Removed filter checks in windows implementations of Negotiate and NTLM HTTP Authentication handler creation.

BUG=29596
TEST=None

Review URL: http://codereview.chromium.org/1564002

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@43212 0039d316-1c4b-4281-b951-d872f2087c98

4 files changed, 0 insertions, 369 deletions

diff --git a/net/http/http_auth_handler_factory_unittest.cc b/net/http/http_auth_handler_factory_unittest.cc
index a1e4a5c..da6e5b9 100644
--- a/net/http/http_auth_handler_factory_unittest.cc
+++ b/net/http/http_auth_handler_factory_unittest.cc
@@ -174,149 +174,4 @@ TEST(HttpAuthHandlerFactoryTest, DefaultFactory) {
 #endif  // !defined(OS_WIN)
 }
 
-TEST(HttpAuthHandlerFactoryTest, DefaultFactoryWithFilters) {
-  std::string ntlm_server_whitelist = "*example.com";
-  std::string negotiate_server_whitelist = "*example.com";
-  std::string ntlm_server_whitelist2 = "*example.org";
-  std::string negotiate_server_whitelist2 = "*example.org";
-
-  HttpAuthHandlerRegistryFactory* http_auth_handler_registry_factory =
-      HttpAuthHandlerFactory::CreateDefault();
-  scoped_ptr<HttpAuthHandlerFactory> http_auth_handler_factory(
-      http_auth_handler_registry_factory);
-  HttpAuthFilterWhitelist* ntlm_whitelist = new HttpAuthFilterWhitelist;
-  HttpAuthFilterWhitelist* negotiate_whitelist = new HttpAuthFilterWhitelist;
-
-  ntlm_whitelist->SetWhitelist(ntlm_server_whitelist);
-  negotiate_whitelist->SetWhitelist(negotiate_server_whitelist);
-
-  http_auth_handler_registry_factory->SetFilter("ntlm", ntlm_whitelist);
-  http_auth_handler_registry_factory->SetFilter("negotiate",
-                                                negotiate_whitelist);
-
-  GURL server_origin("http://www.example.com");
-  GURL proxy_origin("http://cache.example.com:3128");
-  {
-    scoped_refptr<HttpAuthHandler> handler;
-    int rv = http_auth_handler_factory->CreateAuthHandlerFromString(
-        "Basic realm=\"FooBar\"",
-        HttpAuth::AUTH_SERVER,
-        server_origin,
-        &handler);
-    EXPECT_EQ(OK, rv);
-    EXPECT_FALSE(handler.get() == NULL);
-    EXPECT_STREQ("basic", handler->scheme().c_str());
-    EXPECT_STREQ("FooBar", handler->realm().c_str());
-    EXPECT_EQ(HttpAuth::AUTH_SERVER, handler->target());
-    EXPECT_FALSE(handler->encrypts_identity());
-    EXPECT_FALSE(handler->is_connection_based());
-  }
-  {
-    scoped_refptr<HttpAuthHandler> handler;
-    int rv = http_auth_handler_factory->CreateAuthHandlerFromString(
-        "UNSUPPORTED realm=\"FooBar\"",
-        HttpAuth::AUTH_SERVER,
-        server_origin,
-        &handler);
-    EXPECT_EQ(ERR_UNSUPPORTED_AUTH_SCHEME, rv);
-    EXPECT_TRUE(handler.get() == NULL);
-  }
-  {
-    scoped_refptr<HttpAuthHandler> handler;
-    int rv = http_auth_handler_factory->CreateAuthHandlerFromString(
-        "Digest realm=\"FooBar\", nonce=\"xyz\"",
-        HttpAuth::AUTH_PROXY,
-        proxy_origin,
-        &handler);
-    EXPECT_EQ(OK, rv);
-    EXPECT_FALSE(handler.get() == NULL);
