diff options
| author | abarth@chromium.org <abarth@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-05-13 20:06:48 +0000 |
|---|---|---|
| committer | abarth@chromium.org <abarth@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-05-13 20:06:48 +0000 |
| commit | 87c99b6ad49f48645399cbb2a85bb281859c6795 (patch) | |
| tree | cf7b4e06b4ca3be1c837aeb2ded63640e38541ef /net | |
| parent | bbbe5d7dd70dabe0d728e789326879e02f63d040 (diff) | |
| download | chromium_src-87c99b6ad49f48645399cbb2a85bb281859c6795.zip chromium_src-87c99b6ad49f48645399cbb2a85bb281859c6795.tar.gz chromium_src-87c99b6ad49f48645399cbb2a85bb281859c6795.tar.bz2 | |
MAC Cookies (patch 4 of N)
Wire up the pieces of MAC cookies (behind the --enable-mac-cookies flag).
Also, update the syntax of the header now that issuer has been removed and the
timestamp and nonce are combined into one field.
Review URL: http://codereview.chromium.org/6969050
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@85309 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net')
| -rw-r--r-- | net/http/http_auth.cc | 7 | ||||
| -rw-r--r-- | net/http/http_mac_signature.cc | 18 | ||||
| -rw-r--r-- | net/http/http_mac_signature.h | 4 | ||||
| -rw-r--r-- | net/http/http_mac_signature_unittest.cc | 40 | ||||
| -rw-r--r-- | net/http/http_request_headers.cc | 4 | ||||
| -rw-r--r-- | net/http/http_request_headers.h | 4 | ||||
| -rw-r--r-- | net/url_request/url_request_http_job.cc | 38 |
7 files changed, 63 insertions, 52 deletions
diff --git a/net/http/http_auth.cc b/net/http/http_auth.cc index d5d6e0c..23e2663 100644 --- a/net/http/http_auth.cc +++ b/net/http/http_auth.cc @@ -1,4 +1,4 @@ -// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Copyright (c) 2011 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -13,6 +13,7 @@ #include "net/http/http_auth_handler_digest.h" #include "net/http/http_auth_handler_negotiate.h" #include "net/http/http_auth_handler_ntlm.h" +#include "net/http/http_request_headers.h" #include "net/http/http_response_headers.h" #include "net/http/http_util.h" @@ -142,9 +143,9 @@ std::string HttpAuth::GetChallengeHeaderName(Target target) { std::string HttpAuth::GetAuthorizationHeaderName(Target target) { switch (target) { case AUTH_PROXY: - return "Proxy-Authorization"; + return HttpRequestHeaders::kProxyAuthorization; case AUTH_SERVER: - return "Authorization"; + return HttpRequestHeaders::kAuthorization; default: NOTREACHED(); return ""; diff --git a/net/http/http_mac_signature.cc b/net/http/http_mac_signature.cc index 3632f06..a8177f75 100644 --- a/net/http/http_mac_signature.cc +++ b/net/http/http_mac_signature.cc @@ -52,14 +52,12 @@ HttpMacSignature::~HttpMacSignature() { bool HttpMacSignature::AddStateInfo(const std::string& id, const std::string& mac_key, - const std::string& mac_algorithm, - const std::string& issuer) { + const std::string& mac_algorithm) { DCHECK(id_.empty()); if (!IsPlainString(id) || id.empty() || mac_key.empty() || - mac_algorithm.empty() || - !IsPlainString(issuer) || issuer.empty()) { + mac_algorithm.empty()) { return false; } @@ -72,7 +70,6 @@ bool HttpMacSignature::AddStateInfo(const std::string& id, id_ = id; mac_key_ = mac_key; - issuer_ = issuer; return true; } @@ -117,9 +114,7 @@ std::string HttpMacSignature::GenerateHeaderString( DCHECK(IsPlainString(mac)); return "MAC id=\"" + id_ + - "\", issuer=\"" + issuer_ + - "\", timestamp=\"" + timestamp + - "\", nonce=\"" + nonce + + "\", nonce=\"" + timestamp + ":" + nonce + "\", mac=\"" + mac + "\""; } @@ -128,14 +123,13 @@ std::string HttpMacSignature::GenerateNormalizedRequest( const std::string& nonce) { static const std::string kNewLine = "\n"; - std::string normalized_request = id_ + kNewLine; - normalized_request += issuer_ + kNewLine; - normalized_request += timestamp + kNewLine; - normalized_request += nonce + kNewLine; + std::string normalized_request = timestamp + ":" + nonce + kNewLine; normalized_request += method_ + kNewLine; normalized_request += request_uri_ + kNewLine; normalized_request += host_ + kNewLine; normalized_request += port_ + kNewLine; + normalized_request += kNewLine; + normalized_request += kNewLine; return normalized_request; } diff --git a/net/http/http_mac_signature.h b/net/http/http_mac_signature.h index 543b954..d96d1c4 100644 --- a/net/http/http_mac_signature.h +++ b/net/http/http_mac_signature.h @@ -28,8 +28,7 @@ class HttpMacSignature { // Returns whether this information is valid. bool AddStateInfo(const std::string& id, const std::string& mac_key, - const std::string& mac_algorithm, - const std::string& issuer); + const std::string& mac_algorithm); // Returns whether this information is valid. bool AddHttpInfo(const std::string& method, @@ -55,7 +54,6 @@ class HttpMacSignature { std::string id_; std::string mac_key_; crypto::HMAC::HashAlgorithm mac_algorithm_; - std::string issuer_; std::string method_; std::string request_uri_; diff --git a/net/http/http_mac_signature_unittest.cc b/net/http/http_mac_signature_unittest.cc index 5019e4b9..c7e577d 100644 --- a/net/http/http_mac_signature_unittest.cc +++ b/net/http/http_mac_signature_unittest.cc @@ -11,23 +11,15 @@ TEST(HttpMacSignatureTest, BogusAddStateInfo) { HttpMacSignature signature; EXPECT_FALSE(signature.AddStateInfo("exciting-id", "the-mac-key", - "bogus-hmac-algorithm", - "the-issuer")); + "bogus-hmac-algorithm")); EXPECT_FALSE(signature.AddStateInfo("", "the-mac-key", - "hmac-sha-1", - "the-issuer")); + "hmac-sha-1")); EXPECT_FALSE(signature.AddStateInfo("exciting-id", "", - "hmac-sha-1", - "the-issuer")); + "hmac-sha-1")); EXPECT_FALSE(signature.AddStateInfo("exciting-id", "the-mac-key", - "", - "the-issuer")); - EXPECT_FALSE(signature.AddStateInfo("exciting-id", - "the-mac-key", - "hmac-sha-1", "")); } @@ -45,8 +37,7 @@ TEST(HttpMacSignatureTest, GenerateHeaderString) { HttpMacSignature signature; EXPECT_TRUE(signature.AddStateInfo("dfoi30j0qnf", "adiMf03j0f3nOenc003r", - "hmac-sha-1", - "login.eXampLe.com:443")); + "hmac-sha-1")); EXPECT_TRUE(signature.AddHttpInfo("GeT", "/pAth?to=%22enlightenment%22&dest=magic", "eXaMple.com", @@ -56,10 +47,8 @@ TEST(HttpMacSignatureTest, GenerateHeaderString) { std::string nonce = "mn4302j0n+32r2/f3r="; EXPECT_EQ("MAC id=\"dfoi30j0qnf\", " - "issuer=\"login.eXampLe.com:443\", " - "timestamp=\"239034\", " - "nonce=\"mn4302j0n+32r2/f3r=\", " - "mac=\"zQWLNI5eHOfY5/wCJ6yzZ8bXDw==\"", + "nonce=\"239034:mn4302j0n+32r2/f3r=\", " + "mac=\"GrkHtPKzB1m1dCHfa7OCWOw6EQ==\"", signature.GenerateHeaderString(timestamp, nonce)); } @@ -68,8 +57,7 @@ TEST(HttpMacSignatureTest, GenerateNormalizedRequest) { HttpMacSignature signature; EXPECT_TRUE(signature.AddStateInfo("dfoi30j0qnf", "adiMf03j0f3nOenc003r", - "hmac-sha-1", - "login.eXampLe.com:443")); + "hmac-sha-1")); EXPECT_TRUE(signature.AddHttpInfo("GeT", "/pAth?to=%22enlightenment%22&dest=magic", "eXaMple.com", @@ -78,14 +66,13 @@ TEST(HttpMacSignatureTest, GenerateNormalizedRequest) { std::string timestamp = "239034"; std::string nonce = "mn4302j0n+32r2/f3r="; - EXPECT_EQ("dfoi30j0qnf\n" - "login.eXampLe.com:443\n" - "239034\n" - "mn4302j0n+32r2/f3r=\n" + EXPECT_EQ("239034:mn4302j0n+32r2/f3r=\n" "GET\n" "/pAth?to=%22enlightenment%22&dest=magic\n" "example.com\n" - "80\n", + "80\n" + "\n" + "\n", signature.GenerateNormalizedRequest(timestamp, nonce)); } @@ -93,8 +80,7 @@ TEST(HttpMacSignatureTest, GenerateMAC) { HttpMacSignature signature; EXPECT_TRUE(signature.AddStateInfo("dfoi30j0qnf", "adiMf03j0f3nOenc003r", - "hmac-sha-1", - "login.eXampLe.com:443")); + "hmac-sha-1")); EXPECT_TRUE(signature.AddHttpInfo("GeT", "/pAth?to=%22enlightenment%22&dest=magic", "eXaMple.com", @@ -103,7 +89,7 @@ TEST(HttpMacSignatureTest, GenerateMAC) { std::string timestamp = "239034"; std::string nonce = "mn4302j0n+32r2/f3r="; - EXPECT_EQ("zQWLNI5eHOfY5/wCJ6yzZ8bXDw==", + EXPECT_EQ("GrkHtPKzB1m1dCHfa7OCWOw6EQ==", signature.GenerateMAC(timestamp, nonce)); } } diff --git a/net/http/http_request_headers.cc b/net/http/http_request_headers.cc index 9cd2f9f..fcd2dce 100644 --- a/net/http/http_request_headers.cc +++ b/net/http/http_request_headers.cc @@ -1,4 +1,4 @@ -// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Copyright (c) 2011 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -16,6 +16,7 @@ const char HttpRequestHeaders::kGetMethod[] = "GET"; const char HttpRequestHeaders::kAcceptCharset[] = "Accept-Charset"; const