Home | History | Annotate | Download | only in http 
      1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef NET_HTTP_HTTP_AUTH_CACHE_H_
      6 #define NET_HTTP_HTTP_AUTH_CACHE_H_
      7 
      8 #include <list>
      9 #include <string>
     10 
     11 #include "base/gtest_prod_util.h"
     12 #include "base/memory/ref_counted.h"
     13 #include "base/time/time.h"
     14 #include "net/base/net_export.h"
     15 #include "net/http/http_auth.h"
     16 #include "url/gurl.h"
     17 
     18 namespace net {
     19 
     20 // HttpAuthCache stores HTTP authentication identities and challenge info.
     21 // For each (origin, realm, scheme) triple the cache stores a
     22 // HttpAuthCache::Entry, which holds:
     23 //   - the origin server {protocol scheme, host, port}
     24 //   - the last identity used (username/password)
     25 //   - the last auth handler used (contains realm and authentication scheme)
     26 //   - the list of paths which used this realm
     27 // Entries can be looked up by either (origin, realm, scheme) or (origin, path).
     28 class NET_EXPORT_PRIVATE HttpAuthCache {
     29  public:
     30   class NET_EXPORT_PRIVATE Entry {
     31    public:
     32     ~Entry();
     33 
     34     const GURL& origin() const {
     35       return origin_;
     36     }
     37 
     38     // The case-sensitive realm string of the challenge.
     39     const std::string realm() const {
     40       return realm_;
     41     }
     42 
     43     // The authentication scheme of the challenge.
     44     HttpAuth::Scheme scheme() const {
     45       return scheme_;
     46     }
     47 
     48     // The authentication challenge.
     49     const std::string auth_challenge() const {
     50       return auth_challenge_;
     51     }
     52 
     53     // The login credentials.
     54     const AuthCredentials& credentials() const {
     55       return credentials_;
     56     }
     57 
     58     int IncrementNonceCount() {
     59       return ++nonce_count_;
     60     }
     61 
     62     void UpdateStaleChallenge(const std::string& auth_challenge);
     63 
     64    private:
     65     friend class HttpAuthCache;
     66     FRIEND_TEST_ALL_PREFIXES(HttpAuthCacheTest, AddPath);
     67     FRIEND_TEST_ALL_PREFIXES(HttpAuthCacheTest, AddToExistingEntry);
     68 
     69     typedef std::list<std::string> PathList;
     70 
     71     Entry();
     72 
     73     // Adds a path defining the realm's protection space. If the path is
     74     // already contained in the protection space, is a no-op.
     75     void AddPath(const std::string& path);
     76 
     77     // Returns true if |dir| is contained within the realm's protection
     78     // space.  |*path_len| is set to the length of the enclosing path if
     79     // such a path exists and |path_len| is non-NULL.  If no enclosing
     80     // path is found, |*path_len| is left unmodified.
     81     //
     82     // Note that proxy auth cache entries are associated with empty
     83     // paths.  Therefore it is possible for HasEnclosingPath() to return
     84     // true and set |*path_len| to 0.
     85     bool HasEnclosingPath(const std::string& dir, size_t* path_len);
     86 
     87     // |origin_| contains the {protocol, host, port} of the server.
     88     GURL origin_;
     89     std::string realm_;
     90     HttpAuth::Scheme scheme_;
     91 
     92     // Identity.
     93     std::string auth_challenge_;
     94     AuthCredentials credentials_;
     95 
     96     int nonce_count_;
     97 
     98     // List of paths that define the realm's protection space.
     99     PathList paths_;
    100 
    101     // Times the entry was created and last used (by looking up, adding a path,
    102     // or updating the challenge.)
    103     base::TimeTicks creation_time_;
    104     base::TimeTicks last_use_time_;
    105   };
    106 
    107   // Prevent unbounded memory growth. These are safeguards for abuse; it is
    108   // not expected that the limits will be reached in ordinary usage.
    109   // This also defines the worst-case lookup times (which grow linearly
    110   // with number of elements in the cache).
    111   enum { kMaxNumPathsPerRealmEntry = 10 };
    112   enum { kMaxNumRealmEntries = 10 };
    113 
    114   HttpAuthCache();
    115   ~HttpAuthCache();
    116 
    117   // Find the realm entry on server |origin| for realm |realm| and
    118   // scheme |scheme|.
    119   //   |origin| - the {scheme, host, port} of the server.
    120   //   |realm|  - case sensitive realm string.
    121   //   |scheme| - the authentication scheme (i.e. basic, negotiate).
    122   //   returns  - the matched entry or NULL.
    123   Entry* Lookup(const GURL& origin,
    124                 const std::string& realm,
    125                 HttpAuth::Scheme scheme);
    126 
    127   // Find the entry on server |origin| whose protection space includes
    128   // |path|. This uses the assumption in RFC 2617 section 2 that deeper
    129   // paths lie in the same protection space.
    130   //   |origin| - the {scheme, host, port} of the server.
    131   //   |path|   - absolute path of the resource, or empty string in case of
    132   //              proxy auth (which does not use the concept of paths).
    133   //   returns  - the matched entry or NULL.
    134   Entry* LookupByPath(const GURL& origin, const std::string& path);
    135 
    136   // Add an entry on server |origin| for realm |handler->realm()| and
    137   // scheme |handler->scheme()|.  If an entry for this (realm,scheme)
    138   // already exists, update it rather than replace it -- this  preserves the
    139   // paths list.
    140   //   |origin|   - the {scheme, host, port} of the server.
    141   //   |realm|    - the auth realm for the challenge.
    142   //   |scheme|   - the authentication scheme (i.e. basic, negotiate).
    143   //   |credentials| - login information for the realm.
    144   //   |path|     - absolute path for a resource contained in the protection
    145   //                space; this will be added to the list of known paths.
    146   //   returns    - the entry that was just added/updated.
    147   Entry* Add(const GURL& origin,
    148              const std::string& realm,
    149              HttpAuth::Scheme scheme,
    150              const std::string& auth_challenge,
    151              const AuthCredentials& credentials,
    152              const std::string& path);
    153 
    154   // Remove entry on server |origin| for realm |realm| and scheme |scheme|
    155   // if one exists AND if the cached credentials matches |credentials|.
    156   //   |origin|   - the {scheme, host, port} of the server.
    157   //   |realm|    - case sensitive realm string.
    158   //   |scheme|   - the authentication scheme (i.e. basic, negotiate).
    159   //   |credentials| - the credentials to match.
    160   //   returns    - true if an entry was removed.
    161   bool Remove(const GURL& origin,
    162               const std::string& realm,
    163               HttpAuth::Scheme scheme,
    164               const AuthCredentials& credentials);
    165 
    166   // Updates a stale digest entry on server |origin| for realm |realm| and
    167   // scheme |scheme|. The cached auth challenge is replaced with
    168   // |auth_challenge| and the nonce count is reset.
    169   // |UpdateStaleChallenge()| returns true if a matching entry exists in the
    170   // cache, false otherwise.
    171   bool UpdateStaleChallenge(const GURL& origin,
    172                             const std::string& realm,
    173                             HttpAuth::Scheme scheme,
    174                             const std::string& auth_challenge);
    175 
    176   // Copies all entries from |other| cache.
    177   void UpdateAllFrom(const HttpAuthCache& other);
    178 
    179  private:
    180   typedef std::list<Entry> EntryList;
    181   EntryList entries_;
    182 };
    183 
    184 // An authentication realm entry.
    185 }  // namespace net
    186 
    187 #endif  // NET_HTTP_HTTP_AUTH_CACHE_H_
    188