-    EXPECT_STREQ("digest", handler->scheme().c_str());
-    EXPECT_STREQ("FooBar", handler->realm().c_str());
-    EXPECT_EQ(HttpAuth::AUTH_PROXY, handler->target());
-    EXPECT_TRUE(handler->encrypts_identity());
-    EXPECT_FALSE(handler->is_connection_based());
-  }
-  {
-    scoped_refptr<HttpAuthHandler> handler;
-    int rv = http_auth_handler_factory->CreateAuthHandlerFromString(
-        "NTLM",
-        HttpAuth::AUTH_SERVER,
-        server_origin,
-        &handler);
-    EXPECT_EQ(OK, rv);
-    ASSERT_FALSE(handler.get() == NULL);
-    EXPECT_STREQ("ntlm", handler->scheme().c_str());
-    EXPECT_STREQ("", handler->realm().c_str());
-    EXPECT_EQ(HttpAuth::AUTH_SERVER, handler->target());
-    EXPECT_TRUE(handler->encrypts_identity());
-    EXPECT_TRUE(handler->is_connection_based());
-  }
-#if defined(OS_WIN)
-  {
-    scoped_refptr<HttpAuthHandler> handler;
-    int rv = http_auth_handler_factory->CreateAuthHandlerFromString(
-        "Negotiate",
-        HttpAuth::AUTH_SERVER,
-        server_origin,
-        &handler);
-    EXPECT_EQ(OK, rv);
-    EXPECT_FALSE(handler.get() == NULL);
-    EXPECT_STREQ("negotiate", handler->scheme().c_str());
-    EXPECT_STREQ("", handler->realm().c_str());
-    EXPECT_EQ(HttpAuth::AUTH_SERVER, handler->target());
-    EXPECT_TRUE(handler->encrypts_identity());
-    EXPECT_TRUE(handler->is_connection_based());
-  }
-#else  // !defined(OS_WIN)
-  {
-    scoped_refptr<HttpAuthHandler> handler;
-    int rv = http_auth_handler_factory->CreateAuthHandlerFromString(
-        "Negotiate",
-        HttpAuth::AUTH_SERVER,
-        server_origin,
-        &handler);
-    EXPECT_EQ(ERR_UNSUPPORTED_AUTH_SCHEME, rv);
-    EXPECT_TRUE(handler.get() == NULL);
-  }
-#endif  // !defined(OS_WIN)
-
-  // Now change the whitelist and expect failures.
-  ntlm_whitelist->SetWhitelist(ntlm_server_whitelist2);
-  negotiate_whitelist->SetWhitelist(negotiate_server_whitelist2);
-
-  {
-    scoped_refptr<HttpAuthHandler> handler;
-    int rv = http_auth_handler_factory->CreateAuthHandlerFromString(
-        "NTLM",
-        HttpAuth::AUTH_SERVER,
-        server_origin,
-        &handler);
-    EXPECT_EQ(ERR_INVALID_AUTH_CREDENTIALS, rv);
-    ASSERT_TRUE(handler.get() == NULL);
-  }
-#if defined(OS_WIN)
-  {
-    scoped_refptr<HttpAuthHandler> handler;
-    int rv = http_auth_handler_factory->CreateAuthHandlerFromString(
-        "Negotiate",
-        HttpAuth::AUTH_SERVER,
-        server_origin,
-        &handler);
-    EXPECT_EQ(ERR_INVALID_AUTH_CREDENTIALS, rv);
-    ASSERT_TRUE(handler.get() == NULL);
-  }
-#else  // !defined(OS_WIN)
-  {
-    scoped_refptr<HttpAuthHandler> handler;
-    int rv = http_auth_handler_factory->CreateAuthHandlerFromString(
-        "Negotiate",
-        HttpAuth::AUTH_SERVER,
-        server_origin,
-        &handler);
-    EXPECT_EQ(ERR_UNSUPPORTED_AUTH_SCHEME, rv);
-    EXPECT_TRUE(handler.get() == NULL);
-  }
-#endif  // !defined(OS_WIN)
-}
-
 }  // namespace net
