// Copyright (c) 2011 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #ifndef NET_HTTP_HTTP_AUTH_CACHE_H_ #define NET_HTTP_HTTP_AUTH_CACHE_H_ #pragma once #include <list> #include <string> #include "base/gtest_prod_util.h" #include "base/memory/ref_counted.h" #include "base/string16.h" #include "googleurl/src/gurl.h" #include "net/http/http_auth.h" namespace net { // HttpAuthCache stores HTTP authentication identities and challenge info. // For each (origin, realm, scheme) triple the cache stores a // HttpAuthCache::Entry, which holds: // - the origin server {protocol scheme, host, port} // - the last identity used (username/password) // - the last auth handler used (contains realm and authentication scheme) // - the list of paths which used this realm // Entries can be looked up by either (origin, realm, scheme) or (origin, path). class HttpAuthCache { public: class Entry; // Prevent unbounded memory growth. These are safeguards for abuse; it is // not expected that the limits will be reached in ordinary usage. // This also defines the worst-case lookup times (which grow linearly // with number of elements in the cache). enum { kMaxNumPathsPerRealmEntry = 10 }; enum { kMaxNumRealmEntries = 10 }; HttpAuthCache(); ~HttpAuthCache(); // Find the realm entry on server |origin| for realm |realm| and // scheme |scheme|. // |origin| - the {scheme, host, port} of the server. // |realm| - case sensitive realm string. // |scheme| - the authentication scheme (i.e. basic, negotiate). // returns - the matched entry or NULL. Entry* Lookup(const GURL& origin, const std::string& realm, HttpAuth::Scheme scheme); // Find the entry on server |origin| whose protection space includes // |path|. This uses the assumption in RFC 2617 section 2 that deeper // paths lie in the same protection space. // |origin| - the {scheme, host, port} of the server. // |path| - absolute path of the resource, or empty string in case of // proxy auth (which does not use the concept of paths). // returns - the matched entry or NULL. Entry* LookupByPath(const GURL& origin, const std::string& path); // Add an entry on server |origin| for realm |handler->realm()| and // scheme |handler->scheme()|. If an entry for this (realm,scheme) // already exists, update it rather than replace it -- this preserves the // paths list. // |origin| - the {scheme, host, port} of the server. // |realm| - the auth realm for the challenge. // |scheme| - the authentication scheme (i.e. basic, negotiate). // |username| - login information for the realm. // |password| - login information for the realm. // |path| - absolute path for a resource contained in the protection // space; this will be added to the list of known paths. // returns - the entry that was just added/updated. Entry* Add(const GURL& origin, const std::string& realm, HttpAuth::Scheme scheme, const std::string& auth_challenge, const string16& username, const string16& password, const std::string& path); // Remove entry on server |origin| for realm |realm| and scheme |scheme| // if one exists AND if the cached identity matches (|username|, |password|). // |origin| - the {scheme, host, port} of the server. // |realm| - case sensitive realm string. // |scheme| - the authentication scheme (i.e. basic, negotiate). // |username| - condition to match. // |password| - condition to match. // returns - true if an entry was removed. bool Remove(const GURL& origin, const std::string& realm, HttpAuth::Scheme scheme, const string16& username, const string16& password); // Updates a stale digest entry on server |origin| for realm |realm| and // scheme |scheme|. The cached auth challenge is replaced with // |auth_challenge| and the nonce count is reset. // |UpdateStaleChallenge()| returns true if a matching entry exists in the // cache, false otherwise. bool UpdateStaleChallenge(const GURL& origin, const std::string& realm, HttpAuth::Scheme scheme, const std::string& auth_challenge); private: typedef std::list<Entry> EntryList; EntryList entries_; }; // An authentication realm entry. class HttpAuthCache::Entry { public: ~Entry(); const GURL& origin() const { return origin_; } // The case-sensitive realm string of the challenge. const std::string realm() const { return realm_; } // The authentication scheme of the challenge. HttpAuth::Scheme scheme() const { return scheme_; } // The authentication challenge. const std::string auth_challenge() const { return auth_challenge_; } // The login username. const string16 username() const { return username_; } // The login password. const string16 password() const { return password_; } int IncrementNonceCount() { return ++nonce_count_; } void UpdateStaleChallenge(const std::string& auth_challenge); private: friend class HttpAuthCache; FRIEND_TEST_ALL_PREFIXES(HttpAuthCacheTest, AddPath); FRIEND_TEST_ALL_PREFIXES(HttpAuthCacheTest, AddToExistingEntry); typedef std::list<std::string> PathList; Entry(); // Adds a path defining the realm's protection space. If the path is // already contained in the protection space, is a no-op. void AddPath(const std::string& path); // Returns true if |dir| is contained within the realm's protection // space. |*path_len| is set to the length of the enclosing path if // such a path exists and |path_len| is non-NULL. If no enclosing // path is found, |*path_len| is left unmodified. // // Note that proxy auth cache entries are associated with empty // paths. Therefore it is possible for HasEnclosingPath() to return // true and set |*path_len| to 0. bool HasEnclosingPath(const std::string& dir, size_t* path_len); // |origin_| contains the {protocol, host, port} of the server. GURL origin_; std::string realm_; HttpAuth::Scheme scheme_; // Identity. std::string auth_challenge_; string16 username_; string16 password_; int nonce_count_; // List of paths that define the realm's protection space. PathList paths_; }; } // namespace net #endif // NET_HTTP_HTTP_AUTH_CACHE_H_