diff options
| author | cbentzel@chromium.org <cbentzel@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-08-02 11:27:02 +0000 |
|---|---|---|
| committer | cbentzel@chromium.org <cbentzel@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-08-02 11:27:02 +0000 |
| commit | 6cc4218f3320d1ed11553c4a89a360a8db143ca7 (patch) | |
| tree | 49bd71667097cbfae482321451df754afd643a18 /net/http/http_auth_handler_mock.cc | |
| parent | b05938fdfa5c1d830be859d4339d3992c6d12410 (diff) | |
| download | chromium_src-6cc4218f3320d1ed11553c4a89a360a8db143ca7.zip chromium_src-6cc4218f3320d1ed11553c4a89a360a8db143ca7.tar.gz chromium_src-6cc4218f3320d1ed11553c4a89a360a8db143ca7.tar.bz2 | |
Digest authentication uses a uri field to prevent replay attacks.
When authenticating to an HTTP proxy to establish a secure tunnel (via CONNECT), the uri should be the hostname of the server and the destination port, such as "www.example.com:443". When authenticating to an HTTP proxy for a non-secure content, the uri should be the path at the server, i.e. "/index.html".
If the site we are trying to connect to previously advertised "Alternate-Protocol: 443:spdy-npn/1" a request to "http://www.example.com" will be attempted on a secure port.
However, the URL passed into the digest authenticator was an unsecure one, and it decided to have a uri in the form "/index.html" rather than the correct "www.example.com:443". This causes persistent failure with the password and many password prompts.
BUG=49865
TEST=Run with --use-spdy=npn, force connection through a digest authenticating proxy, and browse a site which advertises Alternate-Protocol through http URLs.
Review URL: http://codereview.chromium.org/3028021
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@54528 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/http/http_auth_handler_mock.cc')
| -rw-r--r-- | net/http/http_auth_handler_mock.cc | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/net/http/http_auth_handler_mock.cc b/net/http/http_auth_handler_mock.cc index 983105b..9f0011d 100644 --- a/net/http/http_auth_handler_mock.cc +++ b/net/http/http_auth_handler_mock.cc @@ -6,6 +6,7 @@ #include "base/message_loop.h" #include "net/base/net_errors.h" +#include "net/http/http_request_info.h" #include "testing/gtest/include/gtest/gtest.h" namespace net { @@ -82,6 +83,7 @@ int HttpAuthHandlerMock::GenerateAuthTokenImpl(const string16* username, CompletionCallback* callback, std::string* auth_token) { first_round_ = false; + request_url_ = request->url; if (generate_async_) { EXPECT_TRUE(user_callback_ == NULL); EXPECT_TRUE(auth_token_ == NULL); @@ -118,6 +120,14 @@ void HttpAuthHandlerMock::OnGenerateAuthToken() { callback->Run(generate_rv_); } +HttpAuthHandlerMock::Factory::Factory() + : do_init_from_challenge_(false) { + // TODO(cbentzel): Default do_init_from_challenge_ to true. +} + +HttpAuthHandlerMock::Factory::~Factory() { +} + void HttpAuthHandlerMock::Factory::set_mock_handler( HttpAuthHandler* handler, HttpAuth::Target target) { EXPECT_TRUE(handlers_[target].get() == NULL); @@ -134,7 +144,11 @@ int HttpAuthHandlerMock::Factory::CreateAuthHandler( scoped_ptr<HttpAuthHandler>* handler) { if (!handlers_[target].get()) return ERR_UNEXPECTED; - handler->swap(handlers_[target]); + scoped_ptr<HttpAuthHandler> tmp_handler(handlers_[target].release()); + if (do_init_from_challenge_ && + !tmp_handler->InitFromChallenge(challenge, target, origin, net_log)) + return ERR_INVALID_RESPONSE; + handler->swap(tmp_handler); return OK; } |