void NetworkStorageSession::saveCredentialToPersistentStorage(const ProtectionSpace& protectionSpace, const Credential& credential) { #if USE(LIBSECRET) if (m_sessionID.isEphemeral()) return; if (credential.isEmpty()) return; const String& realm = protectionSpace.realm(); if (realm.isEmpty()) return; GRefPtr<GHashTable> attributes = adoptGRef(secret_attributes_build(SECRET_SCHEMA_COMPAT_NETWORK, "domain", realm.utf8().data(), "server", protectionSpace.host().utf8().data(), "port", protectionSpace.port(), "protocol", schemeFromProtectionSpaceServerType(protectionSpace.serverType()), "authtype", authTypeFromProtectionSpaceAuthenticationScheme(protectionSpace.authenticationScheme()), nullptr)); if (!attributes) return; g_hash_table_insert(attributes.get(), g_strdup("user"), g_strdup(credential.user().utf8().data())); CString utf8Password = credential.password().utf8(); GRefPtr<SecretValue> newSecretValue = adoptGRef(secret_value_new(utf8Password.data(), utf8Password.length(), "text/plain")); secret_service_store(nullptr, SECRET_SCHEMA_COMPAT_NETWORK, attributes.get(), SECRET_COLLECTION_DEFAULT, _("WebKitGTK+ password"), newSecretValue.get(), nullptr, nullptr, nullptr); #else UNUSED_PARAM(protectionSpace); UNUSED_PARAM(credential); #endif }
bool CredentialSet::VerifyInternally() const { if (!m_MasterCredential) { otOut << __FUNCTION__ << ": This credential set does not have a master credential.\n"; return false; } // Check for a valid master credential, including whether or not the NymID // and MasterID in the CredentialSet match the master credentials's versions. if (!(m_MasterCredential->Validate())) { otOut << __FUNCTION__ << ": Master Credential failed to verify: " << GetMasterCredID() << "\nNymID: " << GetNymID() << "\n"; return false; } // Check each child credential for validity. for (const auto& it : m_mapCredentials) { std::string str_sub_id = it.first; Credential* pSub = it.second; OT_ASSERT(nullptr != pSub); if (!pSub->Validate()) { otOut << __FUNCTION__ << ": Child credential failed to verify: " << str_sub_id << "\nNymID: " << GetNymID() << "\n"; return false; } } return true; }
CFURLCredentialRef createCF(const Credential& coreCredential) { CFURLCredentialPersistence persistence = kCFURLCredentialPersistenceNone; switch (coreCredential.persistence()) { case CredentialPersistenceNone: break; case CredentialPersistenceForSession: persistence = kCFURLCredentialPersistenceForSession; break; case CredentialPersistencePermanent: persistence = kCFURLCredentialPersistencePermanent; break; default: ASSERT_NOT_REACHED(); } #if CERTIFICATE_CREDENTIALS_SUPPORTED if (coreCredential.type() == CredentialTypeClientCertificate) return CFURLCredentialCreateWithIdentityAndCertificateArray(kCFAllocatorDefault, coreCredential.identity(), coreCredential.certificates(), persistence); #endif CFStringRef user = coreCredential.user().createCFString(); CFStringRef password = coreCredential.password().createCFString(); CFURLCredentialRef result = CFURLCredentialCreate(0, user, password, 0, persistence); CFRelease(user); CFRelease(password); return result; }
void ResourceHandle::receivedCredential(const AuthenticationChallenge& challenge, const Credential& credential) { LOG(Network, "CFNet - receivedCredential()"); ASSERT(!challenge.isNull()); ASSERT(challenge.cfURLAuthChallengeRef()); if (challenge != d->m_currentWebChallenge) return; // FIXME: Support empty credentials. Currently, an empty credential cannot be stored in WebCore credential storage, as that's empty value for its map. if (credential.isEmpty()) { receivedRequestToContinueWithoutCredential(challenge); return; } if (credential.persistence() == CredentialPersistenceForSession) { // Manage per-session credentials internally, because once NSURLCredentialPersistencePerSession is used, there is no way // to ignore it for a particular request (short of removing it altogether). Credential webCredential(credential.user(), credential.password(), CredentialPersistenceNone); RetainPtr<CFURLCredentialRef> cfCredential = adoptCF(createCF(webCredential)); URL urlToStore; if (challenge.failureResponse().httpStatusCode() == 401) urlToStore = challenge.failureResponse().url(); CredentialStorage::set(webCredential, challenge.protectionSpace(), urlToStore); CFURLConnectionUseCredential(d->m_connection.get(), cfCredential.get(), challenge.cfURLAuthChallengeRef()); } else { RetainPtr<CFURLCredentialRef> cfCredential = adoptCF(createCF(credential)); CFURLConnectionUseCredential(d->m_connection.get(), cfCredential.get(), challenge.cfURLAuthChallengeRef()); } clearAuthentication(); }
