commit 6e26d9768654bb8b1cd54dfb1a8954e75f9c5dd0
parent 349658c0e36a5cb7f2b62e77c60e9d142969f9b4
Author: Sean <sekim@mozilla.com>
Date: Wed, 17 Dec 2025 13:37:36 +0000
Bug 1915371 - Part 1: Add XPIDL interface for HTTP Authentication Cache r=necko-reviewers,jesup
Differential Revision: https://phabricator.services.mozilla.com/D243723
Diffstat:
11 files changed, 275 insertions(+), 75 deletions(-)
diff --git a/netwerk/build/components.conf b/netwerk/build/components.conf
@@ -305,6 +305,16 @@ Classes = [
'headers': ['/netwerk/protocol/http/nsCORSListenerProxy.h'],
},
{
+ 'name': 'HttpAuthCache',
+ 'cid': '{e4aa6025-e0d8-40f0-92c7-f0100c6d6174}',
+ 'contract_ids': ['@mozilla.org/network/http-auth-cache;1'],
+ 'singleton': True,
+ 'processes': ProcessSelector.MAIN_PROCESS_ONLY,
+ 'type': 'nsIHttpAuthCache',
+ 'constructor': 'mozilla::net::nsHttpAuthManager::GetHttpAuthCacheSingleton',
+ 'headers': ['/netwerk/protocol/http/nsHttpAuthCache.h'],
+ },
+ {
'cid': '{9e3b6c90-2f75-11d3-8cd0-0060b0fc14a3}',
'contract_ids': ['@mozilla.org/network/protocol;1?name=about'],
'singleton': True,
diff --git a/netwerk/protocol/http/moz.build b/netwerk/protocol/http/moz.build
@@ -14,8 +14,10 @@ XPIDL_SOURCES += [
"nsICORSPreflightCacheEntry.idl",
"nsIEarlyHintObserver.idl",
"nsIHttpActivityObserver.idl",
+ "nsIHttpAuthCache.idl",
"nsIHttpAuthenticableChannel.idl",
"nsIHttpAuthenticator.idl",
+ "nsIHttpAuthEntry.idl",
"nsIHttpAuthManager.idl",
"nsIHttpChannel.idl",
"nsIHttpChannelAuthProvider.idl",
diff --git a/netwerk/protocol/http/nsHttpAuthCache.cpp b/netwerk/protocol/http/nsHttpAuthCache.cpp
@@ -37,14 +37,47 @@ static inline void GetAuthKey(const nsACString& scheme, const nsACString& host,
//-----------------------------------------------------------------------------
// nsHttpAuthCache <public>
//-----------------------------------------------------------------------------
+NS_IMPL_ISUPPORTS(nsHttpAuthCache, nsIHttpAuthCache)
-nsHttpAuthCache::nsHttpAuthCache()
- : mDB(128), mObserver(new OriginClearObserver(this)) {
+NS_IMETHODIMP
+nsHttpAuthCache::GetEntries(nsTArray<RefPtr<nsIHttpAuthEntry>>& aEntries) {
+ for (auto iter = mDB.Iter(); !iter.Done(); iter.Next()) {
+ nsHttpAuthNode* node = iter.Data().get();
+ for (auto& entry : node->mList) {
+ auto* tmp = entry.get();
+ aEntries.AppendElement(tmp);
+ }
+ }
+
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsHttpAuthCache::ClearEntry(nsIHttpAuthEntry* aEntry) {
+ NS_ENSURE_ARG_POINTER(aEntry);
+
+ for (auto iter = mDB.Iter(); !iter.Done(); iter.Next()) {
+ nsHttpAuthNode* node = iter.Data().get();
+
+ for (auto& entry : node->mList) {
+ if (entry.get() == aEntry) {
+ node->mList.RemoveElement(entry);
+ if (node->EntryCount() == 0) {
+ iter.Remove();
+ }
+ return NS_OK;
+ }
+ }
+ }
+ return NS_ERROR_NOT_AVAILABLE;
+}
+
