Create HttpAuthController. (again)

This packages up the auth state into a single class to enable a HttpProxyClientSocket class (which is needed for SSLClientSocketPool).
Fix memory leak.

BUG=30357
TEST=existing unit tests

Review URL: http://codereview.chromium.org/2808020

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@50696 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 134 insertions, 0 deletions

diff --git a/net/http/http_auth_controller.h b/net/http/http_auth_controller.h
new file mode 100644
index 0000000..bc1395f
--- /dev/null
+++ b/net/http/http_auth_controller.h
@@ -0,0 +1,134 @@
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef NET_HTTP_HTTP_AUTH_CONTROLLER_H_
+#define NET_HTTP_HTTP_AUTH_CONTROLLER_H_
+
+#include <string>
+
+#include "base/basictypes.h"
+#include "base/ref_counted.h"
+#include "base/scoped_ptr.h"
+#include "googleurl/src/gurl.h"
+#include "net/base/completion_callback.h"
+#include "net/base/net_log.h"
+#include "net/http/http_auth.h"
+
+namespace net {
+
+class AuthChallengeInfo;
+class HostResolver;
+class HttpNetworkSession;
+class HttpRequestHeaders;
+struct HttpRequestInfo;
+
+class HttpAuthController {
+ public:
+  // The arguments are self explanatory except possibly for |auth_url|, which
+  // should be both the auth target and auth path in a single url argument.
+  HttpAuthController(HttpAuth::Target target, const GURL& auth_url,
+                     scoped_refptr<HttpNetworkSession> session,
+                     const BoundNetLog& net_log);
+
+  // Generate an authentication token for |target| if necessary. The return
+  // value is a net error code. |OK| will be returned both in the case that
+  // a token is correctly generated synchronously, as well as when no tokens
+  // were necessary.
+  int MaybeGenerateAuthToken(const HttpRequestInfo* request,
+                             CompletionCallback* callback);
+
+  // Adds either the proxy auth header, or the origin server auth header,
+  // as specified by |target_|.
+  void AddAuthorizationHeader(HttpRequestHeaders* authorization_headers);
+
+  // Checks for and handles HTTP status code 401 or 407.
+  // |HandleAuthChallenge()| returns OK on success,
+  // ERR_AUTH_NEEDS_CANONICAL_NAME if the handler needs the canonical name
+  // resolved, or a network error code. It may also populate |auth_info_|.
+  int HandleAuthChallenge(scoped_refptr<HttpResponseHeaders> headers,
+                          int load_flags, bool establishing_tunnel);
+
+  int ResolveCanonicalName(CompletionCallback* callback);
+
+  // Store the supplied credentials and prepare to restart the auth.
+  void ResetAuth(const std::wstring& username, const std::wstring& password);
+
+  bool HaveAuthHandler() const {
+    return handler_.get() != NULL;
+  }
+
+  bool HaveAuth() const {
+    return handler_.get() && !identity_.invalid;
+  }
+
+  scoped_refptr<AuthChallengeInfo> auth_info() {
+    return auth_info_;
+  }
+
+ private:
+  // Searches the auth cache for an entry that encompasses the request's path.
+  // If such an entry is found, updates |identity_| and |handler_| with the
+  // cache entry's data and returns true.
+  bool SelectPreemptiveAuth();
+
+  // Invalidates any auth cache entries after authentication has failed.
+  // The identity that was rejected is |identity_|.
+  void InvalidateRejectedAuthFromCache();
+
+  // Sets |identity_| to the next identity that the transaction should try. It
+  // chooses candidates by searching the auth cache and the URL for a
+  // username:password. Returns true if an identity was found.
+  bool SelectNextAuthIdentityToTry();
+
+  // Populates auth_info_ with the challenge information, so that
+  // URLRequestHttpJob can prompt for a username/password.
+  void PopulateAuthChallenge();
+
+  // Indicates if this handler is for Proxy auth or Server auth.
+  HttpAuth::Target target_;
+
+  // Holds the {scheme, host, path, port} for the authentication target.
+  const GURL auth_url_;
+
+  // Holds the {scheme, host, port} for the authentication target.
+  const GURL auth_origin_;
+
+  // The absolute path of the resource needing authentication.
+  // For proxy authentication the path is empty.
+  const std::string auth_path_;
+
+  // |handler_| encapsulates the logic for the particular auth-scheme.
+  // This includes the challenge's parameters. If NULL, then there is no
+  // associated auth handler.
+  scoped_ptr<HttpAuthHandler> handler_;
+
+  // |identity_| holds the (username/password) that should be used by
+  // the handler_ to generate credentials. This identity can come from
+  // a number of places (url, cache, prompt).
+  HttpAuth::Identity identity_;
+
+  // |auth_token_| contains the opaque string to pass to the proxy or
+  // server to authenticate the client.
+  std::string auth_token_;
+
+  // Contains information about the auth challenge.
+  scoped_refptr<AuthChallengeInfo> auth_info_;
+
+  // True if we've used the username/password embedded in the URL.  This
+  // makes sure we use the embedded identity only once for the transaction,
+  // preventing an infinite auth restart loop.
+  bool embedded_identity_used_;
+
+  // True if default credentials have already been tried for this transaction
+  // in response to an HTTP authentication challenge.
+  bool default_credentials_used_;
+
+  scoped_refptr<HttpNetworkSession> session_;
+
+  BoundNetLog net_log_;
+};
+
+}  // namespace net
+
+#endif  // NET_HTTP_HTTP_AUTH_CONTROLLER_H_