chromium/src
0
Fork 0
Code Activity

HttpAuth SchemeHostPort 1: Switch auth cache to SchemeHostPort.

Browse Source 
Switch the HttpAuthCache from using Origins to url::SchemeHostPorts.
Origins are only intended for use as document webby Origins, as opposed
to for network authorities, which should be stored as SchemeHostPort.

Followup CLs will wire up SchemeHostPorts further up the HttpAuth stack,
eventually replacing HttpAuthChallengeInfo::challenge (which is passed
over Mojo).

url::Origin::Create() is slated to be deprecated to help protect against
creating incorrect origins.

Bug: 1270878
Change-Id: I88cb4d3cc4cf4faaba59c8029c67c8d6f3dae74b
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3292564
Reviewed-by: Eric Orth <ericorth@chromium.org>
Reviewed-by: Christian Dullweber <dullweber@chromium.org>
Reviewed-by: Achuith Bhandarkar <achuith@chromium.org>
Commit-Queue: Matt Menke <mmenke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#944639}
This commit is contained in:
Matt Menke
2021-11-23 20:17:46 +00:00
committed by Chromium LUCI CQ
parent eb2bb156e7
commit 8db2ff5093
17 changed files with 575 additions and 514 deletions

12
chrome/browser/ash/login/profile_auth_data_unittest.cc

@ -39,6 +39,7 @@
#include "services/network/public/mojom/network_context.mojom-forward.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "url/gurl.h"
#include "url/scheme_host_port.h"
namespace ash {
namespace {
@ -173,8 +174,9 @@ net::CookieList ProfileAuthDataTest::GetUserCookies() {
void ProfileAuthDataTest::VerifyTransferredUserProxyAuthEntry() {
net::HttpAuthCache::Entry* entry =
GetAuthCache(user_network_context_.get())
->Lookup(GURL(kProxyAuthURL), net::HttpAuth::AUTH_PROXY,
kProxyAuthRealm, net::HttpAuth::AUTH_SCHEME_BASIC,
->Lookup(url::SchemeHostPort(GURL(kProxyAuthURL)),
net::HttpAuth::AUTH_PROXY, kProxyAuthRealm,
net::HttpAuth::AUTH_SCHEME_BASIC,
net::NetworkIsolationKey());
ASSERT_TRUE(entry);
EXPECT_EQ(kProxyAuthPassword1, entry->credentials().password());
@ -209,9 +211,9 @@ void ProfileAuthDataTest::PopulateBrowserContext(
const std::u16string& proxy_auth_password,
const std::string& cookie_value) {
GetAuthCache(network_context)
->Add(GURL(kProxyAuthURL), net::HttpAuth::AUTH_PROXY, kProxyAuthRealm,
net::HttpAuth::AUTH_SCHEME_BASIC, net::NetworkIsolationKey(),
kProxyAuthChallenge,
->Add(url::SchemeHostPort(GURL(kProxyAuthURL)), net::HttpAuth::AUTH_PROXY,
kProxyAuthRealm, net::HttpAuth::AUTH_SCHEME_BASIC,
net::NetworkIsolationKey(), kProxyAuthChallenge,
net::AuthCredentials(std::u16string(), proxy_auth_password),
std::string());

12
chrome/browser/ash/login/signin_partition_manager_unittest.cc

@ -36,6 +36,7 @@
#include "services/network/network_service.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "url/gurl.h"
#include "url/scheme_host_port.h"
namespace ash {
namespace login {
@ -55,10 +56,10 @@ void AddEntryToHttpAuthCache(network::NetworkContext* network_context) {
->http_transaction_factory()
->GetSession()
->http_auth_cache();
http_auth_cache->Add(GURL(kEmbedderUrl), net::HttpAuth::AUTH_PROXY, "",
net::HttpAuth::AUTH_SCHEME_BASIC,
net::NetworkIsolationKey(), "", net::AuthCredentials(),
"");
http_auth_cache->Add(
url::SchemeHostPort(GURL(kEmbedderUrl)), net::HttpAuth::AUTH_PROXY, "",
net::HttpAuth::AUTH_SCHEME_BASIC, net::NetworkIsolationKey(), "",
net::AuthCredentials(), "");
}
void IsEntryInHttpAuthCache(network::NetworkContext* network_context,
@ -68,7 +69,8 @@ void IsEntryInHttpAuthCache(network::NetworkContext* network_context,
->GetSession()
->http_auth_cache();
*out_entry_found =
http_auth_cache->Lookup(GURL(kEmbedderUrl), net::HttpAuth::AUTH_PROXY, "",
http_auth_cache->Lookup(url::SchemeHostPort(GURL(kEmbedderUrl)),
net::HttpAuth::AUTH_PROXY, "",
net::HttpAuth::AUTH_SCHEME_BASIC,
net::NetworkIsolationKey()) != nullptr;
}

5
chrome/browser/ash/net/system_proxy_manager_unittest.cc

@ -39,6 +39,8 @@
#include "services/network/network_service.h"
#include "testing/gmock/include/gmock/gmock.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "url/gurl.h"
#include "url/scheme_host_port.h"
using testing::_;
using testing::Invoke;
@ -246,7 +248,8 @@ TEST_F(SystemProxyManagerTest, UserCredentialsRequestedFromNetworkService) {
->http_transaction_factory()
->GetSession()
->http_auth_cache()
->Add(GURL(kProxyAuthEmptyPath), net::HttpAuth::AUTH_PROXY, kRealm,
->Add(url::SchemeHostPort(GURL(kProxyAuthEmptyPath)),
net::HttpAuth::AUTH_PROXY, kRealm,
net::HttpAuth::AUTH_SCHEME_DIGEST, net::NetworkIsolationKey(),
kProxyAuthChallenge,
net::AuthCredentials(kBrowserUsername16, kBrowserPassword16),

9
chrome/browser/browsing_data/chrome_browsing_data_remover_delegate_unittest.cc

@ -147,6 +147,7 @@
#include "ui/gfx/favicon_size.h"
#include "url/gurl.h"
#include "url/origin.h"
#include "url/scheme_host_port.h"
#if defined(OS_ANDROID)
#include "chrome/browser/android/customtabs/origin_verifier.h"
@ -2622,12 +2623,12 @@ TEST_F(ChromeBrowsingDataRemoverDelegateTest,
DCHECK(http_session);
net::HttpAuthCache* http_auth_cache = http_session->http_auth_cache();
const GURL kOrigin1("http://host1.com:1");
http_auth_cache->Add(kOrigin1, net::HttpAuth::AUTH_SERVER, kTestRealm,
const url::SchemeHostPort kSchemeHostPort(GURL("http://host1.com:1"));
http_auth_cache->Add(kSchemeHostPort, net::HttpAuth::AUTH_SERVER, kTestRealm,
net::HttpAuth::AUTH_SCHEME_BASIC,
net::NetworkIsolationKey(), "test challenge",
net::AuthCredentials(u"foo", u"bar"), "/");
CHECK(http_auth_cache->Lookup(kOrigin1, net::HttpAuth::AUTH_SERVER,
CHECK(http_auth_cache->Lookup(kSchemeHostPort, net::HttpAuth::AUTH_SERVER,
kTestRealm, net::HttpAuth::AUTH_SCHEME_BASIC,
net::NetworkIsolationKey()));
@ -2636,7 +2637,7 @@ TEST_F(ChromeBrowsingDataRemoverDelegateTest,
EXPECT_EQ(nullptr,
http_auth_cache->Lookup(
kOrigin1, net::HttpAuth::AUTH_SERVER, kTestRealm,
kSchemeHostPort, net::HttpAuth::AUTH_SERVER, kTestRealm,
net::HttpAuth::AUTH_SCHEME_BASIC, net::NetworkIsolationKey()));
}

