Probably broke Win7 Tests (dbg)(6). http://build.chromium.org/p/chromium.win/builders...
[chromium-blink-merge.git] / net / http / http_auth_handler_negotiate.h
blob90bd16ce95886603be1765900d2e4356e5dbdde1
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef NET_HTTP_HTTP_AUTH_HANDLER_NEGOTIATE_H_
6 #define NET_HTTP_HTTP_AUTH_HANDLER_NEGOTIATE_H_
8 #include <string>
10 #include "build/build_config.h"
11 #include "net/base/address_list.h"
12 #include "net/base/net_export.h"
13 #include "net/http/http_auth_handler.h"
14 #include "net/http/http_auth_handler_factory.h"
16 #if defined(OS_WIN)
17 #include "net/http/http_auth_sspi_win.h"
18 #elif defined(OS_POSIX)
19 #include "net/http/http_auth_gssapi_posix.h"
20 #endif
22 namespace net {
24 class HostResolver;
25 class SingleRequestHostResolver;
26 class URLSecurityManager;
28 // Handler for WWW-Authenticate: Negotiate protocol.
30 // See http://tools.ietf.org/html/rfc4178 and http://tools.ietf.org/html/rfc4559
31 // for more information about the protocol.
33 class NET_EXPORT_PRIVATE HttpAuthHandlerNegotiate : public HttpAuthHandler {
34 public:
35 #if defined(OS_WIN)
36 typedef SSPILibrary AuthLibrary;
37 typedef HttpAuthSSPI AuthSystem;
38 #elif defined(OS_POSIX)
39 typedef GSSAPILibrary AuthLibrary;
40 typedef HttpAuthGSSAPI AuthSystem;
41 #endif
43 class NET_EXPORT_PRIVATE Factory : public HttpAuthHandlerFactory {
44 public:
45 Factory();
46 virtual ~Factory();
48 // |disable_cname_lookup()| and |set_disable_cname_lookup()| get/set whether
49 // the auth handlers generated by this factory should skip looking up the
50 // canonical DNS name of the the host that they are authenticating to when
51 // generating the SPN. The default value is false.
52 bool disable_cname_lookup() const { return disable_cname_lookup_; }
53 void set_disable_cname_lookup(bool disable_cname_lookup) {
54 disable_cname_lookup_ = disable_cname_lookup;
57 // |use_port()| and |set_use_port()| get/set whether the auth handlers
58 // generated by this factory should include the port number of the server
59 // they are authenticating to when constructing a Kerberos SPN. The default
60 // value is false.
61 bool use_port() const { return use_port_; }
62 void set_use_port(bool use_port) { use_port_ = use_port; }
64 void set_host_resolver(HostResolver* host_resolver);
66 // Sets the system library to use, thereby assuming ownership of
67 // |auth_library|.
68 void set_library(AuthLibrary* auth_library) {
69 auth_library_.reset(auth_library);
72 virtual int CreateAuthHandler(
73 HttpAuthChallengeTokenizer* challenge,
74 HttpAuth::Target target,
75 const GURL& origin,
76 CreateReason reason,
77 int digest_nonce_count,
78 const BoundNetLog& net_log,
79 scoped_ptr<HttpAuthHandler>* handler) OVERRIDE;
81 private:
82 bool disable_cname_lookup_;
83 bool use_port_;
84 HostResolver* resolver_;
85 #if defined(OS_WIN)
86 ULONG max_token_length_;
87 bool first_creation_;
88 #endif
89 bool is_unsupported_;
90 scoped_ptr<AuthLibrary> auth_library_;
93 HttpAuthHandlerNegotiate(AuthLibrary* sspi_library,
94 #if defined(OS_WIN)
95 ULONG max_token_length,
96 #endif
97 URLSecurityManager* url_security_manager,
98 HostResolver* host_resolver,
99 bool disable_cname_lookup,
100 bool use_port);
102 virtual ~HttpAuthHandlerNegotiate();
104 // These are public for unit tests
105 std::string CreateSPN(const AddressList& address_list, const GURL& orign);
106 const std::string& spn() const { return spn_; }
108 // HttpAuthHandler:
109 virtual HttpAuth::AuthorizationResult HandleAnotherChallenge(
110 HttpAuthChallengeTokenizer* challenge) OVERRIDE;
111 virtual bool NeedsIdentity() OVERRIDE;
112 virtual bool AllowsDefaultCredentials() OVERRIDE;
113 virtual bool AllowsExplicitCredentials() OVERRIDE;
115 protected:
116 virtual bool Init(HttpAuthChallengeTokenizer* challenge) OVERRIDE;
118 virtual int GenerateAuthTokenImpl(const AuthCredentials* credentials,
119 const HttpRequestInfo* request,
120 const CompletionCallback& callback,
121 std::string* auth_token) OVERRIDE;
123 private:
124 enum State {
125 STATE_RESOLVE_CANONICAL_NAME,
126 STATE_RESOLVE_CANONICAL_NAME_COMPLETE,
127 STATE_GENERATE_AUTH_TOKEN,
128 STATE_GENERATE_AUTH_TOKEN_COMPLETE,
129 STATE_NONE,
132 void OnIOComplete(int result);
133 void DoCallback(int result);
134 int DoLoop(int result);
136 int DoResolveCanonicalName();
137 int DoResolveCanonicalNameComplete(int rv);
138 int DoGenerateAuthToken();
139 int DoGenerateAuthTokenComplete(int rv);
140 bool CanDelegate() const;
142 AuthSystem auth_system_;
143 bool disable_cname_lookup_;
144 bool use_port_;
145 HostResolver* const resolver_;
147 // Members which are needed for DNS lookup + SPN.
148 AddressList address_list_;
149 scoped_ptr<SingleRequestHostResolver> single_resolve_;
151 // Things which should be consistent after first call to GenerateAuthToken.
152 bool already_called_;
153 bool has_credentials_;
154 AuthCredentials credentials_;
155 std::string spn_;
157 // Things which vary each round.
158 CompletionCallback callback_;
159 std::string* auth_token_;
161 State next_state_;
163 const URLSecurityManager* url_security_manager_;
166 } // namespace net
168 #endif // NET_HTTP_HTTP_AUTH_HANDLER_NEGOTIATE_H_