net/http/http_auth_cache.h

   1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef NET_HTTP_HTTP_AUTH_CACHE_H_
   6 #define NET_HTTP_HTTP_AUTH_CACHE_H_
   7
   8 #include <list>
   9 #include <string>
  10
  11 #include "base/gtest_prod_util.h"
  12 #include "base/memory/ref_counted.h"
  13 #include "googleurl/src/gurl.h"
  14 #include "net/base/net_export.h"
  15 #include "net/http/http_auth.h"
  16
  17 namespace net {
  18
  19 // HttpAuthCache stores HTTP authentication identities and challenge info.
  20 // For each (origin, realm, scheme) triple the cache stores a
  21 // HttpAuthCache::Entry, which holds:
  22 //   - the origin server {protocol scheme, host, port}
  23 //   - the last identity used (username/password)
  24 //   - the last auth handler used (contains realm and authentication scheme)
  25 //   - the list of paths which used this realm
  26 // Entries can be looked up by either (origin, realm, scheme) or (origin, path).
  27 class NET_EXPORT_PRIVATE HttpAuthCache {
  28  public:
  29   class Entry;
  30
  31   // Prevent unbounded memory growth. These are safeguards for abuse; it is
  32   // not expected that the limits will be reached in ordinary usage.
  33   // This also defines the worst-case lookup times (which grow linearly
  34   // with number of elements in the cache).
  35   enum { kMaxNumPathsPerRealmEntry = 10 };
  36   enum { kMaxNumRealmEntries = 10 };
  37
  38   HttpAuthCache();
  39   ~HttpAuthCache();
  40
  41   // Find the realm entry on server |origin| for realm |realm| and
  42   // scheme |scheme|.
  43   //   |origin| - the {scheme, host, port} of the server.
  44   //   |realm|  - case sensitive realm string.
  45   //   |scheme| - the authentication scheme (i.e. basic, negotiate).
  46   //   returns  - the matched entry or NULL.
  47   Entry* Lookup(const GURL& origin,
  48                 const std::string& realm,
  49                 HttpAuth::Scheme scheme);
  50
  51   // Find the entry on server |origin| whose protection space includes
  52   // |path|. This uses the assumption in RFC 2617 section 2 that deeper
  53   // paths lie in the same protection space.
  54   //   |origin| - the {scheme, host, port} of the server.
  55   //   |path|   - absolute path of the resource, or empty string in case of
  56   //              proxy auth (which does not use the concept of paths).
  57   //   returns  - the matched entry or NULL.
  58   Entry* LookupByPath(const GURL& origin, const std::string& path);
  59
  60   // Add an entry on server |origin| for realm |handler->realm()| and
  61   // scheme |handler->scheme()|.  If an entry for this (realm,scheme)
  62   // already exists, update it rather than replace it -- this  preserves the
  63   // paths list.
  64   //   |origin|   - the {scheme, host, port} of the server.
  65   //   |realm|    - the auth realm for the challenge.
  66   //   |scheme|   - the authentication scheme (i.e. basic, negotiate).
  67   //   |credentials| - login information for the realm.
  68   //   |path|     - absolute path for a resource contained in the protection
  69   //                space; this will be added to the list of known paths.
  70   //   returns    - the entry that was just added/updated.
  71   Entry* Add(const GURL& origin,
  72              const std::string& realm,
  73              HttpAuth::Scheme scheme,
  74              const std::string& auth_challenge,
  75              const AuthCredentials& credentials,
  76              const std::string& path);
  77
  78   // Remove entry on server |origin| for realm |realm| and scheme |scheme|
  79   // if one exists AND if the cached credentials matches |credentials|.
  80   //   |origin|   - the {scheme, host, port} of the server.
  81   //   |realm|    - case sensitive realm string.
  82   //   |scheme|   - the authentication scheme (i.e. basic, negotiate).
  83   //   |credentials| - the credentials to match.
  84   //   returns    - true if an entry was removed.
  85   bool Remove(const GURL& origin,
  86               const std::string& realm,
  87               HttpAuth::Scheme scheme,
  88               const AuthCredentials& credentials);
  89
  90   // Updates a stale digest entry on server |origin| for realm |realm| and
  91   // scheme |scheme|. The cached auth challenge is replaced with
  92   // |auth_challenge| and the nonce count is reset.
  93   // |UpdateStaleChallenge()| returns true if a matching entry exists in the
  94   // cache, false otherwise.
  95   bool UpdateStaleChallenge(const GURL& origin,
  96                             const std::string& realm,
  97                             HttpAuth::Scheme scheme,
  98                             const std::string& auth_challenge);
  99
 100   // Copies all entries from |other| cache.
 101   void UpdateAllFrom(const HttpAuthCache& other);
 102
 103  private:
 104   typedef std::list<Entry> EntryList;
 105   EntryList entries_;
 106 };
 107
 108 // An authentication realm entry.
 109 class NET_EXPORT_PRIVATE HttpAuthCache::Entry {
 110  public:
 111   ~Entry();
 112
 113   const GURL& origin() const {
 114     return origin_;
 115   }
 116
 117   // The case-sensitive realm string of the challenge.
 118   const std::string realm() const {
 119     return realm_;
 120   }
 121
 122   // The authentication scheme of the challenge.
 123   HttpAuth::Scheme scheme() const {
 124     return scheme_;
 125   }
 126
 127   // The authentication challenge.
 128   const std::string auth_challenge() const {
 129     return auth_challenge_;
 130   }
 131
 132   // The login credentials.
 133   const AuthCredentials& credentials() const {
 134     return credentials_;
 135   }
 136
 137   int IncrementNonceCount() {
 138     return ++nonce_count_;
 139   }
 140
 141   void UpdateStaleChallenge(const std::string& auth_challenge);
 142
 143  private:
 144   friend class HttpAuthCache;
 145   FRIEND_TEST_ALL_PREFIXES(HttpAuthCacheTest, AddPath);
 146   FRIEND_TEST_ALL_PREFIXES(HttpAuthCacheTest, AddToExistingEntry);
 147
 148   typedef std::list<std::string> PathList;
 149
 150   Entry();
 151
 152   // Adds a path defining the realm's protection space. If the path is
 153   // already contained in the protection space, is a no-op.
 154   void AddPath(const std::string& path);
 155
 156   // Returns true if |dir| is contained within the realm's protection
 157   // space.  |*path_len| is set to the length of the enclosing path if
 158   // such a path exists and |path_len| is non-NULL.  If no enclosing
 159   // path is found, |*path_len| is left unmodified.
 160   //
 161   // Note that proxy auth cache entries are associated with empty
 162   // paths.  Therefore it is possible for HasEnclosingPath() to return
 163   // true and set |*path_len| to 0.
 164   bool HasEnclosingPath(const std::string& dir, size_t* path_len);
 165
 166   // |origin_| contains the {protocol, host, port} of the server.
 167   GURL origin_;
 168   std::string realm_;
 169   HttpAuth::Scheme scheme_;
 170
 171   // Identity.
 172   std::string auth_challenge_;
 173   AuthCredentials credentials_;
 174
 175   int nonce_count_;
 176
 177   // List of paths that define the realm's protection space.
 178   PathList paths_;
 179 };
 180
 181 }  // namespace net
 182
 183 #endif  // NET_HTTP_HTTP_AUTH_CACHE_H_