102
net/http/http_auth_cache.cc

@ -8,6 +8,8 @@
#include "base/logging.h"
#include "base/metrics/histogram_macros.h"
#include "base/strings/string_util.h"
#include "url/scheme_host_port.h"
#include "url/url_constants.h"
namespace {
@ -37,12 +39,13 @@ bool IsEnclosingPath(const std::string& container, const std::string& path) {
}
#if DCHECK_IS_ON()
// Debug helper to check that |origin| arguments are properly formed.
// TODO(asanka): Switch auth cache to use url::Origin.
void CheckOriginIsValid(const GURL& origin) {
DCHECK(origin.is_valid());
DCHECK(origin.SchemeIsHTTPOrHTTPS() || origin.SchemeIsWSOrWSS());
DCHECK(origin.DeprecatedGetOriginAsURL() == origin);
// Debug helper to check that |scheme_host_port| arguments are properly formed.
void CheckSchemeHostPortIsValid(const url::SchemeHostPort& scheme_host_port) {
DCHECK(scheme_host_port.IsValid());
DCHECK(scheme_host_port.scheme() == url::kHttpScheme ||
scheme_host_port.scheme() == url::kHttpsScheme ||
scheme_host_port.scheme() == url::kWsScheme ||
scheme_host_port.scheme() == url::kWssScheme);
}
// Debug helper to check that |path| arguments are properly formed.
@ -86,33 +89,33 @@ void HttpAuthCache::SetKeyServerEntriesByNetworkIsolationKey(
}
// Performance: O(logN+n), where N is the total number of entries, n is the
// number of realm entries for the given origin, target, and with a matching
// NetworkIsolationKey.
// number of realm entries for the given SchemeHostPort, target, and with a
// matching NetworkIsolationKey.
HttpAuthCache::Entry* HttpAuthCache::Lookup(
const GURL& origin,
const url::SchemeHostPort& scheme_host_port,
HttpAuth::Target target,
const std::string& realm,
HttpAuth::Scheme scheme,
const NetworkIsolationKey& network_isolation_key) {
EntryMap::iterator entry_it =
LookupEntryIt(origin, target, realm, scheme, network_isolation_key);
EntryMap::iterator entry_it = LookupEntryIt(scheme_host_port, target, realm,
scheme, network_isolation_key);
if (entry_it == entries_.end())
return nullptr;
return &(entry_it->second);
}
// Performance: O(logN+n*m), where N is the total number of entries, n is the
// number of realm entries for the given origin, target, and
// number of realm entries for the given SchemeHostPort, target, and
// NetworkIsolationKey, m is the number of path entries per realm. Both n and m
// are expected to be small; m is kept small because AddPath() only keeps the
// shallowest entry.
HttpAuthCache::Entry* HttpAuthCache::LookupByPath(
const GURL& origin,
const url::SchemeHostPort& scheme_host_port,
HttpAuth::Target target,
const NetworkIsolationKey& network_isolation_key,
const std::string& path) {
#if DCHECK_IS_ON()
CheckOriginIsValid(origin);
CheckSchemeHostPortIsValid(scheme_host_port);
CheckPathIsValid(path);
#endif
@ -122,16 +125,17 @@ HttpAuthCache::Entry* HttpAuthCache::LookupByPath(
// within the protection space ...
std::string parent_dir = GetParentDirectory(path);
// Linear scan through the <scheme, realm> entries for the given origin.
// Linear scan through the <scheme, realm> entries for the given
// SchemeHostPort.
auto entry_range = entries_.equal_range(
EntryMapKey(origin, target, network_isolation_key,
EntryMapKey(scheme_host_port, target, network_isolation_key,
key_server_entries_by_network_isolation_key_));
auto best_match_it = entries_.end();
size_t best_match_length = 0;
for (auto it = entry_range.first; it != entry_range.second; ++it) {
size_t len = 0;
auto& entry = it->second;
DCHECK(entry.origin() == origin);
DCHECK(entry.scheme_host_port() == scheme_host_port);
if (entry.HasEnclosingPath(parent_dir, &len) &&
(best_match_it == entries_.end() || len > best_match_length)) {
best_match_it = it;
@ -147,7 +151,7 @@ HttpAuthCache::Entry* HttpAuthCache::LookupByPath(
}
HttpAuthCache::Entry* HttpAuthCache::Add(
const GURL& origin,
const url::SchemeHostPort& scheme_host_port,
HttpAuth::Target target,
const std::string& realm,
HttpAuth::Scheme scheme,
@ -156,7 +160,7 @@ HttpAuthCache::Entry* HttpAuthCache::Add(
const AuthCredentials& credentials,
const std::string& path) {
#if DCHECK_IS_ON()
CheckOriginIsValid(origin);
CheckSchemeHostPortIsValid(scheme_host_port);
CheckPathIsValid(path);
#endif
@ -164,7 +168,7 @@ HttpAuthCache::Entry* HttpAuthCache::Add(
// Check for existing entry (we will re-use it if present).
HttpAuthCache::Entry* entry =
Lookup(origin, target, realm, scheme, network_isolation_key);
Lookup(scheme_host_port, target, realm, scheme, network_isolation_key);
if (!entry) {
// Failsafe to prevent unbounded memory growth of the cache.
//
@ -178,19 +182,20 @@ HttpAuthCache::Entry* HttpAuthCache::Add(
DLOG(WARNING) << "Num auth cache entries reached limit -- evicting";
EvictLeastRecentlyUsedEntry();
}
entry = &(entries_
.emplace(std::make_pair(
EntryMapKey(origin, target, network_isolation_key,
key_server_entries_by_network_isolation_key_),
Entry()))
->second);
entry->origin_ = origin;
entry =
&(entries_
.emplace(std::make_pair(
EntryMapKey(scheme_host_port, target, network_isolation_key,
key_server_entries_by_network_isolation_key_),
Entry()))
->second);
entry->scheme_host_port_ = scheme_host_port;
entry->realm_ = realm;
entry->scheme_ = scheme;
entry->creation_time_ticks_ = now_ticks;
entry->creation_time_ = clock_->Now();
}
DCHECK_EQ(origin, entry->origin_);
DCHECK_EQ(scheme_host_port, entry->scheme_host_port_);
DCHECK_EQ(realm, entry->realm_);
DCHECK_EQ(scheme, entry->scheme_);
@ -214,7 +219,7 @@ void HttpAuthCache::Entry::UpdateStaleChallenge(
}
bool HttpAuthCache::Entry::IsEqualForTesting(const Entry& other) const {
if (origin() != other.origin())
if (scheme_host_port() != other.scheme_host_port())
return false;
if (realm() != other.realm())
return false;
@ -247,7 +252,7 @@ void HttpAuthCache::Entry::AddPath(const std::string& path) {
// Data collected on June of 2019 indicate that when we get here, the list
// of paths has reached the 10 entry maximum around 1% of the time.
if (paths_.size() >= kMaxNumPathsPerRealmEntry) {
DLOG(WARNING) << "Num path entries for " << origin()
DLOG(WARNING) << "Num path entries for " << scheme_host_port()
<< " has grown too large -- evicting";
paths_.pop_back();
}
@ -278,14 +283,14 @@ bool HttpAuthCache::Entry::HasEnclosingPath(const std::string& dir,
return false;
}
bool HttpAuthCache::Remove(const GURL& origin,
bool HttpAuthCache::Remove(const url::SchemeHostPort& scheme_host_port,
HttpAuth::Target target,
const std::string& realm,
HttpAuth::Scheme scheme,
const NetworkIsolationKey& network_isolation_key,
const AuthCredentials& credentials) {
EntryMap::iterator entry_it =
LookupEntryIt(origin, target, realm, scheme, network_isolation_key);
EntryMap::iterator entry_it = LookupEntryIt(scheme_host_port, target, realm,
scheme, network_isolation_key);
if (entry_it == entries_.end())
return false;
Entry& entry = entry_it->second;
@ -315,14 +320,14 @@ void HttpAuthCache::ClearAllEntries() {
}
bool HttpAuthCache::UpdateStaleChallenge(
const GURL& origin,
const url::SchemeHostPort& scheme_host_port,
HttpAuth::Target target,
const std::string& realm,
HttpAuth::Scheme scheme,
const NetworkIsolationKey& network_isolation_key,
const std::string& auth_challenge) {
HttpAuthCache::Entry* entry =
Lookup(origin, target, realm, scheme, network_isolation_key);
Lookup(scheme_host_port, target, realm, scheme, network_isolation_key);
if (!entry)
return false;
entry->UpdateStaleChallenge(auth_challenge);
@ -343,9 +348,9 @@ void HttpAuthCache::CopyProxyEntriesFrom(const HttpAuthCache& other) {
// Add an Entry with one of the original entry's paths.
DCHECK(e.paths_.size() > 0);
Entry* entry = Add(e.origin(), it->first.target, e.realm(), e.scheme(),
it->first.network_isolation_key, e.auth_challenge(),
e.credentials(), e.paths_.back());
Entry* entry = Add(e.scheme_host_port(), it->first.target, e.realm(),
e.scheme(), it->first.network_isolation_key,
e.auth_challenge(), e.credentials(), e.paths_.back());
// Copy all other paths.
for (auto it2 = std::next(e.paths_.rbegin()); it2 != e.paths_.rend(); ++it2)
entry->AddPath(*it2);
@ -355,11 +360,11 @@ void HttpAuthCache::CopyProxyEntriesFrom(const HttpAuthCache& other) {
}
HttpAuthCache::EntryMapKey::EntryMapKey(
const GURL& url,
const url::SchemeHostPort& scheme_host_port,
HttpAuth::Target target,
const NetworkIsolationKey& network_isolation_key,
bool key_server_entries_by_network_isolation_key)
: url(url),
: scheme_host_port(scheme_host_port),
target(target),
network_isolation_key(target == HttpAuth::AUTH_SERVER &&
key_server_entries_by_network_isolation_key
@ -369,8 +374,9 @@ HttpAuthCache::EntryMapKey::EntryMapKey(
HttpAuthCache::EntryMapKey::~EntryMapKey() = default;
bool HttpAuthCache::EntryMapKey::operator<(const EntryMapKey& other) const {
return std::tie(url, target, network_isolation_key) <
std::tie(other.url, other.target, other.network_isolation_key);
return std::tie(scheme_host_port, target, network_isolation_key) <
std::tie(other.scheme_host_port, other.target,
other.network_isolation_key);
}
size_t HttpAuthCache::GetEntriesSizeForTesting() {
@ -378,23 +384,23 @@ size_t HttpAuthCache::GetEntriesSizeForTesting() {
}
HttpAuthCache::EntryMap::iterator HttpAuthCache::LookupEntryIt(
const GURL& origin,
const url::SchemeHostPort& scheme_host_port,
HttpAuth::Target target,
const std::string& realm,
HttpAuth::Scheme scheme,
const NetworkIsolationKey& network_isolation_key) {
#if DCHECK_IS_ON()
CheckOriginIsValid(origin);
CheckSchemeHostPortIsValid(scheme_host_port);
#endif
// Linear scan through the <scheme, realm> entries for the given origin and
// NetworkIsolationKey.
// Linear scan through the <scheme, realm> entries for the given
// SchemeHostPort and NetworkIsolationKey.
auto entry_range = entries_.equal_range(
EntryMapKey(origin, target, network_isolation_key,
EntryMapKey(scheme_host_port, target, network_isolation_key,
key_server_entries_by_network_isolation_key_));
for (auto it = entry_range.first; it != entry_range.second; ++it) {
Entry& entry = it->second;
DCHECK(entry.origin() == origin);
DCHECK(entry.scheme_host_port() == scheme_host_port);
if (entry.scheme() == scheme && entry.realm() == realm) {
entry.last_use_time_ticks_ = tick_clock_->NowTicks();
return it;

