http/http_auth_handler_negotiate.h - chromium/src/net - Git at Google

 // Copyright 2011 The Chromium Authors
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef NET_HTTP_HTTP_AUTH_HANDLER_NEGOTIATE_H_
 #define NET_HTTP_HTTP_AUTH_HANDLER_NEGOTIATE_H_

 #include <memory>
 #include <string>
 #include <utility>

 #include "base/memory/raw_ptr.h"
 #include "build/build_config.h"
 #include "net/base/completion_once_callback.h"
 #include "net/base/net_export.h"
 #include "net/base/network_isolation_key.h"
 #include "net/dns/host_resolver.h"
 #include "net/http/http_auth_handler.h"
 #include "net/http/http_auth_handler_factory.h"
 #include "net/http/http_auth_mechanism.h"

 #if BUILDFLAG(IS_ANDROID)
 #include "net/android/http_auth_negotiate_android.h"
 #elif BUILDFLAG(IS_WIN)
 #include "net/http/http_auth_sspi_win.h"
 #elif BUILDFLAG(IS_POSIX)
 #include "net/http/http_auth_gssapi_posix.h"
 #endif

 namespace url {
 class SchemeHostPort;
 }

 namespace net {

 class HttpAuthPreferences;

 // Handler for WWW-Authenticate: Negotiate protocol.
 //
 // See http://tools.ietf.org/html/rfc4178 and http://tools.ietf.org/html/rfc4559
 // for more information about the protocol.

 class NET_EXPORT_PRIVATE HttpAuthHandlerNegotiate : public HttpAuthHandler {
  public:
 #if BUILDFLAG(IS_WIN)
   typedef SSPILibrary AuthLibrary;
 #elif BUILDFLAG(IS_POSIX) && !BUILDFLAG(IS_ANDROID)
   typedef GSSAPILibrary AuthLibrary;
 #endif

   class NET_EXPORT_PRIVATE Factory : public HttpAuthHandlerFactory {
    public:
     explicit Factory(HttpAuthMechanismFactory negotiate_auth_system_factory);
     ~Factory() override;

 #if !BUILDFLAG(IS_ANDROID)
     // Sets the system library to use, thereby assuming ownership of
     // |auth_library|.
     void set_library(std::unique_ptr<AuthLibrary> auth_provider) {
       auth_library_ = std::move(auth_provider);
     }

 #if BUILDFLAG(IS_POSIX)
     const std::string& GetLibraryNameForTesting() const;
 #endif  // BUILDFLAG(IS_POSIX)
 #endif  // !BUILDFLAG(IS_ANDROID)

     // HttpAuthHandlerFactory overrides
     int CreateAuthHandler(
         HttpAuthChallengeTokenizer* challenge,
         HttpAuth::Target target,
         const SSLInfo& ssl_info,
         const NetworkAnonymizationKey& network_anonymization_key,
         const url::SchemeHostPort& scheme_host_port,
         CreateReason reason,
         int digest_nonce_count,
         const NetLogWithSource& net_log,
         HostResolver* host_resolver,
         std::unique_ptr<HttpAuthHandler>* handler) override;

    private:
     HttpAuthMechanismFactory negotiate_auth_system_factory_;
     bool is_unsupported_ = false;
 #if !BUILDFLAG(IS_ANDROID)
     std::unique_ptr<AuthLibrary> auth_library_;
 #endif  // !BUILDFLAG(IS_ANDROID)
   };

   HttpAuthHandlerNegotiate(std::unique_ptr<HttpAuthMechanism> auth_system,
                            const HttpAuthPreferences* prefs,
                            HostResolver* host_resolver);

   ~HttpAuthHandlerNegotiate() override;

