1 : /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
2 : /* vim:set et cin ts=4 sw=4 sts=4: */
3 : /* ***** BEGIN LICENSE BLOCK *****
4 : * Version: MPL 1.1/GPL 2.0/LGPL 2.1
5 : *
6 : * The contents of this file are subject to the Mozilla Public License Version
7 : * 1.1 (the "License"); you may not use this file except in compliance with
8 : * the License. You may obtain a copy of the License at
9 : * http://www.mozilla.org/MPL/
10 : *
11 : * Software distributed under the License is distributed on an "AS IS" basis,
12 : * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
13 : * for the specific language governing rights and limitations under the
14 : * License.
15 : *
16 : * The Original Code is Mozilla.
17 : *
18 : * The Initial Developer of the Original Code is
19 : * Netscape Communications.
20 : * Portions created by the Initial Developer are Copyright (C) 2001
21 : * the Initial Developer. All Rights Reserved.
22 : *
23 : * Contributor(s):
24 : * Darin Fisher <darin@netscape.com> (original author)
25 : * Christian Biesinger <cbiesinger@web.de>
26 : * Wellington Fernando de Macedo <wfernandom2004@gmail.com>
27 : *
28 : * Alternatively, the contents of this file may be used under the terms of
29 : * either the GNU General Public License Version 2 or later (the "GPL"), or
30 : * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
31 : * in which case the provisions of the GPL or the LGPL are applicable instead
32 : * of those above. If you wish to allow use of your version of this file only
33 : * under the terms of either the GPL or the LGPL, and not to allow others to
34 : * use your version of this file under the terms of the MPL, indicate your
35 : * decision by deleting the provisions above and replace them with the notice
36 : * and other provisions required by the GPL or the LGPL. If you do not delete
37 : * the provisions above, a recipient may use your version of this file under
38 : * the terms of any one of the MPL, the GPL or the LGPL.
39 : *
40 : * ***** END LICENSE BLOCK ***** */
41 :
42 : #ifndef nsHttpChannelAuthProvider_h__
43 : #define nsHttpChannelAuthProvider_h__
44 :
45 : #include "nsHttp.h"
46 : #include "nsIHttpChannelAuthProvider.h"
47 : #include "nsIAuthPromptCallback.h"
48 : #include "nsString.h"
49 : #include "nsCOMPtr.h"
50 : #include "nsIHttpAuthenticableChannel.h"
51 : #include "nsIURI.h"
52 : #include "nsHttpAuthCache.h"
53 : #include "nsProxyInfo.h"
54 :
55 : class nsIHttpAuthenticator;
56 :
57 : class nsHttpChannelAuthProvider : public nsIHttpChannelAuthProvider
58 : , public nsIAuthPromptCallback
59 : {
60 : public:
61 : NS_DECL_ISUPPORTS
62 : NS_DECL_NSICANCELABLE
63 : NS_DECL_NSIHTTPCHANNELAUTHPROVIDER
64 : NS_DECL_NSIAUTHPROMPTCALLBACK
65 :
66 : nsHttpChannelAuthProvider();
67 : virtual ~nsHttpChannelAuthProvider();
68 :
69 : private:
70 3502 : const char *ProxyHost() const
71 3502 : { return mProxyInfo ? mProxyInfo->Host().get() : nsnull; }
72 :
73 31 : PRInt32 ProxyPort() const
74 31 : { return mProxyInfo ? mProxyInfo->Port() : -1; }
75 :
76 3519 : const char *Host() const { return mHost.get(); }
77 3519 : PRInt32 Port() const { return mPort; }
78 10 : bool UsingSSL() const { return mUsingSSL; }
79 :
80 110 : bool UsingHttpProxy() const
81 110 : { return !!(mProxyInfo && !nsCRT::strcmp(mProxyInfo->Type(), "http")); }
82 :
83 : nsresult PrepareForAuthentication(bool proxyAuth);
84 : nsresult GenCredsAndSetEntry(nsIHttpAuthenticator *, bool proxyAuth,
85 : const char *scheme, const char *host,
86 : PRInt32 port, const char *dir,
87 : const char *realm, const char *challenge,
88 : const nsHttpAuthIdentity &ident,
89 : nsCOMPtr<nsISupports> &session, char **result);
90 : nsresult GetAuthenticator(const char *challenge, nsCString &scheme,
91 : nsIHttpAuthenticator **auth);
92 : void ParseRealm(const char *challenge, nsACString &realm);
93 : void GetIdentityFromURI(PRUint32 authFlags, nsHttpAuthIdentity&);
94 : /**
95 : * Following three methods return NS_ERROR_IN_PROGRESS when
96 : * nsIAuthPrompt2.asyncPromptAuth method is called. This result indicates
97 : * the user's decision will be gathered in a callback and is not an actual
98 : * error.