42
net/http/http_auth_cache.h

@ -19,12 +19,12 @@
#include "net/base/net_export.h"
#include "net/base/network_isolation_key.h"
#include "net/http/http_auth.h"
#include "url/gurl.h"
#include "url/scheme_host_port.h"
namespace net {
// HttpAuthCache stores HTTP authentication identities and challenge info.
// For each (origin, realm, scheme) triple the cache stores a
// For each (scheme_host_port, realm, scheme) triple the cache stores a
// HttpAuthCache::Entry, which holds:
// - the origin server {protocol scheme, host, port}
// - the last identity used (username/password)
@ -38,8 +38,8 @@ class NET_EXPORT HttpAuthCache {
Entry(const Entry& other);
~Entry();
const GURL& origin() const {
return origin_;
const url::SchemeHostPort& scheme_host_port() const {
return scheme_host_port_;
}
// The case-sensitive realm string of the challenge.
@ -94,8 +94,8 @@ class NET_EXPORT HttpAuthCache {
// true and set |*path_len| to 0.
bool HasEnclosingPath(const std::string& dir, size_t* path_len);
// |origin_| contains the {protocol, host, port} of the server.
GURL origin_;
// SchemeHostPort of the server.
url::SchemeHostPort scheme_host_port_;
std::string realm_;
HttpAuth::Scheme scheme_;
@ -142,12 +142,12 @@ class NET_EXPORT HttpAuthCache {
// scheme |scheme|. If a matching entry is found, move it up by one place
// in the entries list, so that more frequently used entries migrate to the
// front of the list.
// |origin| - the {scheme, host, port} of the server.
// |scheme_host_port| - the {scheme, host, port} of the server.
// |target| - whether this is for server or proxy auth.
// |realm| - case sensitive realm string.
// |scheme| - the authentication scheme (i.e. basic, negotiate).
// returns - the matched entry or nullptr.
Entry* Lookup(const GURL& origin,
Entry* Lookup(const url::SchemeHostPort& scheme_host_port,
HttpAuth::Target target,
const std::string& realm,
HttpAuth::Scheme scheme,
@ -158,27 +158,27 @@ class NET_EXPORT HttpAuthCache {
// paths lie in the same protection space. If a matching entry is found, move
// it up by one place in the entries list, so that more frequently used
// entries migrate to the front of the list.
// |origin| - the {scheme, host, port} of the server.
// |scheme_host_port| - the {scheme, host, port} of the server.
// |path| - absolute path of the resource, or empty string in case of
// proxy auth (which does not use the concept of paths).
// returns - the matched entry or nullptr.
Entry* LookupByPath(const GURL& origin,
Entry* LookupByPath(const url::SchemeHostPort& scheme_host_port,
HttpAuth::Target target,
const NetworkIsolationKey& network_isolation_key,
const std::string& path);
// Add an entry on server |origin| for realm |handler->realm()| and
// Add an entry on server |scheme_host_port| for realm |handler->realm()| and
// scheme |handler->scheme()|. If an entry for this (realm,scheme)
// already exists, update it rather than replace it -- this preserves the
// paths list.
// |origin| - the {scheme, host, port} of the server.
// |scheme_host_port| - the {scheme, host, port} of the server.
// |realm| - the auth realm for the challenge.
// |scheme| - the authentication scheme (i.e. basic, negotiate).
// |credentials| - login information for the realm.
// |path| - absolute path for a resource contained in the protection
// space; this will be added to the list of known paths.
// returns - the entry that was just added/updated.
Entry* Add(const GURL& origin,
Entry* Add(const url::SchemeHostPort& scheme_host_port,
HttpAuth::Target target,
const std::string& realm,
HttpAuth::Scheme scheme,
@ -189,12 +189,12 @@ class NET_EXPORT HttpAuthCache {
// Remove entry on server |origin| for realm |realm| and scheme |scheme|
// if one exists AND if the cached credentials matches |credentials|.
// |origin| - the {scheme, host, port} of the server.
// |scheme_host_port| - the {scheme, host, port} of the server.
// |realm| - case sensitive realm string.
// |scheme| - the authentication scheme (i.e. basic, negotiate).
// |credentials| - the credentials to match.
// returns - true if an entry was removed.
bool Remove(const GURL& origin,
bool Remove(const url::SchemeHostPort& scheme_host_port,
HttpAuth::Target target,
const std::string& realm,
HttpAuth::Scheme scheme,
@ -209,12 +209,12 @@ class NET_EXPORT HttpAuthCache {
// Clears all added entries.
void ClearAllEntries();
// Updates a stale digest entry on server |origin| for realm |realm| and
// scheme |scheme|. The cached auth challenge is replaced with
// Updates a stale digest entry on server |scheme_host_port| for realm |realm|
// and scheme |scheme|. The cached auth challenge is replaced with
// |auth_challenge| and the nonce count is reset.
// |UpdateStaleChallenge()| returns true if a matching entry exists in the
// cache, false otherwise.
bool UpdateStaleChallenge(const GURL& origin,
bool UpdateStaleChallenge(const url::SchemeHostPort& scheme_host_port,
HttpAuth::Target target,
const std::string& realm,
HttpAuth::Scheme scheme,
@ -239,7 +239,7 @@ class NET_EXPORT HttpAuthCache {
private:
struct EntryMapKey {
EntryMapKey(const GURL& url,
EntryMapKey(const url::SchemeHostPort& scheme_host_port,
HttpAuth::Target target,
const NetworkIsolationKey& network_isolation_key,
bool key_server_entries_by_network_isolation_key);
@ -247,7 +247,7 @@ class NET_EXPORT HttpAuthCache {
bool operator<(const EntryMapKey& other) const;
GURL url;
url::SchemeHostPort scheme_host_port;
HttpAuth::Target target;
// Empty if |key_server_entries_by_network_isolation_key| is false, |target|
// is HttpAuth::AUTH_PROXY, or an empty NetworkIsolationKey is passed in to
@ -261,7 +261,7 @@ class NET_EXPORT HttpAuthCache {
const base::Clock* clock_ = base::DefaultClock::GetInstance();
EntryMap::iterator LookupEntryIt(
const GURL& origin,
const url::SchemeHostPort& scheme_host_port,
HttpAuth::Target target,
const std::string& realm,
HttpAuth::Scheme scheme,

531
net/http/http_auth_cache_unittest.cc

File diff suppressed because it is too large Load Diff

34
net/http/http_auth_controller.cc

@ -26,6 +26,7 @@
#include "net/log/net_log_source.h"
#include "net/log/net_log_source_type.h"
#include "net/log/net_log_with_source.h"
#include "url/scheme_host_port.h"
namespace net {
@ -145,7 +146,7 @@ HttpAuthController::HttpAuthController(
HostResolver* host_resolver)
: target_(target),
auth_url_(auth_url),
auth_origin_(auth_url.DeprecatedGetOriginAsURL()),
auth_scheme_host_port_(auth_url),
auth_path_(auth_url.path()),
network_isolation_key_(network_isolation_key),
embedded_identity_used_(false),
@ -154,6 +155,7 @@ HttpAuthController::HttpAuthController(
http_auth_handler_factory_(http_auth_handler_factory),
host_resolver_(host_resolver) {
DCHECK(target != HttpAuth::AUTH_PROXY || auth_path_ == "/");
DCHECK(auth_scheme_host_port_.IsValid());
}
HttpAuthController::~HttpAuthController() {
@ -221,7 +223,7 @@ bool HttpAuthController::SelectPreemptiveAuth(
// the number of http auth cache entries is expected to be very small.
// (For most users in fact, it will be 0.)
HttpAuthCache::Entry* entry = http_auth_cache_->LookupByPath(
auth_origin_, target_, network_isolation_key_, auth_path_);
auth_scheme_host_port_, target_, network_isolation_key_, auth_path_);
if (!entry)
return false;
@ -232,8 +234,8 @@ bool HttpAuthController::SelectPreemptiveAuth(
int rv_create =
http_auth_handler_factory_->CreatePreemptiveAuthHandlerFromString(
entry->auth_challenge(), target_, network_isolation_key_,
auth_origin_, entry->IncrementNonceCount(), net_log_, host_resolver_,
&handler_preemptive);
auth_scheme_host_port_.GetURL(), entry->IncrementNonceCount(),
net_log_, host_resolver_, &handler_preemptive);
if (rv_create != OK)
return false;
@ -266,7 +268,7 @@ int HttpAuthController::HandleAuthChallenge(
const NetLogWithSource& caller_net_log) {
DCHECK_CALLED_ON_VALID_THREAD(thread_checker_);
DCHECK(headers.get());
DCHECK(auth_origin_.is_valid());
DCHECK(auth_scheme_host_port_.IsValid());
DCHECK(!auth_info_);
BindToCallingNetLog(caller_net_log);
@ -293,7 +295,7 @@ int HttpAuthController::HandleAuthChallenge(
break;
case HttpAuth::AUTHORIZATION_RESULT_STALE:
if (http_auth_cache_->UpdateStaleChallenge(
auth_origin_, target_, handler_->realm(),
auth_scheme_host_port_, target_, handler_->realm(),
handler_->auth_scheme(), network_isolation_key_,
challenge_used)) {
InvalidateCurrentHandler(INVALIDATE_HANDLER);
@ -328,10 +330,10 @@ int HttpAuthController::HandleAuthChallenge(
do {
if (!handler_.get() && can_send_auth) {
// Find the best authentication challenge that we support.
HttpAuth::ChooseBestChallenge(http_auth_handler_factory_, *headers,
ssl_info, network_isolation_key_, target_,
auth_origin_, disabled_schemes_, net_log_,
host_resolver_, &handler_);
HttpAuth::ChooseBestChallenge(
http_auth_handler_factory_, *headers, ssl_info,
network_isolation_key_, target_, auth_scheme_host_port_.GetURL(),
disabled_schemes_, net_log_, host_resolver_, &handler_);
if (handler_.get())
HistogramAuthEvent(handler_.get(), AUTH_EVENT_START);
}
@ -421,7 +423,7 @@ void HttpAuthController::ResetAuth(const AuthCredentials& credentials) {
case HttpAuth::IDENT_SRC_DEFAULT_CREDENTIALS:
break;
default:
http_auth_cache_->Add(auth_origin_, target_, handler_->realm(),
http_auth_cache_->Add(auth_scheme_host_port_, target_, handler_->realm(),
handler_->auth_scheme(), network_isolation_key_,
handler_->challenge(), identity_.credentials,
auth_path_);
@ -471,7 +473,7 @@ void HttpAuthController::InvalidateRejectedAuthFromCache() {
// Clear the cache entry for the identity we just failed on.
// Note: we require the credentials to match before invalidating
// since the entry in the cache may be newer than what we used last time.
http_auth_cache_->Remove(auth_origin_, target_, handler_->realm(),
http_auth_cache_->Remove(auth_scheme_host_port_, target_, handler_->realm(),
handler_->auth_scheme(), network_isolation_key_,
identity_.credentials);
}
@ -522,9 +524,9 @@ bool HttpAuthController::SelectNextAuthIdentityToTry() {
}
// Check the auth cache for a realm entry.
HttpAuthCache::Entry* entry =
http_auth_cache_->Lookup(auth_origin_, target_, handler_->realm(),
handler_->auth_scheme(), network_isolation_key_);
HttpAuthCache::Entry* entry = http_auth_cache_->Lookup(
auth_scheme_host_port_, target_, handler_->realm(),
handler_->auth_scheme(), network_isolation_key_);
if (entry) {
identity_.source = HttpAuth::IDENT_SRC_REALM_LOOKUP;
@ -556,7 +558,7 @@ void HttpAuthController::PopulateAuthChallenge() {
auth_info_ = AuthChallengeInfo();
auth_info_->is_proxy = (target_ == HttpAuth::AUTH_PROXY);
auth_info_->challenger = url::Origin::Create(auth_origin_);
auth_info_->challenger = url::Origin::Create(auth_scheme_host_port_.GetURL());
auth_info_->scheme = HttpAuth::SchemeToString(handler_->auth_scheme());
auth_info_->realm = handler_->realm();
auth_info_->path = auth_path_;

