chromium/net/http/url_security_manager.h


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88

// Copyright (c) 2011 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef NET_HTTP_URL_SECURITY_MANAGER_H_
#define NET_HTTP_URL_SECURITY_MANAGER_H_

#include <memory>

#include "base/macros.h"
#include "net/base/net_export.h"

class GURL;

namespace net {

class HttpAuthFilter;

// The URL security manager controls the policies (allow, deny, prompt user)
// regarding URL actions (e.g., sending the default credentials to a server).
class NET_EXPORT_PRIVATE URLSecurityManager {
 public:
  URLSecurityManager() {}
  virtual ~URLSecurityManager() {}

  // Creates a platform-dependent instance of URLSecurityManager.
  //
  // A security manager has two allowlists, a "default allowlist" that is a
  // allowlist of servers with which default credentials can be used, and a
  // "delegate allowlist" that is the allowlist of servers that are allowed to
  // have delegated Kerberos tickets.
  //
  // On creation both allowlists are empty.
  //
  // If the default allowlist is empty and the platform is Windows, it indicates
  // that security zone mapping should be used to determine whether default
  // credentials should be used. If the default allowlist is empty and the
  // platform is non-Windows, it indicates that no servers should be
  // allowlisted.
  //
  // If the delegate allowlist is empty no servers can have delegated Kerberos
  // tickets.
  //
  static std::unique_ptr<URLSecurityManager> Create();

  // Returns true if we can send the default credentials to the server at
  // |auth_origin| for HTTP NTLM or Negotiate authentication.
  virtual bool CanUseDefaultCredentials(const GURL& auth_origin) const = 0;

  // Returns true if Kerberos delegation is allowed for the server at
  // |auth_origin| for HTTP Negotiate authentication.
  virtual bool CanDelegate(const GURL& auth_origin) const = 0;

  virtual void SetDefaultAllowlist(
      std::unique_ptr<HttpAuthFilter> allowlist_default) = 0;
  virtual void SetDelegateAllowlist(
      std::unique_ptr<HttpAuthFilter> allowlist_delegate) = 0;

 private:
  DISALLOW_COPY_AND_ASSIGN(URLSecurityManager);
};

class URLSecurityManagerAllowlist : public URLSecurityManager {
 public:
  URLSecurityManagerAllowlist();
  ~URLSecurityManagerAllowlist() override;

  // URLSecurityManager methods.
  bool CanUseDefaultCredentials(const GURL& auth_origin) const override;
  bool CanDelegate(const GURL& auth_origin) const override;
  void SetDefaultAllowlist(
      std::unique_ptr<HttpAuthFilter> allowlist_default) override;
  void SetDelegateAllowlist(
      std::unique_ptr<HttpAuthFilter> allowlist_delegate) override;

 protected:
  bool HasDefaultAllowlist() const;

 private:
  std::unique_ptr<const HttpAuthFilter> allowlist_default_;
  std::unique_ptr<const HttpAuthFilter> allowlist_delegate_;

  DISALLOW_COPY_AND_ASSIGN(URLSecurityManagerAllowlist);
};

}  // namespace net

#endif  // NET_HTTP_URL_SECURITY_MANAGER_H_