nsHttpChannelAuthProvider.h

Enable keyboard shortcuts

/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */

/* vim:set et cin ts=4 sw=2 sts=2: */

/* This Source Code Form is subject to the terms of the Mozilla Public

 * License, v. 2.0. If a copy of the MPL was not distributed with this

 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#ifndef nsHttpChannelAuthProvider_h__

#define nsHttpChannelAuthProvider_h__

#include "nsIHttpChannelAuthProvider.h"

#include "nsIAuthPromptCallback.h"

#include "nsIHttpAuthenticatorCallback.h"

#include "nsString.h"

#include "nsCOMPtr.h"

#include "nsHttpAuthCache.h"

#include "nsProxyInfo.h"

#include "nsICancelable.h"

class nsIHttpAuthenticableChannel;

class nsIHttpAuthenticator;

class nsIURI;

namespace mozilla {

namespace net {

class nsHttpHandler;

struct nsHttpAtom;

class nsHttpChannelAuthProvider final : public nsIHttpChannelAuthProvider,

                                        public nsIAuthPromptCallback,

                                        public nsIHttpAuthenticatorCallback {

 public:

  NS_DECL_ISUPPORTS

  NS_DECL_NSICANCELABLE

  NS_DECL_NSIHTTPCHANNELAUTHPROVIDER

  NS_DECL_NSIAUTHPROMPTCALLBACK

  NS_DECL_NSIHTTPAUTHENTICATORCALLBACK

  nsHttpChannelAuthProvider();

 private:

  virtual ~nsHttpChannelAuthProvider();

  const nsCString& ProxyHost() const {

    return mProxyInfo ? mProxyInfo->Host() : EmptyCString();

  int32_t ProxyPort() const { return mProxyInfo ? mProxyInfo->Port() : -1; }

  const nsCString& Host() const { return mHost; }

  int32_t Port() const { return mPort; }

  bool UsingSSL() const { return mUsingSSL; }

  bool UsingHttpProxy() const {

    return mProxyInfo && (mProxyInfo->IsHTTP() || mProxyInfo->IsHTTPS());

  [[nodiscard]] nsresult PrepareForAuthentication(bool proxyAuth);

  [[nodiscard]] nsresult GenCredsAndSetEntry(

      nsIHttpAuthenticator*, bool proxyAuth, const nsACString& scheme,

      const nsACString& host, int32_t port, const nsACString& dir,

      const nsACString& realm, const nsACString& challenge,

      const nsHttpAuthIdentity& ident, nsCOMPtr<nsISupports>& session,

      nsACString& result);

  [[nodiscard]] nsresult GetAuthenticator(const nsACString& aChallenge,

                                          nsCString& authType,

                                          nsIHttpAuthenticator** auth);

  void ParseRealm(const nsACString&, nsACString& realm);

  void GetIdentityFromURI(uint32_t authFlags, nsHttpAuthIdentity&);

/**

   * Following three methods return NS_ERROR_IN_PROGRESS when

   * nsIAuthPrompt2.asyncPromptAuth method is called. This result indicates

   * the user's decision will be gathered in a callback and is not an actual

   * error.

*/

  [[nodiscard]] nsresult GetCredentials(const nsACString& challenges,

                                        bool proxyAuth, nsCString& creds);

  [[nodiscard]] nsresult GetCredentialsForChallenge(

      const nsACString& aChallenge, const nsACString& aAuthType, bool proxyAuth,

      nsIHttpAuthenticator* auth, nsCString& creds);

  [[nodiscard]] nsresult PromptForIdentity(uint32_t level, bool proxyAuth,

                                           const nsACString& realm,

                                           const nsACString& authType,

                                           uint32_t authFlags,

                                           nsHttpAuthIdentity&);

  bool ConfirmAuth(const char* bundleKey, bool doYesNoPrompt);

  void SetAuthorizationHeader(nsHttpAuthCache*, const nsHttpAtom& header,

                              const nsACString& scheme, const nsACString& host,

                              int32_t port, const nsACString& path,

                              nsHttpAuthIdentity& ident);

  [[nodiscard]] nsresult GetCurrentPath(nsACString&);

/**

   * Return all information needed to build authorization information,

   * all parameters except proxyAuth are out parameters. proxyAuth specifies

   * with what authorization we work (WWW or proxy).

