Home | History | Annotate | Download | only in http
      1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef NET_HTTP_HTTP_AUTH_HANDLER_FACTORY_H_
      6 #define NET_HTTP_HTTP_AUTH_HANDLER_FACTORY_H_
      7 
      8 #include <map>
      9 #include <string>
     10 #include <vector>
     11 
     12 #include "base/memory/scoped_ptr.h"
     13 #include "net/base/net_export.h"
     14 #include "net/http/http_auth.h"
     15 #include "net/http/url_security_manager.h"
     16 
     17 class GURL;
     18 
     19 namespace net {
     20 
     21 class BoundNetLog;
     22 class HostResolver;
     23 class HttpAuthChallengeTokenizer;
     24 class HttpAuthHandler;
     25 class HttpAuthHandlerRegistryFactory;
     26 
     27 // An HttpAuthHandlerFactory is used to create HttpAuthHandler objects.
     28 // The HttpAuthHandlerFactory object _must_ outlive any of the HttpAuthHandler
     29 // objects that it creates.
     30 class NET_EXPORT HttpAuthHandlerFactory {
     31  public:
     32   enum CreateReason {
     33     CREATE_CHALLENGE,     // Create a handler in response to a challenge.
     34     CREATE_PREEMPTIVE,    // Create a handler preemptively.
     35   };
     36 
     37   HttpAuthHandlerFactory() : url_security_manager_(NULL) {}
     38   virtual ~HttpAuthHandlerFactory() {}
     39 
     40   // Sets an URL security manager.  HttpAuthHandlerFactory doesn't own the URL
     41   // security manager, and the URL security manager should outlive this object.
     42   void set_url_security_manager(URLSecurityManager* url_security_manager) {
     43     url_security_manager_ = url_security_manager;
     44   }
     45 
     46   // Retrieves the associated URL security manager.
     47   URLSecurityManager* url_security_manager() {
     48     return url_security_manager_;
     49   }
     50 
     51   // Creates an HttpAuthHandler object based on the authentication
     52   // challenge specified by |*challenge|. |challenge| must point to a valid
     53   // non-NULL tokenizer.
     54   //
     55   // If an HttpAuthHandler object is successfully created it is passed back to
     56   // the caller through |*handler| and OK is returned.
     57   //
     58   // If |*challenge| specifies an unsupported authentication scheme, |*handler|
     59   // is set to NULL and ERR_UNSUPPORTED_AUTH_SCHEME is returned.
     60   //
     61   // If |*challenge| is improperly formed, |*handler| is set to NULL and
     62   // ERR_INVALID_RESPONSE is returned.
     63   //
     64   // |create_reason| indicates why the handler is being created. This is used
     65   // since NTLM and Negotiate schemes do not support preemptive creation.
     66   //
     67   // |digest_nonce_count| is specifically intended for the Digest authentication
     68   // scheme, and indicates the number of handlers generated for a particular
     69   // server nonce challenge.
     70   //
     71   // For the NTLM and Negotiate handlers:
     72   // If |origin| does not match the authentication method's filters for
     73   // the specified |target|, ERR_INVALID_AUTH_CREDENTIALS is returned.
     74   // NOTE: This will apply to ALL |origin| values if the filters are empty.
     75   //
     76   // |*challenge| should not be reused after a call to |CreateAuthHandler()|,
     77   virtual int CreateAuthHandler(HttpAuthChallengeTokenizer* challenge,
     78                                 HttpAuth::Target target,
     79                                 const GURL& origin,
     80                                 CreateReason create_reason,
     81                                 int digest_nonce_count,
     82                                 const BoundNetLog& net_log,
     83                                 scoped_ptr<HttpAuthHandler>* handler) = 0;
     84 
     85   // Creates an HTTP authentication handler based on the authentication
     86   // challenge string |challenge|.
     87   // This is a convenience function which creates a ChallengeTokenizer for
     88   // |challenge| and calls |CreateAuthHandler|. See |CreateAuthHandler| for
     89   // more details on return values.
     90   int CreateAuthHandlerFromString(const std::string& challenge,
     91                                   HttpAuth::Target target,
     92                                   const GURL& origin,
     93                                   const BoundNetLog& net_log,
     94                                   scoped_ptr<HttpAuthHandler>* handler);
     95 
     96   // Creates an HTTP authentication handler based on the authentication
     97   // challenge string |challenge|.
     98   // This is a convenience function which creates a ChallengeTokenizer for
     99   // |challenge| and calls |CreateAuthHandler|. See |CreateAuthHandler| for
    100   // more details on return values.
    101   int CreatePreemptiveAuthHandlerFromString(
    102       const std::string& challenge,
    103       HttpAuth::Target target,
    104       const GURL& origin,
    105       int digest_nonce_count,
    106       const BoundNetLog& net_log,
    107       scoped_ptr<HttpAuthHandler>* handler);
    108 
    109   // Creates a standard HttpAuthHandlerRegistryFactory. The caller is
    110   // responsible for deleting the factory.
