1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef NET_HTTP_HTTP_AUTH_HANDLER_FACTORY_H_ 6 #define NET_HTTP_HTTP_AUTH_HANDLER_FACTORY_H_ 7 #pragma once 8 9 #include <map> 10 #include <string> 11 #include <vector> 12 13 #include "base/memory/scoped_ptr.h" 14 #include "net/http/http_auth.h" 15 #include "net/http/url_security_manager.h" 16 17 class GURL; 18 19 namespace net { 20 21 class BoundNetLog; 22 class HostResolver; 23 class HttpAuthHandler; 24 class HttpAuthHandlerRegistryFactory; 25 26 // An HttpAuthHandlerFactory is used to create HttpAuthHandler objects. 27 // The HttpAuthHandlerFactory object _must_ outlive any of the HttpAuthHandler 28 // objects that it creates. 29 class HttpAuthHandlerFactory { 30 public: 31 enum CreateReason { 32 CREATE_CHALLENGE, // Create a handler in response to a challenge. 33 CREATE_PREEMPTIVE, // Create a handler preemptively. 34 }; 35 36 HttpAuthHandlerFactory() : url_security_manager_(NULL) {} 37 virtual ~HttpAuthHandlerFactory() {} 38 39 // Sets an URL security manager. HttpAuthHandlerFactory doesn't own the URL 40 // security manager, and the URL security manager should outlive this object. 41 void set_url_security_manager(URLSecurityManager* url_security_manager) { 42 url_security_manager_ = url_security_manager; 43 } 44 45 // Retrieves the associated URL security manager. 46 URLSecurityManager* url_security_manager() { 47 return url_security_manager_; 48 } 49 50 // Creates an HttpAuthHandler object based on the authentication 51 // challenge specified by |*challenge|. |challenge| must point to a valid 52 // non-NULL tokenizer. 53 // 54 // If an HttpAuthHandler object is successfully created it is passed back to 55 // the caller through |*handler| and OK is returned. 56 // 57 // If |*challenge| specifies an unsupported authentication scheme, |*handler| 58 // is set to NULL and ERR_UNSUPPORTED_AUTH_SCHEME is returned. 59 // 60 // If |*challenge| is improperly formed, |*handler| is set to NULL and 61 // ERR_INVALID_RESPONSE is returned. 62 // 63 // |create_reason| indicates why the handler is being created. This is used 64 // since NTLM and Negotiate schemes do not support preemptive creation. 65 // 66 // |digest_nonce_count| is specifically intended for the Digest authentication 67 // scheme, and indicates the number of handlers generated for a particular 68 // server nonce challenge. 69 // 70 // For the NTLM and Negotiate handlers: 71 // If |origin| does not match the authentication method's filters for 72 // the specified |target|, ERR_INVALID_AUTH_CREDENTIALS is returned. 73 // NOTE: This will apply to ALL |origin| values if the filters are empty. 74 // 75 // |*challenge| should not be reused after a call to |CreateAuthHandler()|, 76 virtual int CreateAuthHandler(HttpAuth::ChallengeTokenizer* challenge, 77 HttpAuth::Target target, 78 const GURL& origin, 79 CreateReason create_reason, 80 int digest_nonce_count, 81 const BoundNetLog& net_log, 82 scoped_ptr<HttpAuthHandler>* handler) = 0; 83 84 // Creates an HTTP authentication handler based on the authentication 85 // challenge string |challenge|. 86 // This is a convenience function which creates a ChallengeTokenizer for 87 // |challenge| and calls |CreateAuthHandler|. See |CreateAuthHandler| for 88 // more details on return values. 89 int CreateAuthHandlerFromString(const std::string& challenge, 90 HttpAuth::Target target, 91 const GURL& origin, 92 const BoundNetLog& net_log, 93 scoped_ptr<HttpAuthHandler>* handler); 94 95 // Creates an HTTP authentication handler based on the authentication 96 // challenge string |challenge|. 97 // This is a convenience function which creates a ChallengeTokenizer for 98 // |challenge| and calls |CreateAuthHandler|. See |CreateAuthHandler| for 99 // more details on return values. 100 int CreatePreemptiveAuthHandlerFromString( 101 const std::string& challenge, 102 HttpAuth::Target target, 103 const GURL& origin, 104 int digest_nonce_count, 105 const BoundNetLog& net_log, 106 scoped_ptr<HttpAuthHandler>* handler); 107 108 // Creates a standard HttpAuthHandlerRegistryFactory. The caller is 109 // responsible for deleting the factory. 