3
net/http/http_auth_controller.h

@ -19,6 +19,7 @@
#include "net/log/net_log_with_source.h"
#include "third_party/abseil-cpp/absl/types/optional.h"
#include "url/gurl.h"
#include "url/scheme_host_port.h"
namespace net {
@ -195,7 +196,7 @@ class NET_EXPORT_PRIVATE HttpAuthController
const GURL auth_url_;
// Holds the {scheme, host, port} for the authentication target.
const GURL auth_origin_;
const url::SchemeHostPort auth_scheme_host_port_;
// The absolute path of the resource needing authentication.
// For proxy authentication, the path is empty.

101
net/http/http_network_transaction_unittest.cc

@ -3675,8 +3675,9 @@ TEST_F(HttpNetworkTransactionTest, BasicAuthProxyNoKeepAliveHttp10) {
// Check that credentials were successfully cached, with the right target.
HttpAuthCache::Entry* entry = session->http_auth_cache()->Lookup(
GURL("http://myproxy:70"), HttpAuth::AUTH_PROXY, "MyRealm1",
HttpAuth::AUTH_SCHEME_BASIC, NetworkIsolationKey());
url::SchemeHostPort(url::SchemeHostPort(GURL("http://myproxy:70"))),
HttpAuth::AUTH_PROXY, "MyRealm1", HttpAuth::AUTH_SCHEME_BASIC,
NetworkIsolationKey());
ASSERT_TRUE(entry);
ASSERT_EQ(kFoo, entry->credentials().username());
ASSERT_EQ(kBar, entry->credentials().password());
@ -4454,14 +4455,16 @@ TEST_F(HttpNetworkTransactionTest, BasicAuthProxyMatchesServerAuthNoTunnel) {
// Check that the credentials were cached correctly.
HttpAuthCache::Entry* entry = session->http_auth_cache()->Lookup(
GURL("http://myproxy:70"), HttpAuth::AUTH_PROXY, "MyRealm1",
HttpAuth::AUTH_SCHEME_BASIC, NetworkIsolationKey());
url::SchemeHostPort(url::SchemeHostPort(GURL("http://myproxy:70"))),
HttpAuth::AUTH_PROXY, "MyRealm1", HttpAuth::AUTH_SCHEME_BASIC,
NetworkIsolationKey());
ASSERT_TRUE(entry);
ASSERT_EQ(kFoo, entry->credentials().username());
ASSERT_EQ(kBar, entry->credentials().password());
entry = session->http_auth_cache()->Lookup(
GURL("http://myproxy:70"), HttpAuth::AUTH_SERVER, "MyRealm1",
HttpAuth::AUTH_SCHEME_BASIC, NetworkIsolationKey());
url::SchemeHostPort(url::SchemeHostPort(GURL("http://myproxy:70"))),
HttpAuth::AUTH_SERVER, "MyRealm1", HttpAuth::AUTH_SCHEME_BASIC,
NetworkIsolationKey());
ASSERT_TRUE(entry);
ASSERT_EQ(kFoo2, entry->credentials().username());
ASSERT_EQ(kBar2, entry->credentials().password());
@ -4651,28 +4654,29 @@ TEST_F(HttpNetworkTransactionTest,
// Check that the proxy credentials were cached correctly. The should be
// accessible with any NetworkIsolationKey.
HttpAuthCache::Entry* entry = session->http_auth_cache()->Lookup(
GURL("http://myproxy:70"), HttpAuth::AUTH_PROXY, "MyRealm1",
HttpAuth::AUTH_SCHEME_BASIC, kNetworkIsolationKey1);
url::SchemeHostPort(url::SchemeHostPort(GURL("http://myproxy:70"))),
HttpAuth::AUTH_PROXY, "MyRealm1", HttpAuth::AUTH_SCHEME_BASIC,
kNetworkIsolationKey1);
ASSERT_TRUE(entry);
ASSERT_EQ(kFoo, entry->credentials().username());
ASSERT_EQ(kBar, entry->credentials().password());
EXPECT_EQ(entry,
session->http_auth_cache()->Lookup(
GURL("http://myproxy:70"), HttpAuth::AUTH_PROXY, "MyRealm1",
HttpAuth::AUTH_SCHEME_BASIC, kNetworkIsolationKey2));
EXPECT_EQ(entry, session->http_auth_cache()->Lookup(
url::SchemeHostPort(GURL("http://myproxy:70")),
HttpAuth::AUTH_PROXY, "MyRealm1",
HttpAuth::AUTH_SCHEME_BASIC, kNetworkIsolationKey2));
// Check that the server credentials were cached correctly. The should be
// accessible with only kNetworkIsolationKey1.
entry = session->http_auth_cache()->Lookup(
GURL("http://myproxy:70"), HttpAuth::AUTH_SERVER, "MyRealm1",
HttpAuth::AUTH_SCHEME_BASIC, kNetworkIsolationKey1);
url::SchemeHostPort(GURL("http://myproxy:70")), HttpAuth::AUTH_SERVER,
"MyRealm1", HttpAuth::AUTH_SCHEME_BASIC, kNetworkIsolationKey1);
ASSERT_TRUE(entry);
ASSERT_EQ(kFoo2, entry->credentials().username());
ASSERT_EQ(kBar2, entry->credentials().password());
// Looking up the server entry with another NetworkIsolationKey should fail.
EXPECT_FALSE(session->http_auth_cache()->Lookup(
GURL("http://myproxy:70"), HttpAuth::AUTH_SERVER, "MyRealm1",
HttpAuth::AUTH_SCHEME_BASIC, kNetworkIsolationKey2));
url::SchemeHostPort(GURL("http://myproxy:70")), HttpAuth::AUTH_SERVER,
"MyRealm1", HttpAuth::AUTH_SCHEME_BASIC, kNetworkIsolationKey2));
// Make another request with a different NetworkIsolationKey. It should use
// another socket, reuse the cached proxy credentials, but result in a server
@ -4704,27 +4708,27 @@ TEST_F(HttpNetworkTransactionTest,
// Check that the proxy credentials are still cached.
entry = session->http_auth_cache()->Lookup(
GURL("http://myproxy:70"), HttpAuth::AUTH_PROXY, "MyRealm1",
HttpAuth::AUTH_SCHEME_BASIC, kNetworkIsolationKey1);
url::SchemeHostPort(GURL("http://myproxy:70")), HttpAuth::AUTH_PROXY,
"MyRealm1", HttpAuth::AUTH_SCHEME_BASIC, kNetworkIsolationKey1);
ASSERT_TRUE(entry);
ASSERT_EQ(kFoo, entry->credentials().username());
ASSERT_EQ(kBar, entry->credentials().password());
EXPECT_EQ(entry,
session->http_auth_cache()->Lookup(
GURL("http://myproxy:70"), HttpAuth::AUTH_PROXY, "MyRealm1",
HttpAuth::AUTH_SCHEME_BASIC, kNetworkIsolationKey2));
EXPECT_EQ(entry, session->http_auth_cache()->Lookup(
url::SchemeHostPort(GURL("http://myproxy:70")),
HttpAuth::AUTH_PROXY, "MyRealm1",
HttpAuth::AUTH_SCHEME_BASIC, kNetworkIsolationKey2));
// Check that the correct server credentials are cached for each
// NetworkIsolationKey.
entry = session->http_auth_cache()->Lookup(
GURL("http://myproxy:70"), HttpAuth::AUTH_SERVER, "MyRealm1",
HttpAuth::AUTH_SCHEME_BASIC, kNetworkIsolationKey1);
url::SchemeHostPort(GURL("http://myproxy:70")), HttpAuth::AUTH_SERVER,
"MyRealm1", HttpAuth::AUTH_SCHEME_BASIC, kNetworkIsolationKey1);
ASSERT_TRUE(entry);
ASSERT_EQ(kFoo2, entry->credentials().username());
ASSERT_EQ(kBar2, entry->credentials().password());
entry = session->http_auth_cache()->Lookup(
GURL("http://myproxy:70"), HttpAuth::AUTH_SERVER, "MyRealm1",
HttpAuth::AUTH_SCHEME_BASIC, kNetworkIsolationKey2);
url::SchemeHostPort(GURL("http://myproxy:70")), HttpAuth::AUTH_SERVER,
"MyRealm1", HttpAuth::AUTH_SCHEME_BASIC, kNetworkIsolationKey2);
ASSERT_TRUE(entry);
ASSERT_EQ(kFoo3, entry->credentials().username());
ASSERT_EQ(kBar3, entry->credentials().password());
@ -4923,28 +4927,29 @@ TEST_F(HttpNetworkTransactionTest,
// Check that the proxy credentials were cached correctly. The should be
// accessible with any NetworkIsolationKey.
HttpAuthCache::Entry* entry = session->http_auth_cache()->Lookup(
GURL("https://myproxy:70"), HttpAuth::AUTH_PROXY, "MyRealm1",
HttpAuth::AUTH_SCHEME_BASIC, kNetworkIsolationKey1);
url::SchemeHostPort(url::SchemeHostPort(GURL("https://myproxy:70"))),
HttpAuth::AUTH_PROXY, "MyRealm1", HttpAuth::AUTH_SCHEME_BASIC,
kNetworkIsolationKey1);
ASSERT_TRUE(entry);
ASSERT_EQ(kFoo, entry->credentials().username());
ASSERT_EQ(kBar, entry->credentials().password());
EXPECT_EQ(entry,
session->http_auth_cache()->Lookup(
GURL("https://myproxy:70"), HttpAuth::AUTH_PROXY, "MyRealm1",
HttpAuth::AUTH_SCHEME_BASIC, kNetworkIsolationKey2));
EXPECT_EQ(entry, session->http_auth_cache()->Lookup(
url::SchemeHostPort(GURL("https://myproxy:70")),
HttpAuth::AUTH_PROXY, "MyRealm1",
HttpAuth::AUTH_SCHEME_BASIC, kNetworkIsolationKey2));
// Check that the server credentials were cached correctly. The should be
// accessible with only kNetworkIsolationKey1.
entry = session->http_auth_cache()->Lookup(
GURL("https://myproxy:70"), HttpAuth::AUTH_SERVER, "MyRealm1",
HttpAuth::AUTH_SCHEME_BASIC, kNetworkIsolationKey1);
url::SchemeHostPort(GURL("https://myproxy:70")), HttpAuth::AUTH_SERVER,
"MyRealm1", HttpAuth::AUTH_SCHEME_BASIC, kNetworkIsolationKey1);
ASSERT_TRUE(entry);
ASSERT_EQ(kFoo2, entry->credentials().username());
ASSERT_EQ(kBar2, entry->credentials().password());
// Looking up the server entry with another NetworkIsolationKey should fail.
EXPECT_FALSE(session->http_auth_cache()->Lookup(
GURL("https://myproxy:70"), HttpAuth::AUTH_SERVER, "MyRealm1",
HttpAuth::AUTH_SCHEME_BASIC, kNetworkIsolationKey2));
url::SchemeHostPort(GURL("https://myproxy:70")), HttpAuth::AUTH_SERVER,
"MyRealm1", HttpAuth::AUTH_SCHEME_BASIC, kNetworkIsolationKey2));
// Make another request with a different NetworkIsolationKey. It should use
// another socket, reuse the cached proxy credentials, but result in a server
@ -4976,27 +4981,27 @@ TEST_F(HttpNetworkTransactionTest,
// Check that the proxy credentials are still cached.
entry = session->http_auth_cache()->Lookup(
GURL("https://myproxy:70"), HttpAuth::AUTH_PROXY, "MyRealm1",
HttpAuth::AUTH_SCHEME_BASIC, kNetworkIsolationKey1);
url::SchemeHostPort(GURL("https://myproxy:70")), HttpAuth::AUTH_PROXY,
"MyRealm1", HttpAuth::AUTH_SCHEME_BASIC, kNetworkIsolationKey1);
ASSERT_TRUE(entry);
ASSERT_EQ(kFoo, entry->credentials().username());
ASSERT_EQ(kBar, entry->credentials().password());
EXPECT_EQ(entry,
session->http_auth_cache()->Lookup(
GURL("https://myproxy:70"), HttpAuth::AUTH_PROXY, "MyRealm1",
HttpAuth::AUTH_SCHEME_BASIC, kNetworkIsolationKey2));
EXPECT_EQ(entry, session->http_auth_cache()->Lookup(
url::SchemeHostPort(GURL("https://myproxy:70")),
HttpAuth::AUTH_PROXY, "MyRealm1",
HttpAuth::AUTH_SCHEME_BASIC, kNetworkIsolationKey2));
// Check that the correct server credentials are cached for each
// NetworkIsolationKey.
entry = session->http_auth_cache()->Lookup(
GURL("https://myproxy:70"), HttpAuth::AUTH_SERVER, "MyRealm1",
HttpAuth::AUTH_SCHEME_BASIC, kNetworkIsolationKey1);
url::SchemeHostPort(GURL("https://myproxy:70")), HttpAuth::AUTH_SERVER,
"MyRealm1", HttpAuth::AUTH_SCHEME_BASIC, kNetworkIsolationKey1);
ASSERT_TRUE(entry);
ASSERT_EQ(kFoo2, entry->credentials().username());
ASSERT_EQ(kBar2, entry->credentials().password());
entry = session->http_auth_cache()->Lookup(
GURL("https://myproxy:70"), HttpAuth::AUTH_SERVER, "MyRealm1",
HttpAuth::AUTH_SCHEME_BASIC, kNetworkIsolationKey2);
url::SchemeHostPort(GURL("https://myproxy:70")), HttpAuth::AUTH_SERVER,
"MyRealm1", HttpAuth::AUTH_SCHEME_BASIC, kNetworkIsolationKey2);
ASSERT_TRUE(entry);
ASSERT_EQ(kFoo3, entry->credentials().username());
ASSERT_EQ(kBar3, entry->credentials().password());
@ -19555,8 +19560,8 @@ TEST_F(HttpNetworkTransactionTest, ProxyHeadersNotSentOverWsTunnel) {
session_deps_.socket_factory->AddSocketDataProvider(&data);
session->http_auth_cache()->Add(
GURL("http://myproxy:70/"), HttpAuth::AUTH_PROXY, "MyRealm1",
HttpAuth::AUTH_SCHEME_BASIC, NetworkIsolationKey(),
url::SchemeHostPort(GURL("http://myproxy:70/")), HttpAuth::AUTH_PROXY,
"MyRealm1", HttpAuth::AUTH_SCHEME_BASIC, NetworkIsolationKey(),
"Basic realm=MyRealm1", AuthCredentials(kFoo, kBar), "/");
TestWebSocketHandshakeStreamCreateHelper websocket_stream_create_helper;

