search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge Chromium + Blink git repositories
[chromium-blink-merge.git] / net / http / http_auth_handler_negotiate.h
blob92b1b52160599a58f21752f2d7d3a8bbf254b6c4
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #ifndef NET_HTTP_HTTP_AUTH_HANDLER_NEGOTIATE_H_
6 #define NET_HTTP_HTTP_AUTH_HANDLER_NEGOTIATE_H_
7
8 #include <string>
9
10 #include "build/build_config.h"
11 #include "net/base/address_list.h"
12 #include "net/base/net_export.h"
13 #include "net/http/http_auth_handler.h"
14 #include "net/http/http_auth_handler_factory.h"
15
16 #if defined(OS_ANDROID)
17 #include "net/android/http_auth_negotiate_android.h"
18 #elif defined(OS_WIN)
19 #include "net/http/http_auth_sspi_win.h"
20 #elif defined(OS_POSIX)
21 #include "net/http/http_auth_gssapi_posix.h"
22 #endif
23
24 namespace net {
25
26 class HostResolver;
27 class SingleRequestHostResolver;
28 class URLSecurityManager;
29
30 // Handler for WWW-Authenticate: Negotiate protocol.
31 //
32 // See http://tools.ietf.org/html/rfc4178 and http://tools.ietf.org/html/rfc4559
33 // for more information about the protocol.
34
35 class NET_EXPORT_PRIVATE HttpAuthHandlerNegotiate : public HttpAuthHandler {
36 public:
37 #if defined(OS_ANDROID)
38 typedef net::android::HttpAuthNegotiateAndroid AuthSystem;
39 // For Android this isn't a library, but for the Android Account type, which
40 // indirectly identifies the Kerberos/SPNEGO authentication app.
41 typedef const std::string AuthLibrary;
42 #elif defined(OS_WIN)
43 typedef SSPILibrary AuthLibrary;
44 typedef HttpAuthSSPI AuthSystem;
45 #elif defined(OS_POSIX)
46 typedef GSSAPILibrary AuthLibrary;
47 typedef HttpAuthGSSAPI AuthSystem;
48 #endif
49
50 class NET_EXPORT_PRIVATE Factory : public HttpAuthHandlerFactory {
51 public:
52 Factory();
53 ~Factory() override;
54
55 // |disable_cname_lookup()| and |set_disable_cname_lookup()| get/set whether
56 // the auth handlers generated by this factory should skip looking up the
57 // canonical DNS name of the the host that they are authenticating to when
58 // generating the SPN. The default value is false.
59 bool disable_cname_lookup() const { return disable_cname_lookup_; }
60 void set_disable_cname_lookup(bool disable_cname_lookup) {
61 disable_cname_lookup_ = disable_cname_lookup;
62 }
63
64 // |use_port()| and |set_use_port()| get/set whether the auth handlers
65 // generated by this factory should include the port number of the server
66 // they are authenticating to when constructing a Kerberos SPN. The default
67 // value is false.
68 bool use_port() const { return use_port_; }
69 void set_use_port(bool use_port) { use_port_ = use_port; }
70
71 void set_host_resolver(HostResolver* host_resolver);
72
73 // Sets the system library to use, thereby assuming ownership of
74 // |auth_library|.
75 void set_library(AuthLibrary* auth_provider) {
76 auth_library_.reset(auth_provider);
77 }
78
79 int CreateAuthHandler(HttpAuthChallengeTokenizer* challenge,
80 HttpAuth::Target target,
81 const GURL& origin,
82 CreateReason reason,
83 int digest_nonce_count,
84 const BoundNetLog& net_log,
85 scoped_ptr<HttpAuthHandler>* handler) override;
86
87 private:
88 bool disable_cname_lookup_;
89 bool use_port_;
90 HostResolver* resolver_;
91 #if defined(OS_WIN)
92 ULONG max_token_length_;
93 #endif
94 bool is_unsupported_;
95 scoped_ptr<AuthLibrary> auth_library_;
96 };
97
98 HttpAuthHandlerNegotiate(AuthLibrary* auth_library,
99 #if defined(OS_WIN)
100 ULONG max_token_length,
101 #endif
102 URLSecurityManager* url_security_manager,
103 HostResolver* host_resolver,
104 bool disable_cname_lookup,
105 bool use_port);
106
107 ~HttpAuthHandlerNegotiate() override;
108
109 // These are public for unit tests
110 std::string CreateSPN(const AddressList& address_list, const GURL& orign);
111 const std::string& spn() const { return spn_; }
112
113 // HttpAuthHandler:
114 HttpAuth::AuthorizationResult HandleAnotherChallenge(
115 HttpAuthChallengeTokenizer* challenge) override;
116 bool NeedsIdentity() override;
117 bool AllowsDefaultCredentials() override;
118 bool AllowsExplicitCredentials() override;
119
120 protected:
121 bool Init(HttpAuthChallengeTokenizer* challenge) override;
122
123 int GenerateAuthTokenImpl(const AuthCredentials* credentials,
124 const HttpRequestInfo* request,
125 const CompletionCallback& callback,
126 std::string* auth_token) override;
127
128 private:
129 enum State {
130 STATE_RESOLVE_CANONICAL_NAME,
131 STATE_RESOLVE_CANONICAL_NAME_COMPLETE,
132 STATE_GENERATE_AUTH_TOKEN,
133 STATE_GENERATE_AUTH_TOKEN_COMPLETE,
134 STATE_NONE,
135 };
136
137 void OnIOComplete(int result);
138 void DoCallback(int result);
139 int DoLoop(int result);
140
141 int DoResolveCanonicalName();
142 int DoResolveCanonicalNameComplete(int rv);
143 int DoGenerateAuthToken();
144 int DoGenerateAuthTokenComplete(int rv);
145 bool CanDelegate() const;
146
147 AuthSystem auth_system_;
148 bool disable_cname_lookup_;
149 bool use_port_;
150 HostResolver* const resolver_;
151
152 // Members which are needed for DNS lookup + SPN.
153 AddressList address_list_;
154 scoped_ptr<SingleRequestHostResolver> single_resolve_;
155
156 // Things which should be consistent after first call to GenerateAuthToken.
157 bool already_called_;
158 bool has_credentials_;
159 AuthCredentials credentials_;
160 std::string spn_;
161
162 // Things which vary each round.
163 CompletionCallback callback_;
164 std::string* auth_token_;
165
166 State next_state_;
167
168 const URLSecurityManager* url_security_manager_;
169 };
170
171 } // namespace net
172
173 #endif // NET_HTTP_HTTP_AUTH_HANDLER_NEGOTIATE_H_