// Bad password should return an authentication failure. TEST(SASL, failed1) { // Set up secrets. map<string, string> secrets; secrets["benh"] = "secret1"; sasl::secrets::load(secrets); // Launch a dummy process (somebody to send the AuthenticateMessage). UPID pid = spawn(new ProcessBase(), true); Credential credential; credential.set_principal("benh"); credential.set_secret("secret"); Authenticatee authenticatee(credential, UPID()); Future<Message> message = FUTURE_MESSAGE(Eq(AuthenticateMessage().GetTypeName()), _, _); Future<bool> client = authenticatee.authenticate(pid); AWAIT_READY(message); Authenticator authenticator(message.get().from); Future<bool> server = authenticator.authenticate(); AWAIT_EQ(false, client); AWAIT_EQ(false, server); terminate(pid); }
OCStackResult OCSecureResource::provisionPairwiseDevices(const Credential &cred, const OicSecAcl_t* acl1, const OCSecureResource &device2, const OicSecAcl_t* acl2, ResultCallBack resultCallback) { if(!resultCallback) { oclog() << "Result calback can't be null"; return OC_STACK_INVALID_PARAM; } OCStackResult result; auto cLock = m_csdkLock.lock(); if(cLock) { ProvisionContext* context = new ProvisionContext(resultCallback); std::lock_guard<std::recursive_mutex> lock(*cLock); result = OCProvisionPairwiseDevices(static_cast<void*>(context), cred.getCredentialType(), cred.getCredentialKeySize(), devPtr, const_cast<OicSecAcl_t*>(acl1), device2.getDevPtr(), const_cast<OicSecAcl_t*>(acl2), &OCSecureResource::callbackWrapper); } else { oclog() <<"Mutex not found"; result = OC_STACK_ERROR; } return result; }
// Testing route with bad credentials. TEST_F(TeardownTest, BadCredentials) { Try<Owned<cluster::Master>> master = StartMaster(); ASSERT_SOME(master); MockScheduler sched; MesosSchedulerDriver driver( &sched, DEFAULT_FRAMEWORK_INFO, master.get()->pid, DEFAULT_CREDENTIAL); Future<FrameworkID> frameworkId; EXPECT_CALL(sched, registered(&driver, _, _)) .WillOnce(FutureArg<1>(&frameworkId)); ASSERT_EQ(DRIVER_RUNNING, driver.start()); AWAIT_READY(frameworkId); Credential badCredential; badCredential.set_principal("badPrincipal"); badCredential.set_secret("badSecret"); Future<Response> response = process::http::post( master.get()->pid, "teardown", createBasicAuthHeaders(badCredential), "frameworkId=" + frameworkId.get().value()); AWAIT_READY(response); AWAIT_EXPECT_RESPONSE_STATUS_EQ(Unauthorized({}).status, response); driver.stop(); driver.join(); }
void ResourceHandle::willSendRequest(ResourceRequest& request, const ResourceResponse& redirectResponse) { const KURL& url = request.url(); d->m_user = url.user(); d->m_pass = url.pass(); d->m_lastHTTPMethod = request.httpMethod(); request.removeCredentials(); if (!protocolHostAndPortAreEqual(request.url(), redirectResponse.url())) { // If the network layer carries over authentication headers from the original request // in a cross-origin redirect, we want to clear those headers here. request.clearHTTPAuthorization(); } else { // Only consider applying authentication credentials if this is actually a redirect and the redirect // URL didn't include credentials of its own. if (d->m_user.isEmpty() && d->m_pass.isEmpty() && !redirectResponse.isNull()) { Credential credential = CredentialStorage::get(request.url()); if (!credential.isEmpty()) { d->m_initialCredential = credential; // FIXME: Support Digest authentication, and Proxy-Authorization. applyBasicAuthorizationHeader(request, d->m_initialCredential); } } } #if USE(CFURLSTORAGESESSIONS) request.setStorageSession(ResourceHandle::currentStorageSession()); #endif client()->willSendRequest(this, request, redirectResponse); }