14
net/http/http_proxy_connect_job_unittest.cc

@ -40,6 +40,8 @@
#include "net/test/test_with_task_environment.h"
#include "net/traffic_annotation/network_traffic_annotation_test_helper.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "url/gurl.h"
#include "url/scheme_host_port.h"
namespace net {
@ -770,13 +772,13 @@ TEST_P(HttpProxyConnectJobTest, HaveAuth) {
// Prepopulate auth cache.
const std::u16string kFoo(u"foo");
const std::u16string kBar(u"bar");
GURL proxy_url(GetParam() == HTTP
? (std::string("http://") + kHttpProxyHost)
: (std::string("https://") + kHttpsProxyHost));
url::SchemeHostPort proxy_scheme_host_port(
GetParam() == HTTP ? GURL(std::string("http://") + kHttpProxyHost)
: GURL(std::string("https://") + kHttpsProxyHost));
session_->http_auth_cache()->Add(
proxy_url, HttpAuth::AUTH_PROXY, "MyRealm1", HttpAuth::AUTH_SCHEME_BASIC,
NetworkIsolationKey(), "Basic realm=MyRealm1",
AuthCredentials(kFoo, kBar), "/");
proxy_scheme_host_port, HttpAuth::AUTH_PROXY, "MyRealm1",
HttpAuth::AUTH_SCHEME_BASIC, NetworkIsolationKey(),
"Basic realm=MyRealm1", AuthCredentials(kFoo, kBar), "/");
for (IoMode io_mode : {SYNCHRONOUS, ASYNC}) {
SCOPED_TRACE(io_mode);

9
net/quic/quic_proxy_client_socket_unittest.cc

@ -59,6 +59,7 @@
#include "net/traffic_annotation/network_traffic_annotation_test_helper.h"
#include "testing/gmock/include/gmock/gmock.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "url/gurl.h"
#include "url/scheme_host_port.h"
#include "url/url_constants.h"
@ -765,10 +766,10 @@ TEST_P(QuicProxyClientSocketTest, ConnectWithAuthCredentials) {
// Add auth to cache
const std::u16string kFoo(u"foo");
const std::u16string kBar(u"bar");
http_auth_cache_.Add(GURL(kProxyUrl), HttpAuth::AUTH_PROXY, "MyRealm1",
HttpAuth::AUTH_SCHEME_BASIC, NetworkIsolationKey(),
"Basic realm=MyRealm1", AuthCredentials(kFoo, kBar),
"/");
http_auth_cache_.Add(
url::SchemeHostPort(GURL(kProxyUrl)), HttpAuth::AUTH_PROXY, "MyRealm1",
HttpAuth::AUTH_SCHEME_BASIC, NetworkIsolationKey(),
"Basic realm=MyRealm1", AuthCredentials(kFoo, kBar), "/");
AssertConnectSucceeds();

