Google Git
Sign in
chromium / chromium / src.git / cc07b335a33d0c64d63c95f2045825d99f3d4125 / . / net / http / url_security_manager.h
blob: 83fc5e11ca08377287fa39606ff674b137d21675 [file] [log] [blame]
[email protected]3b63f8f42011-03-28 01:54:15[diff] [blame]1// Copyright (c) 2011 The Chromium Authors. All rights reserved.
[email protected]d7f16632010-03-29 18:02:36[diff] [blame]2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef NET_HTTP_URL_SECURITY_MANAGER_H_
6#define NET_HTTP_URL_SECURITY_MANAGER_H_
7
danakj1fd259a02016-04-16 03:17:09[diff] [blame]8#include <memory>
9
Avi Drissman13fc8932015-12-20 04:40:46[diff] [blame]10#include "base/macros.h"
[email protected]172da1b2011-08-12 15:52:26[diff] [blame]11#include "net/base/net_export.h"
[email protected]b4955e7d2010-04-16 20:22:30[diff] [blame]12
[email protected]d7f16632010-03-29 18:02:36[diff] [blame]13class GURL;
14
15namespace net {
16
[email protected]930cbb52010-04-02 17:27:10[diff] [blame]17class HttpAuthFilter;
18
[email protected]d7f16632010-03-29 18:02:36[diff] [blame]19// The URL security manager controls the policies (allow, deny, prompt user)
20// regarding URL actions (e.g., sending the default credentials to a server).
aberentbba302d2015-12-03 10:20:19[diff] [blame]21class NET_EXPORT_PRIVATE URLSecurityManager {
[email protected]d7f16632010-03-29 18:02:36[diff] [blame]22 public:
[email protected]2227c692010-05-04 15:36:11[diff] [blame]23 URLSecurityManager() {}
24 virtual ~URLSecurityManager() {}
[email protected]d7f16632010-03-29 18:02:36[diff] [blame]25
26 // Creates a platform-dependent instance of URLSecurityManager.
[email protected]d201b200e2010-08-27 17:35:02[diff] [blame]27 //
Ryan Sleevia9d6aa62019-07-26 13:32:18[diff] [blame]28 // A security manager has two allowlists, a "default allowlist" that is a
29 // allowlist of servers with which default credentials can be used, and a
30 // "delegate allowlist" that is the allowlist of servers that are allowed to
aberentbba302d2015-12-03 10:20:19[diff] [blame]31 // have delegated Kerberos tickets.
32 //
Ryan Sleevia9d6aa62019-07-26 13:32:18[diff] [blame]33 // On creation both allowlists are empty.
aberentbba302d2015-12-03 10:20:19[diff] [blame]34 //
Ryan Sleevia9d6aa62019-07-26 13:32:18[diff] [blame]35 // If the default allowlist is empty and the platform is Windows, it indicates
[email protected]d201b200e2010-08-27 17:35:02[diff] [blame]36 // that security zone mapping should be used to determine whether default
Ryan Sleevia9d6aa62019-07-26 13:32:18[diff] [blame]37 // credentials should be used. If the default allowlist is empty and the
[email protected]d201b200e2010-08-27 17:35:02[diff] [blame]38 // platform is non-Windows, it indicates that no servers should be
Ryan Sleevia9d6aa62019-07-26 13:32:18[diff] [blame]39 // allowlisted.
[email protected]d201b200e2010-08-27 17:35:02[diff] [blame]40 //
Ryan Sleevia9d6aa62019-07-26 13:32:18[diff] [blame]41 // If the delegate allowlist is empty no servers can have delegated Kerberos
aberentbba302d2015-12-03 10:20:19[diff] [blame]42 // tickets.
[email protected]d201b200e2010-08-27 17:35:02[diff] [blame]43 //
Juan Jose Lopez Jaimez7fa1f002017-11-20 22:13:33[diff] [blame]44 static std::unique_ptr<URLSecurityManager> Create();
[email protected]d7f16632010-03-29 18:02:36[diff] [blame]45
46 // Returns true if we can send the default credentials to the server at
47 // |auth_origin| for HTTP NTLM or Negotiate authentication.
[email protected]d201b200e2010-08-27 17:35:02[diff] [blame]48 virtual bool CanUseDefaultCredentials(const GURL& auth_origin) const = 0;
49
50 // Returns true if Kerberos delegation is allowed for the server at
51 // |auth_origin| for HTTP Negotiate authentication.
52 virtual bool CanDelegate(const GURL& auth_origin) const = 0;
[email protected]930cbb52010-04-02 17:27:10[diff] [blame]53
Ryan Sleevia9d6aa62019-07-26 13:32:18[diff] [blame]54 virtual void SetDefaultAllowlist(
55 std::unique_ptr<HttpAuthFilter> allowlist_default) = 0;
56 virtual void SetDelegateAllowlist(
57 std::unique_ptr<HttpAuthFilter> allowlist_delegate) = 0;
aberentbba302d2015-12-03 10:20:19[diff] [blame]58
[email protected]b4955e7d2010-04-16 20:22:30[diff] [blame]59 private:
60 DISALLOW_COPY_AND_ASSIGN(URLSecurityManager);
61};
62
Ryan Sleevia9d6aa62019-07-26 13:32:18[diff] [blame]63class URLSecurityManagerAllowlist : public URLSecurityManager {
[email protected]b4955e7d2010-04-16 20:22:30[diff] [blame]64 public:
Ryan Sleevia9d6aa62019-07-26 13:32:18[diff] [blame]65 URLSecurityManagerAllowlist();
66 ~URLSecurityManagerAllowlist() override;
[email protected]b4955e7d2010-04-16 20:22:30[diff] [blame]67
68 // URLSecurityManager methods.
dchengb03027d2014-10-21 12:00:20[diff] [blame]69 bool CanUseDefaultCredentials(const GURL& auth_origin) const override;
70 bool CanDelegate(const GURL& auth_origin) const override;
Ryan Sleevia9d6aa62019-07-26 13:32:18[diff] [blame]71 void SetDefaultAllowlist(
72 std::unique_ptr<HttpAuthFilter> allowlist_default) override;
73 void SetDelegateAllowlist(
74 std::unique_ptr<HttpAuthFilter> allowlist_delegate) override;
aberentbba302d2015-12-03 10:20:19[diff] [blame]75
76 protected:
Ryan Sleevia9d6aa62019-07-26 13:32:18[diff] [blame]77 bool HasDefaultAllowlist() const;
[email protected]b4955e7d2010-04-16 20:22:30[diff] [blame]78
79 private:
Ryan Sleevia9d6aa62019-07-26 13:32:18[diff] [blame]80 std::unique_ptr<const HttpAuthFilter> allowlist_default_;
81 std::unique_ptr<const HttpAuthFilter> allowlist_delegate_;
[email protected]b4955e7d2010-04-16 20:22:30[diff] [blame]82
Ryan Sleevia9d6aa62019-07-26 13:32:18[diff] [blame]83 DISALLOW_COPY_AND_ASSIGN(URLSecurityManagerAllowlist);
[email protected]d7f16632010-03-29 18:02:36[diff] [blame]84};
85
[email protected]d7f16632010-03-29 18:02:36[diff] [blame]86} // namespace net
87
88#endif // NET_HTTP_URL_SECURITY_MANAGER_H_