   // HttpAuthHandler
   bool NeedsIdentity() override;
   bool AllowsDefaultCredentials() override;
   bool AllowsExplicitCredentials() override;

   const std::string& spn_for_testing() const { return spn_; }

  protected:
   // HttpAuthHandler
   bool Init(HttpAuthChallengeTokenizer* challenge,
             const SSLInfo& ssl_info,
             const NetworkAnonymizationKey& network_anonymization_key) override;
   int GenerateAuthTokenImpl(const AuthCredentials* credentials,
                             const HttpRequestInfo* request,
                             CompletionOnceCallback callback,
                             std::string* auth_token) override;
   HttpAuth::AuthorizationResult HandleAnotherChallengeImpl(
       HttpAuthChallengeTokenizer* challenge) override;

  private:
   enum State {
     STATE_RESOLVE_CANONICAL_NAME,
     STATE_RESOLVE_CANONICAL_NAME_COMPLETE,
     STATE_GENERATE_AUTH_TOKEN,
     STATE_GENERATE_AUTH_TOKEN_COMPLETE,
     STATE_NONE,
   };

   std::string CreateSPN(const std::string& server,
                         const url::SchemeHostPort& scheme_host_port);

   void OnIOComplete(int result);
   void DoCallback(int result);
   int DoLoop(int result);

   int DoResolveCanonicalName();
   int DoResolveCanonicalNameComplete(int rv);
   int DoGenerateAuthToken();
   int DoGenerateAuthTokenComplete(int rv);
   HttpAuth::DelegationType GetDelegationType() const;

   std::unique_ptr<HttpAuthMechanism> auth_system_;
   const raw_ptr<HostResolver> resolver_;

   NetworkAnonymizationKey network_anonymization_key_;

   // Members which are needed for DNS lookup + SPN.
   std::unique_ptr<HostResolver::ResolveHostRequest> resolve_host_request_;

   // Things which should be consistent after first call to GenerateAuthToken.
   bool already_called_ = false;
   bool has_credentials_ = false;
   AuthCredentials credentials_;
   std::string spn_;
   std::string channel_bindings_;

   // Things which vary each round.
   CompletionOnceCallback callback_;
   raw_ptr<std::string> auth_token_ = nullptr;

   State next_state_ = STATE_NONE;

   raw_ptr<const HttpAuthPreferences> http_auth_preferences_;
 };

 }  // namespace net

 #endif  // NET_HTTP_HTTP_AUTH_HANDLER_NEGOTIATE_H_
	// Copyright 2011 The Chromium Authors
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef NET_HTTP_HTTP_AUTH_HANDLER_NEGOTIATE_H_
	#define NET_HTTP_HTTP_AUTH_HANDLER_NEGOTIATE_H_

	#include <memory>
	#include <string>
	#include <utility>

	#include "base/memory/raw_ptr.h"
	#include "build/build_config.h"
	#include "net/base/completion_once_callback.h"
	#include "net/base/net_export.h"
	#include "net/base/network_isolation_key.h"
	#include "net/dns/host_resolver.h"
	#include "net/http/http_auth_handler.h"
	#include "net/http/http_auth_handler_factory.h"
	#include "net/http/http_auth_mechanism.h"

	#if BUILDFLAG(IS_ANDROID)
	#include "net/android/http_auth_negotiate_android.h"
	#elif BUILDFLAG(IS_WIN)
	#include "net/http/http_auth_sspi_win.h"
	#elif BUILDFLAG(IS_POSIX)
	#include "net/http/http_auth_gssapi_posix.h"
	#endif

	namespace url {
	class SchemeHostPort;
	}

	namespace net {

	class HttpAuthPreferences;

	// Handler for WWW-Authenticate: Negotiate protocol.
	//
	// See http://tools.ietf.org/html/rfc4178 and http://tools.ietf.org/html/rfc4559
	// for more information about the protocol.

	class NET_EXPORT_PRIVATE HttpAuthHandlerNegotiate : public HttpAuthHandler {
	public:
	#if BUILDFLAG(IS_WIN)
	typedef SSPILibrary AuthLibrary;
	#elif BUILDFLAG(IS_POSIX) && !BUILDFLAG(IS_ANDROID)
	typedef GSSAPILibrary AuthLibrary;
	#endif

	class NET_EXPORT_PRIVATE Factory : public HttpAuthHandlerFactory {
	public:
	explicit Factory(HttpAuthMechanismFactory negotiate_auth_system_factory);
	~Factory() override;