void MediaPlayerPrivate::notifyChallengeResult(const KURL& url, const ProtectionSpace& protectionSpace, AuthenticationChallengeResult result, const Credential& credential) { if (result != AuthenticationChallengeSuccess || !url.isValid()) return; m_platformPlayer->reloadWithCredential(credential.user().utf8(true).data(), credential.password().utf8(true).data(), static_cast<MMRAuthChallenge::CredentialPersistence>(credential.persistence())); }
void CredentialTransformData::setCredential(const Credential& credential) { if (!m_isValid) return; m_credential = credential; m_userNameElement->setValue(credential.user()); m_passwordElement->setValue(credential.password()); }
inline process::http::Headers createBasicAuthHeaders( const Credential& credential) { return process::http::Headers{{ "Authorization", "Basic " + base64::encode(credential.principal() + ":" + credential.secret()) }}; }
// Testing get without authentication and with bad credentials. TEST_F(HealthTest, ObserveEndpointBadAuthentication) { // Set up a master with authentication required. // Note that the default master test flags enable HTTP authentication. Try<PID<Master>> master = StartMaster(); ASSERT_SOME(master); // Headers for POSTs to maintenance endpoints without authentication. process::http::Headers unauthenticatedHeaders; unauthenticatedHeaders["Content-Type"] = "application/json"; // Bad credentials which should fail authentication. Credential badCredential; badCredential.set_principal("badPrincipal"); badCredential.set_secret("badSecret"); // Headers for POSTs to maintenance endpoints with bad authentication. process::http::Headers badAuthenticationHeaders; badAuthenticationHeaders = createBasicAuthHeaders(badCredential); badAuthenticationHeaders["Content-Type"] = "application/json"; // Post to observe without authentication. Future<Response> response = process::http::post( master.get(), "observe", unauthenticatedHeaders, "monitor=a&hosts=b&level=Ok"); AWAIT_EXPECT_RESPONSE_STATUS_EQ(Unauthorized({}).status, response); // Get request without authentication. response = process::http::get(master.get(), "observe"); AWAIT_EXPECT_RESPONSE_STATUS_EQ(Unauthorized({}).status, response); // Post to observe with bad authentication. response = process::http::post( master.get(), "observe", badAuthenticationHeaders, "monitor=a&hosts=b&level=Ok"); AWAIT_EXPECT_RESPONSE_STATUS_EQ(Unauthorized({}).status, response); // Get request with bad authentication. response = process::http::get( master.get(), "observe", None(), createBasicAuthHeaders(badCredential)); AWAIT_EXPECT_RESPONSE_STATUS_EQ(Unauthorized({}).status, response); Shutdown(); }
void ResourceHandle::didReceiveAuthenticationChallenge(const AuthenticationChallenge& challenge) { LOG(Network, "CFNet - didReceiveAuthenticationChallenge()"); ASSERT(d->m_currentWebChallenge.isNull()); // Since CFURLConnection networking relies on keeping a reference to the original CFURLAuthChallengeRef, // we make sure that is actually present ASSERT(challenge.cfURLAuthChallengeRef()); ASSERT(challenge.authenticationClient() == this); // Should be already set. if (!d->m_user.isNull() && !d->m_pass.isNull()) { RetainPtr<CFStringRef> user(AdoptCF, d->m_user.createCFString()); RetainPtr<CFStringRef> pass(AdoptCF, d->m_pass.createCFString()); RetainPtr<CFURLCredentialRef> credential(AdoptCF, CFURLCredentialCreate(kCFAllocatorDefault, user.get(), pass.get(), 0, kCFURLCredentialPersistenceNone)); KURL urlToStore; if (challenge.failureResponse().httpStatusCode() == 401) urlToStore = firstRequest().url(); CredentialStorage::set(core(credential.get()), challenge.protectionSpace(), urlToStore); CFURLConnectionUseCredential(d->m_connection.get(), credential.get(), challenge.cfURLAuthChallengeRef()); d->m_user = String(); d->m_pass = String(); // FIXME: Per the specification, the user shouldn't be asked for credentials if there were incorrect ones provided explicitly. return; } if (!client() || client()->shouldUseCredentialStorage(this)) { if (!d->m_initialCredential.isEmpty() || challenge.previousFailureCount()) { // The stored credential wasn't accepted, stop using it. // There is a race condition