net/http/http_auth_controller.h

   1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef NET_HTTP_HTTP_AUTH_CONTROLLER_H_
   6 #define NET_HTTP_HTTP_AUTH_CONTROLLER_H_
   7
   8 #include <set>
   9 #include <string>
  10
  11 #include "base/basictypes.h"
  12 #include "base/memory/ref_counted.h"
  13 #include "base/memory/scoped_ptr.h"
  14 #include "base/threading/non_thread_safe.h"
  15 #include "net/base/completion_callback.h"
  16 #include "net/base/net_export.h"
  17 #include "net/http/http_auth.h"
  18 #include "net/log/net_log.h"
  19 #include "url/gurl.h"
  20
  21 namespace net {
  22
  23 class AuthChallengeInfo;
  24 class AuthCredentials;
  25 class HttpAuthHandler;
  26 class HttpAuthHandlerFactory;
  27 class HttpAuthCache;
  28 class HttpRequestHeaders;
  29 struct HttpRequestInfo;
  30
  31 class NET_EXPORT_PRIVATE HttpAuthController
  32     : public base::RefCounted<HttpAuthController>,
  33       NON_EXPORTED_BASE(public base::NonThreadSafe) {
  34  public:
  35   // The arguments are self explanatory except possibly for |auth_url|, which
  36   // should be both the auth target and auth path in a single url argument.
  37   HttpAuthController(HttpAuth::Target target,
  38                      const GURL& auth_url,
  39                      HttpAuthCache* http_auth_cache,
  40                      HttpAuthHandlerFactory* http_auth_handler_factory);
  41
  42   // Generate an authentication token for |target| if necessary. The return
  43   // value is a net error code. |OK| will be returned both in the case that
  44   // a token is correctly generated synchronously, as well as when no tokens
  45   // were necessary.
  46   virtual int MaybeGenerateAuthToken(const HttpRequestInfo* request,
  47                                      const CompletionCallback& callback,
  48                                      const BoundNetLog& net_log);
  49
  50   // Adds either the proxy auth header, or the origin server auth header,
  51   // as specified by |target_|.
  52   virtual void AddAuthorizationHeader(
  53       HttpRequestHeaders* authorization_headers);
  54
  55   // Checks for and handles HTTP status code 401 or 407.
  56   // |HandleAuthChallenge()| returns OK on success, or a network error code
  57   // otherwise. It may also populate |auth_info_|.
  58   virtual int HandleAuthChallenge(scoped_refptr<HttpResponseHeaders> headers,
  59                                   bool do_not_send_server_auth,
  60                                   bool establishing_tunnel,
  61                                   const BoundNetLog& net_log);
  62
  63   // Store the supplied credentials and prepare to restart the auth.
  64   virtual void ResetAuth(const AuthCredentials& credentials);
  65
  66   virtual bool HaveAuthHandler() const;
  67
  68   virtual bool HaveAuth() const;
  69
  70   virtual scoped_refptr<AuthChallengeInfo> auth_info();
  71
  72   virtual bool IsAuthSchemeDisabled(HttpAuth::Scheme scheme) const;
  73   virtual void DisableAuthScheme(HttpAuth::Scheme scheme);
  74   virtual void DisableEmbeddedIdentity();
  75
  76  private:
  77   // Actions for InvalidateCurrentHandler()
  78   enum InvalidateHandlerAction {
  79     INVALIDATE_HANDLER_AND_CACHED_CREDENTIALS,
  80     INVALIDATE_HANDLER_AND_DISABLE_SCHEME,
  81     INVALIDATE_HANDLER
  82   };
  83
  84   // So that we can mock this object.
  85   friend class base::RefCounted<HttpAuthController>;
  86
  87   virtual ~HttpAuthController();
  88
  89   // Searches the auth cache for an entry that encompasses the request's path.
  90   // If such an entry is found, updates |identity_| and |handler_| with the
  91   // cache entry's data and returns true.
  92   bool SelectPreemptiveAuth(const BoundNetLog& net_log);
  93
  94   // Invalidates the current handler.  If |action| is
  95   // INVALIDATE_HANDLER_AND_CACHED_CREDENTIALS, then also invalidate
  96   // the cached credentials used by the handler.
  97   void InvalidateCurrentHandler(InvalidateHandlerAction action);
  98
  99   // Invalidates any auth cache entries after authentication has failed.
 100   // The identity that was rejected is |identity_|.
 101   void InvalidateRejectedAuthFromCache();
 102
 103   // Sets |identity_| to the next identity that the transaction should try. It
 104   // chooses candidates by searching the auth cache and the URL for a
 105   // username:password. Returns true if an identity was found.
 106   bool SelectNextAuthIdentityToTry();
 107
 108   // Populates auth_info_ with the challenge information, so that
 109   // URLRequestHttpJob can prompt for credentials.
 110   void PopulateAuthChallenge();
 111
 112   // If |result| indicates a permanent failure, disables the current
 113   // auth scheme for this controller and returns true.  Returns false
 114   // otherwise.
 115   bool DisableOnAuthHandlerResult(int result);
 116
 117   void OnIOComplete(int result);
 118
 119   // Indicates if this handler is for Proxy auth or Server auth.
 120   HttpAuth::Target target_;
 121
 122   // Holds the {scheme, host, path, port} for the authentication target.
 123   const GURL auth_url_;
 124
 125   // Holds the {scheme, host, port} for the authentication target.
 126   const GURL auth_origin_;
 127
 128   // The absolute path of the resource needing authentication.
 129   // For proxy authentication the path is empty.
 130   const std::string auth_path_;
 131
 132   // |handler_| encapsulates the logic for the particular auth-scheme.
 133   // This includes the challenge's parameters. If NULL, then there is no
 134   // associated auth handler.
 135   scoped_ptr<HttpAuthHandler> handler_;
 136
 137   // |identity_| holds the credentials that should be used by
 138   // the handler_ to generate challenge responses. This identity can come from
 139   // a number of places (url, cache, prompt).
 140   HttpAuth::Identity identity_;
 141
 142   // |auth_token_| contains the opaque string to pass to the proxy or
 143   // server to authenticate the client.
 144   std::string auth_token_;
 145
 146   // Contains information about the auth challenge.
 147   scoped_refptr<AuthChallengeInfo> auth_info_;
 148
 149   // True if we've used the username:password embedded in the URL.  This
 150   // makes sure we use the embedded identity only once for the transaction,
 151   // preventing an infinite auth restart loop.
 152   bool embedded_identity_used_;
 153
 154   // True if default credentials have already been tried for this transaction
 155   // in response to an HTTP authentication challenge.
 156   bool default_credentials_used_;
 157
 158   // These two are owned by the HttpNetworkSession/IOThread, which own the
 159   // objects which reference |this|.  Therefore, these raw pointers are valid
 160   // for the lifetime of this object.
 161   HttpAuthCache* const http_auth_cache_;
 162   HttpAuthHandlerFactory* const http_auth_handler_factory_;
 163
 164   std::set<HttpAuth::Scheme> disabled_schemes_;
 165
 166   CompletionCallback callback_;
 167 };
 168
 169 }  // namespace net
 170
 171 #endif  // NET_HTTP_HTTP_AUTH_CONTROLLER_H_