1 /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ 2 /* vim:set et cin ts=4 sw=4 sts=4: */ 3 /* This Source Code Form is subject to the terms of the Mozilla Public 4 * License, v. 2.0. If a copy of the MPL was not distributed with this 5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 6 7 #ifndef nsHttpChannelAuthProvider_h__ 8 #define nsHttpChannelAuthProvider_h__ 9 10 #include "nsIHttpChannelAuthProvider.h" 11 #include "nsIAuthPromptCallback.h" 12 #include "nsIHttpAuthenticatorCallback.h" 13 #include "nsString.h" 14 #include "nsCOMPtr.h" 15 #include "nsHttpAuthCache.h" 16 #include "nsProxyInfo.h" 17 #include "nsCRT.h" 18 #include "nsICancelableRunnable.h" 19 20 class nsIHttpAuthenticableChannel; 21 class nsIHttpAuthenticator; 22 class nsIURI; 23 24 namespace mozilla { namespace net { 25 26 class nsHttpHandler; 27 28 class nsHttpChannelAuthProvider : public nsIHttpChannelAuthProvider 29 , public nsIAuthPromptCallback 30 , public nsIHttpAuthenticatorCallback 31 { 32 public: 33 NS_DECL_ISUPPORTS 34 NS_DECL_NSICANCELABLE 35 NS_DECL_NSIHTTPCHANNELAUTHPROVIDER 36 NS_DECL_NSIAUTHPROMPTCALLBACK 37 NS_DECL_NSIHTTPAUTHENTICATORCALLBACK 38 39 nsHttpChannelAuthProvider(); 40 static void InitializePrefs(); 41 private: 42 virtual ~nsHttpChannelAuthProvider(); 43 ProxyHost()44 const char *ProxyHost() const 45 { return mProxyInfo ? mProxyInfo->Host().get() : nullptr; } 46 ProxyPort()47 int32_t ProxyPort() const 48 { return mProxyInfo ? mProxyInfo->Port() : -1; } 49 Host()50 const char *Host() const { return mHost.get(); } Port()51 int32_t Port() const { return mPort; } UsingSSL()52 bool UsingSSL() const { return mUsingSSL; } 53 UsingHttpProxy()54 bool UsingHttpProxy() const 55 { return mProxyInfo && (mProxyInfo->IsHTTP() || mProxyInfo->IsHTTPS()); } 56 57 nsresult PrepareForAuthentication(bool proxyAuth); 58 nsresult GenCredsAndSetEntry(nsIHttpAuthenticator *, bool proxyAuth, 59 const char *scheme, const char *host, 60 int32_t port, const char *dir, 61 const char *realm, const char *challenge, 62 const nsHttpAuthIdentity &ident, 63 nsCOMPtr<nsISupports> &session, char **result); 64 nsresult GetAuthenticator(const char *challenge, nsCString &scheme, 65 nsIHttpAuthenticator **auth); 66 void ParseRealm(const char *challenge, nsACString &realm); 67 void GetIdentityFromURI(uint32_t authFlags, nsHttpAuthIdentity&); 68 69 /** 70 * Following three methods return NS_ERROR_IN_PROGRESS when 71 * nsIAuthPrompt2.asyncPromptAuth method is called. This result indicates 72 * the user's decision will be gathered in a callback and is not an actual 73 * error. 74 */ 75 nsresult GetCredentials(const char *challenges, bool proxyAuth, 76 nsAFlatCString &creds); 77 nsresult GetCredentialsForChallenge(const char *challenge, 78 const char *scheme, bool proxyAuth, 79 nsIHttpAuthenticator *auth, 80 nsAFlatCString &creds); 81 nsresult PromptForIdentity(uint32_t level, bool proxyAuth, 82 const char *realm, const char *authType, 83 uint32_t authFlags, nsHttpAuthIdentity &); 84 85 bool ConfirmAuth(const nsString &bundleKey, bool doYesNoPrompt); 86 void SetAuthorizationHeader(nsHttpAuthCache *, nsHttpAtom header, 87 const char *scheme, const char *host, 88 int32_t port, const char *path, 89 nsHttpAuthIdentity &ident); 90 nsresult GetCurrentPath(nsACString &); 91 /** 92 * Return all information needed to build authorization information, 93 * all parameters except proxyAuth are out parameters. proxyAuth specifies 94 * with what authorization we work (WWW or proxy). 