Line data Source code
1 : /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
2 : /* vim:set et cin ts=4 sw=4 sts=4: */
3 : /* This Source Code Form is subject to the terms of the Mozilla Public
4 : * License, v. 2.0. If a copy of the MPL was not distributed with this
5 : * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6 :
7 : #ifndef nsHttpChannelAuthProvider_h__
8 : #define nsHttpChannelAuthProvider_h__
9 :
10 : #include "nsIHttpChannelAuthProvider.h"
11 : #include "nsIAuthPromptCallback.h"
12 : #include "nsIHttpAuthenticatorCallback.h"
13 : #include "nsString.h"
14 : #include "nsCOMPtr.h"
15 : #include "nsHttpAuthCache.h"
16 : #include "nsProxyInfo.h"
17 : #include "nsCRT.h"
18 : #include "nsICancelableRunnable.h"
19 :
20 : class nsIHttpAuthenticableChannel;
21 : class nsIHttpAuthenticator;
22 : class nsIURI;
23 :
24 : namespace mozilla { namespace net {
25 :
26 : class nsHttpHandler;
27 :
28 : class nsHttpChannelAuthProvider : public nsIHttpChannelAuthProvider
29 : , public nsIAuthPromptCallback
30 : , public nsIHttpAuthenticatorCallback
31 : {
32 : public:
33 : NS_DECL_ISUPPORTS
34 : NS_DECL_NSICANCELABLE
35 : NS_DECL_NSIHTTPCHANNELAUTHPROVIDER
36 : NS_DECL_NSIAUTHPROMPTCALLBACK
37 : NS_DECL_NSIHTTPAUTHENTICATORCALLBACK
38 :
39 : nsHttpChannelAuthProvider();
40 : static void InitializePrefs();
41 : private:
42 : virtual ~nsHttpChannelAuthProvider();
43 :
44 6 : const char *ProxyHost() const
45 6 : { return mProxyInfo ? mProxyInfo->Host().get() : nullptr; }
46 :
47 0 : int32_t ProxyPort() const
48 0 : { return mProxyInfo ? mProxyInfo->Port() : -1; }
49 :
50 6 : const char *Host() const { return mHost.get(); }
51 6 : int32_t Port() const { return mPort; }
52 0 : bool UsingSSL() const { return mUsingSSL; }
53 :
54 0 : bool UsingHttpProxy() const
55 0 : { return mProxyInfo && (mProxyInfo->IsHTTP() || mProxyInfo->IsHTTPS()); }
56 :
57 : MOZ_MUST_USE nsresult PrepareForAuthentication(bool proxyAuth);
58 : MOZ_MUST_USE nsresult
59 : GenCredsAndSetEntry(nsIHttpAuthenticator *, bool proxyAuth,
60 : const char *scheme, const char *host, int32_t port,
61 : const char *dir, const char *realm,
62 : const char *challenge, const nsHttpAuthIdentity &ident,
63 : nsCOMPtr<nsISupports> &session, char **result);
64 : MOZ_MUST_USE nsresult GetAuthenticator(const char *challenge,
65 : nsCString &scheme,
66 : nsIHttpAuthenticator **auth);
67 : void ParseRealm(const char *challenge, nsACString &realm);
68 : void GetIdentityFromURI(uint32_t authFlags, nsHttpAuthIdentity&);
69 :
70 : /**
71 : * Following three methods return NS_ERROR_IN_PROGRESS when
72 : * nsIAuthPrompt2.asyncPromptAuth method is called. This result indicates
73 : * the user's decision will be gathered in a callback and is not an actual
74 : * error.
75 : */
76 : MOZ_MUST_USE nsresult GetCredentials(const char *challenges, bool proxyAuth,
77 : nsCString& creds);
78 : MOZ_MUST_USE nsresult
79 : GetCredentialsForChallenge(const char *challenge, const char *scheme,
80 : bool proxyAuth, nsIHttpAuthenticator *auth,
81 : nsCString& creds);
82 : MOZ_MUST_USE nsresult PromptForIdentity(uint32_t level, bool proxyAuth,
83 : const char *realm,
84 : const char *authType,
85 : uint32_t authFlags,
86 : nsHttpAuthIdentity &);
87 :
88 : bool ConfirmAuth(const nsString &bundleKey, bool doYesNoPrompt);
89 : void SetAuthorizationHeader(nsHttpAuthCache *, nsHttpAtom header,
90 : const char *scheme, const char *host,
91 : int32_t port, const char *path,
92 : nsHttpAuthIdentity &ident);
93 : MOZ_MUST_USE nsresult GetCurrentPath(nsACString &);
94 : /**
95 : * Return all information needed to build authorization information,
96 : * all parameters except proxyAuth are out parameters. proxyAuth specifies
97 : * with what authorization we work (WWW or proxy).