5
net/socket/ssl_connect_job_unittest.cc

@ -54,6 +54,7 @@
#include "net/traffic_annotation/network_traffic_annotation_test_helper.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "third_party/boringssl/src/include/openssl/ssl.h"
#include "url/gurl.h"
#include "url/scheme_host_port.h"
#include "url/url_constants.h"
@ -144,8 +145,8 @@ class SSLConnectJobTest : public WithTaskEnvironment, public testing::Test {
const std::u16string kFoo(u"foo");
const std::u16string kBar(u"bar");
session_->http_auth_cache()->Add(
GURL("http://proxy:443/"), HttpAuth::AUTH_PROXY, "MyRealm1",
HttpAuth::AUTH_SCHEME_BASIC, NetworkIsolationKey(),
url::SchemeHostPort(GURL("http://proxy:443/")), HttpAuth::AUTH_PROXY,
"MyRealm1", HttpAuth::AUTH_SCHEME_BASIC, NetworkIsolationKey(),
"Basic realm=MyRealm1", AuthCredentials(kFoo, kBar), "/");
}

3
net/spdy/spdy_proxy_client_socket_unittest.cc

@ -50,6 +50,7 @@
#include "testing/gmock/include/gmock/gmock.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "testing/platform_test.h"
#include "url/gurl.h"
#include "url/scheme_host_port.h"
using net::test::IsError;
@ -169,7 +170,7 @@ class SpdyProxyClientSocketTest : public PlatformTest,
const std::u16string kFoo(u"foo");
const std::u16string kBar(u"bar");
session_->http_auth_cache()->Add(
GURL(kProxyUrl), HttpAuth::AUTH_PROXY, "MyRealm1",
url::SchemeHostPort{GURL(kProxyUrl)}, HttpAuth::AUTH_PROXY, "MyRealm1",
HttpAuth::AUTH_SCHEME_BASIC, NetworkIsolationKey(),
"Basic realm=MyRealm1", AuthCredentials(kFoo, kBar), "/");
}

15
services/network/network_context.cc

@ -1948,7 +1948,9 @@ void NetworkContext::AddAuthCacheEntry(
->GetSession()
->http_auth_cache();
http_auth_cache->Add(
challenge.challenger.GetURL(),
// TODO(https://crbug.com/): Convert AuthCredentials::challenger field to
// a SchemeHostPort.
challenge.challenger.GetTupleOrPrecursorTupleIfOpaque(),
challenge.is_proxy ? net::HttpAuth::AUTH_PROXY
: net::HttpAuth::AUTH_SERVER,
challenge.realm, net::HttpAuth::StringToScheme(challenge.scheme),
@ -1974,7 +1976,7 @@ void NetworkContext::LookupServerBasicAuthCredentials(
->GetSession()
->http_auth_cache();
net::HttpAuthCache::Entry* entry = http_auth_cache->LookupByPath(
url.DeprecatedGetOriginAsURL(), net::HttpAuth::AUTH_SERVER,
url::SchemeHostPort(url), net::HttpAuth::AUTH_SERVER,
network_isolation_key, url.path());
if (entry && entry->scheme() == net::HttpAuth::AUTH_SCHEME_BASIC)
std::move(callback).Run(entry->credentials());
@ -2002,8 +2004,9 @@ void NetworkContext::LookupProxyAuthCredentials(
// lossy conversion, shouldn't do this.
const char* scheme =
proxy_server.is_secure_http_like() ? "https://" : "http://";
GURL proxy_url(scheme + proxy_server.host_port_pair().ToString());
if (!proxy_url.is_valid()) {
url::SchemeHostPort scheme_host_port(
GURL(scheme + proxy_server.host_port_pair().ToString()));
if (!scheme_host_port.IsValid()) {
std::move(callback).Run(absl::nullopt);
return;
}
@ -2011,8 +2014,8 @@ void NetworkContext::LookupProxyAuthCredentials(
// Unlike server credentials, proxy credentials are not keyed on
// NetworkIsolationKey.
net::HttpAuthCache::Entry* entry =
http_auth_cache->Lookup(proxy_url, net::HttpAuth::AUTH_PROXY, realm,
net_scheme, net::NetworkIsolationKey());
http_auth_cache->Lookup(scheme_host_port, net::HttpAuth::AUTH_PROXY,
realm, net_scheme, net::NetworkIsolationKey());
if (entry)
std::move(callback).Run(entry->credentials());
else