*/

  [[nodiscard]] nsresult GetAuthorizationMembers(

      bool proxyAuth, nsACString& scheme, nsCString& host, int32_t& port,

      nsACString& path, nsHttpAuthIdentity*& ident,

      nsISupports**& continuationState);

/**

   * Method called to resume suspended transaction after we got credentials

   * from the user. Called from OnAuthAvailable callback or OnAuthCancelled

   * when credentials for next challenge were obtained synchronously.

*/

  [[nodiscard]] nsresult ContinueOnAuthAvailable(const nsACString& creds);

  [[nodiscard]] nsresult DoRedirectChannelToHttps();

/**

   * A function that takes care of reading STS headers and enforcing STS

   * load rules.  After a secure channel is erected, STS requires the channel

   * to be trusted or any STS header data on the channel is ignored.

   * This is called from ProcessResponse.

*/

  [[nodiscard]] nsresult ProcessSTSHeader();

  // Depending on the pref setting, the authentication dialog may be blocked

  // for all sub-resources, blocked for cross-origin sub-resources, or

  // always allowed for sub-resources.

  // For more details look at the bug 647010.

  bool BlockPrompt(bool proxyAuth);

  // Store credentials to the cache when appropriate aFlags are set.

  [[nodiscard]] nsresult UpdateCache(

      nsIHttpAuthenticator* aAuth, const nsACString& aScheme,

      const nsACString& aHost, int32_t aPort, const nsACString& aDirectory,

      const nsACString& aRealm, const nsACString& aChallenge,

      const nsHttpAuthIdentity& aIdent, const nsACString& aCreds,

      uint32_t aGenerateFlags, nsISupports* aSessionState, bool aProxyAuth);

 private:

  nsIHttpAuthenticableChannel* mAuthChannel{nullptr};  // weak ref

  nsCOMPtr<nsIURI> mURI;

  nsCOMPtr<nsProxyInfo> mProxyInfo;

  nsCString mHost;

  int32_t mPort{-1};

  bool mUsingSSL{false};

  bool mProxyUsingSSL{false};

  bool mIsPrivate{false};

  nsISupports* mProxyAuthContinuationState{nullptr};

  nsCString mProxyAuthType;

  nsISupports* mAuthContinuationState{nullptr};

  nsCString mAuthType;

  nsHttpAuthIdentity mIdent;

  nsHttpAuthIdentity mProxyIdent;

  // Reference to the prompt waiting in prompt queue. The channel is

  // responsible to call its cancel method when user in any way cancels

  // this request.

  nsCOMPtr<nsICancelable> mAsyncPromptAuthCancelable;

  // Saved in GetCredentials when prompt is asynchronous, the first challenge

  // we obtained from the server with 401/407 response, will be processed in

  // OnAuthAvailable callback.

  nsCString mCurrentChallenge;

  // Saved in GetCredentials when prompt is asynchronous, remaning challenges

  // we have to process when user cancels the auth dialog for the current

  // challenge.

  nsCString mRemainingChallenges;

  // True when we need to authenticate to proxy, i.e. when we get 407

  // response. Used in OnAuthAvailable and OnAuthCancelled callbacks.

  uint32_t mProxyAuth : 1;

  uint32_t mTriedProxyAuth : 1;

  uint32_t mTriedHostAuth : 1;

  uint32_t mSuppressDefensiveAuth : 1;

  // If a cross-origin sub-resource is being loaded, this flag will be set.

  // In that case, the prompt text will be different to warn users.

  uint32_t mCrossOrigin : 1;

  uint32_t mConnectionBased : 1;

  RefPtr<nsHttpHandler> mHttpHandler;  // keep gHttpHandler alive

  nsCOMPtr<nsICancelable> mGenerateCredentialsCancelable;

};

}  // namespace net

}  // namespace mozilla

#endif  // nsHttpChannelAuthProvider_h__