diff --git a/net/http/http_auth_handler_negotiate_win.cc b/net/http/http_auth_handler_negotiate_win.cc
index d710c69..fb849d4 100644
--- a/net/http/http_auth_handler_negotiate_win.cc
+++ b/net/http/http_auth_handler_negotiate_win.cc
@@ -85,14 +85,6 @@ int HttpAuthHandlerNegotiate::Factory::CreateAuthHandler(
     scoped_refptr<HttpAuthHandler>* handler) {
   if (is_unsupported_)
     return ERR_UNSUPPORTED_AUTH_SCHEME;
-  if (filter() && !filter()->IsValid(origin, target)) {
-    LOG(INFO) << "URL " << origin
-              << "fails filter validation for authentication method "
-              << "Negotiate";
-
-    return ERR_INVALID_AUTH_CREDENTIALS;
-  }
-
   if (max_token_length_ == 0) {
     int rv = DetermineMaxTokenLength(sspi_library_, NEGOSSP_NAME,
                                      &max_token_length_);
diff --git a/net/http/http_auth_handler_ntlm_win.cc b/net/http/http_auth_handler_ntlm_win.cc
index 2aa9c0d..baa7f86 100644
--- a/net/http/http_auth_handler_ntlm_win.cc
+++ b/net/http/http_auth_handler_ntlm_win.cc
@@ -70,13 +70,6 @@ int HttpAuthHandlerNTLM::Factory::CreateAuthHandler(
     scoped_refptr<HttpAuthHandler>* handler) {
   if (is_unsupported_)
     return ERR_UNSUPPORTED_AUTH_SCHEME;
-  if (filter() && !filter()->IsValid(origin, target)) {
-    LOG(INFO) << "URL " << origin
-              << "fails filter validation for authentication method "
-              << "NTLM";
-
-    return ERR_INVALID_AUTH_CREDENTIALS;
-  }
   if (max_token_length_ == 0) {
     int rv = DetermineMaxTokenLength(sspi_library_, NTLMSP_NAME,
                                      &max_token_length_);
diff --git a/net/http/http_auth_unittest.cc b/net/http/http_auth_unittest.cc
index 799dcec..2859e07 100644
--- a/net/http/http_auth_unittest.cc
+++ b/net/http/http_auth_unittest.cc
@@ -161,215 +161,6 @@ TEST(HttpAuthTest, ChooseBestChallengeConnectionBased) {
   }
 }
 
-TEST(HttpAuthTest, ChooseBestChallengeFiltered) {
-  static const struct {
-    const char* filter_string;
-    const char* headers;
-    const char* challenge_scheme;
-    const char* challenge_realm;
-  } tests[] = {
-    {
-      // Test that the filter does not affect Basic.
-      "*example.com",
-      "Y: Digest realm=\"X\", nonce=\"aaaaaaaaaa\"\n"
-      "www-authenticate: Basic realm=\"BasicRealm\"\n",
-
-      // Basic is the only challenge type, pick it.
-      "basic",
-      "BasicRealm",
-    },
-    {
-      // Test that the filter does not affect Fake.
-      "*example.com",
-      "Y: Digest realm=\"FooBar\", nonce=\"aaaaaaaaaa\"\n"
-      "www-authenticate: Fake realm=\"FooBar\"\n",
-
-      // Fake is the only challenge type, but it is unsupported.
-      "",
-      "",
-    },
-    {
-      // Test that the filter does not affect Digest vs. Basic.
-      "*example.com",
-      "www-authenticate: Basic realm=\"FooBar\"\n"
-      "www-authenticate: Fake realm=\"FooBar\"\n"
-      "www-authenticate: nonce=\"aaaaaaaaaa\"\n"
-      "www-authenticate: Digest realm=\"DigestRealm\", nonce=\"aaaaaaaaaa\"\n",
-
-      // Pick Digest over Basic.
