Supervised user whitelists: Cleanup
[chromium-blink-merge.git] / net / http / http_auth_handler_digest.h
blobdbe02b4f2da0e43f8ad9fc46532adab549d24e6d
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef NET_HTTP_HTTP_AUTH_HANDLER_DIGEST_H_
6 #define NET_HTTP_HTTP_AUTH_HANDLER_DIGEST_H_
8 #include <string>
10 #include "base/basictypes.h"
11 #include "base/gtest_prod_util.h"
12 #include "base/memory/scoped_ptr.h"
13 #include "net/base/net_export.h"
14 #include "net/http/http_auth_handler.h"
15 #include "net/http/http_auth_handler_factory.h"
17 namespace net {
19 // Code for handling http digest authentication.
20 class NET_EXPORT_PRIVATE HttpAuthHandlerDigest : public HttpAuthHandler {
21 public:
22 // A NonceGenerator is a simple interface for generating client nonces.
23 // Unit tests can override the default client nonce behavior with fixed
24 // nonce generation to get reproducible results.
25 class NET_EXPORT_PRIVATE NonceGenerator {
26 public:
27 NonceGenerator();
28 virtual ~NonceGenerator();
30 // Generates a client nonce.
31 virtual std::string GenerateNonce() const = 0;
32 private:
33 DISALLOW_COPY_AND_ASSIGN(NonceGenerator);
36 // DynamicNonceGenerator does a random shuffle of 16
37 // characters to generate a client nonce.
38 class DynamicNonceGenerator : public NonceGenerator {
39 public:
40 DynamicNonceGenerator();
41 std::string GenerateNonce() const override;
43 private:
44 DISALLOW_COPY_AND_ASSIGN(DynamicNonceGenerator);
47 // FixedNonceGenerator always uses the same string specified at
48 // construction time as the client nonce.
49 class NET_EXPORT_PRIVATE FixedNonceGenerator : public NonceGenerator {
50 public:
51 explicit FixedNonceGenerator(const std::string& nonce);
53 std::string GenerateNonce() const override;
55 private:
56 const std::string nonce_;
57 DISALLOW_COPY_AND_ASSIGN(FixedNonceGenerator);
60 class NET_EXPORT_PRIVATE Factory : public HttpAuthHandlerFactory {
61 public:
62 Factory();
63 ~Factory() override;
65 // This factory owns the passed in |nonce_generator|.
66 void set_nonce_generator(const NonceGenerator* nonce_generator);
68 int CreateAuthHandler(HttpAuthChallengeTokenizer* challenge,
69 HttpAuth::Target target,
70 const GURL& origin,
71 CreateReason reason,
72 int digest_nonce_count,
73 const BoundNetLog& net_log,
74 scoped_ptr<HttpAuthHandler>* handler) override;
76 private:
77 scoped_ptr<const NonceGenerator> nonce_generator_;
80 HttpAuth::AuthorizationResult HandleAnotherChallenge(
81 HttpAuthChallengeTokenizer* challenge) override;
83 protected:
84 bool Init(HttpAuthChallengeTokenizer* challenge) override;
86 int GenerateAuthTokenImpl(const AuthCredentials* credentials,
87 const HttpRequestInfo* request,
88 const CompletionCallback& callback,
89 std::string* auth_token) override;
91 private:
92 FRIEND_TEST_ALL_PREFIXES(HttpAuthHandlerDigestTest, ParseChallenge);
93 FRIEND_TEST_ALL_PREFIXES(HttpAuthHandlerDigestTest, AssembleCredentials);
94 FRIEND_TEST_ALL_PREFIXES(HttpNetworkTransactionTest, DigestPreAuthNonceCount);
96 // Possible values for the "algorithm" property.
97 enum DigestAlgorithm {
98 // No algorithm was specified. According to RFC 2617 this means
99 // we should default to ALGORITHM_MD5.
100 ALGORITHM_UNSPECIFIED,
102 // Hashes are run for every request.
103 ALGORITHM_MD5,
105 // Hash is run only once during the first WWW-Authenticate handshake.
106 // (SESS means session).
107 ALGORITHM_MD5_SESS,
110 // Possible values for QualityOfProtection.
111 // auth-int is not supported, see http://crbug.com/62890 for justification.
112 enum QualityOfProtection {
113 QOP_UNSPECIFIED,
114 QOP_AUTH,
117 // |nonce_count| indicates how many times the server-specified nonce has
118 // been used so far.
119 // |nonce_generator| is used to create a client nonce, and is not owned by
120 // the handler. The lifetime of the |nonce_generator| must exceed that of this
121 // handler.
122 HttpAuthHandlerDigest(int nonce_count, const NonceGenerator* nonce_generator);
123 ~HttpAuthHandlerDigest() override;
125 // Parse the challenge, saving the results into this instance.
126 // Returns true on success.
127 bool ParseChallenge(HttpAuthChallengeTokenizer* challenge);
129 // Parse an individual property. Returns true on success.
130 bool ParseChallengeProperty(const std::string& name,
131 const std::string& value);
133 // Generates a random string, to be used for client-nonce.
134 static std::string GenerateNonce();
136 // Convert enum value back to string.
137 static std::string QopToString(QualityOfProtection qop);
138 static std::string AlgorithmToString(DigestAlgorithm algorithm);
140 // Extract the method and path of the request, as needed by
141 // the 'A2' production. (path may be a hostname for proxy).
142 void GetRequestMethodAndPath(const HttpRequestInfo* request,
143 std::string* method,
144 std::string* path) const;
146 // Build up the 'response' production.
147 std::string AssembleResponseDigest(const std::string& method,
148 const std::string& path,
149 const AuthCredentials& credentials,
150 const std::string& cnonce,
151 const std::string& nc) const;
153 // Build up the value for (Authorization/Proxy-Authorization).
154 std::string AssembleCredentials(const std::string& method,
155 const std::string& path,
156 const AuthCredentials& credentials,
157 const std::string& cnonce,
158 int nonce_count) const;
160 // Information parsed from the challenge.
161 std::string nonce_;
162 std::string domain_;
163 std::string opaque_;
164 bool stale_;
165 DigestAlgorithm algorithm_;
166 QualityOfProtection qop_;
168 // The realm as initially encoded over-the-wire. This is used in the
169 // challenge text, rather than |realm_| which has been converted to
170 // UTF-8.
171 std::string original_realm_;
173 int nonce_count_;
174 const NonceGenerator* nonce_generator_;
177 } // namespace net
179 #endif // NET_HTTP_HTTP_AUTH_HANDLER_DIGEST_H_