+nsHttpAuthCache::nsHttpAuthCache() : mDB(128) {
LOG(("nsHttpAuthCache::nsHttpAuthCache %p", this));
nsCOMPtr<nsIObserverService> obsSvc = services::GetObserverService();
if (obsSvc) {
- obsSvc->AddObserver(mObserver, "clear-origin-attributes-data", false);
+ obsSvc->AddObserver(this, "clear-origin-attributes-data", true);
}
}
@@ -54,8 +87,7 @@ nsHttpAuthCache::~nsHttpAuthCache() {
ClearAll();
nsCOMPtr<nsIObserverService> obsSvc = services::GetObserverService();
if (obsSvc) {
- obsSvc->RemoveObserver(mObserver, "clear-origin-attributes-data");
- mObserver->mOwner = nullptr;
+ obsSvc->RemoveObserver(this, "clear-origin-attributes-data");
}
}
@@ -64,7 +96,7 @@ nsresult nsHttpAuthCache::GetAuthEntryForPath(const nsACString& scheme,
int32_t port,
const nsACString& path,
nsACString const& originSuffix,
- nsHttpAuthEntry** entry) {
+ RefPtr<nsHttpAuthEntry>& entry) {
LOG(("nsHttpAuthCache::GetAuthEntryForPath %p [path=%s]\n", this,
path.BeginReading()));
@@ -72,9 +104,9 @@ nsresult nsHttpAuthCache::GetAuthEntryForPath(const nsACString& scheme,
nsHttpAuthNode* node = LookupAuthNode(scheme, host, port, originSuffix, key);
if (!node) return NS_ERROR_NOT_AVAILABLE;
- *entry = node->LookupEntryByPath(path);
- LOG((" returning %p", *entry));
- return *entry ? NS_OK : NS_ERROR_NOT_AVAILABLE;
+ entry = node->LookupEntryByPath(path);
+ LOG((" returning %p", entry.get()));
+ return entry ? NS_OK : NS_ERROR_NOT_AVAILABLE;
}
nsresult nsHttpAuthCache::GetAuthEntryForDomain(const nsACString& scheme,
@@ -82,7 +114,7 @@ nsresult nsHttpAuthCache::GetAuthEntryForDomain(const nsACString& scheme,
int32_t port,
const nsACString& realm,
nsACString const& originSuffix,
- nsHttpAuthEntry** entry)
+ RefPtr<nsHttpAuthEntry>& entry)
{
LOG(("nsHttpAuthCache::GetAuthEntryForDomain %p [realm=%s]\n", this,
@@ -92,9 +124,9 @@ nsresult nsHttpAuthCache::GetAuthEntryForDomain(const nsACString& scheme,
nsHttpAuthNode* node = LookupAuthNode(scheme, host, port, originSuffix, key);
if (!node) return NS_ERROR_NOT_AVAILABLE;
- *entry = node->LookupEntryByRealm(realm);
- LOG((" returning %p", *entry));
- return *entry ? NS_OK : NS_ERROR_NOT_AVAILABLE;
+ entry = node->LookupEntryByRealm(realm);
+ LOG((" returning %p", entry.get()));
+ return entry ? NS_OK : NS_ERROR_NOT_AVAILABLE;
}
nsresult nsHttpAuthCache::SetAuthEntry(
@@ -158,21 +190,16 @@ nsHttpAuthNode* nsHttpAuthCache::LookupAuthNode(const nsACString& scheme,
return result;
}
-NS_IMPL_ISUPPORTS(nsHttpAuthCache::OriginClearObserver, nsIObserver)
-
NS_IMETHODIMP
-nsHttpAuthCache::OriginClearObserver::Observe(nsISupports* subject,
- const char* topic,
- const char16_t* data_unicode) {
- NS_ENSURE_TRUE(mOwner, NS_ERROR_NOT_AVAILABLE);
-
+nsHttpAuthCache::Observe(nsISupports* subject, const char* topic,
+ const char16_t* data_unicode) {
OriginAttributesPattern pattern;
