xref: /aosp_15_r20/external/cronet/net/http/http_auth_handler_negotiate.h (revision 6777b5387eb2ff775bb5750e3f5d96f37fb7352b) 
1 // Copyright 2011 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef NET_HTTP_HTTP_AUTH_HANDLER_NEGOTIATE_H_
6 #define NET_HTTP_HTTP_AUTH_HANDLER_NEGOTIATE_H_
7 
8 #include <memory>
9 #include <string>
10 #include <utility>
11 
12 #include "base/memory/raw_ptr.h"
13 #include "build/build_config.h"
14 #include "net/base/completion_once_callback.h"
15 #include "net/base/net_export.h"
16 #include "net/base/network_isolation_key.h"
17 #include "net/dns/host_resolver.h"
18 #include "net/http/http_auth_handler.h"
19 #include "net/http/http_auth_handler_factory.h"
20 #include "net/http/http_auth_mechanism.h"
21 
22 #if BUILDFLAG(IS_ANDROID)
23 #include "net/android/http_auth_negotiate_android.h"
24 #elif BUILDFLAG(IS_WIN)
25 #include "net/http/http_auth_sspi_win.h"
26 #elif BUILDFLAG(IS_POSIX)
27 #include "net/http/http_auth_gssapi_posix.h"
28 #endif
29 
30 namespace url {
31 class SchemeHostPort;
32 }
33 
34 namespace net {
35 
36 class HttpAuthPreferences;
37 
38 // Handler for WWW-Authenticate: Negotiate protocol.
39 //
40 // See http://tools.ietf.org/html/rfc4178 and http://tools.ietf.org/html/rfc4559
41 // for more information about the protocol.
42 
43 class NET_EXPORT_PRIVATE HttpAuthHandlerNegotiate : public HttpAuthHandler {
44  public:
45 #if BUILDFLAG(IS_WIN)
46   typedef SSPILibrary AuthLibrary;
47 #elif BUILDFLAG(IS_POSIX) && !BUILDFLAG(IS_ANDROID)
48   typedef GSSAPILibrary AuthLibrary;
49 #endif
50 
51   class NET_EXPORT_PRIVATE Factory : public HttpAuthHandlerFactory {
52    public:
53     explicit Factory(HttpAuthMechanismFactory negotiate_auth_system_factory);
54     ~Factory() override;
55 
56 #if !BUILDFLAG(IS_ANDROID)
57     // Sets the system library to use, thereby assuming ownership of
58     // |auth_library|.
set_library(std::unique_ptr<AuthLibrary> auth_provider)59     void set_library(std::unique_ptr<AuthLibrary> auth_provider) {
60       auth_library_ = std::move(auth_provider);
61     }
62 
63 #if BUILDFLAG(IS_POSIX)
64     const std::string& GetLibraryNameForTesting() const;
65 #endif  // BUILDFLAG(IS_POSIX)
66 #endif  // !BUILDFLAG(IS_ANDROID)
67 
68     // HttpAuthHandlerFactory overrides
69     int CreateAuthHandler(
70         HttpAuthChallengeTokenizer* challenge,
71         HttpAuth::Target target,
72         const SSLInfo& ssl_info,
73         const NetworkAnonymizationKey& network_anonymization_key,
74         const url::SchemeHostPort& scheme_host_port,
75         CreateReason reason,
76         int digest_nonce_count,
77         const NetLogWithSource& net_log,
78         HostResolver* host_resolver,
79         std::unique_ptr<HttpAuthHandler>* handler) override;
80 
81    private:
82     HttpAuthMechanismFactory negotiate_auth_system_factory_;
83     bool is_unsupported_ = false;
84 #if !BUILDFLAG(IS_ANDROID)
85     std::unique_ptr<AuthLibrary> auth_library_;
86 #endif  // !BUILDFLAG(IS_ANDROID)
87   };
88 
89   HttpAuthHandlerNegotiate(std::unique_ptr<HttpAuthMechanism> auth_system,
90                            const HttpAuthPreferences* prefs,
91                            HostResolver* host_resolver);
92 
93   ~HttpAuthHandlerNegotiate() override;
94 
95   // HttpAuthHandler
96   bool NeedsIdentity() override;
97   bool AllowsDefaultCredentials() override;
98   bool AllowsExplicitCredentials() override;
99 
spn_for_testing()100   const std::string& spn_for_testing() const { return spn_; }
101 
102  protected:
103   // HttpAuthHandler
104   bool Init(HttpAuthChallengeTokenizer* challenge,
105             const SSLInfo& ssl_info,
106             const NetworkAnonymizationKey& network_anonymization_key) override;
107   int GenerateAuthTokenImpl(const AuthCredentials* credentials,
108                             const HttpRequestInfo* request,
109                             CompletionOnceCallback callback,
110                             std::string* auth_token) override;
111   HttpAuth::AuthorizationResult HandleAnotherChallengeImpl(
112       HttpAuthChallengeTokenizer* challenge) override;
113 
114  private:
115   enum State {
116     STATE_RESOLVE_CANONICAL_NAME,
117     STATE_RESOLVE_CANONICAL_NAME_COMPLETE,
118     STATE_GENERATE_AUTH_TOKEN,
119     STATE_GENERATE_AUTH_TOKEN_COMPLETE,
120     STATE_NONE,
121   };
122 
123   std::string CreateSPN(const std::string& server,
124                         const url::SchemeHostPort& scheme_host_port);
125 
126   void OnIOComplete(int result);
127   void DoCallback(int result);
128   int DoLoop(int result);
129 
130   int DoResolveCanonicalName();
131   int DoResolveCanonicalNameComplete(int rv);
132   int DoGenerateAuthToken();
133   int DoGenerateAuthTokenComplete(int rv);
134   HttpAuth::DelegationType GetDelegationType() const;
135 
136   std::unique_ptr<HttpAuthMechanism> auth_system_;
137   const raw_ptr<HostResolver> resolver_;
138 
139   NetworkAnonymizationKey network_anonymization_key_;
140 
141   // Members which are needed for DNS lookup + SPN.
142   std::unique_ptr<HostResolver::ResolveHostRequest> resolve_host_request_;
143 
144   // Things which should be consistent after first call to GenerateAuthToken.
145   bool already_called_ = false;
146   bool has_credentials_ = false;
147   AuthCredentials credentials_;
148   std::string spn_;
149   std::string channel_bindings_;
150 
151   // Things which vary each round.
152   CompletionOnceCallback callback_;
153   raw_ptr<std::string> auth_token_ = nullptr;
154 
155   State next_state_ = STATE_NONE;
156 
157   raw_ptr<const HttpAuthPreferences> http_auth_preferences_;
158 };
159 
160 }  // namespace net
161 
162 #endif  // NET_HTTP_HTTP_AUTH_HANDLER_NEGOTIATE_H_
163