/src/mozilla-central/netwerk/protocol/http/nsHttpChannelAuthProvider.h

Source (jump to first uncovered line)
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/* vim:set et cin ts=4 sw=4 sts=4: */
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#ifndef nsHttpChannelAuthProvider_h__
#define nsHttpChannelAuthProvider_h__

#include "nsIHttpChannelAuthProvider.h"
#include "nsIAuthPromptCallback.h"
#include "nsIHttpAuthenticatorCallback.h"
#include "nsString.h"
#include "nsCOMPtr.h"
#include "nsHttpAuthCache.h"
#include "nsProxyInfo.h"
#include "nsCRT.h"
#include "nsICancelableRunnable.h"

class nsIHttpAuthenticableChannel;
class nsIHttpAuthenticator;
class nsIURI;

namespace mozilla { namespace net {

class nsHttpHandler;

class nsHttpChannelAuthProvider final
  : public nsIHttpChannelAuthProvider
  , public nsIAuthPromptCallback
  , public nsIHttpAuthenticatorCallback
{
public:
    NS_DECL_ISUPPORTS
    NS_DECL_NSICANCELABLE
    NS_DECL_NSIHTTPCHANNELAUTHPROVIDER
    NS_DECL_NSIAUTHPROMPTCALLBACK
    NS_DECL_NSIHTTPAUTHENTICATORCALLBACK

    nsHttpChannelAuthProvider();
private:
    virtual ~nsHttpChannelAuthProvider();

    const char *ProxyHost() const
    { return mProxyInfo ? mProxyInfo->Host().get() : nullptr; }

    int32_t     ProxyPort() const
    { return mProxyInfo ? mProxyInfo->Port() : -1; }

    const char *Host() const      { return mHost.get(); }
    int32_t     Port() const      { return mPort; }
    bool        UsingSSL() const  { return mUsingSSL; }

    bool        UsingHttpProxy() const
    { return mProxyInfo && (mProxyInfo->IsHTTP() || mProxyInfo->IsHTTPS()); }

    MOZ_MUST_USE nsresult PrepareForAuthentication(bool proxyAuth);
    MOZ_MUST_USE nsresult
    GenCredsAndSetEntry(nsIHttpAuthenticator *, bool proxyAuth,
                        const char *scheme, const char *host, int32_t port,
                        const char *dir, const char *realm,
                        const char *challenge, const nsHttpAuthIdentity &ident,
                        nsCOMPtr<nsISupports> &session, char **result);
    MOZ_MUST_USE nsresult GetAuthenticator(const char *challenge,
                                           nsCString &scheme,
                                           nsIHttpAuthenticator **auth);
    void     ParseRealm(const char *challenge, nsACString &realm);
    void     GetIdentityFromURI(uint32_t authFlags, nsHttpAuthIdentity&);

    /**
     * Following three methods return NS_ERROR_IN_PROGRESS when
     * nsIAuthPrompt2.asyncPromptAuth method is called. This result indicates
     * the user's decision will be gathered in a callback and is not an actual
     * error.
     */
    MOZ_MUST_USE nsresult GetCredentials(const char *challenges, bool proxyAuth,
                                         nsCString& creds);
    MOZ_MUST_USE nsresult
    GetCredentialsForChallenge(const char *challenge, const char *scheme,
                               bool proxyAuth, nsIHttpAuthenticator *auth,
                               nsCString& creds);
    MOZ_MUST_USE nsresult PromptForIdentity(uint32_t level, bool proxyAuth,
                                            const char *realm,
                                            const char *authType,
                                            uint32_t authFlags,
                                            nsHttpAuthIdentity &);

    bool     ConfirmAuth(const char* bundleKey, bool doYesNoPrompt);
    void     SetAuthorizationHeader(nsHttpAuthCache *, nsHttpAtom header,
                                    const char *scheme, const char *host,
                                    int32_t port, const char *path,
                                    nsHttpAuthIdentity &ident);
    MOZ_MUST_USE nsresult GetCurrentPath(nsACString &);
    /**
     * Return all information needed to build authorization information,
     * all parameters except proxyAuth are out parameters. proxyAuth specifies
     * with what authorization we work (WWW or proxy).
     */
    MOZ_MUST_USE nsresult
    GetAuthorizationMembers(bool proxyAuth, nsACString& scheme,
                            const char*& host, int32_t& port,
                            nsACString& path, nsHttpAuthIdentity*& ident,
                            nsISupports**& continuationState);
    /**
     * Method called to resume suspended transaction after we got credentials
     * from the user. Called from OnAuthAvailable callback or OnAuthCancelled
     * when credentials for next challenge were obtained synchronously.
     */
    MOZ_MUST_USE nsresult ContinueOnAuthAvailable(const nsACString& creds);

