net/http/http_auth_handler_digest.h

   1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef NET_HTTP_HTTP_AUTH_HANDLER_DIGEST_H_
   6 #define NET_HTTP_HTTP_AUTH_HANDLER_DIGEST_H_
   7
   8 #include <string>
   9
  10 #include "base/basictypes.h"
  11 #include "base/gtest_prod_util.h"
  12 #include "base/memory/scoped_ptr.h"
  13 #include "net/base/net_export.h"
  14 #include "net/http/http_auth_handler.h"
  15 #include "net/http/http_auth_handler_factory.h"
  16
  17 namespace net {
  18
  19 // Code for handling http digest authentication.
  20 class NET_EXPORT_PRIVATE HttpAuthHandlerDigest : public HttpAuthHandler {
  21  public:
  22   // A NonceGenerator is a simple interface for generating client nonces.
  23   // Unit tests can override the default client nonce behavior with fixed
  24   // nonce generation to get reproducible results.
  25   class NET_EXPORT_PRIVATE NonceGenerator {
  26    public:
  27     NonceGenerator();
  28     virtual ~NonceGenerator();
  29
  30     // Generates a client nonce.
  31     virtual std::string GenerateNonce() const = 0;
  32    private:
  33     DISALLOW_COPY_AND_ASSIGN(NonceGenerator);
  34   };
  35
  36   // DynamicNonceGenerator does a random shuffle of 16
  37   // characters to generate a client nonce.
  38   class DynamicNonceGenerator : public NonceGenerator {
  39    public:
  40     DynamicNonceGenerator();
  41     std::string GenerateNonce() const override;
  42
  43    private:
  44     DISALLOW_COPY_AND_ASSIGN(DynamicNonceGenerator);
  45   };
  46
  47   // FixedNonceGenerator always uses the same string specified at
  48   // construction time as the client nonce.
  49   class NET_EXPORT_PRIVATE FixedNonceGenerator : public NonceGenerator {
  50    public:
  51     explicit FixedNonceGenerator(const std::string& nonce);
  52
  53     std::string GenerateNonce() const override;
  54
  55    private:
  56     const std::string nonce_;
  57     DISALLOW_COPY_AND_ASSIGN(FixedNonceGenerator);
  58   };
  59
  60   class NET_EXPORT_PRIVATE Factory : public HttpAuthHandlerFactory {
  61    public:
  62     Factory();
  63     ~Factory() override;
  64
  65     // This factory owns the passed in |nonce_generator|.
  66     void set_nonce_generator(const NonceGenerator* nonce_generator);
  67
  68     int CreateAuthHandler(HttpAuthChallengeTokenizer* challenge,
  69                           HttpAuth::Target target,
  70                           const GURL& origin,
  71                           CreateReason reason,
  72                           int digest_nonce_count,
  73                           const BoundNetLog& net_log,
  74                           scoped_ptr<HttpAuthHandler>* handler) override;
  75
  76    private:
  77     scoped_ptr<const NonceGenerator> nonce_generator_;
  78   };
  79
  80   HttpAuth::AuthorizationResult HandleAnotherChallenge(
  81       HttpAuthChallengeTokenizer* challenge) override;
  82
  83  protected:
  84   bool Init(HttpAuthChallengeTokenizer* challenge) override;
  85
  86   int GenerateAuthTokenImpl(const AuthCredentials* credentials,
  87                             const HttpRequestInfo* request,
  88                             const CompletionCallback& callback,
  89                             std::string* auth_token) override;
  90
  91  private:
  92   FRIEND_TEST_ALL_PREFIXES(HttpAuthHandlerDigestTest, ParseChallenge);
  93   FRIEND_TEST_ALL_PREFIXES(HttpAuthHandlerDigestTest, AssembleCredentials);
  94   FRIEND_TEST_ALL_PREFIXES(HttpNetworkTransactionTest, DigestPreAuthNonceCount);
  95
  96   // Possible values for the "algorithm" property.
  97   enum DigestAlgorithm {
  98     // No algorithm was specified. According to RFC 2617 this means
  99     // we should default to ALGORITHM_MD5.
 100     ALGORITHM_UNSPECIFIED,
 101
 102     // Hashes are run for every request.
 103     ALGORITHM_MD5,
 104
 105     // Hash is run only once during the first WWW-Authenticate handshake.
 106     // (SESS means session).
 107     ALGORITHM_MD5_SESS,
 108   };
 109
 110   // Possible values for QualityOfProtection.
 111   // auth-int is not supported, see http://crbug.com/62890 for justification.
 112   enum QualityOfProtection {
 113     QOP_UNSPECIFIED,
 114     QOP_AUTH,
 115   };
 116
 117   // |nonce_count| indicates how many times the server-specified nonce has
 118   // been used so far.
 119   // |nonce_generator| is used to create a client nonce, and is not owned by
 120   // the handler. The lifetime of the |nonce_generator| must exceed that of this
 121   // handler.
 122   HttpAuthHandlerDigest(int nonce_count, const NonceGenerator* nonce_generator);
 123   ~HttpAuthHandlerDigest() override;
 124
 125   // Parse the challenge, saving the results into this instance.
 126   // Returns true on success.
 127   bool ParseChallenge(HttpAuthChallengeTokenizer* challenge);
 128
 129   // Parse an individual property. Returns true on success.
 130   bool ParseChallengeProperty(const std::string& name,
 131                               const std::string& value);
 132
 133   // Generates a random string, to be used for client-nonce.
 134   static std::string GenerateNonce();
 135
 136   // Convert enum value back to string.
 137   static std::string QopToString(QualityOfProtection qop);
 138   static std::string AlgorithmToString(DigestAlgorithm algorithm);
 139
 140   // Extract the method and path of the request, as needed by
 141   // the 'A2' production. (path may be a hostname for proxy).
 142   void GetRequestMethodAndPath(const HttpRequestInfo* request,
 143                                std::string* method,
 144                                std::string* path) const;
 145
 146   // Build up  the 'response' production.
 147   std::string AssembleResponseDigest(const std::string& method,
 148                                      const std::string& path,
 149                                      const AuthCredentials& credentials,
 150                                      const std::string& cnonce,
 151                                      const std::string& nc) const;
 152
 153   // Build up  the value for (Authorization/Proxy-Authorization).
 154   std::string AssembleCredentials(const std::string& method,
 155                                   const std::string& path,
 156                                   const AuthCredentials& credentials,
 157                                   const std::string& cnonce,
 158                                   int nonce_count) const;
 159
 160   // Information parsed from the challenge.
 161   std::string nonce_;
 162   std::string domain_;
 163   std::string opaque_;
 164   bool stale_;
 165   DigestAlgorithm algorithm_;
 166   QualityOfProtection qop_;
 167
 168   // The realm as initially encoded over-the-wire. This is used in the
 169   // challenge text, rather than |realm_| which has been converted to
 170   // UTF-8.
 171   std::string original_realm_;
 172
 173   int nonce_count_;
 174   const NonceGenerator* nonce_generator_;
 175 };
 176
 177 }  // namespace net
 178
 179 #endif  // NET_HTTP_HTTP_AUTH_HANDLER_DIGEST_H_