| Clark DuVall | 502f6639 | 2019-01-23 16:55:17 | [diff] [blame] | 1 | // Copyright 2018 The Chromium Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
| 5 | #ifndef NET_HTTP_HTTP_NEGOTIATE_AUTH_SYSTEM_H_ |
| 6 | #define NET_HTTP_HTTP_NEGOTIATE_AUTH_SYSTEM_H_ |
| 7 | |
| 8 | #include "net/base/completion_once_callback.h" |
| 9 | #include "net/base/net_export.h" |
| 10 | #include "net/http/http_auth.h" |
| 11 | |
| 12 | namespace net { |
| 13 | |
| 14 | class AuthCredentials; |
| 15 | class HttpAuthChallengeTokenizer; |
| 16 | |
| 17 | class NET_EXPORT_PRIVATE HttpNegotiateAuthSystem { |
| 18 | public: |
| 19 | virtual ~HttpNegotiateAuthSystem() = default; |
| 20 | |
| 21 | virtual bool Init() = 0; |
| 22 | |
| 23 | // True if authentication needs the identity of the user from Chrome. |
| 24 | virtual bool NeedsIdentity() const = 0; |
| 25 | |
| 26 | // True authentication can use explicit credentials included in the URL. |
| 27 | virtual bool AllowsExplicitCredentials() const = 0; |
| 28 | |
| 29 | // Parse a received Negotiate challenge. |
| 30 | virtual HttpAuth::AuthorizationResult ParseChallenge( |
| 31 | HttpAuthChallengeTokenizer* tok) = 0; |
| 32 | |
| 33 | // Generates an authentication token. |
| 34 | // |
| 35 | // The return value is an error code. The authentication token will be |
| 36 | // returned in |*auth_token|. If the result code is not |OK|, the value of |
| 37 | // |*auth_token| is unspecified. |
| 38 | // |
| 39 | // If the operation cannot be completed synchronously, |ERR_IO_PENDING| will |
| 40 | // be returned and the real result code will be passed to the completion |
| 41 | // callback. Otherwise the result code is returned immediately from this |
| 42 | // call. |
| 43 | // |
| 44 | // If the AndroidAuthNegotiate object is deleted before completion then the |
| 45 | // callback will not be called. |
| 46 | // |
| 47 | // If no immediate result is returned then |auth_token| must remain valid |
| 48 | // until the callback has been called. |
| 49 | // |
| 50 | // |spn| is the Service Principal Name of the server that the token is |
| 51 | // being generated for. |
| 52 | // |
| 53 | // If this is the first round of a multiple round scheme, credentials are |
| Asanka Herath | 26b1de8 | 2019-05-23 04:03:04 | [diff] [blame^] | 54 | // obtained using |*credentials|. If |credentials| is nullptr, the default |
| Clark DuVall | 502f6639 | 2019-01-23 16:55:17 | [diff] [blame] | 55 | // credentials are used instead. |
| 56 | virtual int GenerateAuthToken(const AuthCredentials* credentials, |
| 57 | const std::string& spn, |
| 58 | const std::string& channel_bindings, |
| 59 | std::string* auth_token, |
| 60 | CompletionOnceCallback callback) = 0; |
| 61 | |
| Roman Sorokin | 040f25f1 | 2019-03-06 17:50:26 | [diff] [blame] | 62 | // Sets the delegation type allowed on the Kerberos ticket. This allows |
| 63 | // certain servers to act as the user, such as an IIS server retrieving data |
| 64 | // from a Kerberized MSSQL server. |
| 65 | virtual void SetDelegation(HttpAuth::DelegationType delegation_type) = 0; |
| Clark DuVall | 502f6639 | 2019-01-23 16:55:17 | [diff] [blame] | 66 | }; |
| 67 | |
| 68 | } // namespace net |
| 69 | |
| 70 | #endif // NET_HTTP_HTTP_NEGOTIATE_AUTH_SYSTEM_H_ |
