[ tor-browser ].git.dasho

nsHttpChannelAuthProvider.h (7289B)
      1 /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
      2 /* vim:set et cin ts=4 sw=2 sts=2: */
      3 /* This Source Code Form is subject to the terms of the Mozilla Public
      4 * License, v. 2.0. If a copy of the MPL was not distributed with this
      5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      6 
      7 #ifndef nsHttpChannelAuthProvider_h__
      8 #define nsHttpChannelAuthProvider_h__
      9 
     10 #include "nsIHttpChannelAuthProvider.h"
     11 #include "nsIAuthPromptCallback.h"
     12 #include "nsIHttpAuthenticatorCallback.h"
     13 #include "nsString.h"
     14 #include "nsCOMPtr.h"
     15 #include "nsHttpAuthCache.h"
     16 #include "nsProxyInfo.h"
     17 #include "nsICancelable.h"
     18 
     19 class nsIHttpAuthenticableChannel;
     20 class nsIHttpAuthenticator;
     21 class nsIURI;
     22 
     23 namespace mozilla {
     24 namespace net {
     25 
     26 class nsHttpHandler;
     27 struct nsHttpAtom;
     28 
     29 class nsHttpChannelAuthProvider final : public nsIHttpChannelAuthProvider,
     30                                        public nsIAuthPromptCallback,
     31                                        public nsIHttpAuthenticatorCallback {
     32 public:
     33  NS_DECL_ISUPPORTS
     34  NS_DECL_NSICANCELABLE
     35  NS_DECL_NSIHTTPCHANNELAUTHPROVIDER
     36  NS_DECL_NSIAUTHPROMPTCALLBACK
     37  NS_DECL_NSIHTTPAUTHENTICATORCALLBACK
     38 
     39  nsHttpChannelAuthProvider();
     40 
     41 private:
     42  virtual ~nsHttpChannelAuthProvider();
     43 
     44  const nsCString& ProxyHost() const {
     45    return mProxyInfo ? mProxyInfo->Host() : EmptyCString();
     46  }
     47 
     48  int32_t ProxyPort() const { return mProxyInfo ? mProxyInfo->Port() : -1; }
     49 
     50  const nsCString& Host() const { return mHost; }
     51  int32_t Port() const { return mPort; }
     52  bool UsingSSL() const { return mUsingSSL; }
     53 
     54  bool UsingHttpProxy() const {
     55    return mProxyInfo && (mProxyInfo->IsHTTP() || mProxyInfo->IsHTTPS());
     56  }
     57 
     58  [[nodiscard]] nsresult PrepareForAuthentication(bool proxyAuth);
     59  [[nodiscard]] nsresult GenCredsAndSetEntry(
     60      nsIHttpAuthenticator*, bool proxyAuth, const nsACString& scheme,
     61      const nsACString& host, int32_t port, const nsACString& dir,
     62      const nsACString& realm, const nsACString& challenge,
     63      const nsHttpAuthIdentity& ident, nsCOMPtr<nsISupports>& session,
     64      nsACString& result);
     65  [[nodiscard]] nsresult GetAuthenticator(const nsACString& aChallenge,
     66                                          nsCString& authType,
     67                                          nsIHttpAuthenticator** auth);
     68  void ParseRealm(const nsACString&, nsACString& realm);
     69  void GetIdentityFromURI(uint32_t authFlags, nsHttpAuthIdentity&);
     70 
     71  /**
     72   * Following three methods return NS_ERROR_IN_PROGRESS when
     73   * nsIAuthPrompt2.asyncPromptAuth method is called. This result indicates
     74   * the user's decision will be gathered in a callback and is not an actual
     75   * error.
     76   */
     77  [[nodiscard]] nsresult GetCredentials(const nsACString& challenges,
     78                                        bool proxyAuth, nsCString& creds);
     79  [[nodiscard]] nsresult GetCredentialsForChallenge(
     80      const nsACString& aChallenge, const nsACString& aAuthType, bool proxyAuth,
     81      nsIHttpAuthenticator* auth, nsCString& creds);
     82  [[nodiscard]] nsresult PromptForIdentity(uint32_t level, bool proxyAuth,
     83                                           const nsACString& realm,
     84                                           const nsACString& authType,
     85                                           uint32_t authFlags,
     86                                           nsHttpAuthIdentity&);
     87 
     88  void SetAuthorizationHeader(nsHttpAuthCache*, const nsHttpAtom& header,
     89                              const nsACString& scheme, const nsACString& host,
     90                              int32_t port, const nsACString& path,
     91                              nsHttpAuthIdentity& ident);
     92  [[nodiscard]] nsresult GetCurrentPath(nsACString&);
     93  /**
     94   * Return all information needed to build authorization information,
     95   * all parameters except proxyAuth are out parameters. proxyAuth specifies
     96   * with what authorization we work (WWW or proxy).
