1 // Copyright 2015 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/http/http_auth_multi_round_parse.h"
6
7 #include "base/base64.h"
8 #include "base/strings/string_piece.h"
9 #include "base/strings/string_util.h"
10 #include "net/http/http_auth_challenge_tokenizer.h"
11
12 namespace net {
13
14 namespace {
15
16 // Check that the scheme in the challenge matches the expected scheme
SchemeIsValid(HttpAuth::Scheme scheme,HttpAuthChallengeTokenizer * challenge)17 bool SchemeIsValid(HttpAuth::Scheme scheme,
18 HttpAuthChallengeTokenizer* challenge) {
19 return challenge->auth_scheme() == HttpAuth::SchemeToString(scheme);
20 }
21
22 } // namespace
23
ParseFirstRoundChallenge(HttpAuth::Scheme scheme,HttpAuthChallengeTokenizer * challenge)24 HttpAuth::AuthorizationResult ParseFirstRoundChallenge(
25 HttpAuth::Scheme scheme,
26 HttpAuthChallengeTokenizer* challenge) {
27 if (!SchemeIsValid(scheme, challenge))
28 return HttpAuth::AUTHORIZATION_RESULT_INVALID;
29
30 std::string encoded_auth_token = challenge->base64_param();
31 if (!encoded_auth_token.empty()) {
32 return HttpAuth::AUTHORIZATION_RESULT_INVALID;
33 }
34 return HttpAuth::AUTHORIZATION_RESULT_ACCEPT;
35 }
36
ParseLaterRoundChallenge(HttpAuth::Scheme scheme,HttpAuthChallengeTokenizer * challenge,std::string * encoded_token,std::string * decoded_token)37 HttpAuth::AuthorizationResult ParseLaterRoundChallenge(
38 HttpAuth::Scheme scheme,
39 HttpAuthChallengeTokenizer* challenge,
40 std::string* encoded_token,
41 std::string* decoded_token) {
42 if (!SchemeIsValid(scheme, challenge))
43 return HttpAuth::AUTHORIZATION_RESULT_INVALID;
44
45 *encoded_token = challenge->base64_param();
46 if (encoded_token->empty())
47 return HttpAuth::AUTHORIZATION_RESULT_REJECT;
48
49 if (!base::Base64Decode(*encoded_token, decoded_token))
50 return HttpAuth::AUTHORIZATION_RESULT_INVALID;
51 return HttpAuth::AUTHORIZATION_RESULT_ACCEPT;
52 }
53
54 } // namespace net
55