michael@0: /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ michael@0: /* vim:set et cin ts=4 sw=4 sts=4: */ michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public michael@0: * License, v. 2.0. If a copy of the MPL was not distributed with this michael@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ michael@0: michael@0: #ifndef nsHttpChannelAuthProvider_h__ michael@0: #define nsHttpChannelAuthProvider_h__ michael@0: michael@0: #include "nsIHttpChannelAuthProvider.h" michael@0: #include "nsIAuthPromptCallback.h" michael@0: #include "nsString.h" michael@0: #include "nsCOMPtr.h" michael@0: #include "nsHttpAuthCache.h" michael@0: #include "nsProxyInfo.h" michael@0: #include "nsCRT.h" michael@0: michael@0: class nsIHttpAuthenticableChannel; michael@0: class nsIHttpAuthenticator; michael@0: class nsIURI; michael@0: michael@0: namespace mozilla { namespace net { michael@0: michael@0: class nsHttpHandler; michael@0: michael@0: class nsHttpChannelAuthProvider : public nsIHttpChannelAuthProvider michael@0: , public nsIAuthPromptCallback michael@0: { michael@0: public: michael@0: NS_DECL_ISUPPORTS michael@0: NS_DECL_NSICANCELABLE michael@0: NS_DECL_NSIHTTPCHANNELAUTHPROVIDER michael@0: NS_DECL_NSIAUTHPROMPTCALLBACK michael@0: michael@0: nsHttpChannelAuthProvider(); michael@0: virtual ~nsHttpChannelAuthProvider(); michael@0: michael@0: private: michael@0: const char *ProxyHost() const michael@0: { return mProxyInfo ? mProxyInfo->Host().get() : nullptr; } michael@0: michael@0: int32_t ProxyPort() const michael@0: { return mProxyInfo ? mProxyInfo->Port() : -1; } michael@0: michael@0: const char *Host() const { return mHost.get(); } michael@0: int32_t Port() const { return mPort; } michael@0: bool UsingSSL() const { return mUsingSSL; } michael@0: michael@0: bool UsingHttpProxy() const michael@0: { return !!(mProxyInfo && !nsCRT::strcmp(mProxyInfo->Type(), "http")); } michael@0: michael@0: nsresult PrepareForAuthentication(bool proxyAuth); michael@0: nsresult GenCredsAndSetEntry(nsIHttpAuthenticator *, bool proxyAuth, michael@0: const char *scheme, const char *host, michael@0: int32_t port, const char *dir, michael@0: const char *realm, const char *challenge, michael@0: const nsHttpAuthIdentity &ident, michael@0: nsCOMPtr &session, char **result); michael@0: nsresult GetAuthenticator(const char *challenge, nsCString &scheme, michael@0: nsIHttpAuthenticator **auth); michael@0: void ParseRealm(const char *challenge, nsACString &realm); michael@0: void GetIdentityFromURI(uint32_t authFlags, nsHttpAuthIdentity&); michael@0: michael@0: /** michael@0: * Following three methods return NS_ERROR_IN_PROGRESS when michael@0: * nsIAuthPrompt2.asyncPromptAuth method is called. This result indicates michael@0: * the user's decision will be gathered in a callback and is not an actual michael@0: * error. michael@0: */ michael@0: nsresult GetCredentials(const char *challenges, bool proxyAuth, michael@0: nsAFlatCString &creds); michael@0: nsresult GetCredentialsForChallenge(const char *challenge, michael@0: const char *scheme, bool proxyAuth, michael@0: nsIHttpAuthenticator *auth, michael@0: nsAFlatCString &creds); michael@0: nsresult PromptForIdentity(uint32_t level, bool proxyAuth, michael@0: const char *realm, const char *authType, michael@0: uint32_t authFlags, nsHttpAuthIdentity &); michael@0: michael@0: bool ConfirmAuth(const nsString &bundleKey, bool doYesNoPrompt); michael@0: void SetAuthorizationHeader(nsHttpAuthCache *, nsHttpAtom header, michael@0: const char *scheme, const char *host, michael@0: int32_t port, const char *path, michael@0: nsHttpAuthIdentity &ident); michael@0: nsresult GetCurrentPath(nsACString &); michael@0: /** michael@0: * Return all information needed to build authorization information, michael@0: * all parameters except proxyAuth are out parameters. proxyAuth specifies michael@0: * with what authorization we work (WWW or proxy). michael@0: */ michael@0: nsresult GetAuthorizationMembers(bool proxyAuth, nsCSubstring& scheme, michael@0: const char*& host, int32_t& port, michael@0: nsCSubstring& path, michael@0: nsHttpAuthIdentity*& ident, michael@0: nsISupports**& continuationState); michael@0: /** michael@0: * Method called to resume suspended transaction after we got credentials michael@0: * from the user. Called from OnAuthAvailable callback or OnAuthCancelled michael@0: * when credentials for next challenge were obtained synchronously. michael@0: */ michael@0: nsresult ContinueOnAuthAvailable(const nsCSubstring& creds); michael@0: michael@0: nsresult DoRedirectChannelToHttps(); michael@0: michael@0: /** michael@0: * A function that takes care of reading STS headers and enforcing STS michael@0: * load rules. After a secure channel is erected, STS requires the channel michael@0: * to be trusted or any STS header data on the channel is ignored. michael@0: * This is called from ProcessResponse. michael@0: */ michael@0: nsresult ProcessSTSHeader(); michael@0: michael@0: private: michael@0: nsIHttpAuthenticableChannel *mAuthChannel; // weak ref michael@0: michael@0: nsCOMPtr mURI; michael@0: nsCOMPtr mProxyInfo; michael@0: nsCString mHost; michael@0: int32_t mPort; michael@0: bool mUsingSSL; michael@0: bool mIsPrivate; michael@0: michael@0: nsISupports *mProxyAuthContinuationState; michael@0: nsCString mProxyAuthType; michael@0: nsISupports *mAuthContinuationState; michael@0: nsCString mAuthType; michael@0: nsHttpAuthIdentity mIdent; michael@0: nsHttpAuthIdentity mProxyIdent; michael@0: michael@0: // Reference to the prompt waiting in prompt queue. The channel is michael@0: // responsible to call its cancel method when user in any way cancels michael@0: // this request. michael@0: nsCOMPtr mAsyncPromptAuthCancelable; michael@0: // Saved in GetCredentials when prompt is asynchronous, the first challenge michael@0: // we obtained from the server with 401/407 response, will be processed in michael@0: // OnAuthAvailable callback. michael@0: nsCString mCurrentChallenge; michael@0: // Saved in GetCredentials when prompt is asynchronous, remaning challenges michael@0: // we have to process when user cancels the auth dialog for the current michael@0: // challenge. michael@0: nsCString mRemainingChallenges; michael@0: michael@0: // True when we need to authenticate to proxy, i.e. when we get 407 michael@0: // response. Used in OnAuthAvailable and OnAuthCancelled callbacks. michael@0: uint32_t mProxyAuth : 1; michael@0: uint32_t mTriedProxyAuth : 1; michael@0: uint32_t mTriedHostAuth : 1; michael@0: uint32_t mSuppressDefensiveAuth : 1; michael@0: michael@0: nsRefPtr mHttpHandler; // keep gHttpHandler alive michael@0: }; michael@0: michael@0: }} // namespace mozilla::net michael@0: michael@0: #endif // nsHttpChannelAuthProvider_h__