    MOZ_MUST_USE nsresult DoRedirectChannelToHttps();

    /**
     * A function that takes care of reading STS headers and enforcing STS
     * load rules.  After a secure channel is erected, STS requires the channel
     * to be trusted or any STS header data on the channel is ignored.
     * This is called from ProcessResponse.
     */
    MOZ_MUST_USE nsresult ProcessSTSHeader();

    // Depending on the pref setting, the authentication dialog may be blocked
    // for all sub-resources, blocked for cross-origin sub-resources, or
    // always allowed for sub-resources.
    // For more details look at the bug 647010.
    bool BlockPrompt(bool proxyAuth);

    // Store credentials to the cache when appropriate aFlags are set.
    MOZ_MUST_USE nsresult UpdateCache(nsIHttpAuthenticator *aAuth,
                                      const char           *aScheme,
                                      const char           *aHost,
                                      int32_t               aPort,
                                      const char           *aDirectory,
                                      const char           *aRealm,
                                      const char           *aChallenge,
                                      const nsHttpAuthIdentity &aIdent,
                                      const char           *aCreds,
                                      uint32_t              aGenerateFlags,
                                      nsISupports          *aSessionState);

private:
    nsIHttpAuthenticableChannel      *mAuthChannel;  // weak ref

    nsCOMPtr<nsIURI>                  mURI;
    nsCOMPtr<nsProxyInfo>             mProxyInfo;
    nsCString                         mHost;
    int32_t                           mPort;
    bool                              mUsingSSL;
    bool                              mProxyUsingSSL;
    bool                              mIsPrivate;

    nsISupports                      *mProxyAuthContinuationState;
    nsCString                         mProxyAuthType;
    nsISupports                      *mAuthContinuationState;
    nsCString                         mAuthType;
    nsHttpAuthIdentity                mIdent;
    nsHttpAuthIdentity                mProxyIdent;

    // Reference to the prompt waiting in prompt queue. The channel is
    // responsible to call its cancel method when user in any way cancels
    // this request.
    nsCOMPtr<nsICancelable>           mAsyncPromptAuthCancelable;
    // Saved in GetCredentials when prompt is asynchronous, the first challenge
    // we obtained from the server with 401/407 response, will be processed in
    // OnAuthAvailable callback.
    nsCString                         mCurrentChallenge;
    // Saved in GetCredentials when prompt is asynchronous, remaning challenges
    // we have to process when user cancels the auth dialog for the current
    // challenge.
    nsCString                         mRemainingChallenges;

    // True when we need to authenticate to proxy, i.e. when we get 407
    // response. Used in OnAuthAvailable and OnAuthCancelled callbacks.
    uint32_t                          mProxyAuth                : 1;
    uint32_t                          mTriedProxyAuth           : 1;
    uint32_t                          mTriedHostAuth            : 1;
    uint32_t                          mSuppressDefensiveAuth    : 1;

    // If a cross-origin sub-resource is being loaded, this flag will be set.
    // In that case, the prompt text will be different to warn users.
    uint32_t                          mCrossOrigin : 1;
    uint32_t                          mConnectionBased : 1;

    RefPtr<nsHttpHandler>           mHttpHandler;  // keep gHttpHandler alive

    nsCOMPtr<nsICancelable>           mGenerateCredentialsCancelable;
};