99 : */
100 : nsresult GetCredentials(const char *challenges, bool proxyAuth,
101 : nsAFlatCString &creds);
102 : nsresult GetCredentialsForChallenge(const char *challenge,
103 : const char *scheme, bool proxyAuth,
104 : nsIHttpAuthenticator *auth,
105 : nsAFlatCString &creds);
106 : nsresult PromptForIdentity(PRUint32 level, bool proxyAuth,
107 : const char *realm, const char *authType,
108 : PRUint32 authFlags, nsHttpAuthIdentity &);
109 :
110 : bool ConfirmAuth(const nsString &bundleKey, bool doYesNoPrompt);
111 : void SetAuthorizationHeader(nsHttpAuthCache *, nsHttpAtom header,
112 : const char *scheme, const char *host,
113 : PRInt32 port, const char *path,
114 : nsHttpAuthIdentity &ident);
115 : nsresult GetCurrentPath(nsACString &);
116 : /**
117 : * Return all information needed to build authorization information,
118 : * all parameters except proxyAuth are out parameters. proxyAuth specifies
119 : * with what authorization we work (WWW or proxy).
120 : */
121 : nsresult GetAuthorizationMembers(bool proxyAuth, nsCSubstring& scheme,
122 : const char*& host, PRInt32& port,
123 : nsCSubstring& path,
124 : nsHttpAuthIdentity*& ident,
125 : nsISupports**& continuationState);
126 : /**
127 : * Method called to resume suspended transaction after we got credentials
128 : * from the user. Called from OnAuthAvailable callback or OnAuthCancelled
129 : * when credentials for next challenge were obtained synchronously.
130 : */
131 : nsresult ContinueOnAuthAvailable(const nsCSubstring& creds);
132 :
133 : nsresult DoRedirectChannelToHttps();
134 :
135 : /**
136 : * A function that takes care of reading STS headers and enforcing STS
137 : * load rules. After a secure channel is erected, STS requires the channel
138 : * to be trusted or any STS header data on the channel is ignored.
139 : * This is called from ProcessResponse.
140 : */
141 : nsresult ProcessSTSHeader();
142 :
143 : private:
144 : nsIHttpAuthenticableChannel *mAuthChannel; // weak ref
145 :
146 : nsCOMPtr<nsIURI> mURI;
147 : nsCOMPtr<nsProxyInfo> mProxyInfo;
148 : nsCString mHost;
149 : PRInt32 mPort;
150 : bool mUsingSSL;
151 :
152 : nsISupports *mProxyAuthContinuationState;
153 : nsCString mProxyAuthType;
154 : nsISupports *mAuthContinuationState;
155 : nsCString mAuthType;
156 : nsHttpAuthIdentity mIdent;
157 : nsHttpAuthIdentity mProxyIdent;
158 :
159 : // Reference to the prompt waiting in prompt queue. The channel is
160 : // responsible to call its cancel method when user in any way cancels
161 : // this request.
162 : nsCOMPtr<nsICancelable> mAsyncPromptAuthCancelable;
163 : // Saved in GetCredentials when prompt is asynchronous, the first challenge
164 : // we obtained from the server with 401/407 response, will be processed in
165 : // OnAuthAvailable callback.
166 : nsCString mCurrentChallenge;
167 : // Saved in GetCredentials when prompt is asynchronous, remaning challenges
168 : // we have to process when user cancels the auth dialog for the current
169 : // challenge.
170 : nsCString mRemainingChallenges;
171 :
172 : // True when we need to authenticate to proxy, i.e. when we get 407
173 : // response. Used in OnAuthAvailable and OnAuthCancelled callbacks.
174 : PRUint32 mProxyAuth : 1;
175 : PRUint32 mTriedProxyAuth : 1;
176 : PRUint32 mTriedHostAuth : 1;
177 : PRUint32 mSuppressDefensiveAuth : 1;
178 : };
179 :
180 : #endif // nsHttpChannelAuthProvider_h__
|