blob: 1e01ce2a65d66768283a049ae37af8be1687cbc1 [file] [log] [blame]
// Copyright 2018 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef NET_HTTP_HTTP_AUTH_MECHANISM_H_
#define NET_HTTP_HTTP_AUTH_MECHANISM_H_
#include <memory>
#include "base/functional/callback_forward.h"
#include "net/base/completion_once_callback.h"
#include "net/base/net_export.h"
#include "net/http/http_auth.h"
namespace net {
class AuthCredentials;
class HttpAuthChallengeTokenizer;
class HttpAuthPreferences;
class NetLogWithSource;
class NET_EXPORT_PRIVATE HttpAuthMechanism {
public:
virtual ~HttpAuthMechanism() = default;
virtual bool Init(const NetLogWithSource& net_log) = 0;
// True if authentication needs the identity of the user from Chrome.
virtual bool NeedsIdentity() const = 0;
// True if authentication can use explicit credentials included in the URL or
// the user may be prompted for credentials.
virtual bool AllowsExplicitCredentials() const = 0;
// Parse a received Negotiate challenge.
virtual HttpAuth::AuthorizationResult ParseChallenge(
HttpAuthChallengeTokenizer* tok) = 0;
// Generates an authentication token.
//
// The return value is an error code. The authentication token will be
// returned in |*auth_token|. If the result code is not |OK|, the value of
// |*auth_token| is unspecified.
//
// If the operation cannot be completed synchronously, |ERR_IO_PENDING| will
// be returned and the real result code will be passed to the completion
// callback. Otherwise the result code is returned immediately from this
// call.
//
// If the AndroidAuthNegotiate object is deleted before completion then the
// callback will not be called.
//
// If no immediate result is returned then |auth_token| must remain valid
// until the callback has been called.
//
// |spn| is the Service Principal Name of the server that the token is
// being generated for.
//
// If this is the first round of a multiple round scheme, credentials are
// obtained using |*credentials|. If |credentials| is nullptr, the default
// credentials are used instead.
virtual int GenerateAuthToken(const AuthCredentials* credentials,
const std::string& spn,
const std::string& channel_bindings,
std::string* auth_token,
const NetLogWithSource& net_log,
CompletionOnceCallback callback) = 0;
// Sets the delegation type allowed on the Kerberos ticket. This allows
// certain servers to act as the user, such as an IIS server retrieving data
// from a Kerberized MSSQL server.
virtual void SetDelegation(HttpAuth::DelegationType delegation_type) = 0;
};
// Factory is just a callback that returns a unique_ptr.
using HttpAuthMechanismFactory =
base::RepeatingCallback<std::unique_ptr<HttpAuthMechanism>(
const HttpAuthPreferences*)>;
} // namespace net
#endif // NET_HTTP_HTTP_AUTH_MECHANISM_H_