIEND_TEST_ALL_PREFIXES(HttpAuthCacheTest, AddToExistingEntry);
68 
69     typedef std::list<std::string> PathList;
70 
71     Entry();
72 
73     // Adds a path defining the realm's protection space. If the path is
74     // already contained in the protection space, is a no-op.
75     void AddPath(const std::string& path);
76 
77     // Returns true if |dir| is contained within the realm's protection
78     // space.  |*path_len| is set to the length of the enclosing path if
79     // such a path exists and |path_len| is non-NULL.  If no enclosing
80     // path is found, |*path_len| is left unmodified.
81     //
82     // Note that proxy auth cache entries are associated with empty
83     // paths.  Therefore it is possible for HasEnclosingPath() to return
84     // true and set |*path_len| to 0.
85     bool HasEnclosingPath(const std::string& dir, size_t* path_len);
86 
87     // |origin_| contains the {protocol, host, port} of the server.
88     GURL origin_;
89     std::string realm_;
90     HttpAuth::Scheme scheme_;
91 
92     // Identity.
93     std::string auth_challenge_;
94     AuthCredentials credentials_;
95 
96     int nonce_count_;
97 
98     // List of paths that define the realm's protection space.
99     PathList paths_;
100 
101     // Times the entry was created and last used (by looking up, adding a path,
102     // or updating the challenge.)
103     base::TimeTicks creation_time_;
104     base::TimeTicks last_use_time_;
105   };
106 
107   // Prevent unbounded memory growth. These are safeguards for abuse; it is
108   // not expected that the limits will be reached in ordinary usage.
109   // This also defines the worst-case lookup times (which grow linearly
110   // with number of elements in the cache).
111   enum { kMaxNumPathsPerRealmEntry = 10 };
112   enum { kMaxNumRealmEntries = 10 };
113 
114   HttpAuthCache();
115   ~HttpAuthCache();
116 
117   // Find the realm entry on server |origin| for realm |realm| and
118   // scheme |scheme|.
119   //   |origin| - the {scheme, host, port} of the server.
120   //   |realm|  - case sensitive realm string.
121   //   |scheme| - the authentication scheme (i.e. basic, negotiate).
122   //   returns  - the matched entry or NULL.
123   Entry* Lookup(const GURL& origin,
124                 const std::string& realm,
125                 HttpAuth::Scheme scheme);
126 
127   // Find the entry on server |origin| whose protection space includes
128   // |path|. This uses the assumption in RFC 2617 section 2 that deeper
129   // paths lie in the same protection space.
130   //   |origin| - the {scheme, host, port} of the server.
131   //   |path|   - absolute path of the resource, or empty string in case of
132   //              proxy auth (which does not use the concept of paths).
133   //   returns  - the matched entry or NULL.
134   Entry* LookupByPath(const GURL& origin, const std::string& path);
135 
136   // Add an entry on server |origin| for realm |handler->realm()| and
137   // scheme |handler->scheme()|.  If an entry for this (realm,scheme)
138   // already exists, update it rather than replace it -- this  preserves the
139   // paths list.
140   //   |origin|   - the {scheme, host, port} of the server.
141   //   |realm|    - the auth realm for the challenge.
142   //   |scheme|   - the authentication scheme (i.e. basic, negotiate).
143   //   |credentials| - login information for the realm.
144   //   |path|     - absolute path for a resource contained in the protection
145   //                space; this will be added to the list of known paths.
146   //   returns    - the entry that was just added/updated.
147   Entry* Add(const GURL& origin,
148              const std::string& realm,
149              HttpAuth::Scheme scheme,
150              const std::string& auth_challenge,
151              const AuthCredentials& credentials,
152              const std::string& path);
153 
154   // Remove entry on server |origin| for realm |realm| and scheme |scheme|
155   // if one exists AND if the cached credentials matches |credentials|.
156   //   |origin|   - the {scheme, host, port} of the server.
157   //   |realm|    - case sensitive realm string.
158   //   |scheme|   - the authentication scheme (i.e. basic, negotiate).
159   //   |credentials| - the credentials to match.
160   //   returns    - true if an entry was removed.
161   bool Remove(const GURL& origin,
162               const std::string& realm,
163               HttpAuth::Scheme scheme,
164               const AuthCredentials& credentials);
165 
166   // Clears the cache.
167   void Clear();
168 
169   // Updates a stale digest entry on server |origin| for realm |realm| and
170   // scheme |scheme|. The cached auth challenge is replaced with
171   // |auth_challenge| and the nonce count is reset.
172   // |UpdateStaleChallenge()| returns true if a matching entry exists in the
173   // cache, false otherwise.
174   bool UpdateStaleChallenge(const GURL& origin,
175                             const std::string& realm,
176                             HttpAuth::Scheme scheme,
177                             const std::string& auth_challenge);
178 
179   // Copies all entries from |other| cache.
180   void UpdateAllFrom(const HttpAuthCache& other);
181 
182  private:
183   typedef std::list<Entry> EntryList;
184   EntryList entries_;
185 };
186 
187 // An authentication realm entry.
188 }  // namespace net
189 
190 #endif  // NET_HTTP_HTTP_AUTH_CACHE_H_
191