1 /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ 2 /* vim:set et cin ts=4 sw=4 sts=4: */ 3 /* This Source Code Form is subject to the terms of the Mozilla Public 4 * License, v. 2.0. If a copy of the MPL was not distributed with this 5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 6 7 #ifndef nsHttpChannelAuthProvider_h__ 8 #define nsHttpChannelAuthProvider_h__ 9 10 #include "nsIHttpChannelAuthProvider.h" 11 #include "nsIAuthPromptCallback.h" 12 #include "nsIHttpAuthenticatorCallback.h" 13 #include "nsString.h" 14 #include "nsCOMPtr.h" 15 #include "nsHttpAuthCache.h" 16 #include "nsProxyInfo.h" 17 #include "nsCRT.h" 18 #include "nsICancelableRunnable.h" 19 20 class nsIHttpAuthenticableChannel; 21 class nsIHttpAuthenticator; 22 class nsIURI; 23 24 namespace mozilla { 25 namespace net { 26 27 class nsHttpHandler; 28 29 class nsHttpChannelAuthProvider : public nsIHttpChannelAuthProvider, 30 public nsIAuthPromptCallback, 31 public nsIHttpAuthenticatorCallback { 32 public: 33 NS_DECL_ISUPPORTS 34 NS_DECL_NSICANCELABLE 35 NS_DECL_NSIHTTPCHANNELAUTHPROVIDER 36 NS_DECL_NSIAUTHPROMPTCALLBACK 37 NS_DECL_NSIHTTPAUTHENTICATORCALLBACK 38 39 nsHttpChannelAuthProvider(); 40 static void InitializePrefs(); 41 42 private: 43 virtual ~nsHttpChannelAuthProvider(); 44 ProxyHost()45 const char *ProxyHost() const { 46 return mProxyInfo ? mProxyInfo->Host().get() : nullptr; 47 } 48 ProxyPort()49 int32_t ProxyPort() const { return mProxyInfo ? mProxyInfo->Port() : -1; } 50 Host()51 const char *Host() const { return mHost.get(); } Port()52 int32_t Port() const { return mPort; } UsingSSL()53 bool UsingSSL() const { return mUsingSSL; } 54 UsingHttpProxy()55 bool UsingHttpProxy() const { 56 return mProxyInfo && (mProxyInfo->IsHTTP() || mProxyInfo->IsHTTPS()); 57 } 58 59 MOZ_MUST_USE nsresult PrepareForAuthentication(bool proxyAuth); 60 MOZ_MUST_USE nsresult GenCredsAndSetEntry( 61 nsIHttpAuthenticator *, bool proxyAuth, const char *scheme, 62 const char *host, int32_t port, const char *dir, const char *realm, 63 const char *challenge, const nsHttpAuthIdentity &ident, 64 nsCOMPtr<nsISupports> &session, char **result); 65 MOZ_MUST_USE nsresult GetAuthenticator(const char *challenge, 66 nsCString &scheme, 67 nsIHttpAuthenticator **auth); 68 void ParseRealm(const char *challenge, nsACString &realm); 69 void GetIdentityFromURI(uint32_t authFlags, nsHttpAuthIdentity &); 70 71 /** 72 * Following three methods return NS_ERROR_IN_PROGRESS when 73 * nsIAuthPrompt2.asyncPromptAuth method is called. This result indicates 74 * the user's decision will be gathered in a callback and is not an actual 75 * error. 76 */ 77 MOZ_MUST_USE nsresult GetCredentials(const char *challenges, bool proxyAuth, 78 nsCString &creds); 79 MOZ_MUST_USE nsresult GetCredentialsForChallenge(const char *challenge, 80 const char *scheme, 81 bool proxyAuth, 82 nsIHttpAuthenticator *auth, 83 nsCString &creds); 84 MOZ_MUST_USE nsresult PromptForIdentity(uint32_t level, bool proxyAuth, 85 const char *realm, 86 const char *authType, 87 uint32_t authFlags, 88 nsHttpAuthIdentity &); 89 90 bool ConfirmAuth(const char *bundleKey, bool doYesNoPrompt); 91 void SetAuthorizationHeader(nsHttpAuthCache *, nsHttpAtom header, 92 const char *scheme, const char *host, 93 int32_t port, const char *path, 94 nsHttpAuthIdentity &ident); 95 MOZ_MUST_USE nsresult GetCurrentPath(nsACString &); 96 /** 97 * Return all information needed to build authorization information, 98 * all parameters except proxyAuth are out parameters. proxyAuth specifies 99 * with what authorization we work (WWW or proxy). 