search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Update {virtual,override} to follow C++11 style in chrome_elf.
[chromium-blink-merge.git] / net / http / http_auth_handler_negotiate.h
blobfc596fa6db1e49ea673ed7e7b95b12d106c11381
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #ifndef NET_HTTP_HTTP_AUTH_HANDLER_NEGOTIATE_H_
6 #define NET_HTTP_HTTP_AUTH_HANDLER_NEGOTIATE_H_
7
8 #include <string>
9
10 #include "build/build_config.h"
11 #include "net/base/address_list.h"
12 #include "net/base/net_export.h"
13 #include "net/http/http_auth_handler.h"
14 #include "net/http/http_auth_handler_factory.h"
15
16 #if defined(OS_WIN)
17 #include "net/http/http_auth_sspi_win.h"
18 #elif defined(OS_POSIX)
19 #include "net/http/http_auth_gssapi_posix.h"
20 #endif
21
22 namespace net {
23
24 class HostResolver;
25 class SingleRequestHostResolver;
26 class URLSecurityManager;
27
28 // Handler for WWW-Authenticate: Negotiate protocol.
29 //
30 // See http://tools.ietf.org/html/rfc4178 and http://tools.ietf.org/html/rfc4559
31 // for more information about the protocol.
32
33 class NET_EXPORT_PRIVATE HttpAuthHandlerNegotiate : public HttpAuthHandler {
34 public:
35 #if defined(OS_WIN)
36 typedef SSPILibrary AuthLibrary;
37 typedef HttpAuthSSPI AuthSystem;
38 #elif defined(OS_POSIX)
39 typedef GSSAPILibrary AuthLibrary;
40 typedef HttpAuthGSSAPI AuthSystem;
41 #endif
42
43 class NET_EXPORT_PRIVATE Factory : public HttpAuthHandlerFactory {
44 public:
45 Factory();
46 ~Factory() override;
47
48 // |disable_cname_lookup()| and |set_disable_cname_lookup()| get/set whether
49 // the auth handlers generated by this factory should skip looking up the
50 // canonical DNS name of the the host that they are authenticating to when
51 // generating the SPN. The default value is false.
52 bool disable_cname_lookup() const { return disable_cname_lookup_; }
53 void set_disable_cname_lookup(bool disable_cname_lookup) {
54 disable_cname_lookup_ = disable_cname_lookup;
55 }
56
57 // |use_port()| and |set_use_port()| get/set whether the auth handlers
58 // generated by this factory should include the port number of the server
59 // they are authenticating to when constructing a Kerberos SPN. The default
60 // value is false.
61 bool use_port() const { return use_port_; }
62 void set_use_port(bool use_port) { use_port_ = use_port; }
63
64 void set_host_resolver(HostResolver* host_resolver);
65
66 // Sets the system library to use, thereby assuming ownership of
67 // |auth_library|.
68 void set_library(AuthLibrary* auth_library) {
69 auth_library_.reset(auth_library);
70 }
71
72 int CreateAuthHandler(HttpAuthChallengeTokenizer* challenge,
73 HttpAuth::Target target,
74 const GURL& origin,
75 CreateReason reason,
76 int digest_nonce_count,
77 const BoundNetLog& net_log,
78 scoped_ptr<HttpAuthHandler>* handler) override;
79
80 private:
81 bool disable_cname_lookup_;
82 bool use_port_;
83 HostResolver* resolver_;
84 #if defined(OS_WIN)
85 ULONG max_token_length_;
86 bool first_creation_;
87 #endif
88 bool is_unsupported_;
89 scoped_ptr<AuthLibrary> auth_library_;
90 };
91
92 HttpAuthHandlerNegotiate(AuthLibrary* sspi_library,
93 #if defined(OS_WIN)
94 ULONG max_token_length,
95 #endif
96 URLSecurityManager* url_security_manager,
97 HostResolver* host_resolver,
98 bool disable_cname_lookup,
99 bool use_port);
100
101 ~HttpAuthHandlerNegotiate() override;
102
103 // These are public for unit tests
104 std::string CreateSPN(const AddressList& address_list, const GURL& orign);
105 const std::string& spn() const { return spn_; }
106
107 // HttpAuthHandler:
108 HttpAuth::AuthorizationResult HandleAnotherChallenge(
109 HttpAuthChallengeTokenizer* challenge) override;
110 bool NeedsIdentity() override;
111 bool AllowsDefaultCredentials() override;
112 bool AllowsExplicitCredentials() override;
113
114 protected:
115 bool Init(HttpAuthChallengeTokenizer* challenge) override;
116
117 int GenerateAuthTokenImpl(const AuthCredentials* credentials,
118 const HttpRequestInfo* request,
119 const CompletionCallback& callback,
120 std::string* auth_token) override;
121
122 private:
123 enum State {
124 STATE_RESOLVE_CANONICAL_NAME,
125 STATE_RESOLVE_CANONICAL_NAME_COMPLETE,
126 STATE_GENERATE_AUTH_TOKEN,
127 STATE_GENERATE_AUTH_TOKEN_COMPLETE,
128 STATE_NONE,
129 };
130
131 void OnIOComplete(int result);
132 void DoCallback(int result);
133 int DoLoop(int result);
134
135 int DoResolveCanonicalName();
136 int DoResolveCanonicalNameComplete(int rv);
137 int DoGenerateAuthToken();
138 int DoGenerateAuthTokenComplete(int rv);
139 bool CanDelegate() const;
140
141 AuthSystem auth_system_;
142 bool disable_cname_lookup_;
143 bool use_port_;
144 HostResolver* const resolver_;
145
146 // Members which are needed for DNS lookup + SPN.
147 AddressList address_list_;
148 scoped_ptr<SingleRequestHostResolver> single_resolve_;
149
150 // Things which should be consistent after first call to GenerateAuthToken.
151 bool already_called_;
152 bool has_credentials_;
153 AuthCredentials credentials_;
154 std::string spn_;
155
156 // Things which vary each round.
157 CompletionCallback callback_;
158 std::string* auth_token_;
159
160 State next_state_;
161
162 const URLSecurityManager* url_security_manager_;
163 };
164
165 } // namespace net
166
167 #endif // NET_HTTP_HTTP_AUTH_HANDLER_NEGOTIATE_H_