forked from mirrors/gecko-dev
197 lines
8.8 KiB
C++
197 lines
8.8 KiB
C++
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
|
|
/* vim:set et cin ts=4 sw=4 sts=4: */
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
#ifndef nsHttpChannelAuthProvider_h__
|
|
#define nsHttpChannelAuthProvider_h__
|
|
|
|
#include "nsIHttpChannelAuthProvider.h"
|
|
#include "nsIAuthPromptCallback.h"
|
|
#include "nsIHttpAuthenticatorCallback.h"
|
|
#include "nsString.h"
|
|
#include "nsCOMPtr.h"
|
|
#include "nsHttpAuthCache.h"
|
|
#include "nsProxyInfo.h"
|
|
#include "nsCRT.h"
|
|
#include "nsICancelableRunnable.h"
|
|
|
|
class nsIHttpAuthenticableChannel;
|
|
class nsIHttpAuthenticator;
|
|
class nsIURI;
|
|
|
|
namespace mozilla { namespace net {
|
|
|
|
class nsHttpHandler;
|
|
|
|
class nsHttpChannelAuthProvider : public nsIHttpChannelAuthProvider
|
|
, public nsIAuthPromptCallback
|
|
, public nsIHttpAuthenticatorCallback
|
|
{
|
|
public:
|
|
NS_DECL_ISUPPORTS
|
|
NS_DECL_NSICANCELABLE
|
|
NS_DECL_NSIHTTPCHANNELAUTHPROVIDER
|
|
NS_DECL_NSIAUTHPROMPTCALLBACK
|
|
NS_DECL_NSIHTTPAUTHENTICATORCALLBACK
|
|
|
|
nsHttpChannelAuthProvider();
|
|
static void InitializePrefs();
|
|
private:
|
|
virtual ~nsHttpChannelAuthProvider();
|
|
|
|
const char *ProxyHost() const
|
|
{ return mProxyInfo ? mProxyInfo->Host().get() : nullptr; }
|
|
|
|
int32_t ProxyPort() const
|
|
{ return mProxyInfo ? mProxyInfo->Port() : -1; }
|
|
|
|
const char *Host() const { return mHost.get(); }
|
|
int32_t Port() const { return mPort; }
|
|
bool UsingSSL() const { return mUsingSSL; }
|
|
|
|
bool UsingHttpProxy() const
|
|
{ return mProxyInfo && (mProxyInfo->IsHTTP() || mProxyInfo->IsHTTPS()); }
|
|
|
|
MOZ_MUST_USE nsresult PrepareForAuthentication(bool proxyAuth);
|
|
MOZ_MUST_USE nsresult
|
|
GenCredsAndSetEntry(nsIHttpAuthenticator *, bool proxyAuth,
|
|
const char *scheme, const char *host, int32_t port,
|
|
const char *dir, const char *realm,
|
|
const char *challenge, const nsHttpAuthIdentity &ident,
|
|
nsCOMPtr<nsISupports> &session, char **result);
|
|
MOZ_MUST_USE nsresult GetAuthenticator(const char *challenge,
|
|
nsCString &scheme,
|
|
nsIHttpAuthenticator **auth);
|
|
void ParseRealm(const char *challenge, nsACString &realm);
|
|
void GetIdentityFromURI(uint32_t authFlags, nsHttpAuthIdentity&);
|
|
|
|
/**
|
|
* Following three methods return NS_ERROR_IN_PROGRESS when
|
|
* nsIAuthPrompt2.asyncPromptAuth method is called. This result indicates
|
|
* the user's decision will be gathered in a callback and is not an actual
|
|
* error.
|
|
*/
|
|
MOZ_MUST_USE nsresult GetCredentials(const char *challenges, bool proxyAuth,
|
|
nsCString& creds);
|
|
MOZ_MUST_USE nsresult
|
|
GetCredentialsForChallenge(const char *challenge, const char *scheme,
|
|
bool proxyAuth, nsIHttpAuthenticator *auth,
|
|
nsCString& creds);
|
|
MOZ_MUST_USE nsresult PromptForIdentity(uint32_t level, bool proxyAuth,
|
|
const char *realm,
|
|
const char *authType,
|
|
uint32_t authFlags,
|
|
nsHttpAuthIdentity &);
|
|
|
|
bool ConfirmAuth(const char* bundleKey, bool doYesNoPrompt);
|
|
void SetAuthorizationHeader(nsHttpAuthCache *, nsHttpAtom header,
|
|
const char *scheme, const char *host,
|
|
int32_t port, const char *path,
|
|
nsHttpAuthIdentity &ident);
|
|
MOZ_MUST_USE nsresult GetCurrentPath(nsACString &);
|
|
/**
|
|
* Return all information needed to build authorization information,
|
|
* all parameters except proxyAuth are out parameters. proxyAuth specifies
|
|
* with what authorization we work (WWW or proxy).