100 */ 101 MOZ_MUST_USE nsresult GetAuthorizationMembers( 102 bool proxyAuth, nsACString &scheme, const char *&host, int32_t &port, 103 nsACString &path, nsHttpAuthIdentity *&ident, 104 nsISupports **&continuationState); 105 /** 106 * Method called to resume suspended transaction after we got credentials 107 * from the user. Called from OnAuthAvailable callback or OnAuthCancelled 108 * when credentials for next challenge were obtained synchronously. 109 */ 110 MOZ_MUST_USE nsresult ContinueOnAuthAvailable(const nsACString &creds); 111 112 MOZ_MUST_USE nsresult DoRedirectChannelToHttps(); 113 114 /** 115 * A function that takes care of reading STS headers and enforcing STS 116 * load rules. After a secure channel is erected, STS requires the channel 117 * to be trusted or any STS header data on the channel is ignored. 118 * This is called from ProcessResponse. 119 */ 120 MOZ_MUST_USE nsresult ProcessSTSHeader(); 121 122 // Depending on the pref setting, the authentication dialog may be blocked 123 // for all sub-resources, blocked for cross-origin sub-resources, or 124 // always allowed for sub-resources. 125 // For more details look at the bug 647010. 126 bool BlockPrompt(bool proxyAuth); 127 128 // Store credentials to the cache when appropriate aFlags are set. 129 MOZ_MUST_USE nsresult UpdateCache(nsIHttpAuthenticator *aAuth, 130 const char *aScheme, const char *aHost, 131 int32_t aPort, const char *aDirectory, 132 const char *aRealm, const char *aChallenge, 133 const nsHttpAuthIdentity &aIdent, 134 const char *aCreds, uint32_t aGenerateFlags, 135 nsISupports *aSessionState); 136 137 private: 138 nsIHttpAuthenticableChannel *mAuthChannel; // weak ref 139 140 nsCOMPtr<nsIURI> mURI; 141 nsCOMPtr<nsProxyInfo> mProxyInfo; 142 nsCString mHost; 143 int32_t mPort; 144 bool mUsingSSL; 145 bool mProxyUsingSSL; 146 bool mIsPrivate; 147 148 nsISupports *mProxyAuthContinuationState; 149 nsCString mProxyAuthType; 150 nsISupports *mAuthContinuationState; 151 nsCString mAuthType; 152 nsHttpAuthIdentity mIdent; 153 nsHttpAuthIdentity mProxyIdent; 154 155 // Reference to the prompt waiting in prompt queue. The channel is 156 // responsible to call its cancel method when user in any way cancels 157 // this request. 158 nsCOMPtr<nsICancelable> mAsyncPromptAuthCancelable; 159 // Saved in GetCredentials when prompt is asynchronous, the first challenge 160 // we obtained from the server with 401/407 response, will be processed in 161 // OnAuthAvailable callback. 162 nsCString mCurrentChallenge; 163 // Saved in GetCredentials when prompt is asynchronous, remaning challenges 164 // we have to process when user cancels the auth dialog for the current 165 // challenge. 166 nsCString mRemainingChallenges; 167 168 // True when we need to authenticate to proxy, i.e. when we get 407 169 // response. Used in OnAuthAvailable and OnAuthCancelled callbacks. 170 uint32_t mProxyAuth : 1; 171 uint32_t mTriedProxyAuth : 1; 172 uint32_t mTriedHostAuth : 1; 173 uint32_t mSuppressDefensiveAuth : 1; 174 175 // If a cross-origin sub-resource is being loaded, this flag will be set. 176 // In that case, the prompt text will be different to warn users. 177 uint32_t mCrossOrigin : 1; 178 uint32_t mConnectionBased : 1; 179 180 RefPtr<nsHttpHandler> mHttpHandler; // keep gHttpHandler alive 181 182 // A variable holding the preference settings to whether to open HTTP 183 // authentication credentials dialogs for sub-resources and cross-origin 184 // sub-resources. 185 static uint32_t sAuthAllowPref; 186 static bool sImgCrossOriginAuthAllowPref; 187 static bool sNonWebContentTriggeredAuthAllow; 188 nsCOMPtr<nsICancelable> mGenerateCredentialsCancelable; 189 }; 190 191 } // namespace net 192 } // namespace mozilla 193 194 #endif // nsHttpChannelAuthProvider_h__ 195