if (!pattern.Init(nsDependentString(data_unicode))) {
NS_ERROR("Cannot parse origin attributes pattern");
return NS_ERROR_FAILURE;
}
- mOwner->ClearOriginData(pattern);
+ ClearOriginData(pattern);
return NS_OK;
}
@@ -219,9 +246,74 @@ bool nsHttpAuthIdentity::Equals(const nsHttpAuthIdentity& ident) const {
mDomain == ident.mDomain;
}
+NS_IMPL_ISUPPORTS(AuthIdentity, nsIHttpAuthIdentity)
+
+NS_IMETHODIMP
+AuthIdentity::GetDomain(nsAString& aDomain) {
+ aDomain = mIdent.Domain();
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+AuthIdentity::GetUser(nsAString& aUser) {
+ aUser = mIdent.User();
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+AuthIdentity::GetPassword(nsAString& aPassword) {
+ aPassword = mIdent.Password();
+ return NS_OK;
+}
+
//-----------------------------------------------------------------------------
// nsHttpAuthEntry
//-----------------------------------------------------------------------------
+NS_IMPL_ISUPPORTS(nsHttpAuthEntry, nsIHttpAuthEntry)
+
+NS_IMETHODIMP
+nsHttpAuthEntry::GetRealm(nsACString& aRealm) {
+ aRealm = mRealm;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsHttpAuthEntry::GetCreds(nsACString& aCreds) {
+ aCreds = mCreds;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsHttpAuthEntry::GetChallenge(nsACString& aChallenge) {
+ aChallenge = mChallenge;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsHttpAuthEntry::GetDomain(nsAString& aDomain) {
+ aDomain = mIdent.Domain();
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsHttpAuthEntry::GetUser(nsAString& aUser) {
+ aUser = mIdent.User();
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsHttpAuthEntry::GetPassword(nsAString& aPass) {
+ aPass = mIdent.Password();
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsHttpAuthEntry::GetIdentity(nsIHttpAuthIdentity** aIdentity) {
+ NS_ENSURE_ARG_POINTER(aIdentity);
+ RefPtr<nsIHttpAuthIdentity> ident = new AuthIdentity(mIdent);
+ ident.forget(aIdentity);
+ return NS_OK;
+}
nsresult nsHttpAuthEntry::AddPath(const nsACString& aPath) {
for (const auto& p : mPaths) {
@@ -320,14 +412,13 @@ nsresult nsHttpAuthNode::SetAuthEntry(const nsACString& path,
const nsHttpAuthIdentity* ident,
nsISupports* metadata) {
// look for an entry with a matching realm
- nsHttpAuthEntry* entry = LookupEntryByRealm(realm);
+ RefPtr<nsHttpAuthEntry> entry = LookupEntryByRealm(realm);
if (!entry) {
// We want the latest identity be at the begining of the list so that
// the newest working credentials are sent first on new requests.
// Changing a realm is sometimes used to "timeout" authrozization.
- mList.InsertElementAt(
- 0, WrapUnique(new nsHttpAuthEntry(path, realm, creds, challenge, ident,
- metadata)));
+ entry = new nsHttpAuthEntry(path, realm, creds, challenge, ident, metadata);
+ mList.InsertElementAt(0, entry);
} else {
// update the entry...