here, since a different credential might have already been stored by another ResourceHandle, // but the observable effect should be very minor, if any. CredentialStorage::remove(challenge.protectionSpace()); } if (!challenge.previousFailureCount()) { Credential credential = CredentialStorage::get(challenge.protectionSpace()); if (!credential.isEmpty() && credential != d->m_initialCredential) { ASSERT(credential.persistence() == CredentialPersistenceNone); if (challenge.failureResponse().httpStatusCode() == 401) { // Store the credential back, possibly adding it as a default for this directory. CredentialStorage::set(credential, challenge.protectionSpace(), firstRequest().url()); } RetainPtr<CFURLCredentialRef> cfCredential(AdoptCF, createCF(credential)); CFURLConnectionUseCredential(d->m_connection.get(), cfCredential.get(), challenge.cfURLAuthChallengeRef()); return; } } } d->m_currentWebChallenge = challenge; if (client()) client()->didReceiveAuthenticationChallenge(this, d->m_currentWebChallenge); }
void MediaPlayerPrivate::onAuthenticationAccepted(const MMRAuthChallenge& authChallenge) const { KURL url(ParsedURLString, WTF::String(authChallenge.url().c_str())); if (!url.isValid()) return; ProtectionSpace protectionSpace = generateProtectionSpaceFromMMRAuthChallenge(authChallenge); Credential savedCredential = CredentialStorage::get(protectionSpace); if (savedCredential.isEmpty()) CredentialStorage::set(Credential(authChallenge.username().c_str(), authChallenge.password().c_str(), static_cast<CredentialPersistence>(authChallenge.persistence())), protectionSpace, url); }
bool ResourceHandle::tryHandlePasswordBasedAuthentication(const AuthenticationChallenge& challenge) { if (!challenge.protectionSpace().isPasswordBased()) return false; if (!d->m_user.isNull() && !d->m_pass.isNull()) { RetainPtr<CFURLCredentialRef> cfCredential = adoptCF(CFURLCredentialCreate(kCFAllocatorDefault, d->m_user.createCFString().get(), d->m_pass.createCFString().get(), 0, kCFURLCredentialPersistenceNone)); #if PLATFORM(COCOA) Credential credential = Credential(cfCredential.get()); #else Credential credential = core(cfCredential.get()); #endif URL urlToStore; if (challenge.failureResponse().httpStatusCode() == 401) urlToStore = challenge.failureResponse().url(); d->m_context->storageSession().credentialStorage().set(credential, challenge.protectionSpace(), urlToStore); CFURLConnectionUseCredential(d->m_connection.get(), cfCredential.get(), challenge.cfURLAuthChallengeRef()); d->m_user = String(); d->m_pass = String(); // FIXME: Per the specification, the user shouldn't be asked for credentials if there were incorrect ones provided explicitly. return true; } if (!client() || client()->shouldUseCredentialStorage(this)) { if (!d->m_initialCredential.isEmpty() || challenge.previousFailureCount()) { // The stored credential wasn't accepted, stop using it. // There is a race condition here, since a different credential might have already been stored by another ResourceHandle, // but the observable effect should be very minor, if any. d->m_context->storageSession().credentialStorage().remove(challenge.protectionSpace()); } if (!challenge.previousFailureCount()) { Credential credential = d->m_context->storageSession().credentialStorage().get(challenge.protectionSpace()); if (!credential.isEmpty() && credential != d->m_initialCredential) { ASSERT(credential.persistence() == CredentialPersistenceNone); if (challenge.failureResponse().httpStatusCode() == 401) { // Store the credential back, possibly adding it as a default for this directory. d->m_context->storageSession().credentialStorage().set(credential, challenge.protectionSpace(), challenge.failureResponse().url()); } #if PLATFORM(COCOA) CFURLConnectionUseCredential(d->m_connection.get(), credential.cfCredential(), challenge.cfURLAuthChallengeRef()); #else RetainPtr<CFURLCredentialRef> cfCredential = adoptCF(createCF(credential)); CFURLConnectionUseCredential(d->m_connection.get(), cfCredential.get(), challenge.cfURLAuthChallengeRef()); #endif return true; } } } return false; }
