Blink roll 25b6bd3a7a131ffe68d809546ad1a20707915cdc:3a503f41ae42e5b79cfcd2ff10e65afde...
[chromium-blink-merge.git] / net / http / http_auth_controller.h
blobfdc352554d200c47e7d89c6731040ac08b78b7d5
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef NET_HTTP_HTTP_AUTH_CONTROLLER_H_
6 #define NET_HTTP_HTTP_AUTH_CONTROLLER_H_
8 #include <set>
9 #include <string>
11 #include "base/basictypes.h"
12 #include "base/memory/ref_counted.h"
13 #include "base/memory/scoped_ptr.h"
14 #include "base/threading/non_thread_safe.h"
15 #include "net/base/completion_callback.h"
16 #include "net/base/net_export.h"
17 #include "net/base/net_log.h"
18 #include "net/http/http_auth.h"
19 #include "url/gurl.h"
21 namespace net {
23 class AuthChallengeInfo;
24 class AuthCredentials;
25 class HttpAuthHandler;
26 class HttpAuthHandlerFactory;
27 class HttpAuthCache;
28 class HttpRequestHeaders;
29 struct HttpRequestInfo;
31 class NET_EXPORT_PRIVATE HttpAuthController
32 : public base::RefCounted<HttpAuthController>,
33 NON_EXPORTED_BASE(public base::NonThreadSafe) {
34 public:
35 // The arguments are self explanatory except possibly for |auth_url|, which
36 // should be both the auth target and auth path in a single url argument.
37 HttpAuthController(HttpAuth::Target target,
38 const GURL& auth_url,
39 HttpAuthCache* http_auth_cache,
40 HttpAuthHandlerFactory* http_auth_handler_factory);
42 // Generate an authentication token for |target| if necessary. The return
43 // value is a net error code. |OK| will be returned both in the case that
44 // a token is correctly generated synchronously, as well as when no tokens
45 // were necessary.
46 virtual int MaybeGenerateAuthToken(const HttpRequestInfo* request,
47 const CompletionCallback& callback,
48 const BoundNetLog& net_log);
50 // Adds either the proxy auth header, or the origin server auth header,
51 // as specified by |target_|.
52 virtual void AddAuthorizationHeader(
53 HttpRequestHeaders* authorization_headers);
55 // Checks for and handles HTTP status code 401 or 407.
56 // |HandleAuthChallenge()| returns OK on success, or a network error code
57 // otherwise. It may also populate |auth_info_|.
58 virtual int HandleAuthChallenge(scoped_refptr<HttpResponseHeaders> headers,
59 bool do_not_send_server_auth,
60 bool establishing_tunnel,
61 const BoundNetLog& net_log);
63 // Store the supplied credentials and prepare to restart the auth.
64 virtual void ResetAuth(const AuthCredentials& credentials);
66 virtual bool HaveAuthHandler() const;
68 virtual bool HaveAuth() const;
70 virtual scoped_refptr<AuthChallengeInfo> auth_info();
72 virtual bool IsAuthSchemeDisabled(HttpAuth::Scheme scheme) const;
73 virtual void DisableAuthScheme(HttpAuth::Scheme scheme);
74 virtual void DisableEmbeddedIdentity();
76 private:
77 // Actions for InvalidateCurrentHandler()
78 enum InvalidateHandlerAction {
79 INVALIDATE_HANDLER_AND_CACHED_CREDENTIALS,
80 INVALIDATE_HANDLER_AND_DISABLE_SCHEME,
81 INVALIDATE_HANDLER
84 // So that we can mock this object.
85 friend class base::RefCounted<HttpAuthController>;
87 virtual ~HttpAuthController();
89 // Searches the auth cache for an entry that encompasses the request's path.
90 // If such an entry is found, updates |identity_| and |handler_| with the
91 // cache entry's data and returns true.
92 bool SelectPreemptiveAuth(const BoundNetLog& net_log);
94 // Invalidates the current handler. If |action| is
95 // INVALIDATE_HANDLER_AND_CACHED_CREDENTIALS, then also invalidate
96 // the cached credentials used by the handler.
97 void InvalidateCurrentHandler(InvalidateHandlerAction action);
99 // Invalidates any auth cache entries after authentication has failed.
100 // The identity that was rejected is |identity_|.
101 void InvalidateRejectedAuthFromCache();
103 // Sets |identity_| to the next identity that the transaction should try. It
104 // chooses candidates by searching the auth cache and the URL for a
105 // username:password. Returns true if an identity was found.
106 bool SelectNextAuthIdentityToTry();
108 // Populates auth_info_ with the challenge information, so that
109 // URLRequestHttpJob can prompt for credentials.
110 void PopulateAuthChallenge();
112 // If |result| indicates a permanent failure, disables the current
113 // auth scheme for this controller and returns true. Returns false
114 // otherwise.
115 bool DisableOnAuthHandlerResult(int result);
117 void OnIOComplete(int result);
119 // Indicates if this handler is for Proxy auth or Server auth.
120 HttpAuth::Target target_;
122 // Holds the {scheme, host, path, port} for the authentication target.
123 const GURL auth_url_;
125 // Holds the {scheme, host, port} for the authentication target.
126 const GURL auth_origin_;
128 // The absolute path of the resource needing authentication.
129 // For proxy authentication the path is empty.
130 const std::string auth_path_;
132 // |handler_| encapsulates the logic for the particular auth-scheme.
133 // This includes the challenge's parameters. If NULL, then there is no
134 // associated auth handler.
135 scoped_ptr<HttpAuthHandler> handler_;
137 // |identity_| holds the credentials that should be used by
138 // the handler_ to generate challenge responses. This identity can come from
139 // a number of places (url, cache, prompt).
140 HttpAuth::Identity identity_;
142 // |auth_token_| contains the opaque string to pass to the proxy or
143 // server to authenticate the client.
144 std::string auth_token_;
146 // Contains information about the auth challenge.
147 scoped_refptr<AuthChallengeInfo> auth_info_;
149 // True if we've used the username:password embedded in the URL. This
150 // makes sure we use the embedded identity only once for the transaction,
151 // preventing an infinite auth restart loop.
152 bool embedded_identity_used_;
154 // True if default credentials have already been tried for this transaction
155 // in response to an HTTP authentication challenge.
156 bool default_credentials_used_;
158 // These two are owned by the HttpNetworkSession/IOThread, which own the
159 // objects which reference |this|. Therefore, these raw pointers are valid
160 // for the lifetime of this object.
161 HttpAuthCache* const http_auth_cache_;
162 HttpAuthHandlerFactory* const http_auth_handler_factory_;
164 std::set<HttpAuth::Scheme> disabled_schemes_;
166 CompletionCallback callback_;
169 } // namespace net
171 #endif // NET_HTTP_HTTP_AUTH_CONTROLLER_H_