1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "net/http/http_auth_handler_basic.h" 6 7 #include <string> 8 9 #include "base/base64.h" 10 #include "base/string_util.h" 11 #include "net/http/http_auth.h" 12 13 namespace net { 14 15 // Note that if a realm was not specified, we will default it to ""; 16 // so specifying 'Basic realm=""' is equivalent to 'Basic'. 17 // 18 // This is more generous than RFC 2617, which is pretty clear in the 19 // production of challenge that realm is required. 20 // 21 // We allow it to be compatibility with certain embedded webservers that don't 22 // include a realm (see http://crbug.com/20984.) 23 bool HttpAuthHandlerBasic::Init(std::string::const_iterator challenge_begin, 24 std::string::const_iterator challenge_end) { 25 scheme_ = "basic"; 26 score_ = 1; 27 properties_ = 0; 28 29 // Verify the challenge's auth-scheme. 30 HttpAuth::ChallengeTokenizer challenge_tok(challenge_begin, challenge_end); 31 if (!challenge_tok.valid() || 32 !LowerCaseEqualsASCII(challenge_tok.scheme(), "basic")) 33 return false; 34 35 // Extract the realm (may be missing). 36 while (challenge_tok.GetNext()) { 37 if (LowerCaseEqualsASCII(challenge_tok.name(), "realm")) 38 realm_ = challenge_tok.unquoted_value(); 39 } 40 41 return challenge_tok.valid(); 42 } 43 44 std::string HttpAuthHandlerBasic::GenerateCredentials( 45 const std::wstring& username, 46 const std::wstring& password, 47 const HttpRequestInfo*, 48 const ProxyInfo*) { 49 // TODO(eroman): is this the right encoding of username/password? 50 std::string base64_username_password; 51 if (!base::Base64Encode(WideToUTF8(username) + ":" + WideToUTF8(password), 52 &base64_username_password)) 53 return std::string(); // FAIL 54 return std::string("Basic ") + base64_username_password; 55 } 56 57 } // namespace net 58