diff options
Diffstat (limited to 'netwerk/protocol/http/nsHttpChannelAuthProvider.h')
-rw-r--r-- | netwerk/protocol/http/nsHttpChannelAuthProvider.h | 192 |
1 files changed, 192 insertions, 0 deletions
diff --git a/netwerk/protocol/http/nsHttpChannelAuthProvider.h b/netwerk/protocol/http/nsHttpChannelAuthProvider.h new file mode 100644 index 000000000..44d79b22b --- /dev/null +++ b/netwerk/protocol/http/nsHttpChannelAuthProvider.h @@ -0,0 +1,192 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* vim:set et cin ts=4 sw=4 sts=4: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef nsHttpChannelAuthProvider_h__ +#define nsHttpChannelAuthProvider_h__ + +#include "nsIHttpChannelAuthProvider.h" +#include "nsIAuthPromptCallback.h" +#include "nsIHttpAuthenticatorCallback.h" +#include "nsString.h" +#include "nsCOMPtr.h" +#include "nsHttpAuthCache.h" +#include "nsProxyInfo.h" +#include "nsCRT.h" +#include "nsICancelableRunnable.h" + +class nsIHttpAuthenticableChannel; +class nsIHttpAuthenticator; +class nsIURI; + +namespace mozilla { namespace net { + +class nsHttpHandler; + +class nsHttpChannelAuthProvider : public nsIHttpChannelAuthProvider + , public nsIAuthPromptCallback + , public nsIHttpAuthenticatorCallback +{ +public: + NS_DECL_ISUPPORTS + NS_DECL_NSICANCELABLE + NS_DECL_NSIHTTPCHANNELAUTHPROVIDER + NS_DECL_NSIAUTHPROMPTCALLBACK + NS_DECL_NSIHTTPAUTHENTICATORCALLBACK + + nsHttpChannelAuthProvider(); + static void InitializePrefs(); +private: + virtual ~nsHttpChannelAuthProvider(); + + const char *ProxyHost() const + { return mProxyInfo ? mProxyInfo->Host().get() : nullptr; } + + int32_t ProxyPort() const + { return mProxyInfo ? mProxyInfo->Port() : -1; } + + const char *Host() const { return mHost.get(); } + int32_t Port() const { return mPort; } + bool UsingSSL() const { return mUsingSSL; } + + bool UsingHttpProxy() const + { return mProxyInfo && (mProxyInfo->IsHTTP() || mProxyInfo->IsHTTPS()); } + + nsresult PrepareForAuthentication(bool proxyAuth); + nsresult GenCredsAndSetEntry(nsIHttpAuthenticator *, bool proxyAuth, + const char *scheme, const char *host, + int32_t port, const char *dir, + const char *realm, const char *challenge, + const nsHttpAuthIdentity &ident, + nsCOMPtr<nsISupports> &session, char **result); + nsresult GetAuthenticator(const char *challenge, nsCString &scheme, + nsIHttpAuthenticator **auth); + void ParseRealm(const char *challenge, nsACString &realm); + void GetIdentityFromURI(uint32_t authFlags, nsHttpAuthIdentity&); + + /** + * Following three methods return NS_ERROR_IN_PROGRESS when + * nsIAuthPrompt2.asyncPromptAuth method is called. This result indicates + * the user's decision will be gathered in a callback and is not an actual + * error. + */ + nsresult GetCredentials(const char *challenges, bool proxyAuth, + nsAFlatCString &creds); + nsresult GetCredentialsForChallenge(const char *challenge, + const char *scheme, bool proxyAuth, + nsIHttpAuthenticator *auth, + nsAFlatCString &creds); + nsresult PromptForIdentity(uint32_t level, bool proxyAuth, + const char *realm, const char *authType, + uint32_t authFlags, nsHttpAuthIdentity &); + + bool ConfirmAuth(const nsString &bundleKey, bool doYesNoPrompt); + void SetAuthorizationHeader(nsHttpAuthCache *, nsHttpAtom header, + const char *scheme, const char *host, + int32_t port, const char *path, + nsHttpAuthIdentity &ident); + nsresult GetCurrentPath(nsACString &); + /** + * Return all information needed to build authorization information, + * all parameters except proxyAuth