// Copyright (c) 2011 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #ifndef NET_HTTP_HTTP_AUTH_HANDLER_DIGEST_H_ #define NET_HTTP_HTTP_AUTH_HANDLER_DIGEST_H_ #include #include "base/basictypes.h" #include "base/gtest_prod_util.h" #include "base/memory/scoped_ptr.h" #include "net/base/net_export.h" #include "net/http/http_auth_handler.h" #include "net/http/http_auth_handler_factory.h" namespace net { // Code for handling http digest authentication. class NET_EXPORT_PRIVATE HttpAuthHandlerDigest : public HttpAuthHandler { public: // A NonceGenerator is a simple interface for generating client nonces. // Unit tests can override the default client nonce behavior with fixed // nonce generation to get reproducible results. class NET_EXPORT_PRIVATE NonceGenerator { public: NonceGenerator(); virtual ~NonceGenerator(); // Generates a client nonce. virtual std::string GenerateNonce() const = 0; private: DISALLOW_COPY_AND_ASSIGN(NonceGenerator); }; // DynamicNonceGenerator does a random shuffle of 16 // characters to generate a client nonce. class DynamicNonceGenerator : public NonceGenerator { public: DynamicNonceGenerator(); std::string GenerateNonce() const override; private: DISALLOW_COPY_AND_ASSIGN(DynamicNonceGenerator); }; // FixedNonceGenerator always uses the same string specified at // construction time as the client nonce. class NET_EXPORT_PRIVATE FixedNonceGenerator : public NonceGenerator { public: explicit FixedNonceGenerator(const std::string& nonce); std::string GenerateNonce() const override; private: const std::string nonce_; DISALLOW_COPY_AND_ASSIGN(FixedNonceGenerator); }; class NET_EXPORT_PRIVATE Factory : public HttpAuthHandlerFactory { public: Factory(); ~Factory() override; // This factory owns the passed in |nonce_generator|. void set_nonce_generator(const NonceGenerator* nonce_generator); int CreateAuthHandler(HttpAuthChallengeTokenizer* challenge, HttpAuth::Target target, const GURL& origin, CreateReason reason, int digest_nonce_count, const BoundNetLog& net_log, scoped_ptr* handler) override; private: scoped_ptr nonce_generator_; }; HttpAuth::AuthorizationResult HandleAnotherChallenge( HttpAuthChallengeTokenizer* challenge) override; protected: bool Init(HttpAuthChallengeTokenizer* challenge) override; int GenerateAuthTokenImpl(const AuthCredentials* credentials, const HttpRequestInfo* request, const CompletionCallback& callback, std::string* auth_token) override; private: FRIEND_TEST_ALL_PREFIXES(HttpAuthHandlerDigestTest, ParseChallenge); FRIEND_TEST_ALL_PREFIXES(HttpAuthHandlerDigestTest, AssembleCredentials); FRIEND_TEST_ALL_PREFIXES(HttpNetworkTransactionTest, DigestPreAuthNonceCount); // Possible values for the "algorithm" property. enum DigestAlgorithm { // No algorithm was specified. According to RFC 2617 this means // we should default to ALGORITHM_MD5. ALGORITHM_UNSPECIFIED, // Hashes are run for every request. ALGORITHM_MD5, // Hash is run only once during the first WWW-Authenticate handshake. // (SESS means session). ALGORITHM_MD5_SESS, }; // Possible values for QualityOfProtection. // auth-int is not supported, see http://crbug.com/62890 for justification. enum QualityOfProtection { QOP_UNSPECIFIED, QOP_AUTH, }; // |nonce_count| indicates how many times the server-specified nonce has // been used so far. // |nonce_generator| is used to create a client nonce, and is not owned by // the handler. The lifetime of the |nonce_generator| must exceed that of this // handler. HttpAuthHandlerDigest(int nonce_count, const NonceGenerator* nonce_generator); ~HttpAuthHandlerDigest() override; // Parse the challenge, saving the results into this instance. // Returns true on success. bool ParseChallenge(HttpAuthChallengeTokenizer* challenge); // Parse an individual property. Returns true on success. bool ParseChallengeProperty(const std::string& name, const std::string& value); // Generates a random string, to be used for client-nonce. static std::string GenerateNonce(); // Convert enum value back to string. static std::string QopToString(QualityOfProtection qop); static std::string AlgorithmToString(DigestAlgorithm algorithm); // Extract the method and path of the request, as needed by // the 'A2' production. (path may be a hostname for proxy). void GetRequestMethodAndPath(const HttpRequestInfo* request, std::string* method, std::string* path) const; // Build up the 'response' production. std::string AssembleResponseDigest(const std::string& method, const std::string& path, const AuthCredentials& credentials, const std::string& cnonce, const std::string& nc) const; // Build up the value for (Authorization/Proxy-Authorization). std::string AssembleCredentials(const std::string& method, const std::string& path, const AuthCredentials& credentials, const std::string& cnonce, int nonce_count) const; // Information parsed from the challenge. std::string nonce_; std::string domain_; std::string opaque_; bool stale_; DigestAlgorithm algorithm_; QualityOfProtection qop_; // The realm as initially encoded over-the-wire. This is used in the // challenge text, rather than |realm_| which has been converted to // UTF-8. std::string original_realm_; int nonce_count_; const NonceGenerator* nonce_generator_; }; } // namespace net #endif // NET_HTTP_HTTP_AUTH_HANDLER_DIGEST_H_