|
|
*/
|
|
MOZ_MUST_USE nsresult
|
|
GetAuthorizationMembers(bool proxyAuth, nsACString& scheme,
|
|
const char*& host, int32_t& port,
|
|
nsACString& path, nsHttpAuthIdentity*& ident,
|
|
nsISupports**& continuationState);
|
|
/**
|
|
* Method called to resume suspended transaction after we got credentials
|
|
* from the user. Called from OnAuthAvailable callback or OnAuthCancelled
|
|
* when credentials for next challenge were obtained synchronously.
|
|
*/
|
|
MOZ_MUST_USE nsresult ContinueOnAuthAvailable(const nsACString& creds);
|
|
|
|
MOZ_MUST_USE nsresult DoRedirectChannelToHttps();
|
|
|
|
/**
|
|
* A function that takes care of reading STS headers and enforcing STS
|
|
* load rules. After a secure channel is erected, STS requires the channel
|
|
* to be trusted or any STS header data on the channel is ignored.
|
|
* This is called from ProcessResponse.
|
|
*/
|
|
MOZ_MUST_USE nsresult ProcessSTSHeader();
|
|
|
|
// Depending on the pref setting, the authentication dialog may be blocked
|
|
// for all sub-resources, blocked for cross-origin sub-resources, or
|
|
// always allowed for sub-resources.
|
|
// For more details look at the bug 647010.
|
|
bool BlockPrompt(bool proxyAuth);
|
|
|
|
// Store credentials to the cache when appropriate aFlags are set.
|
|
MOZ_MUST_USE nsresult UpdateCache(nsIHttpAuthenticator *aAuth,
|
|
const char *aScheme,
|
|
const char *aHost,
|
|
int32_t aPort,
|
|
const char *aDirectory,
|
|
const char *aRealm,
|
|
const char *aChallenge,
|
|
const nsHttpAuthIdentity &aIdent,
|
|
const char *aCreds,
|
|
uint32_t aGenerateFlags,
|
|
nsISupports *aSessionState);
|
|
|
|
private:
|
|
nsIHttpAuthenticableChannel *mAuthChannel; // weak ref
|
|
|
|
nsCOMPtr<nsIURI> mURI;
|
|
nsCOMPtr<nsProxyInfo> mProxyInfo;
|
|
nsCString mHost;
|
|
int32_t mPort;
|
|
bool mUsingSSL;
|
|
bool mProxyUsingSSL;
|
|
bool mIsPrivate;
|
|
|
|
nsISupports *mProxyAuthContinuationState;
|
|
nsCString mProxyAuthType;
|
|
nsISupports *mAuthContinuationState;
|
|
nsCString mAuthType;
|
|
nsHttpAuthIdentity mIdent;
|
|
nsHttpAuthIdentity mProxyIdent;
|
|
|
|
// Reference to the prompt waiting in prompt queue. The channel is
|
|
// responsible to call its cancel method when user in any way cancels
|
|
// this request.
|
|
nsCOMPtr<nsICancelable> mAsyncPromptAuthCancelable;
|
|
// Saved in GetCredentials when prompt is asynchronous, the first challenge
|
|
// we obtained from the server with 401/407 response, will be processed in
|
|
// OnAuthAvailable callback.
|
|
nsCString mCurrentChallenge;
|
|
// Saved in GetCredentials when prompt is asynchronous, remaning challenges
|
|
// we have to process when user cancels the auth dialog for the current
|
|
// challenge.
|
|
nsCString mRemainingChallenges;
|
|
|
|
// True when we need to authenticate to proxy, i.e. when we get 407
|
|
// response. Used in OnAuthAvailable and OnAuthCancelled callbacks.
|
|
uint32_t mProxyAuth : 1;
|
|
uint32_t mTriedProxyAuth : 1;
|
|
uint32_t mTriedHostAuth : 1;
|
|
uint32_t mSuppressDefensiveAuth : 1;
|
|
|
|
// If a cross-origin sub-resource is being loaded, this flag will be set.
|
|
// In that case, the prompt text will be different to warn users.
|
|
uint32_t mCrossOrigin : 1;
|
|
uint32_t mConnectionBased : 1;
|
|
|
|
RefPtr<nsHttpHandler> mHttpHandler; // keep gHttpHandler alive
|
|
|
|
// A variable holding the preference settings to whether to open HTTP
|
|
// authentication credentials dialogs for sub-resources and cross-origin
|
|
// sub-resources.
|
|
static uint32_t sAuthAllowPref;
|
|
static bool sImgCrossOriginAuthAllowPref;
|
|
static bool sNonWebContentTriggeredAuthAllow;
|
|
nsCOMPtr<nsICancelable> mGenerateCredentialsCancelable;
|
|
};
|
|
|
|
} // namespace net
|
|
} // namespace mozilla
|
|
|
|
#endif // nsHttpChannelAuthProvider_h__
|