nsresult rv = entry->Set(path, realm, creds, challenge, ident, metadata);
diff --git a/netwerk/protocol/http/nsHttpAuthCache.h b/netwerk/protocol/http/nsHttpAuthCache.h
@@ -12,6 +12,7 @@
#include "nsCOMPtr.h"
#include "nsHashKeys.h"
#include "nsStringFwd.h"
+#include "nsIHttpAuthCache.h"
#include "nsIObserver.h"
namespace mozilla {
@@ -49,12 +50,36 @@ class nsHttpAuthIdentity {
nsString mDomain;
};
+// This is an XPCOM wrapper for nsHttpAuthIdentity
+class AuthIdentity final : public nsIHttpAuthIdentity {
+ public:
+ NS_DECL_ISUPPORTS
+ NS_DECL_NSIHTTPAUTHIDENTITY
+
+ explicit AuthIdentity(const nsHttpAuthIdentity& aIdent) : mIdent(aIdent) {}
+
+ private:
+ virtual ~AuthIdentity() = default;
+ nsHttpAuthIdentity mIdent;
+};
+
//-----------------------------------------------------------------------------
// nsHttpAuthEntry
//-----------------------------------------------------------------------------
-class nsHttpAuthEntry {
+class nsHttpAuthEntry : public nsIHttpAuthEntry {
public:
+ NS_DECL_ISUPPORTS
+ NS_DECL_NSIHTTPAUTHENTRY
+
+ nsHttpAuthEntry(const nsACString& path, const nsACString& realm,
+ const nsACString& creds, const nsACString& challenge,
+ const nsHttpAuthIdentity* ident, nsISupports* metadata) {
+ DebugOnly<nsresult> rv =
+ Set(path, realm, creds, challenge, ident, metadata);
+ MOZ_ASSERT(NS_SUCCEEDED(rv));
+ }
+
const nsCString& Realm() const { return mRealm; }
const nsCString& Creds() const { return mCreds; }
const nsCString& Challenge() const { return mChallenge; }
@@ -69,14 +94,7 @@ class nsHttpAuthEntry {
nsCOMPtr<nsISupports> mMetaData;
private:
- nsHttpAuthEntry(const nsACString& path, const nsACString& realm,
- const nsACString& creds, const nsACString& challenge,
- const nsHttpAuthIdentity* ident, nsISupports* metadata) {
- DebugOnly<nsresult> rv =
- Set(path, realm, creds, challenge, ident, metadata);
- MOZ_ASSERT(NS_SUCCEEDED(rv));
- }
- ~nsHttpAuthEntry() = default;
+ virtual ~nsHttpAuthEntry() = default;
[[nodiscard]] nsresult Set(const nsACString& path, const nsACString& realm,
const nsACString& creds,
@@ -104,7 +122,7 @@ class nsHttpAuthEntry {
class nsHttpAuthNode {
private:
- using EntryList = nsTArray<UniquePtr<nsHttpAuthEntry>>;
+ using EntryList = nsTArray<RefPtr<nsHttpAuthEntry>>;
nsHttpAuthNode();
~nsHttpAuthNode();
@@ -143,10 +161,13 @@ class nsHttpAuthNode {
// (holds a hash table from host:port to nsHttpAuthNode)
//-----------------------------------------------------------------------------
-class nsHttpAuthCache {
+class nsHttpAuthCache : public nsIHttpAuthCache, public nsIObserver {
public:
+ NS_DECL_ISUPPORTS
+ NS_DECL_NSIHTTPAUTHCACHE
+ NS_DECL_NSIOBSERVER
+
nsHttpAuthCache();
- ~nsHttpAuthCache();
// |scheme|, |host|, and |port| are required
// |path| can be null
@@ -156,7 +177,7 @@ class nsHttpAuthCache {
int32_t port,
const nsACString& path,
nsACString const& originSuffix,
- nsHttpAuthEntry** entry);
+ RefPtr<nsHttpAuthEntry>& entry);
// |scheme|, |host|, and |port| are required
// |realm| must not be null
@@ -166,7 +187,7 @@ class nsHttpAuthCache {
int32_t port,
const nsACString& realm,
nsACString const& originSuffix,
- nsHttpAuthEntry** entry);
+ RefPtr<nsHttpAuthEntry>& entry);
// |scheme|, |host|, and |port| are required
// |path| can be null
@@ -194,23 +215,13 @@ class nsHttpAuthCache {
const nsACString& host, int32_t port,
nsACString const& originSuffix,
nsCString& key);
-
- class OriginClearObserver : public nsIObserver {
- virtual ~OriginClearObserver() = default;
-
- public:
- NS_DECL_ISUPPORTS
- NS_DECL_NSIOBSERVER
- explicit OriginClearObserver(nsHttpAuthCache* aOwner) : mOwner(aOwner) {}
- nsHttpAuthCache* mOwner;
- };
-
void ClearOriginData(OriginAttributesPattern const& pattern);
private:
+ virtual ~nsHttpAuthCache();
+
using AuthNodeTable = nsClassHashtable<nsCStringHashKey, nsHttpAuthNode>;
AuthNodeTable mDB; // "host:port" --> nsHttpAuthNode
- RefPtr<OriginClearObserver> mObserver;
};
} // namespace net
diff --git a/netwerk/protocol/http/nsHttpAuthManager.cpp b/netwerk/protocol/http/nsHttpAuthManager.cpp
@@ -16,6 +16,15 @@ namespace net {
NS_IMPL_ISUPPORTS(nsHttpAuthManager, nsIHttpAuthManager)
+/* static */
+already_AddRefed<nsIHttpAuthCache>
+nsHttpAuthManager::GetHttpAuthCacheSingleton() {
+ NS_ASSERTION(!IsNeckoChild(), "not a parent process");
+
+ // Return only the non-private cache
+ return do_AddRef(gHttpHandler->AuthCache(/* aPrivate = */ false));
+}
+
nsresult nsHttpAuthManager::Init() {
// get reference to the auth cache. we assume that we will live
// as long as gHttpHandler. instantiate it if necessary.
