blob: 35bdd872b9f62b303e21805e30ac23ce158e4067 [file] [log] [blame]
// Copyright (c) 2011 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include <memory>
#include "base/macros.h"
#include "net/base/net_export.h"
class GURL;
namespace net {
class HttpAuthFilter;
// The URL security manager controls the policies (allow, deny, prompt user)
// regarding URL actions (e.g., sending the default credentials to a server).
class NET_EXPORT_PRIVATE URLSecurityManager {
URLSecurityManager() {}
virtual ~URLSecurityManager() {}
// Creates a platform-dependent instance of URLSecurityManager.
// A security manager has two whitelists, a "default whitelist" that is a
// whitelist of servers with which default credentials can be used, and a
// "delegate whitelist" that is the whitelist of servers that are allowed to
// have delegated Kerberos tickets.
// On creation both whitelists are NULL.
// If the default whitelist is NULL and the platform is Windows, it indicates
// that security zone mapping should be used to determine whether default
// credentials should be used. If the default whitelist is NULL and the
// platform is non-Windows, it indicates that no servers should be
// whitelisted.
// If the delegate whitelist is NULL no servers can have delegated Kerberos
// tickets.
static std::unique_ptr<URLSecurityManager> Create();
// Returns true if we can send the default credentials to the server at
// |auth_origin| for HTTP NTLM or Negotiate authentication.
virtual bool CanUseDefaultCredentials(const GURL& auth_origin) const = 0;
// Returns true if Kerberos delegation is allowed for the server at
// |auth_origin| for HTTP Negotiate authentication.
virtual bool CanDelegate(const GURL& auth_origin) const = 0;
virtual void SetDefaultWhitelist(
std::unique_ptr<HttpAuthFilter> whitelist_default) = 0;
virtual void SetDelegateWhitelist(
std::unique_ptr<HttpAuthFilter> whitelist_delegate) = 0;
class URLSecurityManagerWhitelist : public URLSecurityManager {
~URLSecurityManagerWhitelist() override;
// URLSecurityManager methods.
bool CanUseDefaultCredentials(const GURL& auth_origin) const override;
bool CanDelegate(const GURL& auth_origin) const override;
void SetDefaultWhitelist(
std::unique_ptr<HttpAuthFilter> whitelist_default) override;
void SetDelegateWhitelist(
std::unique_ptr<HttpAuthFilter> whitelist_delegate) override;
bool HasDefaultWhitelist() const;
std::unique_ptr<const HttpAuthFilter> whitelist_default_;
std::unique_ptr<const HttpAuthFilter> whitelist_delegate_;
} // namespace net