     97   */
     98  [[nodiscard]] nsresult GetAuthorizationMembers(
     99      bool proxyAuth, nsACString& scheme, nsCString& host, int32_t& port,
    100      nsACString& path, nsHttpAuthIdentity*& ident,
    101      nsISupports**& continuationState);
    102  /**
    103   * Method called to resume suspended transaction after we got credentials
    104   * from the user. Called from OnAuthAvailable callback or OnAuthCancelled
    105   * when credentials for next challenge were obtained synchronously.
    106   */
    107  [[nodiscard]] nsresult ContinueOnAuthAvailable(const nsACString& creds);
    108 
    109  [[nodiscard]] nsresult DoRedirectChannelToHttps();
    110 
    111  /**
    112   * A function that takes care of reading STS headers and enforcing STS
    113   * load rules.  After a secure channel is erected, STS requires the channel
    114   * to be trusted or any STS header data on the channel is ignored.
    115   * This is called from ProcessResponse.
    116   */
    117  [[nodiscard]] nsresult ProcessSTSHeader();
    118 
    119  // Depending on the pref setting, the authentication dialog may be blocked
    120  // for all sub-resources, blocked for cross-origin sub-resources, or
    121  // always allowed for sub-resources.
    122  // For more details look at the bug 647010.
    123  bool BlockPrompt(bool proxyAuth);
    124 
    125  // Store credentials to the cache when appropriate aFlags are set.
    126  [[nodiscard]] nsresult UpdateCache(
    127      nsIHttpAuthenticator* aAuth, const nsACString& aScheme,
    128      const nsACString& aHost, int32_t aPort, const nsACString& aDirectory,
    129      const nsACString& aRealm, const nsACString& aChallenge,
    130      const nsHttpAuthIdentity& aIdent, const nsACString& aCreds,
    131      uint32_t aGenerateFlags, nsISupports* aSessionState, bool aProxyAuth);
    132 
    133 private:
    134  nsIHttpAuthenticableChannel* mAuthChannel{nullptr};  // weak ref
    135 
    136  nsCOMPtr<nsIURI> mURI;
    137  nsCOMPtr<nsProxyInfo> mProxyInfo;
    138  nsCString mHost;
    139  int32_t mPort{-1};
    140  bool mUsingSSL{false};
    141  bool mProxyUsingSSL{false};
    142  bool mIsPrivate{false};
    143 
    144  nsISupports* mProxyAuthContinuationState{nullptr};
    145  nsCString mProxyAuthType;
    146  nsISupports* mAuthContinuationState{nullptr};
    147  nsCString mAuthType;
    148  nsHttpAuthIdentity mIdent;
    149  nsHttpAuthIdentity mProxyIdent;
    150 
    151  // Reference to the prompt waiting in prompt queue. The channel is
    152  // responsible to call its cancel method when user in any way cancels
    153  // this request.
    154  nsCOMPtr<nsICancelable> mAsyncPromptAuthCancelable;
    155  // Saved in GetCredentials when prompt is asynchronous, the first challenge
    156  // we obtained from the server with 401/407 response, will be processed in
    157  // OnAuthAvailable callback.
    158  nsCString mCurrentChallenge;
    159  // Saved in GetCredentials when prompt is asynchronous, remaning challenges
    160  // we have to process when user cancels the auth dialog for the current
    161  // challenge.
    162  nsCString mRemainingChallenges;
    163 
    164  // True when we need to authenticate to proxy, i.e. when we get 407
    165  // response. Used in OnAuthAvailable and OnAuthCancelled callbacks.
    166  uint32_t mProxyAuth : 1;
    167  uint32_t mTriedProxyAuth : 1;
    168  uint32_t mTriedHostAuth : 1;
    169 
    170  // If a cross-origin sub-resource is being loaded, this flag will be set.
    171  // In that case, the prompt text will be different to warn users.
    172  uint32_t mCrossOrigin : 1;
    173  uint32_t mConnectionBased : 1;
    174 
    175  RefPtr<nsHttpHandler> mHttpHandler;  // keep gHttpHandler alive
    176 
    177  nsCOMPtr<nsICancelable> mGenerateCredentialsCancelable;
    178 };
    179 
    180 }  // namespace net
    181 }  // namespace mozilla
    182 
    183 #endif  // nsHttpChannelAuthProvider_h__
	tor-browser The Tor Browser
	git clone https://git.dasho.dev/tor-browser.git
	Log \| Files \| Refs \| README \| LICENSE