155
services/network/network_context_unittest.cc

@ -1846,7 +1846,7 @@ TEST_F(NetworkContextTest, ClearHostCache) {
}
TEST_F(NetworkContextTest, ClearHttpAuthCache) {
GURL origin("http://google.com");
url::SchemeHostPort scheme_host_port(GURL("http://google.com"));
std::unique_ptr<NetworkContext> network_context =
CreateContextWithParams(CreateNetworkContextParamsForTesting());
net::HttpAuthCache* cache = network_context->url_request_context()
@ -1862,21 +1862,21 @@ TEST_F(NetworkContextTest, ClearHttpAuthCache) {
std::u16string user = u"user";
std::u16string password = u"pass";
cache->Add(origin, net::HttpAuth::AUTH_SERVER, "Realm1",
cache->Add(scheme_host_port, net::HttpAuth::AUTH_SERVER, "Realm1",
net::HttpAuth::AUTH_SCHEME_BASIC, net::NetworkIsolationKey(),
"basic realm=Realm1", net::AuthCredentials(user, password), "/");
test_clock.Advance(base::Hours(1)); // Time now 13:00
cache->Add(origin, net::HttpAuth::AUTH_PROXY, "Realm2",
cache->Add(scheme_host_port, net::HttpAuth::AUTH_PROXY, "Realm2",
net::HttpAuth::AUTH_SCHEME_BASIC, net::NetworkIsolationKey(),
"basic realm=Realm2", net::AuthCredentials(user, password), "/");
ASSERT_EQ(2u, cache->GetEntriesSizeForTesting());
ASSERT_NE(nullptr, cache->Lookup(origin, net::HttpAuth::AUTH_SERVER, "Realm1",
net::HttpAuth::AUTH_SCHEME_BASIC,
ASSERT_NE(nullptr, cache->Lookup(scheme_host_port, net::HttpAuth::AUTH_SERVER,
"Realm1", net::HttpAuth::AUTH_SCHEME_BASIC,
net::NetworkIsolationKey()));
ASSERT_NE(nullptr, cache->Lookup(origin, net::HttpAuth::AUTH_PROXY, "Realm2",
net::HttpAuth::AUTH_SCHEME_BASIC,
ASSERT_NE(nullptr, cache->Lookup(scheme_host_port, net::HttpAuth::AUTH_PROXY,
"Realm2", net::HttpAuth::AUTH_SCHEME_BASIC,
net::NetworkIsolationKey()));
{
base::RunLoop run_loop;
@ -1887,12 +1887,14 @@ TEST_F(NetworkContextTest, ClearHttpAuthCache) {
run_loop.Run();
EXPECT_EQ(1u, cache->GetEntriesSizeForTesting());
EXPECT_EQ(nullptr, cache->Lookup(origin, net::HttpAuth::AUTH_SERVER,
"Realm1", net::HttpAuth::AUTH_SCHEME_BASIC,
net::NetworkIsolationKey()));
EXPECT_NE(nullptr, cache->Lookup(origin, net::HttpAuth::AUTH_PROXY,
"Realm2", net::HttpAuth::AUTH_SCHEME_BASIC,
net::NetworkIsolationKey()));
EXPECT_EQ(nullptr,
cache->Lookup(scheme_host_port, net::HttpAuth::AUTH_SERVER,
"Realm1", net::HttpAuth::AUTH_SCHEME_BASIC,
net::NetworkIsolationKey()));
EXPECT_NE(nullptr,
cache->Lookup(scheme_host_port, net::HttpAuth::AUTH_PROXY,
"Realm2", net::HttpAuth::AUTH_SCHEME_BASIC,
net::NetworkIsolationKey()));
}
{
base::RunLoop run_loop;
@ -1903,17 +1905,19 @@ TEST_F(NetworkContextTest, ClearHttpAuthCache) {
run_loop.Run();
EXPECT_EQ(0u, cache->GetEntriesSizeForTesting());
EXPECT_EQ(nullptr, cache->Lookup(origin, net::HttpAuth::AUTH_SERVER,
"Realm1", net::HttpAuth::AUTH_SCHEME_BASIC,
net::NetworkIsolationKey()));
EXPECT_EQ(nullptr, cache->Lookup(origin, net::HttpAuth::AUTH_PROXY,
"Realm2", net::HttpAuth::AUTH_SCHEME_BASIC,
net::NetworkIsolationKey()));
EXPECT_EQ(nullptr,
cache->Lookup(scheme_host_port, net::HttpAuth::AUTH_SERVER,
"Realm1", net::HttpAuth::AUTH_SCHEME_BASIC,
net::NetworkIsolationKey()));
EXPECT_EQ(nullptr,
cache->Lookup(scheme_host_port, net::HttpAuth::AUTH_PROXY,
"Realm2", net::HttpAuth::AUTH_SCHEME_BASIC,
net::NetworkIsolationKey()));
}
}
TEST_F(NetworkContextTest, ClearAllHttpAuthCache) {
GURL origin("http://google.com");
url::SchemeHostPort scheme_host_port(GURL("http://google.com"));
std::unique_ptr<NetworkContext> network_context =
CreateContextWithParams(CreateNetworkContextParamsForTesting());
net::HttpAuthCache* cache = network_context->url_request_context()
@ -1929,21 +1933,21 @@ TEST_F(NetworkContextTest, ClearAllHttpAuthCache) {
std::u16string user = u"user";
std::u16string password = u"pass";
cache->Add(origin, net::HttpAuth::AUTH_SERVER, "Realm1",
cache->Add(scheme_host_port, net::HttpAuth::AUTH_SERVER, "Realm1",
net::HttpAuth::AUTH_SCHEME_BASIC, net::NetworkIsolationKey(),
"basic realm=Realm1", net::AuthCredentials(user, password), "/");
test_clock.Advance(base::Hours(1)); // Time now 13:00
cache->Add(origin, net::HttpAuth::AUTH_PROXY, "Realm2",
cache->Add(scheme_host_port, net::HttpAuth::AUTH_PROXY, "Realm2",
net::HttpAuth::AUTH_SCHEME_BASIC, net::NetworkIsolationKey(),
"basic realm=Realm2", net::AuthCredentials(user, password), "/");
ASSERT_EQ(2u, cache->GetEntriesSizeForTesting());
ASSERT_NE(nullptr, cache->Lookup(origin, net::HttpAuth::AUTH_SERVER, "Realm1",
net::HttpAuth::AUTH_SCHEME_BASIC,
ASSERT_NE(nullptr, cache->Lookup(scheme_host_port, net::HttpAuth::AUTH_SERVER,
"Realm1", net::HttpAuth::AUTH_SCHEME_BASIC,
net::NetworkIsolationKey()));
ASSERT_NE(nullptr, cache->Lookup(origin, net::HttpAuth::AUTH_PROXY, "Realm2",
net::HttpAuth::AUTH_SCHEME_BASIC,
ASSERT_NE(nullptr, cache->Lookup(scheme_host_port, net::HttpAuth::AUTH_PROXY,
"Realm2", net::HttpAuth::AUTH_SCHEME_BASIC,
net::NetworkIsolationKey()));
base::RunLoop run_loop;
@ -1952,11 +1956,11 @@ TEST_F(NetworkContextTest, ClearAllHttpAuthCache) {
run_loop.Run();
EXPECT_EQ(0u, cache->GetEntriesSizeForTesting());
EXPECT_EQ(nullptr, cache->Lookup(origin, net::HttpAuth::AUTH_SERVER, "Realm1",
net::HttpAuth::AUTH_SCHEME_BASIC,
EXPECT_EQ(nullptr, cache->Lookup(scheme_host_port, net::HttpAuth::AUTH_SERVER,
"Realm1", net::HttpAuth::AUTH_SCHEME_BASIC,
net::NetworkIsolationKey()));
EXPECT_EQ(nullptr, cache->Lookup(origin, net::HttpAuth::AUTH_PROXY, "Realm2",
net::HttpAuth::AUTH_SCHEME_BASIC,
EXPECT_EQ(nullptr, cache->Lookup(scheme_host_port, net::HttpAuth::AUTH_PROXY,
"Realm2", net::HttpAuth::AUTH_SCHEME_BASIC,
net::NetworkIsolationKey()));
}
@ -2014,10 +2018,10 @@ TEST_F(NetworkContextTest, LookupServerBasicAuthCredentials) {
std::u16string user = u"user";
std::u16string password = u"pass";
cache->Add(origin, net::HttpAuth::AUTH_SERVER, "Realm",
cache->Add(url::SchemeHostPort(origin), net::HttpAuth::AUTH_SERVER, "Realm",
net::HttpAuth::AUTH_SCHEME_BASIC, network_isolation_key1,
"basic realm=Realm", net::AuthCredentials(user, password), "/");
cache->Add(origin2, net::HttpAuth::AUTH_PROXY, "Realm",
cache->Add(url::SchemeHostPort(origin2), net::HttpAuth::AUTH_PROXY, "Realm",
net::HttpAuth::AUTH_SCHEME_BASIC, network_isolation_key1,
"basic realm=Realm", net::AuthCredentials(user, password), "/");
@ -2074,17 +2078,20 @@ TEST_F(NetworkContextTest, LookupProxyAuthCredentials) {
std::u16string user = u"user";
std::u16string password = u"pass";
cache->Add(http_proxy, net::HttpAuth::AUTH_PROXY, "Realm",
net::HttpAuth::AUTH_SCHEME_BASIC, net::NetworkIsolationKey(),
"basic realm=Realm", net::AuthCredentials(user, password),
cache->Add(url::SchemeHostPort(http_proxy), net::HttpAuth::AUTH_PROXY,
"Realm", net::HttpAuth::AUTH_SCHEME_BASIC,
net::NetworkIsolationKey(), "basic realm=Realm",
net::AuthCredentials(user, password),
/* path = */ "");
cache->Add(https_proxy, net::HttpAuth::AUTH_PROXY, "Realm",
net::HttpAuth::AUTH_SCHEME_BASIC, net::NetworkIsolationKey(),
"basic realm=Realm", net::AuthCredentials(user, password),
cache->Add(url::SchemeHostPort(https_proxy), net::HttpAuth::AUTH_PROXY,
"Realm", net::HttpAuth::AUTH_SCHEME_BASIC,
net::NetworkIsolationKey(), "basic realm=Realm",
net::AuthCredentials(user, password),
/* path = */ "");
cache->Add(server_origin, net::HttpAuth::AUTH_SERVER, "Realm",
net::HttpAuth::AUTH_SCHEME_BASIC, net::NetworkIsolationKey(),
"basic realm=Realm", net::AuthCredentials(user, password),
cache->Add(url::SchemeHostPort(server_origin), net::HttpAuth::AUTH_SERVER,
"Realm", net::HttpAuth::AUTH_SCHEME_BASIC,
net::NetworkIsolationKey(), "basic realm=Realm",
net::AuthCredentials(user, password),
/* path = */ "/");
absl::optional<net::AuthCredentials> result = GetProxyAuthCredentials(
network_context.get(),
@ -6205,16 +6212,16 @@ TEST_F(NetworkContextTest, AddHttpAuthCacheEntry) {
EXPECT_FALSE(cache->key_server_entries_by_network_isolation_key());
// Add an AUTH_SERVER cache entry.
GURL url("http://example.test/");
url::SchemeHostPort scheme_host_port(GURL("http://example.test/"));
net::AuthChallengeInfo challenge;
challenge.is_proxy = false;
challenge.challenger = url::Origin::Create(url);
challenge.challenger = url::Origin::Create(scheme_host_port.GetURL());
challenge.scheme = "basic";
challenge.realm = "testrealm";
const char16_t kUsername[] = u"test_user";
const char16_t kPassword[] = u"test_pass";
ASSERT_FALSE(cache->Lookup(url, net::HttpAuth::AUTH_SERVER, challenge.realm,
net::HttpAuth::AUTH_SCHEME_BASIC,
ASSERT_FALSE(cache->Lookup(scheme_host_port, net::HttpAuth::AUTH_SERVER,
challenge.realm, net::HttpAuth::AUTH_SCHEME_BASIC,
net::NetworkIsolationKey()));
base::RunLoop run_loop;
network_context->AddAuthCacheEntry(challenge, net::NetworkIsolationKey(),
@ -6222,26 +6229,26 @@ TEST_F(NetworkContextTest, AddHttpAuthCacheEntry) {
run_loop.QuitClosure());
run_loop.Run();
net::HttpAuthCache::Entry* entry = cache->Lookup(
url, net::HttpAuth::AUTH_SERVER, challenge.realm,
scheme_host_port, net::HttpAuth::AUTH_SERVER, challenge.realm,
net::HttpAuth::AUTH_SCHEME_BASIC, net::NetworkIsolationKey());
ASSERT_TRUE(entry);
EXPECT_EQ(url, entry->origin());
EXPECT_EQ(scheme_host_port, entry->scheme_host_port());
EXPECT_EQ(challenge.realm, entry->realm());
EXPECT_EQ(net::HttpAuth::StringToScheme(challenge.scheme), entry->scheme());
EXPECT_EQ(kUsername, entry->credentials().username());
EXPECT_EQ(kPassword, entry->credentials().password());
// Entry should only have been added for server auth.
EXPECT_FALSE(cache->Lookup(url, net::HttpAuth::AUTH_PROXY, challenge.realm,
net::HttpAuth::AUTH_SCHEME_BASIC,
EXPECT_FALSE(cache->Lookup(scheme_host_port, net::HttpAuth::AUTH_PROXY,
challenge.realm, net::HttpAuth::AUTH_SCHEME_BASIC,
net::NetworkIsolationKey()));
// Add an AUTH_PROXY cache entry.
GURL proxy_url("http://proxy.test/");
url::SchemeHostPort proxy_scheme_host_port(GURL("http://proxy.test/"));
challenge.is_proxy = true;
challenge.challenger = url::Origin::Create(proxy_url);
challenge.challenger = url::Origin::Create(proxy_scheme_host_port.GetURL());
const char16_t kProxyUsername[] = u"test_proxy_user";
const char16_t kProxyPassword[] = u"test_proxy_pass";
ASSERT_FALSE(cache->Lookup(proxy_url, net::HttpAuth::AUTH_PROXY,
ASSERT_FALSE(cache->Lookup(proxy_scheme_host_port, net::HttpAuth::AUTH_PROXY,
challenge.realm, net::HttpAuth::AUTH_SCHEME_BASIC,
net::NetworkIsolationKey()));
base::RunLoop run_loop2;
@ -6250,17 +6257,17 @@ TEST_F(NetworkContextTest, AddHttpAuthCacheEntry) {
net::AuthCredentials(kProxyUsername, kProxyPassword),
run_loop2.QuitClosure());
run_loop2.Run();
entry = cache->Lookup(proxy_url, net::HttpAuth::AUTH_PROXY, challenge.realm,
net::HttpAuth::AUTH_SCHEME_BASIC,
entry = cache->Lookup(proxy_scheme_host_port, net::HttpAuth::AUTH_PROXY,
challenge.realm, net::HttpAuth::AUTH_SCHEME_BASIC,
net::NetworkIsolationKey());
ASSERT_TRUE(entry);
EXPECT_EQ(proxy_url, entry->origin());
EXPECT_EQ(proxy_scheme_host_port, entry->scheme_host_port());
EXPECT_EQ(challenge.realm, entry->realm());
EXPECT_EQ(net::HttpAuth::StringToScheme(challenge.scheme), entry->scheme());
EXPECT_EQ(kProxyUsername, entry->credentials().username());
EXPECT_EQ(kProxyPassword, entry->credentials().password());
// Entry should only have been added for proxy auth.
EXPECT_FALSE(cache->Lookup(proxy_url, net::HttpAuth::AUTH_SERVER,
EXPECT_FALSE(cache->Lookup(proxy_scheme_host_port, net::HttpAuth::AUTH_SERVER,
challenge.realm, net::HttpAuth::AUTH_SCHEME_BASIC,
net::NetworkIsolationKey()));
}
@ -6281,34 +6288,36 @@ TEST_F(NetworkContextTest, AddHttpAuthCacheEntryWithNetworkIsolationKey) {
// Add an AUTH_SERVER cache entry.
GURL url("http://example.test/");
url::Origin origin = url::Origin::Create(url);
url::SchemeHostPort scheme_host_port =
origin.GetTupleOrPrecursorTupleIfOpaque();
net::NetworkIsolationKey network_isolation_key(origin, origin);
net::AuthChallengeInfo challenge;
challenge.is_proxy = false;
challenge.challenger = origin;
challenge.challenger = url::Origin::Create(scheme_host_port.GetURL());
challenge.scheme = "basic";
challenge.realm = "testrealm";
const char16_t kUsername[] = u"test_user";
const char16_t kPassword[] = u"test_pass";
ASSERT_FALSE(cache->Lookup(url, net::HttpAuth::AUTH_SERVER, challenge.realm,
net::HttpAuth::AUTH_SCHEME_BASIC,
ASSERT_FALSE(cache->Lookup(scheme_host_port, net::HttpAuth::AUTH_SERVER,
challenge.realm, net::HttpAuth::AUTH_SCHEME_BASIC,
network_isolation_key));
base::RunLoop run_loop;
network_context->AddAuthCacheEntry(challenge, network_isolation_key,
net::AuthCredentials(kUsername, kPassword),
run_loop.QuitClosure());
run_loop.Run();
net::HttpAuthCache::Entry* entry =
cache->Lookup(url, net::HttpAuth::AUTH_SERVER, challenge.realm,
net::HttpAuth::AUTH_SCHEME_BASIC, network_isolation_key);
net::HttpAuthCache::Entry* entry = cache->Lookup(
scheme_host_port, net::HttpAuth::AUTH_SERVER, challenge.realm,
net::HttpAuth::AUTH_SCHEME_BASIC, network_isolation_key);
ASSERT_TRUE(entry);
EXPECT_EQ(url, entry->origin());
EXPECT_EQ(scheme_host_port, entry->scheme_host_port());
EXPECT_EQ(challenge.realm, entry->realm());
EXPECT_EQ(net::HttpAuth::StringToScheme(challenge.scheme), entry->scheme());
EXPECT_EQ(kUsername, entry->credentials().username());
EXPECT_EQ(kPassword, entry->credentials().password());
// Entry should only be accessibly when using the correct NetworkIsolationKey.
EXPECT_FALSE(cache->Lookup(url, net::HttpAuth::AUTH_SERVER, challenge.realm,
net::HttpAuth::AUTH_SCHEME_BASIC,
EXPECT_FALSE(cache->Lookup(scheme_host_port, net::HttpAuth::AUTH_SERVER,
challenge.realm, net::HttpAuth::AUTH_SCHEME_BASIC,
net::NetworkIsolationKey()));
}
@ -6372,11 +6381,13 @@ TEST_F(NetworkContextTest, CopyHttpAuthCacheProxyEntries) {
->GetSession()
->http_auth_cache();
// The server credentials should not have been copied.
EXPECT_FALSE(cache->Lookup(kURL, net::HttpAuth::AUTH_SERVER, challenge.realm,
net::HttpAuth::AUTH_SCHEME_BASIC,
net::NetworkIsolationKey()));
EXPECT_FALSE(cache->Lookup(
challenge.challenger.GetTupleOrPrecursorTupleIfOpaque(),
net::HttpAuth::AUTH_SERVER, challenge.realm,
net::HttpAuth::AUTH_SCHEME_BASIC, net::NetworkIsolationKey()));
net::HttpAuthCache::Entry* entry = cache->Lookup(
kURL, net::HttpAuth::AUTH_PROXY, challenge.realm,
challenge.challenger.GetTupleOrPrecursorTupleIfOpaque(),
net::HttpAuth::AUTH_PROXY, challenge.realm,
net::HttpAuth::AUTH_SCHEME_BASIC, net::NetworkIsolationKey());
ASSERT_TRUE(entry);
EXPECT_EQ(kProxyUsername, entry->credentials().username());
@ -6437,12 +6448,14 @@ TEST_F(NetworkContextTest, SplitAuthCacheByNetworkIsolationKey) {
// The server credentials should have been deleted.
EXPECT_FALSE(cache->Lookup(
kURL, net::HttpAuth::AUTH_SERVER, challenge.realm,
challenge.challenger.GetTupleOrPrecursorTupleIfOpaque(),
net::HttpAuth::AUTH_SERVER, challenge.realm,
net::HttpAuth::AUTH_SCHEME_BASIC, net::NetworkIsolationKey()));
// The proxy credentials should still be in the cache.
net::HttpAuthCache::Entry* entry = cache->Lookup(
kURL, net::HttpAuth::AUTH_PROXY, challenge.realm,
challenge.challenger.GetTupleOrPrecursorTupleIfOpaque(),
net::HttpAuth::AUTH_PROXY, challenge.realm,
net::HttpAuth::AUTH_SCHEME_BASIC, net::NetworkIsolationKey());
ASSERT_TRUE(entry);
EXPECT_EQ(kProxyUsername, entry->credentials().username());

