/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ /* vim:set et cin ts=4 sw=4 sts=4: */ /* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ #ifndef nsHttpChannelAuthProvider_h__ #define nsHttpChannelAuthProvider_h__ #include "nsIHttpChannelAuthProvider.h" #include "nsIAuthPromptCallback.h" #include "nsIHttpAuthenticatorCallback.h" #include "nsString.h" #include "nsCOMPtr.h" #include "nsHttpAuthCache.h" #include "nsProxyInfo.h" #include "nsCRT.h" #include "nsICancelableRunnable.h" class nsIHttpAuthenticableChannel; class nsIHttpAuthenticator; class nsIURI; namespace mozilla { namespace net { class nsHttpHandler; class nsHttpChannelAuthProvider : public nsIHttpChannelAuthProvider , public nsIAuthPromptCallback , public nsIHttpAuthenticatorCallback { public: NS_DECL_ISUPPORTS NS_DECL_NSICANCELABLE NS_DECL_NSIHTTPCHANNELAUTHPROVIDER NS_DECL_NSIAUTHPROMPTCALLBACK NS_DECL_NSIHTTPAUTHENTICATORCALLBACK nsHttpChannelAuthProvider(); static void InitializePrefs(); private: virtual ~nsHttpChannelAuthProvider(); const char *ProxyHost() const { return mProxyInfo ? mProxyInfo->Host().get() : nullptr; } int32_t ProxyPort() const { return mProxyInfo ? mProxyInfo->Port() : -1; } const char *Host() const { return mHost.get(); } int32_t Port() const { return mPort; } bool UsingSSL() const { return mUsingSSL; } bool UsingHttpProxy() const { return mProxyInfo && (mProxyInfo->IsHTTP() || mProxyInfo->IsHTTPS()); } nsresult PrepareForAuthentication(bool proxyAuth); nsresult GenCredsAndSetEntry(nsIHttpAuthenticator *, bool proxyAuth, const char *scheme, const char *host, int32_t port, const char *dir, const char *realm, const char *challenge, const nsHttpAuthIdentity &ident, nsCOMPtr &session, char **result); nsresult GetAuthenticator(const char *challenge, nsCString &scheme, nsIHttpAuthenticator **auth); void ParseRealm(const char *challenge, nsACString &realm); void GetIdentityFromURI(uint32_t authFlags, nsHttpAuthIdentity&); /** * Following three methods return NS_ERROR_IN_PROGRESS when * nsIAuthPrompt2.asyncPromptAuth method is called. This result indicates * the user's decision will be gathered in a callback and is not an actual * error. */ nsresult GetCredentials(const char *challenges, bool proxyAuth, nsAFlatCString &creds); nsresult GetCredentialsForChallenge(const char *challenge, const char *scheme, bool proxyAuth, nsIHttpAuthenticator *auth, nsAFlatCString &creds); nsresult PromptForIdentity(uint32_t level, bool proxyAuth, const char *realm, const char *authType, uint32_t authFlags, nsHttpAuthIdentity &); bool ConfirmAuth(const nsString &bundleKey, bool doYesNoPrompt); void SetAuthorizationHeader(nsHttpAuthCache *, nsHttpAtom header, const char *scheme, const char *host, int32_t port, const char *path, nsHttpAuthIdentity &ident); nsresult GetCurrentPath(nsACString &); /** * Return all information needed to build authorization information, * all parameters except proxyAuth are out parameters. proxyAuth specifies * with what authorization we work (WWW or proxy). */ nsresult GetAuthorizationMembers(bool proxyAuth, nsCSubstring& scheme, const char*& host, int32_t& port, nsCSubstring& path, nsHttpAuthIdentity*& ident, nsISupports**& continuationState); /** * Method called to resume suspended transaction after we got credentials * from the user. Called from OnAuthAvailable callback or OnAuthCancelled * when credentials for next challenge were obtained synchronously. */ nsresult ContinueOnAuthAvailable(const nsCSubstring& creds); nsresult DoRedirectChannelToHttps(); /** * A function that takes care of reading STS headers and enforcing STS * load rules. After a secure channel is erected, STS requires the channel * to be trusted or any STS header data on the channel is ignored. * This is called from ProcessResponse. */ nsresult ProcessSTSHeader(); // Depending on the pref setting, the authentication dialog may be blocked // for all sub-resources, blocked for cross-origin sub-resources, or // always allowed for sub-resources. // For more details look at the bug 647010. bool BlockPrompt(); // Store credentials to the cache when appropriate aFlags are set. nsresult UpdateCache(nsIHttpAuthenticator *aAuth, const char *aScheme, const char *aHost, int32_t aPort, const char *aDirectory, const char *aRealm, const char *aChallenge, const nsHttpAuthIdentity &aIdent, const char *aCreds, uint32_t aGenerateFlags, nsISupports *aSessionState); private: nsIHttpAuthenticableChannel *mAuthChannel; // weak ref nsCOMPtr mURI; nsCOMPtr mProxyInfo; nsCString mHost; int32_t mPort; bool mUsingSSL; bool mProxyUsingSSL; bool mIsPrivate; nsISupports *mProxyAuthContinuationState; nsCString mProxyAuthType; nsISupports *mAuthContinuationState; nsCString mAuthType; nsHttpAuthIdentity mIdent; nsHttpAuthIdentity mProxyIdent; // Reference to the prompt waiting in prompt queue. The channel is // responsible to call its cancel method when user in any way cancels // this request. nsCOMPtr mAsyncPromptAuthCancelable; // Saved in GetCredentials when prompt is asynchronous, the first challenge // we obtained from the server with 401/407 response, will be processed in // OnAuthAvailable callback. nsCString mCurrentChallenge; // Saved in GetCredentials when prompt is asynchronous, remaning challenges // we have to process when user cancels the auth dialog for the current // challenge. nsCString mRemainingChallenges; // True when we need to authenticate to proxy, i.e. when we get 407 // response. Used in OnAuthAvailable and OnAuthCancelled callbacks. uint32_t mProxyAuth : 1; uint32_t mTriedProxyAuth : 1; uint32_t mTriedHostAuth : 1; uint32_t mSuppressDefensiveAuth : 1; // If a cross-origin sub-resource is being loaded, this flag will be set. // In that case, the prompt text will be different to warn users. uint32_t mCrossOrigin : 1; uint32_t mConnectionBased : 1; RefPtr mHttpHandler; // keep gHttpHandler alive // A variable holding the preference settings to whether to open HTTP // authentication credentials dialogs for sub-resources and cross-origin // sub-resources. static uint32_t sAuthAllowPref; nsCOMPtr mGenerateCredentialsCancelable; }; } // namespace net } // namespace mozilla #endif // nsHttpChannelAuthProvider_h__