} // namespace net
} // namespace mozilla

#endif // nsHttpChannelAuthProvider_h__

Line	Count	Source (jump to first uncovered line)
1		/* -- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -- */
2		/* vim:set et cin ts=4 sw=4 sts=4: */
3		/* This Source Code Form is subject to the terms of the Mozilla Public
4		* License, v. 2.0. If a copy of the MPL was not distributed with this
5		* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7		#ifndef nsHttpChannelAuthProvider_h__
8		#define nsHttpChannelAuthProvider_h__
9
10		#include "nsIHttpChannelAuthProvider.h"
11		#include "nsIAuthPromptCallback.h"
12		#include "nsIHttpAuthenticatorCallback.h"
13		#include "nsString.h"
14		#include "nsCOMPtr.h"
15		#include "nsHttpAuthCache.h"
16		#include "nsProxyInfo.h"
17		#include "nsCRT.h"
18		#include "nsICancelableRunnable.h"
19
20		class nsIHttpAuthenticableChannel;
21		class nsIHttpAuthenticator;
22		class nsIURI;
23
24		namespace mozilla { namespace net {
25
26		class nsHttpHandler;
27
28		class nsHttpChannelAuthProvider final
29		: public nsIHttpChannelAuthProvider
30		, public nsIAuthPromptCallback
31		, public nsIHttpAuthenticatorCallback
32		{
33		public:
34		NS_DECL_ISUPPORTS
35		NS_DECL_NSICANCELABLE
36		NS_DECL_NSIHTTPCHANNELAUTHPROVIDER
37		NS_DECL_NSIAUTHPROMPTCALLBACK
38		NS_DECL_NSIHTTPAUTHENTICATORCALLBACK
39
40		nsHttpChannelAuthProvider();
41		private:
42		virtual ~nsHttpChannelAuthProvider();
43
44		const char *ProxyHost() const
45	0	{ return mProxyInfo ? mProxyInfo->Host().get() : nullptr; }
46
47		int32_t ProxyPort() const
48	0	{ return mProxyInfo ? mProxyInfo->Port() : -1; }
49
50	0	const char *Host() const { return mHost.get(); }
51	0	int32_t Port() const { return mPort; }
52	0	bool UsingSSL() const { return mUsingSSL; }
53
54		bool UsingHttpProxy() const
55	0	{ return mProxyInfo && (mProxyInfo->IsHTTP() \|\| mProxyInfo->IsHTTPS()); }
56
57		MOZ_MUST_USE nsresult PrepareForAuthentication(bool proxyAuth);
58		MOZ_MUST_USE nsresult
59		GenCredsAndSetEntry(nsIHttpAuthenticator *, bool proxyAuth,
60		const char scheme, const char host, int32_t port,
61		const char dir, const char realm,
62		const char *challenge, const nsHttpAuthIdentity &ident,
63		nsCOMPtr<nsISupports> &session, char **result);
64		MOZ_MUST_USE nsresult GetAuthenticator(const char *challenge,
65		nsCString &scheme,
66		nsIHttpAuthenticator **auth);
67		void ParseRealm(const char *challenge, nsACString &realm);
68		void GetIdentityFromURI(uint32_t authFlags, nsHttpAuthIdentity&);
69
70		/**
71		* Following three methods return NS_ERROR_IN_PROGRESS when
72		* nsIAuthPrompt2.asyncPromptAuth method is called. This result indicates
73		* the user's decision will be gathered in a callback and is not an actual
74		* error.
75		*/
76		MOZ_MUST_USE nsresult GetCredentials(const char *challenges, bool proxyAuth,
77		nsCString& creds);
78		MOZ_MUST_USE nsresult
79		GetCredentialsForChallenge(const char challenge, const char scheme,
80		bool proxyAuth, nsIHttpAuthenticator *auth,
81		nsCString& creds);
82		MOZ_MUST_USE nsresult PromptForIdentity(uint32_t level, bool proxyAuth,
83		const char *realm,
84		const char *authType,
85		uint32_t authFlags,
86		nsHttpAuthIdentity &);
87
88		bool ConfirmAuth(const char* bundleKey, bool doYesNoPrompt);
89		void SetAuthorizationHeader(nsHttpAuthCache *, nsHttpAtom header,
90		const char scheme, const char host,
91		int32_t port, const char *path,
92		nsHttpAuthIdentity &ident);
93		MOZ_MUST_USE nsresult GetCurrentPath(nsACString &);
94		/**
95		* Return all information needed to build authorization information,
96		* all parameters except proxyAuth are out parameters. proxyAuth specifies