98 : */
99 : MOZ_MUST_USE nsresult
100 : GetAuthorizationMembers(bool proxyAuth, nsACString& scheme,
101 : const char*& host, int32_t& port,
102 : nsACString& path, nsHttpAuthIdentity*& ident,
103 : nsISupports**& continuationState);
104 : /**
105 : * Method called to resume suspended transaction after we got credentials
106 : * from the user. Called from OnAuthAvailable callback or OnAuthCancelled
107 : * when credentials for next challenge were obtained synchronously.
108 : */
109 : MOZ_MUST_USE nsresult ContinueOnAuthAvailable(const nsACString& creds);
110 :
111 : MOZ_MUST_USE nsresult DoRedirectChannelToHttps();
112 :
113 : /**
114 : * A function that takes care of reading STS headers and enforcing STS
115 : * load rules. After a secure channel is erected, STS requires the channel
116 : * to be trusted or any STS header data on the channel is ignored.
117 : * This is called from ProcessResponse.
118 : */
119 : MOZ_MUST_USE nsresult ProcessSTSHeader();
120 :
121 : // Depending on the pref setting, the authentication dialog may be blocked
122 : // for all sub-resources, blocked for cross-origin sub-resources, or
123 : // always allowed for sub-resources.
124 : // For more details look at the bug 647010.
125 : bool BlockPrompt();
126 :
127 : // Store credentials to the cache when appropriate aFlags are set.
128 : MOZ_MUST_USE nsresult UpdateCache(nsIHttpAuthenticator *aAuth,
129 : const char *aScheme,
130 : const char *aHost,
131 : int32_t aPort,
132 : const char *aDirectory,
133 : const char *aRealm,
134 : const char *aChallenge,
135 : const nsHttpAuthIdentity &aIdent,
136 : const char *aCreds,
137 : uint32_t aGenerateFlags,
138 : nsISupports *aSessionState);
139 :
140 : private:
141 : nsIHttpAuthenticableChannel *mAuthChannel; // weak ref
142 :
143 : nsCOMPtr<nsIURI> mURI;
144 : nsCOMPtr<nsProxyInfo> mProxyInfo;
145 : nsCString mHost;
146 : int32_t mPort;
147 : bool mUsingSSL;
148 : bool mProxyUsingSSL;
149 : bool mIsPrivate;
150 :
151 : nsISupports *mProxyAuthContinuationState;
152 : nsCString mProxyAuthType;
153 : nsISupports *mAuthContinuationState;
154 : nsCString mAuthType;
155 : nsHttpAuthIdentity mIdent;
156 : nsHttpAuthIdentity mProxyIdent;
157 :
158 : // Reference to the prompt waiting in prompt queue. The channel is
159 : // responsible to call its cancel method when user in any way cancels
160 : // this request.
161 : nsCOMPtr<nsICancelable> mAsyncPromptAuthCancelable;
162 : // Saved in GetCredentials when prompt is asynchronous, the first challenge
163 : // we obtained from the server with 401/407 response, will be processed in
164 : // OnAuthAvailable callback.
165 : nsCString mCurrentChallenge;
166 : // Saved in GetCredentials when prompt is asynchronous, remaning challenges
167 : // we have to process when user cancels the auth dialog for the current
168 : // challenge.
169 : nsCString mRemainingChallenges;
170 :
171 : // True when we need to authenticate to proxy, i.e. when we get 407
172 : // response. Used in OnAuthAvailable and OnAuthCancelled callbacks.
173 : uint32_t mProxyAuth : 1;
174 : uint32_t mTriedProxyAuth : 1;
175 : uint32_t mTriedHostAuth : 1;
176 : uint32_t mSuppressDefensiveAuth : 1;
177 :
178 : // If a cross-origin sub-resource is being loaded, this flag will be set.
179 : // In that case, the prompt text will be different to warn users.
180 : uint32_t mCrossOrigin : 1;
181 : uint32_t mConnectionBased : 1;
182 :
183 : RefPtr<nsHttpHandler> mHttpHandler; // keep gHttpHandler alive
184 :
185 : // A variable holding the preference settings to whether to open HTTP
186 : // authentication credentials dialogs for sub-resources and cross-origin
187 : // sub-resources.
188 : static uint32_t sAuthAllowPref;
189 : static bool sImgCrossOriginAuthAllowPref;
190 : nsCOMPtr<nsICancelable> mGenerateCredentialsCancelable;
191 : };
192 :
193 : } // namespace net
194 : } // namespace mozilla
195 :
196 : #endif // nsHttpChannelAuthProvider_h__
|
