net/http/http_auth.cc

   1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "net/http/http_auth.h"
   6
   7 #include <algorithm>
   8
   9 #include "base/basictypes.h"
  10 #include "base/strings/string_tokenizer.h"
  11 #include "base/strings/string_util.h"
  12 #include "net/base/net_errors.h"
  13 #include "net/http/http_auth_challenge_tokenizer.h"
  14 #include "net/http/http_auth_handler.h"
  15 #include "net/http/http_auth_handler_factory.h"
  16 #include "net/http/http_request_headers.h"
  17 #include "net/http/http_response_headers.h"
  18 #include "net/http/http_util.h"
  19
  20 namespace net {
  21
  22 HttpAuth::Identity::Identity() : source(IDENT_SRC_NONE), invalid(true) {}
  23
  24 // static
  25 void HttpAuth::ChooseBestChallenge(
  26     HttpAuthHandlerFactory* http_auth_handler_factory,
  27     const HttpResponseHeaders* headers,
  28     Target target,
  29     const GURL& origin,
  30     const std::set<Scheme>& disabled_schemes,
  31     const BoundNetLog& net_log,
  32     scoped_ptr<HttpAuthHandler>* handler) {
  33   DCHECK(http_auth_handler_factory);
  34   DCHECK(handler->get() == NULL);
  35
  36   // Choose the challenge whose authentication handler gives the maximum score.
  37   scoped_ptr<HttpAuthHandler> best;
  38   const std::string header_name = GetChallengeHeaderName(target);
  39   std::string cur_challenge;
  40   void* iter = NULL;
  41   while (headers->EnumerateHeader(&iter, header_name, &cur_challenge)) {
  42     scoped_ptr<HttpAuthHandler> cur;
  43     int rv = http_auth_handler_factory->CreateAuthHandlerFromString(
  44         cur_challenge, target, origin, net_log, &cur);
  45     if (rv != OK) {
  46       VLOG(1) << "Unable to create AuthHandler. Status: "
  47               << ErrorToString(rv) << " Challenge: " << cur_challenge;
  48       continue;
  49     }
  50     if (cur.get() && (!best.get() || best->score() < cur->score()) &&
  51         (disabled_schemes.find(cur->auth_scheme()) == disabled_schemes.end()))
  52       best.swap(cur);
  53   }
  54   handler->swap(best);
  55 }
  56
  57 // static
  58 HttpAuth::AuthorizationResult HttpAuth::HandleChallengeResponse(
  59     HttpAuthHandler* handler,
  60     const HttpResponseHeaders* headers,
  61     Target target,
  62     const std::set<Scheme>& disabled_schemes,
  63     std::string* challenge_used) {
  64   DCHECK(handler);
  65   DCHECK(headers);
  66   DCHECK(challenge_used);
  67   challenge_used->clear();
  68   HttpAuth::Scheme current_scheme = handler->auth_scheme();
  69   if (disabled_schemes.find(current_scheme) != disabled_schemes.end())
  70     return HttpAuth::AUTHORIZATION_RESULT_REJECT;
  71   std::string current_scheme_name = SchemeToString(current_scheme);
  72   const std::string header_name = GetChallengeHeaderName(target);
  73   void* iter = NULL;
  74   std::string challenge;
  75   HttpAuth::AuthorizationResult authorization_result =
  76       HttpAuth::AUTHORIZATION_RESULT_INVALID;
  77   while (headers->EnumerateHeader(&iter, header_name, &challenge)) {
  78     HttpAuthChallengeTokenizer props(challenge.begin(), challenge.end());
  79     if (!base::LowerCaseEqualsASCII(props.scheme(),
  80                                     current_scheme_name.c_str()))
  81       continue;
  82     authorization_result = handler->HandleAnotherChallenge(&props);
  83     if (authorization_result != HttpAuth::AUTHORIZATION_RESULT_INVALID) {
  84       *challenge_used = challenge;
  85       return authorization_result;
  86     }
  87   }
  88   // Finding no matches is equivalent to rejection.
  89   return HttpAuth::AUTHORIZATION_RESULT_REJECT;
  90 }
  91
  92 // static
  93 std::string HttpAuth::GetChallengeHeaderName(Target target) {
  94   switch (target) {
  95     case AUTH_PROXY:
  96       return "Proxy-Authenticate";
  97     case AUTH_SERVER:
  98       return "WWW-Authenticate";
  99     default:
 100       NOTREACHED();
 101       return std::string();
 102   }
 103 }
 104
 105 // static
 106 std::string HttpAuth::GetAuthorizationHeaderName(Target target) {
 107   switch (target) {
 108     case AUTH_PROXY:
 109       return HttpRequestHeaders::kProxyAuthorization;
 110     case AUTH_SERVER:
 111       return HttpRequestHeaders::kAuthorization;
 112     default:
 113       NOTREACHED();
 114       return std::string();
 115   }
 116 }
 117
 118 // static
 119 std::string HttpAuth::GetAuthTargetString(Target target) {
 120   switch (target) {
 121     case AUTH_PROXY:
 122       return "proxy";
 123     case AUTH_SERVER:
 124       return "server";
 125     default:
 126       NOTREACHED();
 127       return std::string();
 128   }
 129 }
 130
 131 // static
 132 const char* HttpAuth::SchemeToString(Scheme scheme) {
 133   static const char* const kSchemeNames[] = {
 134     "basic",
 135     "digest",
 136     "ntlm",
 137     "negotiate",
 138     "spdyproxy",
 139     "mock",
 140   };
 141   static_assert(arraysize(kSchemeNames) == AUTH_SCHEME_MAX,
 142                 "http auth scheme names incorrect size");
 143   if (scheme < AUTH_SCHEME_BASIC || scheme >= AUTH_SCHEME_MAX) {
 144     NOTREACHED();
 145     return "invalid_scheme";
 146   }
 147   return kSchemeNames[scheme];
 148 }
 149
 150 }  // namespace net