are out parameters. proxyAuth specifies + * with what authorization we work (WWW or proxy). + */ + nsresult GetAuthorizationMembers(bool proxyAuth, nsCSubstring& scheme, + const char*& host, int32_t& port, + nsCSubstring& path, + nsHttpAuthIdentity*& ident, + nsISupports**& continuationState); + /** + * Method called to resume suspended transaction after we got credentials + * from the user. Called from OnAuthAvailable callback or OnAuthCancelled + * when credentials for next challenge were obtained synchronously. + */ + nsresult ContinueOnAuthAvailable(const nsCSubstring& creds); + + nsresult DoRedirectChannelToHttps(); + + /** + * A function that takes care of reading STS headers and enforcing STS + * load rules. After a secure channel is erected, STS requires the channel + * to be trusted or any STS header data on the channel is ignored. + * This is called from ProcessResponse. + */ + nsresult ProcessSTSHeader(); + + // Depending on the pref setting, the authentication dialog may be blocked + // for all sub-resources, blocked for cross-origin sub-resources, or + // always allowed for sub-resources. + // For more details look at the bug 647010. + bool BlockPrompt(); + + // Store credentials to the cache when appropriate aFlags are set. + nsresult UpdateCache(nsIHttpAuthenticator *aAuth, + const char *aScheme, + const char *aHost, + int32_t aPort, + const char *aDirectory, + const char *aRealm, + const char *aChallenge, + const nsHttpAuthIdentity &aIdent, + const char *aCreds, + uint32_t aGenerateFlags, + nsISupports *aSessionState); + +private: + nsIHttpAuthenticableChannel *mAuthChannel; // weak ref + + nsCOMPtr<nsIURI> mURI; + nsCOMPtr<nsProxyInfo> mProxyInfo; + nsCString mHost; + int32_t mPort; + bool mUsingSSL; + bool mProxyUsingSSL; + bool mIsPrivate; + + nsISupports *mProxyAuthContinuationState; + nsCString mProxyAuthType; + nsISupports *mAuthContinuationState; + nsCString mAuthType; + nsHttpAuthIdentity mIdent; + nsHttpAuthIdentity mProxyIdent; + + // Reference to the prompt waiting in prompt queue. The channel is + // responsible to call its cancel method when user in any way cancels + // this request. + nsCOMPtr<nsICancelable> mAsyncPromptAuthCancelable; + // Saved in GetCredentials when prompt is asynchronous, the first challenge + // we obtained from the server with 401/407 response, will be processed in + // OnAuthAvailable callback. + nsCString mCurrentChallenge; + // Saved in GetCredentials when prompt is asynchronous, remaning challenges + // we have to process when user cancels the auth dialog for the current + // challenge. + nsCString mRemainingChallenges; + + // True when we need to authenticate to proxy, i.e. when we get 407 + // response. Used in OnAuthAvailable and OnAuthCancelled callbacks. + uint32_t mProxyAuth : 1; + uint32_t mTriedProxyAuth : 1; + uint32_t mTriedHostAuth : 1; + uint32_t mSuppressDefensiveAuth : 1; + + // If a cross-origin sub-resource is being loaded, this flag will be set. + // In that case, the prompt text will be different to warn users. + uint32_t mCrossOrigin : 1; + uint32_t mConnectionBased : 1; + + RefPtr<nsHttpHandler> mHttpHandler; // keep gHttpHandler alive + + // A variable holding the preference settings to whether to open HTTP + // authentication credentials dialogs for sub-resources and cross-origin + // sub-resources. + static uint32_t sAuthAllowPref; + nsCOMPtr<nsICancelable> mGenerateCredentialsCancelable; +}; + +} // namespace net +} // namespace mozilla + +#endif // nsHttpChannelAuthProvider_h__ |