-      "digest",
-      "DigestRealm",
-    },
-    {
-      // Test that the filter does not affect null header.
-      "*example.com",
-      "Y: Digest realm=\"X\", nonce=\"aaaaaaaaaa\"\n"
-      "www-authenticate:\n",
-
-      // Handle null header value.
-      "",
-      "",
-    },
-    {
-      // Test that the filter works with a valid whitelist.
-      "*example.com",
-      "WWW-Authenticate: Negotiate\n"
-      "WWW-Authenticate: NTLM\n",
-
-      // Negotiate is not currently support on non-Windows platforms, so
-      // the choice varies depending on platform.
-#if defined(OS_WIN)
-      "negotiate",
-      "",
-#else
-      "ntlm",
-      "",
-#endif
-    },
-    {
-      // Test that fall back does not occur if NTLM is allowed by whitelist.
-      "*example.com",
-      "WWW-Authenticate: NTLM\n"
-      "www-authenticate: Digest realm=\"DigestRealm\", nonce=\"aaaaaaaaaa\"\n",
-
-      "ntlm",
-      "",
-    },
-    {
-      // Test that the filter prevents access if URL is not in whitelist.
-      "*example.org",
-      "WWW-Authenticate: Negotiate\n"
-      "WWW-Authenticate: NTLM\n",
-
-      // Negotiate is not currently support on non-Windows platforms, so
-      // the choice varies depending on platform.
-      "",
-      "",
-    },
-    {
-      // Test that fall back occurs if NTLM is not allowed by whitelist.
-      "*example.org",
-      "WWW-Authenticate: NTLM\n"
-      "www-authenticate: Digest realm=\"DigestRealm\", nonce=\"aaaaaaaaaa\"\n",
-
-      "digest",
-      "DigestRealm",
-    }
-  };
-  GURL origin("http://www.example.com");
-
-  HttpAuthHandlerRegistryFactory* http_auth_handler_registry_factory =
-      HttpAuthHandlerFactory::CreateDefault();
-  scoped_ptr<HttpAuthHandlerFactory> http_auth_handler_factory(
-      http_auth_handler_registry_factory);
-  HttpAuthFilterWhitelist* ntlm_whitelist = new HttpAuthFilterWhitelist;
-  HttpAuthFilterWhitelist* negotiate_whitelist = new HttpAuthFilterWhitelist;
-  http_auth_handler_registry_factory->SetFilter("ntlm", ntlm_whitelist);
-  http_auth_handler_registry_factory->SetFilter("negotiate",
-                                                negotiate_whitelist);
-
-  for (size_t i = 0; i < ARRAYSIZE_UNSAFE(tests); ++i) {
-    ntlm_whitelist->SetWhitelist(tests[i].filter_string);
-    negotiate_whitelist->SetWhitelist(tests[i].filter_string);
-    // Make a HttpResponseHeaders object.
