Merge Chromium + Blink git repositories
[chromium-blink-merge.git] / net / http / http_auth_cache.h
blobf05f8184d023a50fb9ae736a4db8b2d110221097
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef NET_HTTP_HTTP_AUTH_CACHE_H_
6 #define NET_HTTP_HTTP_AUTH_CACHE_H_
8 #include <list>
9 #include <string>
11 #include "base/gtest_prod_util.h"
12 #include "base/memory/ref_counted.h"
13 #include "base/time/time.h"
14 #include "net/base/net_export.h"
15 #include "net/http/http_auth.h"
16 #include "url/gurl.h"
18 namespace net {
20 // HttpAuthCache stores HTTP authentication identities and challenge info.
21 // For each (origin, realm, scheme) triple the cache stores a
22 // HttpAuthCache::Entry, which holds:
23 // - the origin server {protocol scheme, host, port}
24 // - the last identity used (username/password)
25 // - the last auth handler used (contains realm and authentication scheme)
26 // - the list of paths which used this realm
27 // Entries can be looked up by either (origin, realm, scheme) or (origin, path).
28 class NET_EXPORT_PRIVATE HttpAuthCache {
29 public:
30 class NET_EXPORT_PRIVATE Entry {
31 public:
32 ~Entry();
34 const GURL& origin() const {
35 return origin_;
38 // The case-sensitive realm string of the challenge.
39 const std::string& realm() const { return realm_; }
41 // The authentication scheme of the challenge.
42 HttpAuth::Scheme scheme() const {
43 return scheme_;
46 // The authentication challenge.
47 const std::string& auth_challenge() const { return auth_challenge_; }
49 // The login credentials.
50 const AuthCredentials& credentials() const {
51 return credentials_;
54 int IncrementNonceCount() {
55 return ++nonce_count_;
58 void UpdateStaleChallenge(const std::string& auth_challenge);
60 private:
61 friend class HttpAuthCache;
62 FRIEND_TEST_ALL_PREFIXES(HttpAuthCacheTest, AddPath);
63 FRIEND_TEST_ALL_PREFIXES(HttpAuthCacheTest, AddToExistingEntry);
65 typedef std::list<std::string> PathList;
67 Entry();
69 // Adds a path defining the realm's protection space. If the path is
70 // already contained in the protection space, is a no-op.
71 void AddPath(const std::string& path);
73 // Returns true if |dir| is contained within the realm's protection
74 // space. |*path_len| is set to the length of the enclosing path if
75 // such a path exists and |path_len| is non-NULL. If no enclosing
76 // path is found, |*path_len| is left unmodified.
78 // Note that proxy auth cache entries are associated with empty
79 // paths. Therefore it is possible for HasEnclosingPath() to return
80 // true and set |*path_len| to 0.
81 bool HasEnclosingPath(const std::string& dir, size_t* path_len);
83 // |origin_| contains the {protocol, host, port} of the server.
84 GURL origin_;
85 std::string realm_;
86 HttpAuth::Scheme scheme_;
88 // Identity.
89 std::string auth_challenge_;
90 AuthCredentials credentials_;
92 int nonce_count_;
94 // List of paths that define the realm's protection space.
95 PathList paths_;
97 // Times the entry was created and last used (by looking up, adding a path,
98 // or updating the challenge.)
99 base::TimeTicks creation_time_;
100 base::TimeTicks last_use_time_;
103 // Prevent unbounded memory growth. These are safeguards for abuse; it is
104 // not expected that the limits will be reached in ordinary usage.
105 // This also defines the worst-case lookup times (which grow linearly
106 // with number of elements in the cache).
107 enum { kMaxNumPathsPerRealmEntry = 10 };
108 enum { kMaxNumRealmEntries = 10 };
110 HttpAuthCache();
111 ~HttpAuthCache();
113 // Find the realm entry on server |origin| for realm |realm| and
114 // scheme |scheme|.
115 // |origin| - the {scheme, host, port} of the server.
116 // |realm| - case sensitive realm string.
117 // |scheme| - the authentication scheme (i.e. basic, negotiate).
118 // returns - the matched entry or NULL.
119 Entry* Lookup(const GURL& origin,
120 const std::string& realm,
121 HttpAuth::Scheme scheme);
123 // Find the entry on server |origin| whose protection space includes
124 // |path|. This uses the assumption in RFC 2617 section 2 that deeper
125 // paths lie in the same protection space.
126 // |origin| - the {scheme, host, port} of the server.
127 // |path| - absolute path of the resource, or empty string in case of
128 // proxy auth (which does not use the concept of paths).
129 // returns - the matched entry or NULL.
130 Entry* LookupByPath(const GURL& origin, const std::string& path);
132 // Add an entry on server |origin| for realm |handler->realm()| and
133 // scheme |handler->scheme()|. If an entry for this (realm,scheme)
134 // already exists, update it rather than replace it -- this preserves the
135 // paths list.
136 // |origin| - the {scheme, host, port} of the server.
137 // |realm| - the auth realm for the challenge.
138 // |scheme| - the authentication scheme (i.e. basic, negotiate).
139 // |credentials| - login information for the realm.
140 // |path| - absolute path for a resource contained in the protection
141 // space; this will be added to the list of known paths.
142 // returns - the entry that was just added/updated.
143 Entry* Add(const GURL& origin,
144 const std::string& realm,
145 HttpAuth::Scheme scheme,
146 const std::string& auth_challenge,
147 const AuthCredentials& credentials,
148 const std::string& path);
150 // Remove entry on server |origin| for realm |realm| and scheme |scheme|
151 // if one exists AND if the cached credentials matches |credentials|.
152 // |origin| - the {scheme, host, port} of the server.
153 // |realm| - case sensitive realm string.
154 // |scheme| - the authentication scheme (i.e. basic, negotiate).
155 // |credentials| - the credentials to match.
156 // returns - true if an entry was removed.
157 bool Remove(const GURL& origin,
158 const std::string& realm,
159 HttpAuth::Scheme scheme,
160 const AuthCredentials& credentials);
162 // Clears the cache.
163 void Clear();
165 // Updates a stale digest entry on server |origin| for realm |realm| and
166 // scheme |scheme|. The cached auth challenge is replaced with
167 // |auth_challenge| and the nonce count is reset.
168 // |UpdateStaleChallenge()| returns true if a matching entry exists in the
169 // cache, false otherwise.
170 bool UpdateStaleChallenge(const GURL& origin,
171 const std::string& realm,
172 HttpAuth::Scheme scheme,
173 const std::string& auth_challenge);
175 // Copies all entries from |other| cache.
176 void UpdateAllFrom(const HttpAuthCache& other);
178 private:
179 typedef std::list<Entry> EntryList;
180 EntryList entries_;
183 // An authentication realm entry.
184 } // namespace net
186 #endif // NET_HTTP_HTTP_AUTH_CACHE_H_