163 lines
5.0 KiB
C++
163 lines
5.0 KiB
C++
// Copyright 2011 The Chromium Authors
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
#ifndef NET_HTTP_HTTP_AUTH_HANDLER_NEGOTIATE_H_
|
|
#define NET_HTTP_HTTP_AUTH_HANDLER_NEGOTIATE_H_
|
|
|
|
#include <memory>
|
|
#include <string>
|
|
#include <utility>
|
|
|
|
#include "base/memory/raw_ptr.h"
|
|
#include "build/build_config.h"
|
|
#include "net/base/completion_once_callback.h"
|
|
#include "net/base/net_export.h"
|
|
#include "net/base/network_isolation_key.h"
|
|
#include "net/dns/host_resolver.h"
|
|
#include "net/http/http_auth_handler.h"
|
|
#include "net/http/http_auth_handler_factory.h"
|
|
#include "net/http/http_auth_mechanism.h"
|
|
|
|
#if BUILDFLAG(IS_ANDROID)
|
|
#include "net/android/http_auth_negotiate_android.h"
|
|
#elif BUILDFLAG(IS_WIN)
|
|
#include "net/http/http_auth_sspi_win.h"
|
|
#elif BUILDFLAG(IS_POSIX)
|
|
#include "net/http/http_auth_gssapi_posix.h"
|
|
#endif
|
|
|
|
namespace url {
|
|
class SchemeHostPort;
|
|
}
|
|
|
|
namespace net {
|
|
|
|
class HttpAuthPreferences;
|
|
|
|
// Handler for WWW-Authenticate: Negotiate protocol.
|
|
//
|
|
// See http://tools.ietf.org/html/rfc4178 and http://tools.ietf.org/html/rfc4559
|
|
// for more information about the protocol.
|
|
|
|
class NET_EXPORT_PRIVATE HttpAuthHandlerNegotiate : public HttpAuthHandler {
|
|
public:
|
|
#if BUILDFLAG(IS_WIN)
|
|
typedef SSPILibrary AuthLibrary;
|
|
#elif BUILDFLAG(IS_POSIX) && !BUILDFLAG(IS_ANDROID)
|
|
typedef GSSAPILibrary AuthLibrary;
|
|
#endif
|
|
|
|
class NET_EXPORT_PRIVATE Factory : public HttpAuthHandlerFactory {
|
|
public:
|
|
explicit Factory(HttpAuthMechanismFactory negotiate_auth_system_factory);
|
|
~Factory() override;
|
|
|
|
#if !BUILDFLAG(IS_ANDROID)
|
|
// Sets the system library to use, thereby assuming ownership of
|
|
// |auth_library|.
|
|
void set_library(std::unique_ptr<AuthLibrary> auth_provider) {
|
|
auth_library_ = std::move(auth_provider);
|
|
}
|
|
|
|
#if BUILDFLAG(IS_POSIX)
|
|
const std::string& GetLibraryNameForTesting() const;
|
|
#endif // BUILDFLAG(IS_POSIX)
|
|
#endif // !BUILDFLAG(IS_ANDROID)
|
|
|
|
// HttpAuthHandlerFactory overrides
|
|
int CreateAuthHandler(
|
|
HttpAuthChallengeTokenizer* challenge,
|
|
HttpAuth::Target target,
|
|
const SSLInfo& ssl_info,
|
|
const NetworkAnonymizationKey& network_anonymization_key,
|
|
const url::SchemeHostPort& scheme_host_port,
|
|
CreateReason reason,
|
|
int digest_nonce_count,
|
|
const NetLogWithSource& net_log,
|
|
HostResolver* host_resolver,
|
|
std::unique_ptr<HttpAuthHandler>* handler) override;
|
|
|
|
private:
|
|
HttpAuthMechanismFactory negotiate_auth_system_factory_;
|
|
bool is_unsupported_ = false;
|
|
#if !BUILDFLAG(IS_ANDROID)
|
|
std::unique_ptr<AuthLibrary> auth_library_;
|
|
#endif // !BUILDFLAG(IS_ANDROID)
|
|
};
|
|
|
|
HttpAuthHandlerNegotiate(std::unique_ptr<HttpAuthMechanism> auth_system,
|
|
const HttpAuthPreferences* prefs,
|
|
HostResolver* host_resolver);
|
|
|
|
~HttpAuthHandlerNegotiate() override;
|
|
|
|
// HttpAuthHandler
|
|
bool NeedsIdentity() override;
|
|
bool AllowsDefaultCredentials() override;
|
|
bool AllowsExplicitCredentials() override;
|
|
|
|
const std::string& spn_for_testing() const { return spn_; }
|
|
|
|
protected:
|
|
// HttpAuthHandler
|
|
bool Init(HttpAuthChallengeTokenizer* challenge,
|
|
const SSLInfo& ssl_info,
|
|
const NetworkAnonymizationKey& network_anonymization_key) override;
|
|
int GenerateAuthTokenImpl(const AuthCredentials* credentials,
|
|
const HttpRequestInfo* request,
|
|
CompletionOnceCallback callback,
|
|
std::string* auth_token) override;
|
|
HttpAuth::AuthorizationResult HandleAnotherChallengeImpl(
|
|
HttpAuthChallengeTokenizer* challenge) override;
|
|
|
|
private:
|
|
enum State {
|
|
STATE_RESOLVE_CANONICAL_NAME,
|
|
STATE_RESOLVE_CANONICAL_NAME_COMPLETE,
|
|
STATE_GENERATE_AUTH_TOKEN,
|
|
STATE_GENERATE_AUTH_TOKEN_COMPLETE,
|
|
STATE_NONE,
|
|
};
|
|
|
|
std::string CreateSPN(const std::string& server,
|
|
const url::SchemeHostPort& scheme_host_port);
|
|
|
|
void OnIOComplete(int result);
|
|
void DoCallback(int result);
|
|
int DoLoop(int result);
|
|
|
|
int DoResolveCanonicalName();
|
|
int DoResolveCanonicalNameComplete(int rv);
|
|
int DoGenerateAuthToken();
|
|
int DoGenerateAuthTokenComplete(int rv);
|
|
HttpAuth::DelegationType GetDelegationType() const;
|
|
|
|
std::unique_ptr<HttpAuthMechanism> auth_system_;
|
|
const raw_ptr<HostResolver> resolver_;
|
|
|
|
NetworkAnonymizationKey network_anonymization_key_;
|
|
|
|
// Members which are needed for DNS lookup + SPN.
|
|
std::unique_ptr<HostResolver::ResolveHostRequest> resolve_host_request_;
|
|
|
|
// Things which should be consistent after first call to GenerateAuthToken.
|
|
bool already_called_ = false;
|
|
bool has_credentials_ = false;
|
|
AuthCredentials credentials_;
|
|
std::string spn_;
|
|
std::string channel_bindings_;
|
|
|
|
// Things which vary each round.
|
|
CompletionOnceCallback callback_;
|
|
raw_ptr<std::string> auth_token_ = nullptr;
|
|
|
|
State next_state_ = STATE_NONE;
|
|
|
|
raw_ptr<const HttpAuthPreferences> http_auth_preferences_;
|
|
};
|
|
|
|
} // namespace net
|
|
|
|
#endif // NET_HTTP_HTTP_AUTH_HANDLER_NEGOTIATE_H_
|