@@ -46,8 +55,9 @@ nsHttpAuthManager::GetAuthIdentity(
const nsACString& aAuthType, const nsACString& aRealm,
const nsACString& aPath, nsAString& aUserDomain, nsAString& aUserName,
nsAString& aUserPassword, bool aIsPrivate, nsIPrincipal* aPrincipal) {
- nsHttpAuthCache* auth_cache = aIsPrivate ? mPrivateAuthCache : mAuthCache;
- nsHttpAuthEntry* entry = nullptr;
+ RefPtr<nsHttpAuthCache> auth_cache =
+ aIsPrivate ? mPrivateAuthCache : mAuthCache;
+ RefPtr<nsHttpAuthEntry> entry = nullptr;
nsresult rv;
nsAutoCString originSuffix;
@@ -57,10 +67,10 @@ nsHttpAuthManager::GetAuthIdentity(
if (!aPath.IsEmpty()) {
rv = auth_cache->GetAuthEntryForPath(aScheme, aHost, aPort, aPath,
- originSuffix, &entry);
+ originSuffix, entry);
} else {
rv = auth_cache->GetAuthEntryForDomain(aScheme, aHost, aPort, aRealm,
- originSuffix, &entry);
+ originSuffix, entry);
}
if (NS_FAILED(rv)) return rv;
@@ -86,7 +96,8 @@ nsHttpAuthManager::SetAuthIdentity(
aPrincipal->OriginAttributesRef().CreateSuffix(originSuffix);
}
- nsHttpAuthCache* auth_cache = aIsPrivate ? mPrivateAuthCache : mAuthCache;
+ RefPtr<nsHttpAuthCache> auth_cache =
+ aIsPrivate ? mPrivateAuthCache : mAuthCache;
return auth_cache->SetAuthEntry(aScheme, aHost, aPort, aPath, aRealm,
""_ns, // credentials
""_ns, // challenge
diff --git a/netwerk/protocol/http/nsHttpAuthManager.h b/netwerk/protocol/http/nsHttpAuthManager.h
@@ -18,14 +18,16 @@ class nsHttpAuthManager : public nsIHttpAuthManager {
NS_DECL_ISUPPORTS
NS_DECL_NSIHTTPAUTHMANAGER
+ static already_AddRefed<nsIHttpAuthCache> GetHttpAuthCacheSingleton();
+
nsHttpAuthManager() = default;
[[nodiscard]] nsresult Init();
protected:
virtual ~nsHttpAuthManager() = default;
- nsHttpAuthCache* mAuthCache{nullptr};
- nsHttpAuthCache* mPrivateAuthCache{nullptr};
+ RefPtr<nsHttpAuthCache> mAuthCache;
+ RefPtr<nsHttpAuthCache> mPrivateAuthCache;
};
} // namespace net
diff --git a/netwerk/protocol/http/nsHttpChannelAuthProvider.cpp b/netwerk/protocol/http/nsHttpChannelAuthProvider.cpp
@@ -825,9 +825,9 @@ nsresult nsHttpChannelAuthProvider::GetCredentialsForChallenge(
// in the cache have changed, in which case we'd want to give them a
// try instead.