    111   // The default factory supports Basic, Digest, NTLM, and Negotiate schemes.
    112   //
    113   // |resolver| is used by the Negotiate authentication handler to perform
    114   // CNAME lookups to generate a Kerberos SPN for the server. It must be
    115   // non-NULL.  |resolver| must remain valid for the lifetime of the
    116   // HttpAuthHandlerRegistryFactory and any HttpAuthHandlers created by said
    117   // factory.
    118   static HttpAuthHandlerRegistryFactory* CreateDefault(HostResolver* resolver);
    119 
    120  private:
    121   // The URL security manager
    122   URLSecurityManager* url_security_manager_;
    123 
    124   DISALLOW_COPY_AND_ASSIGN(HttpAuthHandlerFactory);
    125 };
    126 
    127 // The HttpAuthHandlerRegistryFactory dispatches create requests out
    128 // to other factories based on the auth scheme.
    129 class NET_EXPORT HttpAuthHandlerRegistryFactory
    130     : public HttpAuthHandlerFactory {
    131  public:
    132   HttpAuthHandlerRegistryFactory();
    133   virtual ~HttpAuthHandlerRegistryFactory();
    134 
    135   // Sets an URL security manager into the factory associated with |scheme|.
    136   void SetURLSecurityManager(const std::string& scheme,
    137                              URLSecurityManager* url_security_manager);
    138 
    139   // Registers a |factory| that will be used for a particular HTTP
    140   // authentication scheme such as Basic, Digest, or Negotiate.
    141   // The |*factory| object is assumed to be new-allocated, and its lifetime
    142   // will be managed by this HttpAuthHandlerRegistryFactory object (including
    143   // deleting it when it is no longer used.
    144   // A NULL |factory| value means that HttpAuthHandlers's will not be created
    145   // for |scheme|. If a factory object used to exist for |scheme|, it will be
    146   // deleted.
    147   void RegisterSchemeFactory(const std::string& scheme,
    148                              HttpAuthHandlerFactory* factory);
    149 
    150   // Retrieve the factory for the specified |scheme|. If no factory exists
    151   // for the |scheme|, NULL is returned. The returned factory must not be
    152   // deleted by the caller, and it is guaranteed to be valid until either
    153   // a new factory is registered for the same scheme, or until this
    154   // registry factory is destroyed.
    155   HttpAuthHandlerFactory* GetSchemeFactory(const std::string& scheme) const;
    156 
    157   // Creates an HttpAuthHandlerRegistryFactory.
    158   //
    159   // |supported_schemes| is a list of authentication schemes. Valid values
    160   // include "basic", "digest", "ntlm", and "negotiate", where case matters.
    161   //
    162   // |security_manager| is used by the NTLM and Negotiate authenticators
    163   // to determine which servers Integrated Authentication can be used with. If
    164   // NULL, Integrated Authentication will not be used with any server.
    165   //
    166   // |host_resolver| is used by the Negotiate authentication handler to perform
    167   // CNAME lookups to generate a Kerberos SPN for the server. If the "negotiate"
    168   // scheme is used and |negotiate_disable_cname_lookup| is false,
    169   // |host_resolver| must not be NULL.
    170   //
    171   // |gssapi_library_name| specifies the name of the GSSAPI library that will
    172   // be loaded on all platforms except Windows.
    173   //
    174   // |negotiate_disable_cname_lookup| and |negotiate_enable_port| both control
    175   // how Negotiate does SPN generation, by default these should be false.
    176   static HttpAuthHandlerRegistryFactory* Create(
    177       const std::vector<std::string>& supported_schemes,
    178       URLSecurityManager* security_manager,
    179       HostResolver* host_resolver,
    180       const std::string& gssapi_library_name,
    181       bool negotiate_disable_cname_lookup,
    182       bool negotiate_enable_port);
    183 
    184   // Creates an auth handler by dispatching out to the registered factories
    185   // based on the first token in |challenge|.
    186   virtual int CreateAuthHandler(HttpAuthChallengeTokenizer* challenge,
    187                                 HttpAuth::Target target,
    188                                 const GURL& origin,
    189                                 CreateReason reason,
    190                                 int digest_nonce_count,
    191                                 const BoundNetLog& net_log,
    192                                 scoped_ptr<HttpAuthHandler>* handler) OVERRIDE;
    193 
    194  private:
    195   typedef std::map<std::string, HttpAuthHandlerFactory*> FactoryMap;
    196 
    197   FactoryMap factory_map_;
    198   DISALLOW_COPY_AND_ASSIGN(HttpAuthHandlerRegistryFactory);
    199 };
    200 
    201 }  // namespace net
    202 
    203 #endif  // NET_HTTP_HTTP_AUTH_HANDLER_FACTORY_H_
    204