1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef NET_HTTP_HTTP_AUTH_HANDLER_NEGOTIATE_H_
6 #define NET_HTTP_HTTP_AUTH_HANDLER_NEGOTIATE_H_
10 #include "build/build_config.h"
11 #include "net/base/address_list.h"
12 #include "net/base/net_export.h"
13 #include "net/http/http_auth_handler.h"
14 #include "net/http/http_auth_handler_factory.h"
17 #include "net/http/http_auth_sspi_win.h"
18 #elif defined(OS_POSIX)
19 #include "net/http/http_auth_gssapi_posix.h"
25 class SingleRequestHostResolver
;
26 class URLSecurityManager
;
28 // Handler for WWW-Authenticate: Negotiate protocol.
30 // See http://tools.ietf.org/html/rfc4178 and http://tools.ietf.org/html/rfc4559
31 // for more information about the protocol.
33 class NET_EXPORT_PRIVATE HttpAuthHandlerNegotiate
: public HttpAuthHandler
{
36 typedef SSPILibrary AuthLibrary
;
37 typedef HttpAuthSSPI AuthSystem
;
38 #elif defined(OS_POSIX)
39 typedef GSSAPILibrary AuthLibrary
;
40 typedef HttpAuthGSSAPI AuthSystem
;
43 class NET_EXPORT_PRIVATE Factory
: public HttpAuthHandlerFactory
{
48 // |disable_cname_lookup()| and |set_disable_cname_lookup()| get/set whether
49 // the auth handlers generated by this factory should skip looking up the
50 // canonical DNS name of the the host that they are authenticating to when
51 // generating the SPN. The default value is false.
52 bool disable_cname_lookup() const { return disable_cname_lookup_
; }
53 void set_disable_cname_lookup(bool disable_cname_lookup
) {
54 disable_cname_lookup_
= disable_cname_lookup
;
57 // |use_port()| and |set_use_port()| get/set whether the auth handlers
58 // generated by this factory should include the port number of the server
59 // they are authenticating to when constructing a Kerberos SPN. The default
61 bool use_port() const { return use_port_
; }
62 void set_use_port(bool use_port
) { use_port_
= use_port
; }
64 void set_host_resolver(HostResolver
* host_resolver
);
66 // Sets the system library to use, thereby assuming ownership of
68 void set_library(AuthLibrary
* auth_library
) {
69 auth_library_
.reset(auth_library
);
72 virtual int CreateAuthHandler(
73 HttpAuthChallengeTokenizer
* challenge
,
74 HttpAuth::Target target
,
77 int digest_nonce_count
,
78 const BoundNetLog
& net_log
,
79 scoped_ptr
<HttpAuthHandler
>* handler
) OVERRIDE
;
82 bool disable_cname_lookup_
;
84 HostResolver
* resolver_
;
86 ULONG max_token_length_
;
90 scoped_ptr
<AuthLibrary
> auth_library_
;
93 HttpAuthHandlerNegotiate(AuthLibrary
* sspi_library
,
95 ULONG max_token_length
,
97 URLSecurityManager
* url_security_manager
,
98 HostResolver
* host_resolver
,
99 bool disable_cname_lookup
,
102 virtual ~HttpAuthHandlerNegotiate();
104 // These are public for unit tests
105 std::string
CreateSPN(const AddressList
& address_list
, const GURL
& orign
);
106 const std::string
& spn() const { return spn_
; }
109 virtual HttpAuth::AuthorizationResult
HandleAnotherChallenge(
110 HttpAuthChallengeTokenizer
* challenge
) OVERRIDE
;
111 virtual bool NeedsIdentity() OVERRIDE
;
112 virtual bool AllowsDefaultCredentials() OVERRIDE
;
113 virtual bool AllowsExplicitCredentials() OVERRIDE
;
116 virtual bool Init(HttpAuthChallengeTokenizer
* challenge
) OVERRIDE
;
118 virtual int GenerateAuthTokenImpl(const AuthCredentials
* credentials
,
119 const HttpRequestInfo
* request
,
120 const CompletionCallback
& callback
,
121 std::string
* auth_token
) OVERRIDE
;
125 STATE_RESOLVE_CANONICAL_NAME
,
126 STATE_RESOLVE_CANONICAL_NAME_COMPLETE
,
127 STATE_GENERATE_AUTH_TOKEN
,
128 STATE_GENERATE_AUTH_TOKEN_COMPLETE
,
132 void OnIOComplete(int result
);
133 void DoCallback(int result
);
134 int DoLoop(int result
);
136 int DoResolveCanonicalName();
137 int DoResolveCanonicalNameComplete(int rv
);
138 int DoGenerateAuthToken();
139 int DoGenerateAuthTokenComplete(int rv
);
140 bool CanDelegate() const;
142 AuthSystem auth_system_
;
143 bool disable_cname_lookup_
;
145 HostResolver
* const resolver_
;
147 // Members which are needed for DNS lookup + SPN.
148 AddressList address_list_
;
149 scoped_ptr
<SingleRequestHostResolver
> single_resolve_
;
151 // Things which should be consistent after first call to GenerateAuthToken.
152 bool already_called_
;
153 bool has_credentials_
;
154 AuthCredentials credentials_
;
157 // Things which vary each round.
158 CompletionCallback callback_
;
159 std::string
* auth_token_
;
163 const URLSecurityManager
* url_security_manager_
;
168 #endif // NET_HTTP_HTTP_AUTH_HANDLER_NEGOTIATE_H_