37
services/network/proxy_resolving_client_socket_unittest.cc

@ -33,6 +33,8 @@
#include "net/url_request/url_request_test_util.h"
#include "services/network/proxy_resolving_client_socket_factory.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "url/gurl.h"
#include "url/scheme_host_port.h"
namespace network {
@ -666,14 +668,16 @@ TEST_P(ProxyResolvingClientSocketTest, MultiroundAuth) {
->GetSession()
->http_auth_cache();
auth_cache->Add(GURL("http://bad:99"), net::HttpAuth::AUTH_PROXY,
"test_realm", net::HttpAuth::AUTH_SCHEME_BASIC,
net::NetworkIsolationKey(), "Basic realm=\"test_realm\"",
auth_cache->Add(url::SchemeHostPort(GURL("http://bad:99")),
net::HttpAuth::AUTH_PROXY, "test_realm",
net::HttpAuth::AUTH_SCHEME_BASIC, net::NetworkIsolationKey(),
"Basic realm=\"test_realm\"",
net::AuthCredentials(u"user", u"password"), std::string());
auth_cache->Add(GURL("http://bad:99"), net::HttpAuth::AUTH_PROXY,
"test_realm2", net::HttpAuth::AUTH_SCHEME_BASIC,
net::NetworkIsolationKey(), "Basic realm=\"test_realm2\"",
auth_cache->Add(url::SchemeHostPort(GURL("http://bad:99")),
net::HttpAuth::AUTH_PROXY, "test_realm2",
net::HttpAuth::AUTH_SCHEME_BASIC, net::NetworkIsolationKey(),
"Basic realm=\"test_realm2\"",
net::AuthCredentials(u"user2", u"password2"), std::string());
ProxyResolvingClientSocketFactory proxy_resolving_socket_factory(
@ -727,9 +731,10 @@ TEST_P(ProxyResolvingClientSocketTest, ReusesHTTPAuthCache_Lookup) {
// We are adding these credentials at an empty path so that it won't be picked
// up by the preemptive authentication step and will only be picked up via
// origin + realm + scheme lookup.
auth_cache->Add(GURL("http://bad:99"), net::HttpAuth::AUTH_PROXY,
"test_realm", net::HttpAuth::AUTH_SCHEME_BASIC,
net::NetworkIsolationKey(), "Basic realm=\"test_realm\"",
auth_cache->Add(url::SchemeHostPort(GURL("http://bad:99")),
net::HttpAuth::AUTH_PROXY, "test_realm",
net::HttpAuth::AUTH_SCHEME_BASIC, net::NetworkIsolationKey(),
"Basic realm=\"test_realm\"",
net::AuthCredentials(u"user", u"password"), std::string());
ProxyResolvingClientSocketFactory proxy_resolving_socket_factory(
@ -760,9 +765,10 @@ TEST_P(ProxyResolvingClientSocketTest, FactoryUsesLatestHTTPAuthCache) {
// We are adding these credentials at an empty path so that it won't be picked
// up by the preemptive authentication step and will only be picked up via
// origin + realm + scheme lookup.
auth_cache->Add(GURL("http://bad:99"), net::HttpAuth::AUTH_PROXY,
"test_realm", net::HttpAuth::AUTH_SCHEME_BASIC,
net::NetworkIsolationKey(), "Basic realm=\"test_realm\"",
auth_cache->Add(url::SchemeHostPort(GURL("http://bad:99")),
net::HttpAuth::AUTH_PROXY, "test_realm",
net::HttpAuth::AUTH_SCHEME_BASIC, net::NetworkIsolationKey(),
"Basic realm=\"test_realm\"",
net::AuthCredentials(u"user", u"password"), std::string());
const GURL kDestination("https://example.com:443");
@ -823,9 +829,10 @@ TEST_P(ProxyResolvingClientSocketTest, ReusesHTTPAuthCache_Preemptive) {
->GetSession()
->http_auth_cache();
auth_cache->Add(GURL("http://bad:99"), net::HttpAuth::AUTH_PROXY,
"test_realm", net::HttpAuth::AUTH_SCHEME_BASIC,
net::NetworkIsolationKey(), "Basic realm=\"test_realm\"",
auth_cache->Add(url::SchemeHostPort(GURL("http://bad:99")),
net::HttpAuth::AUTH_PROXY, "test_realm",
net::HttpAuth::AUTH_SCHEME_BASIC, net::NetworkIsolationKey(),
"Basic realm=\"test_realm\"",
net::AuthCredentials(u"user", u"password"), "/");
ProxyResolvingClientSocketFactory proxy_resolving_socket_factory(