	#if !BUILDFLAG(IS_ANDROID)
	// Sets the system library to use, thereby assuming ownership of
	// \|auth_library\|.
	void set_library(std::unique_ptr<AuthLibrary> auth_provider) {
	auth_library_ = std::move(auth_provider);
	}

	#if BUILDFLAG(IS_POSIX)
	const std::string& GetLibraryNameForTesting() const;
	#endif // BUILDFLAG(IS_POSIX)
	#endif // !BUILDFLAG(IS_ANDROID)

	// HttpAuthHandlerFactory overrides
	int CreateAuthHandler(
	HttpAuthChallengeTokenizer* challenge,
	HttpAuth::Target target,
	const SSLInfo& ssl_info,
	const NetworkAnonymizationKey& network_anonymization_key,
	const url::SchemeHostPort& scheme_host_port,
	CreateReason reason,
	int digest_nonce_count,
	const NetLogWithSource& net_log,
	HostResolver* host_resolver,
	std::unique_ptr<HttpAuthHandler>* handler) override;

	private:
	HttpAuthMechanismFactory negotiate_auth_system_factory_;
	bool is_unsupported_ = false;
	#if !BUILDFLAG(IS_ANDROID)
	std::unique_ptr<AuthLibrary> auth_library_;
	#endif // !BUILDFLAG(IS_ANDROID)
	};

	HttpAuthHandlerNegotiate(std::unique_ptr<HttpAuthMechanism> auth_system,
	const HttpAuthPreferences* prefs,
	HostResolver* host_resolver);

	~HttpAuthHandlerNegotiate() override;

	// HttpAuthHandler
	bool NeedsIdentity() override;
	bool AllowsDefaultCredentials() override;
	bool AllowsExplicitCredentials() override;

	const std::string& spn_for_testing() const { return spn_; }

	protected:
	// HttpAuthHandler
	bool Init(HttpAuthChallengeTokenizer* challenge,
	const SSLInfo& ssl_info,
	const NetworkAnonymizationKey& network_anonymization_key) override;
	int GenerateAuthTokenImpl(const AuthCredentials* credentials,
	const HttpRequestInfo* request,
	CompletionOnceCallback callback,
	std::string* auth_token) override;
	HttpAuth::AuthorizationResult HandleAnotherChallengeImpl(
	HttpAuthChallengeTokenizer* challenge) override;

	private:
	enum State {
	STATE_RESOLVE_CANONICAL_NAME,
	STATE_RESOLVE_CANONICAL_NAME_COMPLETE,
	STATE_GENERATE_AUTH_TOKEN,
	STATE_GENERATE_AUTH_TOKEN_COMPLETE,
	STATE_NONE,
	};

	std::string CreateSPN(const std::string& server,
	const url::SchemeHostPort& scheme_host_port);

	void OnIOComplete(int result);
	void DoCallback(int result);
	int DoLoop(int result);

	int DoResolveCanonicalName();
	int DoResolveCanonicalNameComplete(int rv);
	int DoGenerateAuthToken();
	int DoGenerateAuthTokenComplete(int rv);
	HttpAuth::DelegationType GetDelegationType() const;

	std::unique_ptr<HttpAuthMechanism> auth_system_;
	const raw_ptr<HostResolver> resolver_;

	NetworkAnonymizationKey network_anonymization_key_;

	// Members which are needed for DNS lookup + SPN.
	std::unique_ptr<HostResolver::ResolveHostRequest> resolve_host_request_;

	// Things which should be consistent after first call to GenerateAuthToken.
	bool already_called_ = false;
	bool has_credentials_ = false;
	AuthCredentials credentials_;
	std::string spn_;
	std::string channel_bindings_;

	// Things which vary each round.
	CompletionOnceCallback callback_;
	raw_ptr<std::string> auth_token_ = nullptr;

	State next_state_ = STATE_NONE;

	raw_ptr<const HttpAuthPreferences> http_auth_preferences_;
	};

	} // namespace net

	#endif // NET_HTTP_HTTP_AUTH_HANDLER_NEGOTIATE_H_