Credential::Credential(const Credential& original, CredentialPersistence persistence) : m_user(original.user()) , m_password(original.password()) , m_persistence(persistence) #if CERTIFICATE_CREDENTIALS_SUPPORTED , m_identity(original.identity()) , m_certificates(original.certificates()) , m_type(original.type()) #endif { }
int main(int argc, char** argv) { if (argc != 2) { cerr << "Usage: " << argv[0] << " <master>" << endl; return -1; } DockerNoExecutorScheduler scheduler; FrameworkInfo framework; framework.set_user(""); // Have Mesos fill in the current user. framework.set_name("Docker No Executor Framework (C++)"); framework.set_checkpoint(true); MesosSchedulerDriver* driver; if (os::getenv("MESOS_AUTHENTICATE_FRAMEWORKS").isSome()) { cout << "Enabling authentication for the framework" << endl; Option<string> value = os::getenv("DEFAULT_PRINCIPAL"); if (value.isNone()) { EXIT(EXIT_FAILURE) << "Expecting authentication principal in the environment"; } Credential credential; credential.set_principal(value.get()); framework.set_principal(value.get()); value = os::getenv("DEFAULT_SECRET"); if (value.isNone()) { EXIT(EXIT_FAILURE) << "Expecting authentication secret in the environment"; } credential.set_secret(value.get()); driver = new MesosSchedulerDriver( &scheduler, framework, argv[1], credential); } else { framework.set_principal("no-executor-framework-cpp"); driver = new MesosSchedulerDriver( &scheduler, framework, argv[1]); } int status = driver->run() == DRIVER_STOPPED ? 0 : 1; // Ensure that the driver process terminates. driver->stop(); delete driver; return status; }
int main(int argc, char** argv) { if (argc != 2) { cerr << "Usage: " << argv[0] << " <master>" << endl; return -1; } NoExecutorScheduler scheduler; FrameworkInfo framework; framework.set_user(""); // Have Mesos fill in the current user. framework.set_name("No Executor Framework (C++)"); // TODO(vinod): Make checkpointing the default when it is default // on the slave. if (os::hasenv("MESOS_CHECKPOINT")) { cout << "Enabling checkpoint for the framework" << endl; framework.set_checkpoint(true); } MesosSchedulerDriver* driver; if (os::hasenv("MESOS_AUTHENTICATE")) { cout << "Enabling authentication for the framework" << endl; if (!os::hasenv("DEFAULT_PRINCIPAL")) { EXIT(1) << "Expecting authentication principal in the environment"; } if (!os::hasenv("DEFAULT_SECRET")) { EXIT(1) << "Expecting authentication secret in the environment"; } Credential credential; credential.set_principal(getenv("DEFAULT_PRINCIPAL")); credential.set_secret(getenv("DEFAULT_SECRET")); driver = new MesosSchedulerDriver( &scheduler, framework, argv[1], credential); } else { driver = new MesosSchedulerDriver( &scheduler, framework, argv[1]); } int status = driver->run() == DRIVER_STOPPED ? 0 : 1; // Ensure that the driver process terminates. driver->stop(); delete driver; return status; }
bool PluginView::getAuthenticationInfo(const ProtectionSpace& protectionSpace, String& username, String& password) { Credential credential = CredentialStorage::get(protectionSpace); if (credential.isEmpty()) credential = CredentialStorage::getFromPersistentStorage(protectionSpace); if (!credential.hasPassword()) return false; username = credential.user(); password = credential.password(); return true; }
// This test verifies that a missing secret fails the authenticatee. TYPED_TEST(CRAMMD5Authentication, AuthenticateeSecretMissing) { Credential credential; credential.set_principal("benh"); Try<Authenticatee*> authenticatee = TypeParam::TypeAuthenticatee::create(); CHECK_SOME(authenticatee); Future<bool> future = authenticatee.get()->authenticate(UPID(), UPID(), credential); AWAIT_EQ(false, future); delete authenticatee.get(); }
static bool getStoredCONNECTProxyCredentials(const ProtectionSpace& protectionSpace, String& login, String& password) { // Try system credential storage first, matching HTTP behavior (CFNetwork only asks the client for password if it couldn't find it in Keychain). Credential storedCredential = CredentialStorage::getFromPersistentStorage(protectionSpace); if (storedCredential.isEmpty()) storedCredential = CredentialStorage::get(protectionSpace); if (storedCredential.isEmpty()) return false; login = storedCredential.user(); password = storedCredential.password(); return true; }
