1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "net/http/http_auth_handler_basic.h"
9 #include "base/base64.h"
10 #include "base/strings/string_util.h"
11 #include "base/strings/utf_string_conversions.h"
12 #include "net/base/net_errors.h"
13 #include "net/base/net_string_util.h"
14 #include "net/http/http_auth.h"
15 #include "net/http/http_auth_challenge_tokenizer.h"
21 // Parses a realm from an auth challenge, and converts to UTF8-encoding.
22 // Returns whether the realm is invalid or the parameters are invalid.
24 // Note that if a realm was not specified, we will default it to "";
25 // so specifying 'Basic realm=""' is equivalent to 'Basic'.
27 // This is more generous than RFC 2617, which is pretty clear in the
28 // production of challenge that realm is required.
30 // We allow it to be compatibility with certain embedded webservers that don't
31 // include a realm (see http://crbug.com/20984.)
33 // The over-the-wire realm is encoded as ISO-8859-1 (aka Latin-1).
35 // TODO(cbentzel): Realm may need to be decoded using RFC 2047 rules as
36 // well, see http://crbug.com/25790.
37 bool ParseRealm(const HttpAuthChallengeTokenizer
& tokenizer
,
41 HttpUtil::NameValuePairsIterator parameters
= tokenizer
.param_pairs();
42 while (parameters
.GetNext()) {
43 if (!LowerCaseEqualsASCII(parameters
.name(), "realm"))
46 if (!net::ConvertLatin1ToUtf8AndNormalize(parameters
.value(), realm
))
49 return parameters
.valid();
54 bool HttpAuthHandlerBasic::Init(HttpAuthChallengeTokenizer
* challenge
) {
55 auth_scheme_
= HttpAuth::AUTH_SCHEME_BASIC
;
58 return ParseChallenge(challenge
);
61 bool HttpAuthHandlerBasic::ParseChallenge(
62 HttpAuthChallengeTokenizer
* challenge
) {
63 // Verify the challenge's auth-scheme.
64 if (!LowerCaseEqualsASCII(challenge
->scheme(), "basic"))
68 if (!ParseRealm(*challenge
, &realm
))
75 HttpAuth::AuthorizationResult
HttpAuthHandlerBasic::HandleAnotherChallenge(
76 HttpAuthChallengeTokenizer
* challenge
) {
77 // Basic authentication is always a single round, so any responses
78 // should be treated as a rejection. However, if the new challenge
79 // is for a different realm, then indicate the realm change.
81 if (!ParseRealm(*challenge
, &realm
))
82 return HttpAuth::AUTHORIZATION_RESULT_INVALID
;
83 return (realm_
!= realm
)?
84 HttpAuth::AUTHORIZATION_RESULT_DIFFERENT_REALM
:
85 HttpAuth::AUTHORIZATION_RESULT_REJECT
;
88 int HttpAuthHandlerBasic::GenerateAuthTokenImpl(
89 const AuthCredentials
* credentials
, const HttpRequestInfo
*,
90 const CompletionCallback
&, std::string
* auth_token
) {
92 // TODO(eroman): is this the right encoding of username/password?
93 std::string base64_username_password
;
94 base::Base64Encode(base::UTF16ToUTF8(credentials
->username()) + ":" +
95 base::UTF16ToUTF8(credentials
->password()),
96 &base64_username_password
);
97 *auth_token
= "Basic " + base64_username_password
;
101 HttpAuthHandlerBasic::Factory::Factory() {
104 HttpAuthHandlerBasic::Factory::~Factory() {
107 int HttpAuthHandlerBasic::Factory::CreateAuthHandler(
108 HttpAuthChallengeTokenizer
* challenge
,
109 HttpAuth::Target target
,
112 int digest_nonce_count
,
113 const BoundNetLog
& net_log
,
114 scoped_ptr
<HttpAuthHandler
>* handler
) {
115 // TODO(cbentzel): Move towards model of parsing in the factory
116 // method and only constructing when valid.
117 scoped_ptr
<HttpAuthHandler
> tmp_handler(new HttpAuthHandlerBasic());
118 if (!tmp_handler
->InitFromChallenge(challenge
, target
, origin
, net_log
))
119 return ERR_INVALID_RESPONSE
;
120 handler
->swap(tmp_handler
);