-    std::string headers_with_status_line("HTTP/1.1 401 Unauthorized\n");
-    headers_with_status_line += tests[i].headers;
-    scoped_refptr<net::HttpResponseHeaders> headers(
-        new net::HttpResponseHeaders(
-            net::HttpUtil::AssembleRawHeaders(
-                headers_with_status_line.c_str(),
-                headers_with_status_line.length())));
-
-    scoped_refptr<HttpAuthHandler> handler;
-    HttpAuth::ChooseBestChallenge(http_auth_handler_factory.get(),
-                                  headers.get(),
-                                  HttpAuth::AUTH_SERVER,
-                                  origin,
-                                  &handler);
-
-    if (handler) {
-      EXPECT_STREQ(tests[i].challenge_scheme, handler->scheme().c_str());
-      EXPECT_STREQ(tests[i].challenge_realm, handler->realm().c_str());
-    } else {
-      EXPECT_STREQ("", tests[i].challenge_scheme);
-      EXPECT_STREQ("", tests[i].challenge_realm);
-    }
-  }
-}
-
-TEST(HttpAuthTest, ChooseBestChallengeConnectionBasedFiltered) {
-  static const struct {
-    const char* headers;
-    const char* challenge_realm;
-  } tests[] = {
-    {
-      "WWW-Authenticate: NTLM\r\n",
-
-      "",
-    },
-    {
-      "WWW-Authenticate: NTLM "
-      "TlRMTVNTUAACAAAADAAMADgAAAAFgokCTroKF1e/DRcAAAAAAAAAALo"
-      "AugBEAAAABQEoCgAAAA9HAE8ATwBHAEwARQACAAwARwBPAE8ARwBMAE"
-      "UAAQAaAEEASwBFAEUAUwBBAFIAQQAtAEMATwBSAFAABAAeAGMAbwByA"
-      "HAALgBnAG8AbwBnAGwAZQAuAGMAbwBtAAMAQABhAGsAZQBlAHMAYQBy"
-      "AGEALQBjAG8AcgBwAC4AYQBkAC4AYwBvAHIAcAAuAGcAbwBvAGcAbAB"
-      "lAC4AYwBvAG0ABQAeAGMAbwByAHAALgBnAG8AbwBnAGwAZQAuAGMAbw"
-      "BtAAAAAAA=\r\n",
-
-      // Realm is empty.
-      "",
-    }
-  };
-  GURL origin("http://www.example.com");
-
-  scoped_refptr<HttpAuthHandler> handler;
-  std::string ntlm_server_whitelist = "*example.com";
-  std::string negotiate_server_whitelist = "*example.com";
-
-  HttpAuthHandlerRegistryFactory* http_auth_handler_registry_factory =
-      HttpAuthHandlerFactory::CreateDefault();
-  scoped_ptr<HttpAuthHandlerFactory> http_auth_handler_factory(
-      http_auth_handler_registry_factory);
-  HttpAuthFilterWhitelist* ntlm_whitelist = new HttpAuthFilterWhitelist;
-  HttpAuthFilterWhitelist* negotiate_whitelist = new HttpAuthFilterWhitelist;
-
-  ntlm_whitelist->SetWhitelist(ntlm_server_whitelist);
-  negotiate_whitelist->SetWhitelist(negotiate_server_whitelist);
-
-  http_auth_handler_registry_factory->SetFilter("ntlm", ntlm_whitelist);
-  http_auth_handler_registry_factory->SetFilter("negotiate",
-                                                negotiate_whitelist);
-
-  for (size_t i = 0; i < ARRAYSIZE_UNSAFE(tests); ++i) {
-    // Make a HttpResponseHeaders object.
-    std::string headers_with_status_line("HTTP/1.1 401 Unauthorized\n");
-    headers_with_status_line += tests[i].headers;
-    scoped_refptr<net::HttpResponseHeaders> headers(
-        new net::HttpResponseHeaders(
-            net::HttpUtil::AssembleRawHeaders(
-                headers_with_status_line.c_str(),
-                headers_with_status_line.length())));
-
-    scoped_refptr<HttpAuthHandler> old_handler = handler;
-    HttpAuth::ChooseBestChallenge(http_auth_handler_factory.get(),
-                                  headers.get(),
-                                  HttpAuth::AUTH_SERVER,
-                                  origin,
-                                  &handler);
-
-    EXPECT_TRUE(handler != NULL);
-    // Since NTLM is connection-based, we should continue to use the existing
-    // handler rather than creating a new one.
-    if (i != 0)
-      EXPECT_EQ(old_handler, handler);
-
-    ASSERT_NE(reinterpret_cast<net::HttpAuthHandler *>(NULL), handler.get());
-
-    EXPECT_STREQ(tests[i].challenge_realm, handler->realm().c_str());
-  }
-}
-
 TEST(HttpAuthTest, ChallengeTokenizer) {
   std::string challenge_str = "Basic realm=\"foobar\"";
   HttpAuth::ChallengeTokenizer challenge(challenge_str.begin(),