1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef NET_HTTP_HTTP_AUTH_CACHE_H_
6 #define NET_HTTP_HTTP_AUTH_CACHE_H_
11 #include "base/gtest_prod_util.h"
12 #include "base/memory/ref_counted.h"
13 #include "base/time/time.h"
14 #include "net/base/net_export.h"
15 #include "net/http/http_auth.h"
20 // HttpAuthCache stores HTTP authentication identities and challenge info.
21 // For each (origin, realm, scheme) triple the cache stores a
22 // HttpAuthCache::Entry, which holds:
23 // - the origin server {protocol scheme, host, port}
24 // - the last identity used (username/password)
25 // - the last auth handler used (contains realm and authentication scheme)
26 // - the list of paths which used this realm
27 // Entries can be looked up by either (origin, realm, scheme) or (origin, path).
28 class NET_EXPORT_PRIVATE HttpAuthCache
{
30 class NET_EXPORT_PRIVATE Entry
{
34 const GURL
& origin() const {
38 // The case-sensitive realm string of the challenge.
39 const std::string
realm() const {
43 // The authentication scheme of the challenge.
44 HttpAuth::Scheme
scheme() const {
48 // The authentication challenge.
49 const std::string
auth_challenge() const {
50 return auth_challenge_
;
53 // The login credentials.
54 const AuthCredentials
& credentials() const {
58 int IncrementNonceCount() {
59 return ++nonce_count_
;
62 void UpdateStaleChallenge(const std::string
& auth_challenge
);
65 friend class HttpAuthCache
;
66 FRIEND_TEST_ALL_PREFIXES(HttpAuthCacheTest
, AddPath
);
67 FRIEND_TEST_ALL_PREFIXES(HttpAuthCacheTest
, AddToExistingEntry
);
69 typedef std::list
<std::string
> PathList
;
73 // Adds a path defining the realm's protection space. If the path is
74 // already contained in the protection space, is a no-op.
75 void AddPath(const std::string
& path
);
77 // Returns true if |dir| is contained within the realm's protection
78 // space. |*path_len| is set to the length of the enclosing path if
79 // such a path exists and |path_len| is non-NULL. If no enclosing
80 // path is found, |*path_len| is left unmodified.
82 // Note that proxy auth cache entries are associated with empty
83 // paths. Therefore it is possible for HasEnclosingPath() to return
84 // true and set |*path_len| to 0.
85 bool HasEnclosingPath(const std::string
& dir
, size_t* path_len
);
87 // |origin_| contains the {protocol, host, port} of the server.
90 HttpAuth::Scheme scheme_
;
93 std::string auth_challenge_
;
94 AuthCredentials credentials_
;
98 // List of paths that define the realm's protection space.
101 // Times the entry was created and last used (by looking up, adding a path,
102 // or updating the challenge.)
103 base::TimeTicks creation_time_
;
104 base::TimeTicks last_use_time_
;
107 // Prevent unbounded memory growth. These are safeguards for abuse; it is
108 // not expected that the limits will be reached in ordinary usage.
109 // This also defines the worst-case lookup times (which grow linearly
110 // with number of elements in the cache).
111 enum { kMaxNumPathsPerRealmEntry
= 10 };
112 enum { kMaxNumRealmEntries
= 10 };
117 // Find the realm entry on server |origin| for realm |realm| and
119 // |origin| - the {scheme, host, port} of the server.
120 // |realm| - case sensitive realm string.
121 // |scheme| - the authentication scheme (i.e. basic, negotiate).
122 // returns - the matched entry or NULL.
123 Entry
* Lookup(const GURL
& origin
,
124 const std::string
& realm
,
125 HttpAuth::Scheme scheme
);
127 // Find the entry on server |origin| whose protection space includes
128 // |path|. This uses the assumption in RFC 2617 section 2 that deeper
129 // paths lie in the same protection space.
130 // |origin| - the {scheme, host, port} of the server.
131 // |path| - absolute path of the resource, or empty string in case of
132 // proxy auth (which does not use the concept of paths).
133 // returns - the matched entry or NULL.
134 Entry
* LookupByPath(const GURL
& origin
, const std::string
& path
);
136 // Add an entry on server |origin| for realm |handler->realm()| and
137 // scheme |handler->scheme()|. If an entry for this (realm,scheme)
138 // already exists, update it rather than replace it -- this preserves the
140 // |origin| - the {scheme, host, port} of the server.
141 // |realm| - the auth realm for the challenge.
142 // |scheme| - the authentication scheme (i.e. basic, negotiate).
143 // |credentials| - login information for the realm.
144 // |path| - absolute path for a resource contained in the protection
145 // space; this will be added to the list of known paths.
146 // returns - the entry that was just added/updated.
147 Entry
* Add(const GURL
& origin
,
148 const std::string
& realm
,
149 HttpAuth::Scheme scheme
,
150 const std::string
& auth_challenge
,
151 const AuthCredentials
& credentials
,
152 const std::string
& path
);
154 // Remove entry on server |origin| for realm |realm| and scheme |scheme|
155 // if one exists AND if the cached credentials matches |credentials|.
156 // |origin| - the {scheme, host, port} of the server.
157 // |realm| - case sensitive realm string.
158 // |scheme| - the authentication scheme (i.e. basic, negotiate).
159 // |credentials| - the credentials to match.
160 // returns - true if an entry was removed.
161 bool Remove(const GURL
& origin
,
162 const std::string
& realm
,
163 HttpAuth::Scheme scheme
,
164 const AuthCredentials
& credentials
);
169 // Updates a stale digest entry on server |origin| for realm |realm| and
170 // scheme |scheme|. The cached auth challenge is replaced with
171 // |auth_challenge| and the nonce count is reset.
172 // |UpdateStaleChallenge()| returns true if a matching entry exists in the
173 // cache, false otherwise.
174 bool UpdateStaleChallenge(const GURL
& origin
,
175 const std::string
& realm
,
176 HttpAuth::Scheme scheme
,
177 const std::string
& auth_challenge
);
179 // Copies all entries from |other| cache.
180 void UpdateAllFrom(const HttpAuthCache
& other
);
183 typedef std::list
<Entry
> EntryList
;
187 // An authentication realm entry.
190 #endif // NET_HTTP_HTTP_AUTH_CACHE_H_