1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef NET_HTTP_HTTP_AUTH_CONTROLLER_H_
6 #define NET_HTTP_HTTP_AUTH_CONTROLLER_H_
11 #include "base/basictypes.h"
12 #include "base/memory/ref_counted.h"
13 #include "base/memory/scoped_ptr.h"
14 #include "base/threading/non_thread_safe.h"
15 #include "net/base/completion_callback.h"
16 #include "net/base/net_export.h"
17 #include "net/base/net_log.h"
18 #include "net/http/http_auth.h"
23 class AuthChallengeInfo
;
24 class AuthCredentials
;
25 class HttpAuthHandler
;
26 class HttpAuthHandlerFactory
;
28 class HttpRequestHeaders
;
29 struct HttpRequestInfo
;
31 class NET_EXPORT_PRIVATE HttpAuthController
32 : public base::RefCounted
<HttpAuthController
>,
33 NON_EXPORTED_BASE(public base::NonThreadSafe
) {
35 // The arguments are self explanatory except possibly for |auth_url|, which
36 // should be both the auth target and auth path in a single url argument.
37 HttpAuthController(HttpAuth::Target target
,
39 HttpAuthCache
* http_auth_cache
,
40 HttpAuthHandlerFactory
* http_auth_handler_factory
);
42 // Generate an authentication token for |target| if necessary. The return
43 // value is a net error code. |OK| will be returned both in the case that
44 // a token is correctly generated synchronously, as well as when no tokens
46 virtual int MaybeGenerateAuthToken(const HttpRequestInfo
* request
,
47 const CompletionCallback
& callback
,
48 const BoundNetLog
& net_log
);
50 // Adds either the proxy auth header, or the origin server auth header,
51 // as specified by |target_|.
52 virtual void AddAuthorizationHeader(
53 HttpRequestHeaders
* authorization_headers
);
55 // Checks for and handles HTTP status code 401 or 407.
56 // |HandleAuthChallenge()| returns OK on success, or a network error code
57 // otherwise. It may also populate |auth_info_|.
58 virtual int HandleAuthChallenge(scoped_refptr
<HttpResponseHeaders
> headers
,
59 bool do_not_send_server_auth
,
60 bool establishing_tunnel
,
61 const BoundNetLog
& net_log
);
63 // Store the supplied credentials and prepare to restart the auth.
64 virtual void ResetAuth(const AuthCredentials
& credentials
);
66 virtual bool HaveAuthHandler() const;
68 virtual bool HaveAuth() const;
70 virtual scoped_refptr
<AuthChallengeInfo
> auth_info();
72 virtual bool IsAuthSchemeDisabled(HttpAuth::Scheme scheme
) const;
73 virtual void DisableAuthScheme(HttpAuth::Scheme scheme
);
74 virtual void DisableEmbeddedIdentity();
77 // Actions for InvalidateCurrentHandler()
78 enum InvalidateHandlerAction
{
79 INVALIDATE_HANDLER_AND_CACHED_CREDENTIALS
,
80 INVALIDATE_HANDLER_AND_DISABLE_SCHEME
,
84 // So that we can mock this object.
85 friend class base::RefCounted
<HttpAuthController
>;
87 virtual ~HttpAuthController();
89 // Searches the auth cache for an entry that encompasses the request's path.
90 // If such an entry is found, updates |identity_| and |handler_| with the
91 // cache entry's data and returns true.
92 bool SelectPreemptiveAuth(const BoundNetLog
& net_log
);
94 // Invalidates the current handler. If |action| is
95 // INVALIDATE_HANDLER_AND_CACHED_CREDENTIALS, then also invalidate
96 // the cached credentials used by the handler.
97 void InvalidateCurrentHandler(InvalidateHandlerAction action
);
99 // Invalidates any auth cache entries after authentication has failed.
100 // The identity that was rejected is |identity_|.
101 void InvalidateRejectedAuthFromCache();
103 // Sets |identity_| to the next identity that the transaction should try. It
104 // chooses candidates by searching the auth cache and the URL for a
105 // username:password. Returns true if an identity was found.
106 bool SelectNextAuthIdentityToTry();
108 // Populates auth_info_ with the challenge information, so that
109 // URLRequestHttpJob can prompt for credentials.
110 void PopulateAuthChallenge();
112 // If |result| indicates a permanent failure, disables the current
113 // auth scheme for this controller and returns true. Returns false
115 bool DisableOnAuthHandlerResult(int result
);
117 void OnIOComplete(int result
);
119 // Indicates if this handler is for Proxy auth or Server auth.
120 HttpAuth::Target target_
;
122 // Holds the {scheme, host, path, port} for the authentication target.
123 const GURL auth_url_
;
125 // Holds the {scheme, host, port} for the authentication target.
126 const GURL auth_origin_
;
128 // The absolute path of the resource needing authentication.
129 // For proxy authentication the path is empty.
130 const std::string auth_path_
;
132 // |handler_| encapsulates the logic for the particular auth-scheme.
133 // This includes the challenge's parameters. If NULL, then there is no
134 // associated auth handler.
135 scoped_ptr
<HttpAuthHandler
> handler_
;
137 // |identity_| holds the credentials that should be used by
138 // the handler_ to generate challenge responses. This identity can come from
139 // a number of places (url, cache, prompt).
140 HttpAuth::Identity identity_
;
142 // |auth_token_| contains the opaque string to pass to the proxy or
143 // server to authenticate the client.
144 std::string auth_token_
;
146 // Contains information about the auth challenge.
147 scoped_refptr
<AuthChallengeInfo
> auth_info_
;
149 // True if we've used the username:password embedded in the URL. This
150 // makes sure we use the embedded identity only once for the transaction,
151 // preventing an infinite auth restart loop.
152 bool embedded_identity_used_
;
154 // True if default credentials have already been tried for this transaction
155 // in response to an HTTP authentication challenge.
156 bool default_credentials_used_
;
158 // These two are owned by the HttpNetworkSession/IOThread, which own the
159 // objects which reference |this|. Therefore, these raw pointers are valid
160 // for the lifetime of this object.
161 HttpAuthCache
* const http_auth_cache_
;
162 HttpAuthHandlerFactory
* const http_auth_handler_factory_
;
164 std::set
<HttpAuth::Scheme
> disabled_schemes_
;
166 CompletionCallback callback_
;
171 #endif // NET_HTTP_HTTP_AUTH_CONTROLLER_H_