1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "net/http/http_auth.h"
9 #include "base/basictypes.h"
10 #include "base/strings/string_tokenizer.h"
11 #include "base/strings/string_util.h"
12 #include "net/base/net_errors.h"
13 #include "net/http/http_auth_handler.h"
14 #include "net/http/http_auth_handler_factory.h"
15 #include "net/http/http_request_headers.h"
16 #include "net/http/http_response_headers.h"
17 #include "net/http/http_util.h"
21 HttpAuth::Identity::Identity() : source(IDENT_SRC_NONE), invalid(true) {}
24 void HttpAuth::ChooseBestChallenge(
25 HttpAuthHandlerFactory* http_auth_handler_factory,
26 const HttpResponseHeaders* headers,
29 const std::set<Scheme>& disabled_schemes,
30 const BoundNetLog& net_log,
31 scoped_ptr<HttpAuthHandler>* handler) {
32 DCHECK(http_auth_handler_factory);
33 DCHECK(handler->get() == NULL);
35 // Choose the challenge whose authentication handler gives the maximum score.
36 scoped_ptr<HttpAuthHandler> best;
37 const std::string header_name = GetChallengeHeaderName(target);
38 std::string cur_challenge;
40 while (headers->EnumerateHeader(&iter, header_name, &cur_challenge)) {
41 scoped_ptr<HttpAuthHandler> cur;
42 int rv = http_auth_handler_factory->CreateAuthHandlerFromString(
43 cur_challenge, target, origin, net_log, &cur);
45 VLOG(1) << "Unable to create AuthHandler. Status: "
46 << ErrorToString(rv) << " Challenge: " << cur_challenge;
49 if (cur.get() && (!best.get() || best->score() < cur->score()) &&
50 (disabled_schemes.find(cur->auth_scheme()) == disabled_schemes.end()))
57 HttpAuth::AuthorizationResult HttpAuth::HandleChallengeResponse(
58 HttpAuthHandler* handler,
59 const HttpResponseHeaders* headers,
61 const std::set<Scheme>& disabled_schemes,
62 std::string* challenge_used) {
65 DCHECK(challenge_used);
66 challenge_used->clear();
67 HttpAuth::Scheme current_scheme = handler->auth_scheme();
68 if (disabled_schemes.find(current_scheme) != disabled_schemes.end())
69 return HttpAuth::AUTHORIZATION_RESULT_REJECT;
70 std::string current_scheme_name = SchemeToString(current_scheme);
71 const std::string header_name = GetChallengeHeaderName(target);
73 std::string challenge;
74 HttpAuth::AuthorizationResult authorization_result =
75 HttpAuth::AUTHORIZATION_RESULT_INVALID;
76 while (headers->EnumerateHeader(&iter, header_name, &challenge)) {
77 HttpAuth::ChallengeTokenizer props(challenge.begin(), challenge.end());
78 if (!LowerCaseEqualsASCII(props.scheme(), current_scheme_name.c_str()))
80 authorization_result = handler->HandleAnotherChallenge(&props);
81 if (authorization_result != HttpAuth::AUTHORIZATION_RESULT_INVALID) {
82 *challenge_used = challenge;
83 return authorization_result;
86 // Finding no matches is equivalent to rejection.
87 return HttpAuth::AUTHORIZATION_RESULT_REJECT;
90 HttpAuth::ChallengeTokenizer::ChallengeTokenizer(
91 std::string::const_iterator begin,
92 std::string::const_iterator end)
102 HttpUtil::NameValuePairsIterator HttpAuth::ChallengeTokenizer::param_pairs()
104 return HttpUtil::NameValuePairsIterator(params_begin_, params_end_, ',');
107 std::string HttpAuth::ChallengeTokenizer::base64_param() const {
108 // Strip off any padding.
109 // (See https://bugzilla.mozilla.org/show_bug.cgi?id=230351.)
111 // Our base64 decoder requires that the length be a multiple of 4.
112 int encoded_length = params_end_ - params_begin_;
113 while (encoded_length > 0 && encoded_length % 4 != 0 &&
114 params_begin_[encoded_length - 1] == '=') {
117 return std::string(params_begin_, params_begin_ + encoded_length);
120 void HttpAuth::ChallengeTokenizer::Init(std::string::const_iterator begin,
121 std::string::const_iterator end) {
122 // The first space-separated token is the auth-scheme.
123 // NOTE: we are more permissive than RFC 2617 which says auth-scheme
124 // is separated by 1*SP.
125 base::StringTokenizer tok(begin, end, HTTP_LWS);
126 if (!tok.GetNext()) {
127 // Default param and scheme iterators provide empty strings
131 // Save the scheme's position.
132 scheme_begin_ = tok.token_begin();
133 scheme_end_ = tok.token_end();
135 params_begin_ = scheme_end_;
137 HttpUtil::TrimLWS(¶ms_begin_, ¶ms_end_);
141 std::string HttpAuth::GetChallengeHeaderName(Target target) {
144 return "Proxy-Authenticate";
146 return "WWW-Authenticate";
149 return std::string();
154 std::string HttpAuth::GetAuthorizationHeaderName(Target target) {
157 return HttpRequestHeaders::kProxyAuthorization;
159 return HttpRequestHeaders::kAuthorization;
162 return std::string();
167 std::string HttpAuth::GetAuthTargetString(Target target) {
175 return std::string();
180 const char* HttpAuth::SchemeToString(Scheme scheme) {
181 static const char* const kSchemeNames[] = {
189 COMPILE_ASSERT(arraysize(kSchemeNames) == AUTH_SCHEME_MAX,
190 http_auth_scheme_names_incorrect_size);
191 if (scheme < AUTH_SCHEME_BASIC || scheme >= AUTH_SCHEME_MAX) {
193 return "invalid_scheme";
195 return kSchemeNames[scheme];