net/http/http_auth_handler_negotiate.h - chromium/src - Git at Google

 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef NET_HTTP_HTTP_AUTH_HANDLER_NEGOTIATE_H_
 #define NET_HTTP_HTTP_AUTH_HANDLER_NEGOTIATE_H_

 #include "build/build_config.h"

 #include <string>

 #include "net/base/address_list.h"
 #include "net/http/http_auth_handler.h"
 #include "net/http/http_auth_handler_factory.h"

 #if defined(OS_WIN)
 #include "net/http/http_auth_sspi_win.h"
 #endif

 namespace net {

 class SingleRequestHostResolver;
 class URLSecurityManager;

 // Handler for WWW-Authenticate: Negotiate protocol.
 //
 // See http://tools.ietf.org/html/rfc4178 and http://tools.ietf.org/html/rfc4559
 // for more information about the protocol.

 class HttpAuthHandlerNegotiate : public HttpAuthHandler {
  public:
   class Factory : public HttpAuthHandlerFactory {
    public:
     Factory();
     virtual ~Factory();

     // |disable_cname_lookup()| and |set_disable_cname_lookup()| get/set whether
     // the auth handlers generated by this factory should skip looking up the
     // canonical DNS name of the the host that they are authenticating to when
     // generating the SPN. The default value is false.
     bool disable_cname_lookup() const { return disable_cname_lookup_; }
     void set_disable_cname_lookup(bool disable_cname_lookup) {
       disable_cname_lookup_ = disable_cname_lookup;
     }

     // |use_port()| and |set_use_port()| get/set whether the auth handlers
     // generated by this factory should include the port number of the server
     // they are authenticating to when constructing a Kerberos SPN. The default
     // value is false.
     bool use_port() const { return use_port_; }
     void set_use_port(bool use_port) { use_port_ = use_port; }

     virtual int CreateAuthHandler(HttpAuth::ChallengeTokenizer* challenge,
                                   HttpAuth::Target target,
                                   const GURL& origin,
                                   scoped_refptr<HttpAuthHandler>* handler);

 #if defined(OS_WIN)
     // Set the SSPILibrary to use. Typically the only callers which need to
     // use this are unit tests which pass in a mocked-out version of the
     // SSPI library.
     // The caller is responsible for managing the lifetime of |*sspi_library|,
     // and the lifetime must exceed that of this Factory object and all
     // HttpAuthHandler's that this Factory object creates.
     void set_sspi_library(SSPILibrary* sspi_library) {
       sspi_library_ = sspi_library;
     }
 #endif  // defined(OS_WIN)
    private:
     bool disable_cname_lookup_;
     bool use_port_;
 #if defined(OS_WIN)
     ULONG max_token_length_;
     bool first_creation_;
     bool is_unsupported_;
     SSPILibrary* sspi_library_;
 #endif  // defined(OS_WIN)
   };

 #if defined(OS_WIN)
   HttpAuthHandlerNegotiate(SSPILibrary* sspi_library, ULONG max_token_length,
                            const URLSecurityManager* url_security_manager,
                            bool disable_cname_lookup, bool use_port);
 #else
   explicit HttpAuthHandlerNegotiate(
       const URLSecurityManager* url_security_manager);
 #endif

   virtual bool NeedsIdentity();

   virtual bool IsFinalRound();

   virtual bool AllowsDefaultCredentials();

   virtual bool NeedsCanonicalName();

   virtual int GenerateAuthToken(const std::wstring& username,
                                 const std::wstring& password,
                                 const HttpRequestInfo* request,
                                 const ProxyInfo* proxy,
                                 std::string* auth_token);

   virtual int GenerateDefaultAuthToken(const HttpRequestInfo* request,
                                        const ProxyInfo* proxy,
                                        std::string* auth_token);

   virtual int ResolveCanonicalName(HostResolver* host_resolver,
                                    CompletionCallback* callback,
                                    const BoundNetLog& net_log);

  protected:
   virtual bool Init(HttpAuth::ChallengeTokenizer* challenge);

  private:
   ~HttpAuthHandlerNegotiate();

 #if defined(OS_WIN)
   void OnResolveCanonicalName(int result);
   std::wstring CreateSPN(const AddressList& address_list, const GURL& orign);

   HttpAuthSSPI auth_sspi_;
   AddressList address_list_;
   scoped_ptr<SingleRequestHostResolver> single_resolve_;
   CompletionCallback* user_callback_;
   CompletionCallbackImpl<HttpAuthHandlerNegotiate> resolve_cname_callback_;
   bool disable_cname_lookup_;
   bool use_port_;
   std::wstring spn_;
 #endif

   const URLSecurityManager* url_security_manager_;
 };

