1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
|
// Copyright (c) 2011 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef NET_HTTP_HTTP_AUTH_HANDLER_DIGEST_H_
#define NET_HTTP_HTTP_AUTH_HANDLER_DIGEST_H_
#include <string>
#include "base/gtest_prod_util.h"
#include "base/macros.h"
#include "base/memory/scoped_ptr.h"
#include "net/base/net_export.h"
#include "net/http/http_auth_handler.h"
#include "net/http/http_auth_handler_factory.h"
namespace net {
// Code for handling http digest authentication.
class NET_EXPORT_PRIVATE HttpAuthHandlerDigest : public HttpAuthHandler {
public:
// A NonceGenerator is a simple interface for generating client nonces.
// Unit tests can override the default client nonce behavior with fixed
// nonce generation to get reproducible results.
class NET_EXPORT_PRIVATE NonceGenerator {
public:
NonceGenerator();
virtual ~NonceGenerator();
// Generates a client nonce.
virtual std::string GenerateNonce() const = 0;
private:
DISALLOW_COPY_AND_ASSIGN(NonceGenerator);
};
// DynamicNonceGenerator does a random shuffle of 16
// characters to generate a client nonce.
class DynamicNonceGenerator : public NonceGenerator {
public:
DynamicNonceGenerator();
std::string GenerateNonce() const override;
private:
DISALLOW_COPY_AND_ASSIGN(DynamicNonceGenerator);
};
// FixedNonceGenerator always uses the same string specified at
// construction time as the client nonce.
class NET_EXPORT_PRIVATE FixedNonceGenerator : public NonceGenerator {
public:
explicit FixedNonceGenerator(const std::string& nonce);
std::string GenerateNonce() const override;
private:
const std::string nonce_;
DISALLOW_COPY_AND_ASSIGN(FixedNonceGenerator);
};
class NET_EXPORT_PRIVATE Factory : public HttpAuthHandlerFactory {
public:
Factory();
~Factory() override;
// This factory owns the passed in |nonce_generator|.
void set_nonce_generator(const NonceGenerator* nonce_generator);
int CreateAuthHandler(HttpAuthChallengeTokenizer* challenge,
HttpAuth::Target target,
const SSLInfo& ssl_info,
const GURL& origin,
CreateReason reason,
int digest_nonce_count,
const BoundNetLog& net_log,
scoped_ptr<HttpAuthHandler>* handler) override;
private:
scoped_ptr<const NonceGenerator> nonce_generator_;
};
HttpAuth::AuthorizationResult HandleAnotherChallenge(
HttpAuthChallengeTokenizer* challenge) override;
protected:
bool Init(HttpAuthChallengeTokenizer* challenge,
const SSLInfo& ssl_info) override;
int GenerateAuthTokenImpl(const AuthCredentials* credentials,
const HttpRequestInfo* request,
const CompletionCallback& callback,
std::string* auth_token) override;
private:
FRIEND_TEST_ALL_PREFIXES(HttpAuthHandlerDigestTest, ParseChallenge);
FRIEND_TEST_ALL_PREFIXES(HttpAuthHandlerDigestTest, AssembleCredentials);
FRIEND_TEST_ALL_PREFIXES(HttpNetworkTransactionTest, DigestPreAuthNonceCount);
// Possible values for the "algorithm" property.
enum DigestAlgorithm {
// No algorithm was specified. According to RFC 2617 this means
// we should default to ALGORITHM_MD5.
ALGORITHM_UNSPECIFIED,
// Hashes are run for every request.
ALGORITHM_MD5,
// Hash is run only once during the first WWW-Authenticate handshake.
// (SESS means session).
ALGORITHM_MD5_SESS,
};
// Possible values for QualityOfProtection.
// auth-int is not supported, see http://crbug.com/62890 for justification.
enum QualityOfProtection {
QOP_UNSPECIFIED,
QOP_AUTH,
};
// |nonce_count| indicates how many times the server-specified nonce has
// been used so far.
// |nonce_generator| is used to create a client nonce, and is not owned by
// the handler. The lifetime of the |nonce_generator| must exceed that of this
// handler.
HttpAuthHandlerDigest(int nonce_count, const NonceGenerator* nonce_generator);
~HttpAuthHandlerDigest() override;
// Parse the challenge, saving the results into this instance.
// Returns true on success.
bool ParseChallenge(HttpAuthChallengeTokenizer* challenge);
// Parse an individual property. Returns true on success.
bool ParseChallengeProperty(const std::string& name,
const std::string& value);
// Generates a random string, to be used for client-nonce.
static std::string GenerateNonce();
// Convert enum value back to string.
static std::string QopToString(QualityOfProtection qop);
static std::string AlgorithmToString(DigestAlgorithm algorithm);
// Extract the method and path of the request, as needed by
// the 'A2' production. (path may be a hostname for proxy).
void GetRequestMethodAndPath(const HttpRequestInfo* request,
std::string* method,
std::string* path) const;
// Build up the 'response' production.
std::string AssembleResponseDigest(const std::string& method,
const std::string& path,
const AuthCredentials& credentials,
const std::string& cnonce,
const std::string& nc) const;
// Build up the value for (Authorization/Proxy-Authorization).
std::string AssembleCredentials(const std::string& method,
const std::string& path,
const AuthCredentials& credentials,
const std::string& cnonce,
int nonce_count) const;
// Information parsed from the challenge.
std::string nonce_;
std::string domain_;
std::string opaque_;
bool stale_;
DigestAlgorithm algorithm_;
QualityOfProtection qop_;
// The realm as initially encoded over-the-wire. This is used in the
// challenge text, rather than |realm_| which has been converted to
// UTF-8.
std::string original_realm_;
int nonce_count_;
const NonceGenerator* nonce_generator_;
};
} // namespace net
#endif // NET_HTTP_HTTP_AUTH_HANDLER_DIGEST_H_
|