110 // The default factory supports Basic, Digest, NTLM, and Negotiate schemes. 111 // 112 // |resolver| is used by the Negotiate authentication handler to perform 113 // CNAME lookups to generate a Kerberos SPN for the server. It must be 114 // non-NULL. |resolver| must remain valid for the lifetime of the 115 // HttpAuthHandlerRegistryFactory and any HttpAuthHandlers created by said 116 // factory. 117 static HttpAuthHandlerRegistryFactory* CreateDefault(HostResolver* resolver); 118 119 private: 120 // The URL security manager 121 URLSecurityManager* url_security_manager_; 122 123 DISALLOW_COPY_AND_ASSIGN(HttpAuthHandlerFactory); 124 }; 125 126 // The HttpAuthHandlerRegistryFactory dispatches create requests out 127 // to other factories based on the auth scheme. 128 class HttpAuthHandlerRegistryFactory : public HttpAuthHandlerFactory { 129 public: 130 HttpAuthHandlerRegistryFactory(); 131 virtual ~HttpAuthHandlerRegistryFactory(); 132 133 // Sets an URL security manager into the factory associated with |scheme|. 134 void SetURLSecurityManager(const std::string& scheme, 135 URLSecurityManager* url_security_manager); 136 137 // Registers a |factory| that will be used for a particular HTTP 138 // authentication scheme such as Basic, Digest, or Negotiate. 139 // The |*factory| object is assumed to be new-allocated, and its lifetime 140 // will be managed by this HttpAuthHandlerRegistryFactory object (including 141 // deleting it when it is no longer used. 142 // A NULL |factory| value means that HttpAuthHandlers's will not be created 143 // for |scheme|. If a factory object used to exist for |scheme|, it will be 144 // deleted. 145 void RegisterSchemeFactory(const std::string& scheme, 146 HttpAuthHandlerFactory* factory); 147 148 // Retrieve the factory for the specified |scheme|. If no factory exists 149 // for the |scheme|, NULL is returned. The returned factory must not be 150 // deleted by the caller, and it is guaranteed to be valid until either 151 // a new factory is registered for the same scheme, or until this 152 // registry factory is destroyed. 153 HttpAuthHandlerFactory* GetSchemeFactory(const std::string& scheme) const; 154 155 // Creates an HttpAuthHandlerRegistryFactory. 156 // 157 // |supported_schemes| is a list of authentication schemes. Valid values 158 // include "basic", "digest", "ntlm", and "negotiate", where case matters. 159 // 160 // |security_manager| is used by the NTLM and Negotiate authenticators 161 // to determine which servers Integrated Authentication can be used with. If 162 // NULL, Integrated Authentication will not be used with any server. 163 // 164 // |host_resolver| is used by the Negotiate authentication handler to perform 165 // CNAME lookups to generate a Kerberos SPN for the server. If the "negotiate" 166 // scheme is used and |negotiate_disable_cname_lookup| is false, 167 // |host_resolver| must not be NULL. 168 // 169 // |gssapi_library_name| specifies the name of the GSSAPI library that will 170 // be loaded on all platforms except Windows. 171 // 172 // |negotiate_disable_cname_lookup| and |negotiate_enable_port| both control 173 // how Negotiate does SPN generation, by default these should be false. 174 static HttpAuthHandlerRegistryFactory* Create( 175 const std::vector<std::string>& supported_schemes, 176 URLSecurityManager* security_manager, 177 HostResolver* host_resolver, 178 const std::string& gssapi_library_name, 179 bool negotiate_disable_cname_lookup, 180 bool negotiate_enable_port); 181 182 // Creates an auth handler by dispatching out to the registered factories 183 // based on the first token in |challenge|. 184 virtual int CreateAuthHandler(HttpAuth::ChallengeTokenizer* challenge, 185 HttpAuth::Target target, 186 const GURL& origin, 187 CreateReason reason, 188 int digest_nonce_count, 189 const BoundNetLog& net_log, 190 scoped_ptr<HttpAuthHandler>* handler); 191 192 private: 193 typedef std::map<std::string, HttpAuthHandlerFactory*> FactoryMap; 194 195 FactoryMap factory_map_; 196 DISALLOW_COPY_AND_ASSIGN(HttpAuthHandlerRegistryFactory); 197 }; 198 199 } // namespace net 200 201 #endif // NET_HTTP_HTTP_AUTH_HANDLER_FACTORY_H_ 202