97		* with what authorization we work (WWW or proxy).
98		*/
99		MOZ_MUST_USE nsresult
100		GetAuthorizationMembers(bool proxyAuth, nsACString& scheme,
101		const char*& host, int32_t& port,
102		nsACString& path, nsHttpAuthIdentity*& ident,
103		nsISupports**& continuationState);
104		/**
105		* Method called to resume suspended transaction after we got credentials
106		* from the user. Called from OnAuthAvailable callback or OnAuthCancelled
107		* when credentials for next challenge were obtained synchronously.
108		*/
109		MOZ_MUST_USE nsresult ContinueOnAuthAvailable(const nsACString& creds);
110
111		MOZ_MUST_USE nsresult DoRedirectChannelToHttps();
112
113		/**
114		* A function that takes care of reading STS headers and enforcing STS
115		* load rules. After a secure channel is erected, STS requires the channel
116		* to be trusted or any STS header data on the channel is ignored.
117		* This is called from ProcessResponse.
118		*/
119		MOZ_MUST_USE nsresult ProcessSTSHeader();
120
121		// Depending on the pref setting, the authentication dialog may be blocked
122		// for all sub-resources, blocked for cross-origin sub-resources, or
123		// always allowed for sub-resources.
124		// For more details look at the bug 647010.
125		bool BlockPrompt(bool proxyAuth);
126
127		// Store credentials to the cache when appropriate aFlags are set.
128		MOZ_MUST_USE nsresult UpdateCache(nsIHttpAuthenticator *aAuth,
129		const char *aScheme,
130		const char *aHost,
131		int32_t aPort,
132		const char *aDirectory,
133		const char *aRealm,
134		const char *aChallenge,
135		const nsHttpAuthIdentity &aIdent,
136		const char *aCreds,
137		uint32_t aGenerateFlags,
138		nsISupports *aSessionState);
139
140		private:
141		nsIHttpAuthenticableChannel *mAuthChannel; // weak ref
142
143		nsCOMPtr<nsIURI> mURI;
144		nsCOMPtr<nsProxyInfo> mProxyInfo;
145		nsCString mHost;
146		int32_t mPort;
147		bool mUsingSSL;
148		bool mProxyUsingSSL;
149		bool mIsPrivate;
150
151		nsISupports *mProxyAuthContinuationState;
152		nsCString mProxyAuthType;
153		nsISupports *mAuthContinuationState;
154		nsCString mAuthType;
155		nsHttpAuthIdentity mIdent;
156		nsHttpAuthIdentity mProxyIdent;
157
158		// Reference to the prompt waiting in prompt queue. The channel is
159		// responsible to call its cancel method when user in any way cancels
160		// this request.
161		nsCOMPtr<nsICancelable> mAsyncPromptAuthCancelable;
162		// Saved in GetCredentials when prompt is asynchronous, the first challenge
163		// we obtained from the server with 401/407 response, will be processed in
164		// OnAuthAvailable callback.
165		nsCString mCurrentChallenge;
166		// Saved in GetCredentials when prompt is asynchronous, remaning challenges
167		// we have to process when user cancels the auth dialog for the current
168		// challenge.
169		nsCString mRemainingChallenges;
170
171		// True when we need to authenticate to proxy, i.e. when we get 407
172		// response. Used in OnAuthAvailable and OnAuthCancelled callbacks.
173		uint32_t mProxyAuth : 1;
174		uint32_t mTriedProxyAuth : 1;
175		uint32_t mTriedHostAuth : 1;
176		uint32_t mSuppressDefensiveAuth : 1;
177
178		// If a cross-origin sub-resource is being loaded, this flag will be set.
179		// In that case, the prompt text will be different to warn users.
180		uint32_t mCrossOrigin : 1;
181		uint32_t mConnectionBased : 1;
182
183		RefPtr<nsHttpHandler> mHttpHandler; // keep gHttpHandler alive
184
185		nsCOMPtr<nsICancelable> mGenerateCredentialsCancelable;
186		};
187
188		} // namespace net
189		} // namespace mozilla
190
191		#endif // nsHttpChannelAuthProvider_h__

Coverage Report

Created: 2018-09-25 14:53