95 */ 96 nsresult GetAuthorizationMembers(bool proxyAuth, nsCSubstring& scheme, 97 const char*& host, int32_t& port, 98 nsCSubstring& path, 99 nsHttpAuthIdentity*& ident, 100 nsISupports**& continuationState); 101 /** 102 * Method called to resume suspended transaction after we got credentials 103 * from the user. Called from OnAuthAvailable callback or OnAuthCancelled 104 * when credentials for next challenge were obtained synchronously. 105 */ 106 nsresult ContinueOnAuthAvailable(const nsCSubstring& creds); 107 108 nsresult DoRedirectChannelToHttps(); 109 110 /** 111 * A function that takes care of reading STS headers and enforcing STS 112 * load rules. After a secure channel is erected, STS requires the channel 113 * to be trusted or any STS header data on the channel is ignored. 114 * This is called from ProcessResponse. 115 */ 116 nsresult ProcessSTSHeader(); 117 118 // Depending on the pref setting, the authentication dialog may be blocked 119 // for all sub-resources, blocked for cross-origin sub-resources, or 120 // always allowed for sub-resources. 121 // For more details look at the bug 647010. 122 bool BlockPrompt(); 123 124 // Store credentials to the cache when appropriate aFlags are set. 125 nsresult UpdateCache(nsIHttpAuthenticator *aAuth, 126 const char *aScheme, 127 const char *aHost, 128 int32_t aPort, 129 const char *aDirectory, 130 const char *aRealm, 131 const char *aChallenge, 132 const nsHttpAuthIdentity &aIdent, 133 const char *aCreds, 134 uint32_t aGenerateFlags, 135 nsISupports *aSessionState); 136 137 private: 138 nsIHttpAuthenticableChannel *mAuthChannel; // weak ref 139 140 nsCOMPtr<nsIURI> mURI; 141 nsCOMPtr<nsProxyInfo> mProxyInfo; 142 nsCString mHost; 143 int32_t mPort; 144 bool mUsingSSL; 145 bool mProxyUsingSSL; 146 bool mIsPrivate; 147 148 nsISupports *mProxyAuthContinuationState; 149 nsCString mProxyAuthType; 150 nsISupports *mAuthContinuationState; 151 nsCString mAuthType; 152 nsHttpAuthIdentity mIdent; 153 nsHttpAuthIdentity mProxyIdent; 154 155 // Reference to the prompt waiting in prompt queue. The channel is 156 // responsible to call its cancel method when user in any way cancels 157 // this request. 158 nsCOMPtr<nsICancelable> mAsyncPromptAuthCancelable; 159 // Saved in GetCredentials when prompt is asynchronous, the first challenge 160 // we obtained from the server with 401/407 response, will be processed in 161 // OnAuthAvailable callback. 162 nsCString mCurrentChallenge; 163 // Saved in GetCredentials when prompt is asynchronous, remaning challenges 164 // we have to process when user cancels the auth dialog for the current 165 // challenge. 166 nsCString mRemainingChallenges; 167 168 // True when we need to authenticate to proxy, i.e. when we get 407 169 // response. Used in OnAuthAvailable and OnAuthCancelled callbacks. 170 uint32_t mProxyAuth : 1; 171 uint32_t mTriedProxyAuth : 1; 172 uint32_t mTriedHostAuth : 1; 173 uint32_t mSuppressDefensiveAuth : 1; 174 175 // If a cross-origin sub-resource is being loaded, this flag will be set. 176 // In that case, the prompt text will be different to warn users. 177 uint32_t mCrossOrigin : 1; 178 uint32_t mConnectionBased : 1; 179 180 RefPtr<nsHttpHandler> mHttpHandler; // keep gHttpHandler alive 181 182 // A variable holding the preference settings to whether to open HTTP 183 // authentication credentials dialogs for sub-resources and cross-origin 184 // sub-resources. 185 static uint32_t sAuthAllowPref; 186 nsCOMPtr<nsICancelable> mGenerateCredentialsCancelable; 187 }; 188 189 } // namespace net 190 } // namespace mozilla 191 192 #endif // nsHttpChannelAuthProvider_h__ 193