net/http/http_auth_cache.h

   1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef NET_HTTP_HTTP_AUTH_CACHE_H_
   6 #define NET_HTTP_HTTP_AUTH_CACHE_H_
   7
   8 #include <list>
   9 #include <string>
  10
  11 #include "base/gtest_prod_util.h"
  12 #include "base/memory/ref_counted.h"
  13 #include "base/time/time.h"
  14 #include "net/base/net_export.h"
  15 #include "net/http/http_auth.h"
  16 #include "url/gurl.h"
  17
  18 namespace net {
  19
  20 // HttpAuthCache stores HTTP authentication identities and challenge info.
  21 // For each (origin, realm, scheme) triple the cache stores a
  22 // HttpAuthCache::Entry, which holds:
  23 //   - the origin server {protocol scheme, host, port}
  24 //   - the last identity used (username/password)
  25 //   - the last auth handler used (contains realm and authentication scheme)
  26 //   - the list of paths which used this realm
  27 // Entries can be looked up by either (origin, realm, scheme) or (origin, path).
  28 class NET_EXPORT_PRIVATE HttpAuthCache {
  29  public:
  30   class NET_EXPORT_PRIVATE Entry {
  31    public:
  32     ~Entry();
  33
  34     const GURL& origin() const {
  35       return origin_;
  36     }
  37
  38     // The case-sensitive realm string of the challenge.
  39     const std::string& realm() const { return realm_; }
  40
  41     // The authentication scheme of the challenge.
  42     HttpAuth::Scheme scheme() const {
  43       return scheme_;
  44     }
  45
  46     // The authentication challenge.
  47     const std::string& auth_challenge() const { return auth_challenge_; }
  48
  49     // The login credentials.
  50     const AuthCredentials& credentials() const {
  51       return credentials_;
  52     }
  53
  54     int IncrementNonceCount() {
  55       return ++nonce_count_;
  56     }
  57
  58     void UpdateStaleChallenge(const std::string& auth_challenge);
  59
  60    private:
  61     friend class HttpAuthCache;
  62     FRIEND_TEST_ALL_PREFIXES(HttpAuthCacheTest, AddPath);
  63     FRIEND_TEST_ALL_PREFIXES(HttpAuthCacheTest, AddToExistingEntry);
  64
  65     typedef std::list<std::string> PathList;
  66
  67     Entry();
  68
  69     // Adds a path defining the realm's protection space. If the path is
  70     // already contained in the protection space, is a no-op.
  71     void AddPath(const std::string& path);
  72
  73     // Returns true if |dir| is contained within the realm's protection
  74     // space.  |*path_len| is set to the length of the enclosing path if
  75     // such a path exists and |path_len| is non-NULL.  If no enclosing
  76     // path is found, |*path_len| is left unmodified.
  77     //
  78     // Note that proxy auth cache entries are associated with empty
  79     // paths.  Therefore it is possible for HasEnclosingPath() to return
  80     // true and set |*path_len| to 0.
  81     bool HasEnclosingPath(const std::string& dir, size_t* path_len);
  82
  83     // |origin_| contains the {protocol, host, port} of the server.
  84     GURL origin_;
  85     std::string realm_;
  86     HttpAuth::Scheme scheme_;
  87
  88     // Identity.
  89     std::string auth_challenge_;
  90     AuthCredentials credentials_;
  91
  92     int nonce_count_;
  93
  94     // List of paths that define the realm's protection space.
  95     PathList paths_;
  96
  97     // Times the entry was created and last used (by looking up, adding a path,
  98     // or updating the challenge.)
  99     base::TimeTicks creation_time_;
 100     base::TimeTicks last_use_time_;
 101   };
 102
 103   // Prevent unbounded memory growth. These are safeguards for abuse; it is
 104   // not expected that the limits will be reached in ordinary usage.
 105   // This also defines the worst-case lookup times (which grow linearly
 106   // with number of elements in the cache).
 107   enum { kMaxNumPathsPerRealmEntry = 10 };
 108   enum { kMaxNumRealmEntries = 10 };
 109
 110   HttpAuthCache();
 111   ~HttpAuthCache();
 112
 113   // Find the realm entry on server |origin| for realm |realm| and
 114   // scheme |scheme|.
 115   //   |origin| - the {scheme, host, port} of the server.
 116   //   |realm|  - case sensitive realm string.
 117   //   |scheme| - the authentication scheme (i.e. basic, negotiate).
 118   //   returns  - the matched entry or NULL.
 119   Entry* Lookup(const GURL& origin,
 120                 const std::string& realm,
 121                 HttpAuth::Scheme scheme);
 122
 123   // Find the entry on server |origin| whose protection space includes
 124   // |path|. This uses the assumption in RFC 2617 section 2 that deeper
 125   // paths lie in the same protection space.
 126   //   |origin| - the {scheme, host, port} of the server.
 127   //   |path|   - absolute path of the resource, or empty string in case of
 128   //              proxy auth (which does not use the concept of paths).
 129   //   returns  - the matched entry or NULL.
 130   Entry* LookupByPath(const GURL& origin, const std::string& path);
 131
 132   // Add an entry on server |origin| for realm |handler->realm()| and
 133   // scheme |handler->scheme()|.  If an entry for this (realm,scheme)
 134   // already exists, update it rather than replace it -- this  preserves the
 135   // paths list.
 136   //   |origin|   - the {scheme, host, port} of the server.
 137   //   |realm|    - the auth realm for the challenge.
 138   //   |scheme|   - the authentication scheme (i.e. basic, negotiate).
 139   //   |credentials| - login information for the realm.
 140   //   |path|     - absolute path for a resource contained in the protection
 141   //                space; this will be added to the list of known paths.
 142   //   returns    - the entry that was just added/updated.
 143   Entry* Add(const GURL& origin,
 144              const std::string& realm,
 145              HttpAuth::Scheme scheme,
 146              const std::string& auth_challenge,
 147              const AuthCredentials& credentials,
 148              const std::string& path);
 149
 150   // Remove entry on server |origin| for realm |realm| and scheme |scheme|
 151   // if one exists AND if the cached credentials matches |credentials|.
 152   //   |origin|   - the {scheme, host, port} of the server.
 153   //   |realm|    - case sensitive realm string.
 154   //   |scheme|   - the authentication scheme (i.e. basic, negotiate).
 155   //   |credentials| - the credentials to match.
 156   //   returns    - true if an entry was removed.
 157   bool Remove(const GURL& origin,
 158               const std::string& realm,
 159               HttpAuth::Scheme scheme,
 160               const AuthCredentials& credentials);
 161
 162   // Clears the cache.
 163   void Clear();
 164
 165   // Updates a stale digest entry on server |origin| for realm |realm| and
 166   // scheme |scheme|. The cached auth challenge is replaced with
 167   // |auth_challenge| and the nonce count is reset.
 168   // |UpdateStaleChallenge()| returns true if a matching entry exists in the
 169   // cache, false otherwise.
 170   bool UpdateStaleChallenge(const GURL& origin,
 171                             const std::string& realm,
 172                             HttpAuth::Scheme scheme,
 173                             const std::string& auth_challenge);
 174
 175   // Copies all entries from |other| cache.
 176   void UpdateAllFrom(const HttpAuthCache& other);
 177
 178  private:
 179   typedef std::list<Entry> EntryList;
 180   EntryList entries_;
 181 };
 182
 183 // An authentication realm entry.
 184 }  // namespace net
 185
 186 #endif  // NET_HTTP_HTTP_AUTH_CACHE_H_