//
- nsHttpAuthEntry* entry = nullptr;
+ RefPtr<nsHttpAuthEntry> entry;
(void)authCache->GetAuthEntryForDomain(scheme, host, port, realm, suffix,
- &entry);
+ entry);
// hold reference to the auth session state (in case we clear our
// reference to the entry).
@@ -1385,9 +1385,9 @@ NS_IMETHODIMP nsHttpChannelAuthProvider::OnAuthAvailable(
}
nsHttpAuthCache* authCache = gHttpHandler->AuthCache(mIsPrivate);
- nsHttpAuthEntry* entry = nullptr;
+ RefPtr<nsHttpAuthEntry> entry;
(void)authCache->GetAuthEntryForDomain(scheme, host, port, realm, suffix,
- &entry);
+ entry);
nsCOMPtr<nsISupports> sessionStateGrip;
if (entry) sessionStateGrip = entry->mMetaData;
@@ -1570,7 +1570,7 @@ void nsHttpChannelAuthProvider::SetAuthorizationHeader(
nsHttpAuthCache* authCache, const nsHttpAtom& header,
const nsACString& scheme, const nsACString& host, int32_t port,
const nsACString& path, nsHttpAuthIdentity& ident) {
- nsHttpAuthEntry* entry = nullptr;
+ RefPtr<nsHttpAuthEntry> entry;
nsresult rv;
// set informations that depend on whether
@@ -1601,7 +1601,7 @@ void nsHttpChannelAuthProvider::SetAuthorizationHeader(
GetOriginAttributesSuffix(chan, suffix);
}
- rv = authCache->GetAuthEntryForPath(scheme, host, port, path, suffix, &entry);
+ rv = authCache->GetAuthEntryForPath(scheme, host, port, path, suffix, entry);
if (NS_SUCCEEDED(rv)) {
// if we are trying to add a header for origin server auth and if the
// URL contains an explicit username, then try the given username first.
diff --git a/netwerk/protocol/http/nsHttpHandler.cpp b/netwerk/protocol/http/nsHttpHandler.cpp
@@ -259,7 +259,9 @@ static nsCString DocumentAcceptHeader() {
Atomic<bool, Relaxed> nsHttpHandler::sParentalControlsEnabled(false);
nsHttpHandler::nsHttpHandler()
- : mIdleTimeout(PR_SecondsToInterval(10)),
+ : mAuthCache(new nsHttpAuthCache()),
+ mPrivateAuthCache(new nsHttpAuthCache()),
+ mIdleTimeout(PR_SecondsToInterval(10)),
mSpdyTimeout(
PR_SecondsToInterval(StaticPrefs::network_http_http2_timeout())),
mResponseTimeout(PR_SecondsToInterval(300)),
@@ -2269,8 +2271,8 @@ nsHttpHandler::GetAltSvcCacheKeys(nsTArray<nsCString>& value) {
NS_IMETHODIMP
nsHttpHandler::GetAuthCacheKeys(nsTArray<nsCString>& aValues) {
- mAuthCache.CollectKeys(aValues);
- mPrivateAuthCache.CollectKeys(aValues);
+ mAuthCache->CollectKeys(aValues);
+ mPrivateAuthCache->CollectKeys(aValues);
return NS_OK;
}
@@ -2290,8 +2292,8 @@ nsHttpHandler::Observe(nsISupports* subject, const char* topic,
mHandlerActive = false;
// clear cache of all authentication credentials.
- mAuthCache.ClearAll();
- mPrivateAuthCache.ClearAll();
+ mAuthCache->ClearAll();
+ mPrivateAuthCache->ClearAll();
if (mWifiTickler) mWifiTickler->Cancel();
// Inform nsIOService that network is tearing down.
