net/http/url_security_manager.h


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87

// Copyright (c) 2011 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef NET_HTTP_URL_SECURITY_MANAGER_H_
#define NET_HTTP_URL_SECURITY_MANAGER_H_

#include "base/macros.h"
#include "base/memory/scoped_ptr.h"
#include "net/base/net_export.h"

class GURL;

namespace net {

class HttpAuthFilter;

// The URL security manager controls the policies (allow, deny, prompt user)
// regarding URL actions (e.g., sending the default credentials to a server).
class NET_EXPORT_PRIVATE URLSecurityManager {
 public:
  URLSecurityManager() {}
  virtual ~URLSecurityManager() {}

  // Creates a platform-dependent instance of URLSecurityManager.
  //
  // A security manager has two whitelists, a "default whitelist" that is a
  // whitelist of servers with which default credentials can be used, and a
  // "delegate whitelist" that is the whitelist of servers that are allowed to
  // have delegated Kerberos tickets.
  //
  // On creation both whitelists are NULL.
  //
  // If the default whitelist is NULL and the platform is Windows, it indicates
  // that security zone mapping should be used to determine whether default
  // credentials should be used. If the default whitelist is NULL and the
  // platform is non-Windows, it indicates that no servers should be
  // whitelisted.
  //
  // If the delegate whitelist is NULL no servers can have delegated Kerberos
  // tickets.
  //
  static URLSecurityManager* Create();

  // Returns true if we can send the default credentials to the server at
  // |auth_origin| for HTTP NTLM or Negotiate authentication.
  virtual bool CanUseDefaultCredentials(const GURL& auth_origin) const = 0;

  // Returns true if Kerberos delegation is allowed for the server at
  // |auth_origin| for HTTP Negotiate authentication.
  virtual bool CanDelegate(const GURL& auth_origin) const = 0;

  virtual void SetDefaultWhitelist(
      scoped_ptr<HttpAuthFilter> whitelist_default) = 0;
  virtual void SetDelegateWhitelist(
      scoped_ptr<HttpAuthFilter> whitelist_delegate) = 0;

 private:
  DISALLOW_COPY_AND_ASSIGN(URLSecurityManager);
};

class URLSecurityManagerWhitelist : public URLSecurityManager {
 public:
  URLSecurityManagerWhitelist();
  ~URLSecurityManagerWhitelist() override;

  // URLSecurityManager methods.
  bool CanUseDefaultCredentials(const GURL& auth_origin) const override;
  bool CanDelegate(const GURL& auth_origin) const override;
  void SetDefaultWhitelist(
      scoped_ptr<HttpAuthFilter> whitelist_default) override;
  void SetDelegateWhitelist(
      scoped_ptr<HttpAuthFilter> whitelist_delegate) override;

 protected:
  bool HasDefaultWhitelist() const;

 private:
  scoped_ptr<const HttpAuthFilter> whitelist_default_;
  scoped_ptr<const HttpAuthFilter> whitelist_delegate_;

  DISALLOW_COPY_AND_ASSIGN(URLSecurityManagerWhitelist);
};

}  // namespace net

#endif  // NET_HTTP_URL_SECURITY_MANAGER_H_