- Add preemptive authorization (new http stack only)

- Check for auth identity in URL (new http stack only)
- Move auth cache logic out of url request job, and hide it in the url request ftp job and http transaction classes.

Note: Somehow the original codereview thread got corrupted so it was recreated.
The real review comments should be under (http://codereview.chromium.org/6481)

Review URL: http://codereview.chromium.org/8231

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@5064 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 140 insertions, 0 deletions

diff --git a/net/http/http_auth_cache.h b/net/http/http_auth_cache.h
new file mode 100644
index 0000000..ab43f9b
--- /dev/null
+++ b/net/http/http_auth_cache.h
@@ -0,0 +1,140 @@
+// Copyright (c) 2008 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef NET_HTTP_HTTP_AUTH_CACHE_H_
+#define NET_HTTP_HTTP_AUTH_CACHE_H_
+
+#include <list>
+#include <string>
+
+#include "base/ref_counted.h"
+#include "googleurl/src/gurl.h"
+#include "net/http/http_auth_handler.h"
+// This is needed for the FRIEND_TEST() macro.
+#include "testing/gtest/include/gtest/gtest_prod.h"
+
+namespace net {
+
+// TODO(eroman): Can we change the key from (origin, realm) to
+// (origin, realm, auth_scheme)?
+
+// HttpAuthCache stores HTTP authentication identities and challenge info.
+// For each realm the cache stores a HttpAuthCache::Entry, which holds:
+//   - the realm name
+//   - the origin server {scheme, host, port}
+//   - the last identity used (username/password)
+//   - the last auth handler used
+//   - the list of paths which used this realm
+// Entries can be looked up by either (origin, realm) or (origin, path).
+class HttpAuthCache {
+ public:
+  class Entry;
+
+  // Find the realm entry on server |origin| for realm |realm|.
+  //   |origin| - the {scheme, host, port} of the server.
+  //   |realm|  - case sensitive realm string.
+  //   returns  - the matched entry or NULL.
+  Entry* LookupByRealm(const GURL& origin, const std::string& realm);
+
+  // Find the realm entry on server |origin| whose protection space includes
+  // |path|. This uses the assumption in RFC 2617 section 2 that deeper
+  // paths lie in the same protection space.
+  //   |origin| - the {scheme, host, port} of the server.
+  //   |path|   - absolute path of the resource, or empty string in case of
+  //              proxy auth (which does not use the concept of paths).
+  //   returns  - the matched entry or NULL.
+  Entry* LookupByPath(const GURL& origin, const std::string& path);
+
+  // Add a realm entry on server |origin| for realm |handler->realm()|, If an
+  // entry for this realm already exists, update it rather than replace it --
+  // this  preserves the realm's paths list.
+  //   |origin|   - the {scheme, host, port} of the server.
+  //   |handler|  - handler for the challenge.
+  //   |username| - login information for the realm.
+  //   |password| - login information for the realm.
+  //   |path|     - absolute path for a resource contained in the protection
+  //                space; this will be added to the list of known paths.
+  //   returns    - the entry that was just added/updated.
+  Entry* Add(const GURL& origin,
+             HttpAuthHandler* handler,
+             const std::wstring& username,
+             const std::wstring& password,
+             const std::string& path);
+
+  // Remove realm entry on server |origin| for realm |realm| if one exists
+  // AND if the cached identity matches (|username|, |password|).
+  //   |origin|   - the {scheme, host, port} of the server.
+  //   |realm|    - case sensitive realm string.
+  //   |username| - condition to match.
+  //   |password| - condition to match.
+  //   returns    - true if an entry was removed.
+  bool Remove(const GURL& origin,
+              const std::string& realm,
+              const std::wstring& username,
+              const std::wstring& password);
+
+ private:
+  typedef std::list<Entry> EntryList;
+  EntryList entries_;
+};
+
+// An authentication realm entry.
+class HttpAuthCache::Entry {
+ public:
+  const GURL& origin() const {
+    return origin_;
+  }
+
+  // The case-sensitive realm string of the challenge.
+  const std::string realm() const {
+    return handler_->realm();
+  }
+
+  // The handler for the challenge.
+  HttpAuthHandler* handler() const {
+    return handler_.get();
+  }
+
+  // The login username.
+  const std::wstring& username() const {
+    return username_;
+  }
+
+  // The login password.
+  const std::wstring& password() const {
+    return password_;
+  }
+
+ private:
+  friend class HttpAuthCache;
+  FRIEND_TEST(HttpAuthCacheTest, AddPath);
+  FRIEND_TEST(HttpAuthCacheTest, AddToExistingEntry);
+
+  Entry() {}
+
+  // Adds a path defining the realm's protection space. If the path is
+  // already contained in the protection space, is a no-op.
+  void AddPath(const std::string& path);
+
+  // Returns true if |dir| is contained within the realm's protection space.
+  bool HasEnclosingPath(const std::string& dir);
+
+  // |origin_| contains the {scheme, host, port} of the server.
+  GURL origin_;
+
+  // Identity.
+  std::wstring username_;
+  std::wstring password_;
+
+  // Auth handler for the challenge.
+  scoped_refptr<HttpAuthHandler> handler_;
+
+  // List of paths that define the realm's protection space.
+  typedef std::list<std::string> PathList;
+  PathList paths_;
+};
+
+} // namespace net
+
+#endif  // NET_HTTP_HTTP_AUTH_CACHE_H_