 }  // namespace net

 #endif  // NET_HTTP_HTTP_AUTH_HANDLER_NEGOTIATE_H_
	// Copyright (c) 2010 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef NET_HTTP_HTTP_AUTH_HANDLER_NEGOTIATE_H_
	#define NET_HTTP_HTTP_AUTH_HANDLER_NEGOTIATE_H_

	#include "build/build_config.h"

	#include <string>

	#include "net/base/address_list.h"
	#include "net/http/http_auth_handler.h"
	#include "net/http/http_auth_handler_factory.h"

	#if defined(OS_WIN)
	#include "net/http/http_auth_sspi_win.h"
	#endif

	namespace net {

	class SingleRequestHostResolver;
	class URLSecurityManager;

	// Handler for WWW-Authenticate: Negotiate protocol.
	//
	// See http://tools.ietf.org/html/rfc4178 and http://tools.ietf.org/html/rfc4559
	// for more information about the protocol.

	class HttpAuthHandlerNegotiate : public HttpAuthHandler {
	public:
	class Factory : public HttpAuthHandlerFactory {
	public:
	Factory();
	virtual ~Factory();

	// \|disable_cname_lookup()\| and \|set_disable_cname_lookup()\| get/set whether
	// the auth handlers generated by this factory should skip looking up the
	// canonical DNS name of the the host that they are authenticating to when
	// generating the SPN. The default value is false.
	bool disable_cname_lookup() const { return disable_cname_lookup_; }
	void set_disable_cname_lookup(bool disable_cname_lookup) {
	disable_cname_lookup_ = disable_cname_lookup;
	}

	// \|use_port()\| and \|set_use_port()\| get/set whether the auth handlers
	// generated by this factory should include the port number of the server
	// they are authenticating to when constructing a Kerberos SPN. The default
	// value is false.
	bool use_port() const { return use_port_; }
	void set_use_port(bool use_port) { use_port_ = use_port; }

	virtual int CreateAuthHandler(HttpAuth::ChallengeTokenizer* challenge,
	HttpAuth::Target target,
	const GURL& origin,
	scoped_refptr<HttpAuthHandler>* handler);

	#if defined(OS_WIN)
	// Set the SSPILibrary to use. Typically the only callers which need to
	// use this are unit tests which pass in a mocked-out version of the
	// SSPI library.
	// The caller is responsible for managing the lifetime of \|*sspi_library\|,
	// and the lifetime must exceed that of this Factory object and all
	// HttpAuthHandler's that this Factory object creates.
	void set_sspi_library(SSPILibrary* sspi_library) {
	sspi_library_ = sspi_library;
	}
	#endif // defined(OS_WIN)
	private:
	bool disable_cname_lookup_;
	bool use_port_;
	#if defined(OS_WIN)
	ULONG max_token_length_;
	bool first_creation_;
	bool is_unsupported_;
	SSPILibrary* sspi_library_;
	#endif // defined(OS_WIN)
	};

	#if defined(OS_WIN)
	HttpAuthHandlerNegotiate(SSPILibrary* sspi_library, ULONG max_token_length,
	const URLSecurityManager* url_security_manager,
	bool disable_cname_lookup, bool use_port);
	#else
	explicit HttpAuthHandlerNegotiate(
	const URLSecurityManager* url_security_manager);
	#endif

	virtual bool NeedsIdentity();

	virtual bool IsFinalRound();

	virtual bool AllowsDefaultCredentials();

	virtual bool NeedsCanonicalName();

	virtual int GenerateAuthToken(const std::wstring& username,
	const std::wstring& password,
	const HttpRequestInfo* request,
	const ProxyInfo* proxy,
	std::string* auth_token);

	virtual int GenerateDefaultAuthToken(const HttpRequestInfo* request,
	const ProxyInfo* proxy,
	std::string* auth_token);

	virtual int ResolveCanonicalName(HostResolver* host_resolver,
	CompletionCallback* callback,
	const BoundNetLog& net_log);

	protected:
	virtual bool Init(HttpAuth::ChallengeTokenizer* challenge);

	private:
	~HttpAuthHandlerNegotiate();

	#if defined(OS_WIN)
	void OnResolveCanonicalName(int result);
	std::wstring CreateSPN(const AddressList& address_list, const GURL& orign);

	HttpAuthSSPI auth_sspi_;
	AddressList address_list_;
	scoped_ptr<SingleRequestHostResolver> single_resolve_;
	CompletionCallback* user_callback_;
	CompletionCallbackImpl<HttpAuthHandlerNegotiate> resolve_cname_callback_;
	bool disable_cname_lookup_;
	bool use_port_;
	std::wstring spn_;
	#endif

	const URLSecurityManager* url_security_manager_;
	};

	} // namespace net

	#endif // NET_HTTP_HTTP_AUTH_HANDLER_NEGOTIATE_H_