@@ -2320,8 +2322,8 @@ nsHttpHandler::Observe(nsISupports* subject, const char* topic,
MOZ_ASSERT(NS_SUCCEEDED(rv));
mAltSvcCache = MakeUnique<AltSvcCache>();
} else if (!strcmp(topic, "net:clear-active-logins")) {
- mAuthCache.ClearAll();
- mPrivateAuthCache.ClearAll();
+ mAuthCache->ClearAll();
+ mPrivateAuthCache->ClearAll();
} else if (!strcmp(topic, "net:cancel-all-connections")) {
if (mConnMgr) {
mConnMgr->AbortAndCloseAllConnections(0, nullptr);
@@ -2354,7 +2356,7 @@ nsHttpHandler::Observe(nsISupports* subject, const char* topic,
nsCOMPtr<nsIURI> uri = do_QueryInterface(subject);
#endif
} else if (!strcmp(topic, "last-pb-context-exited")) {
- mPrivateAuthCache.ClearAll();
+ mPrivateAuthCache->ClearAll();
if (mAltSvcCache) {
mAltSvcCache->ClearAltServiceMappings();
}
diff --git a/netwerk/protocol/http/nsHttpHandler.h b/netwerk/protocol/http/nsHttpHandler.h
@@ -226,7 +226,7 @@ class nsHttpHandler final : public nsIHttpProtocolHandler,
FrameCheckLevel GetEnforceH1Framing() { return mEnforceH1Framing; }
nsHttpAuthCache* AuthCache(bool aPrivate) {
- return aPrivate ? &mPrivateAuthCache : &mAuthCache;
+ return aPrivate ? mPrivateAuthCache : mAuthCache;
}
nsHttpConnectionMgr* ConnMgr() {
MOZ_ASSERT_IF(nsIOService::UseSocketProcess(), XRE_IsSocketProcess());
@@ -560,8 +560,8 @@ class nsHttpHandler final : public nsIHttpProtocolHandler,
nsMainThreadPtrHandle<nsISiteSecurityService> mSSService;
// the authentication credentials cache
- nsHttpAuthCache mAuthCache;
- nsHttpAuthCache mPrivateAuthCache;
+ RefPtr<nsHttpAuthCache> mAuthCache;
+ RefPtr<nsHttpAuthCache> mPrivateAuthCache;
// the connection manager
RefPtr<HttpConnectionMgrShell> mConnMgr;
diff --git a/netwerk/protocol/http/nsIHttpAuthCache.idl b/netwerk/protocol/http/nsIHttpAuthCache.idl
@@ -0,0 +1,28 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+#include "nsIHttpAuthEntry.idl"
+
+/**
+ * nsIHttpAuthCache
+ *
+ * Provides methods for iterating across the HTTP authentication cache entries
+ * for access and modification
+ *
+ */
+[builtinclass, scriptable, uuid(6ef2115c-7c67-41de-8de3-f7d412660a03)]
+interface nsIHttpAuthCache : nsISupports
+{
+ /**
+ * Retrieve all HTTP auth cache entries.
+ */
+ Array<nsIHttpAuthEntry> getEntries();
+
+ /**
+ * Clears a specified cache entry from the HTTP auth cache.
+ */
+ void clearEntry(in nsIHttpAuthEntry entry);
+};
diff --git a/netwerk/protocol/http/nsIHttpAuthEntry.idl b/netwerk/protocol/http/nsIHttpAuthEntry.idl
@@ -0,0 +1,43 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+/**
+ * nsIHttpAuthIdentity
+ * Defines an interface (domain, user, and password)
+ * identifying the HTTP authentication cache entry.
+ *
+ */
+[scriptable, builtinclass, uuid(5a88870b-92bd-4c2f-817a-04132caef74c)]
+interface nsIHttpAuthIdentity : nsISupports
+{
+ readonly attribute AString domain;
+ readonly attribute AString user;
+ readonly attribute AString password;
+};
+
+/**
+ * nsIHttpAuthEntry
+ * Defines an interface representing a cache entry in the HTTP authentication cache.
+ *
+ */
+[scriptable, builtinclass, uuid(9bdf473d-63c2-4cf8-92f8-270e80b8aeba)]
+interface nsIHttpAuthEntry : nsISupports
+{
+ readonly attribute ACString realm;
+
+ readonly attribute ACString creds;
+
+ readonly attribute ACString challenge;
+
+ readonly attribute AString domain;
+
+ readonly attribute AString user;
+
+ readonly attribute AString password;
+
+ readonly attribute nsIHttpAuthIdentity identity;
+};