char HttpRequestHeaders::kAcceptEncoding[] = "Accept-Encoding"; const char HttpRequestHeaders::kAcceptLanguage[] = "Accept-Language"; +const char HttpRequestHeaders::kAuthorization[] = "Authorization"; const char HttpRequestHeaders::kCacheControl[] = "Cache-Control"; const char HttpRequestHeaders::kConnection[] = "Connection"; const char HttpRequestHeaders::kContentLength[] = "Content-Length"; @@ -27,6 +28,7 @@ const char HttpRequestHeaders::kIfNoneMatch[] = "If-None-Match"; const char HttpRequestHeaders::kIfRange[] = "If-Range"; const char HttpRequestHeaders::kOrigin[] = "Origin"; const char HttpRequestHeaders::kPragma[] = "Pragma"; +const char HttpRequestHeaders::kProxyAuthorization[] = "Proxy-Authorization"; const char HttpRequestHeaders::kProxyConnection[] = "Proxy-Connection"; const char HttpRequestHeaders::kRange[] = "Range"; const char HttpRequestHeaders::kReferer[] = "Referer"; diff --git a/net/http/http_request_headers.h b/net/http/http_request_headers.h index ae9b118..4b05dfe 100644 --- a/net/http/http_request_headers.h +++ b/net/http/http_request_headers.h @@ -1,4 +1,4 @@ -// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Copyright (c) 2011 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. // @@ -58,6 +58,7 @@ class HttpRequestHeaders { static const char kAcceptCharset[]; static const char kAcceptEncoding[]; static const char kAcceptLanguage[]; + static const char kAuthorization[]; static const char kCacheControl[]; static const char kConnection[]; static const char kContentType[]; @@ -69,6 +70,7 @@ class HttpRequestHeaders { static const char kIfRange[]; static const char kOrigin[]; static const char kPragma[]; + static const char kProxyAuthorization[]; static const char kProxyConnection[]; static const char kRange[]; static const char kReferer[]; diff --git a/net/url_request/url_request_http_job.cc b/net/url_request/url_request_http_job.cc index 55f6028..510a68d 100644 --- a/net/url_request/url_request_http_job.cc +++ b/net/url_request/url_request_http_job.cc @@ -27,6 +27,7 @@ #include "net/base/ssl_cert_request_info.h" #include "net/base/ssl_config_service.h" #include "net/base/transport_security_state.h" +#include "net/http/http_mac_signature.h" #include "net/http/http_request_headers.h" #include "net/http/http_response_headers.h" #include "net/http/http_response_info.h" @@ -54,6 +55,30 @@ namespace net { namespace { +void AddAuthorizationHeader( + const std::vector<CookieStore::CookieInfo>& cookie_infos, + HttpRequestInfo* request_info) { + const GURL& url = request_info->url; + const std::string& method = request_info->method; + std::string request_uri = HttpUtil::PathForRequest(url); + const std::string& host = url.host(); + int port = url.EffectiveIntPort(); + for (size_t i = 0; i < cookie_infos.size(); ++i) { + HttpMacSignature signature; + if (!signature.AddStateInfo(cookie_infos[i].name, + cookie_infos[i].mac_key, + cookie_infos[i].mac_algorithm)) { + continue; + } + if (!signature.AddHttpInfo(method, request_uri, host, port)) + continue; + request_info->extra_headers.SetHeader( + HttpRequestHeaders::kAuthorization, + signature.GenerateAuthorizationHeader()); + return; // Only add the first valid header. + } +} + class HTTPSProberDelegateImpl : public HTTPSProberDelegate { public: HTTPSProberDelegateImpl(const std::string& host, int max_age, @@ -440,13 +465,16 @@ void URLRequestHttpJob::AddCookieHeaderAndStart() { if (request_->context()->cookie_store() && allow) { CookieOptions options; options.set_include_httponly(); - std::string cookies = - request_->context()->cookie_store()->GetCookiesWithOptions( - request_->url(), options); - if (!cookies.empty()) { + std::string cookie_line; + std::vector<CookieStore::CookieInfo> cookie_infos; + request_->context()->cookie_store()->GetCookiesWithInfo( + request_->url(), options, &cookie_line, &cookie_infos); + if (!cookie_line.empty()) { request_info_.extra_headers.SetHeader( - HttpRequestHeaders::kCookie, cookies); + HttpRequestHeaders::kCookie, cookie_line); } + if (URLRequest::AreMacCookiesEnabled()) + AddAuthorizationHeader(cookie_infos, &request_info_); } // We may have been canceled within CanGetCookies. if (GetStatus().is_success()) { |