void MediaPlayerPrivate::onAuthenticationNeeded(MMRAuthChallenge& authChallenge) { KURL url(ParsedURLString, String(authChallenge.url().c_str())); if (!url.isValid()) return; ProtectionSpace protectionSpace = generateProtectionSpaceFromMMRAuthChallenge(authChallenge); Credential credential = CredentialStorage::get(protectionSpace); if (!credential.isEmpty()) { notifyChallengeResult(url, protectionSpace, AuthenticationChallengeSuccess, credential); return; } if (frameView() && frameView()->hostWindow()) frameView()->hostWindow()->platformPageClient()->authenticationChallenge(url, protectionSpace, credential, this); }
void ResourceHandle::receivedCredential(const AuthenticationChallenge& challenge, const Credential& credential) { ASSERT(!challenge.isNull()); if (challenge != d->m_currentWebChallenge) return; if (credential.isEmpty()) { receivedRequestToContinueWithoutCredential(challenge); return; } KURL urlToStore; urlToStore = d->m_request.url(); CredentialStorage::set(credential, challenge.protectionSpace(), urlToStore); clearAuthentication(); // Clone our ResourceHandle and add it so that it is send with the credential. // FIXME: We should have a way of cloning an handle. RefPtr<ResourceHandle> newHandle = ResourceHandle::create(request(), client(), 0, d->m_defersLoading, shouldContentSniff()); setClient(0); // Clear the client to avoid it being cleared by WebCore. AuthenticationChallenge newAuthenticationChallenge(challenge.protectionSpace(), credential, challenge.previousFailureCount() + 1, challenge.failureResponse(), challenge.error()); // Store the new authentication challenge. newHandle->getInternal()->m_currentWebChallenge = newAuthenticationChallenge; d->m_cancelled = true; }
void ResourceHandle::didReceiveAuthenticationChallenge(const AuthenticationChallenge& challenge) { if (!d->m_user.isNull() && !d->m_pass.isNull()) { Credential credential(d->m_user, d->m_pass, CredentialPersistenceNone); URL urlToStore; if (challenge.failureResponse().httpStatusCode() == 401) urlToStore = challenge.failureResponse().url(); CredentialStorage::set(credential, challenge.protectionSpace(), urlToStore); String userpass = credential.user() + ":" + credential.password(); curl_easy_setopt(d->m_handle, CURLOPT_USERPWD, userpass.utf8().data()); d->m_user = String(); d->m_pass = String(); // FIXME: Per the specification, the user shouldn't be asked for credentials if there were incorrect ones provided explicitly. return; } if (shouldUseCredentialStorage()) { if (!d->m_initialCredential.isEmpty() || challenge.previousFailureCount()) { // The stored credential wasn't accepted, stop using it. // There is a race condition here, since a different credential might have already been stored by another ResourceHandle, // but the observable effect should be very minor, if any. CredentialStorage::remove(challenge.protectionSpace()); } if (!challenge.previousFailureCount()) { Credential credential = CredentialStorage::get(challenge.protectionSpace()); if (!credential.isEmpty() && credential != d->m_initialCredential) { ASSERT(credential.persistence() == CredentialPersistenceNone); if (challenge.failureResponse().httpStatusCode() == 401) { // Store the credential back, possibly adding it as a default for this directory. CredentialStorage::set(credential, challenge.protectionSpace(), challenge.failureResponse().url()); } String userpass = credential.user() + ":" + credential.password(); curl_easy_setopt(d->m_handle, CURLOPT_USERPWD, userpass.utf8().data()); return; } } } d->m_currentWebChallenge = challenge; if (client()) client()->didReceiveAuthenticationChallenge(this, d->m_currentWebChallenge); }
void MediaPlayerPrivate::onAuthenticationNeeded(MMRAuthChallenge& authChallenge) { KURL url(ParsedURLString, WTF::String(authChallenge.url().c_str())); if (!url.isValid()) return; ProtectionSpace protectionSpace = generateProtectionSpaceFromMMRAuthChallenge(authChallenge); Credential credential = CredentialStorage::get(protectionSpace); if (!credential.isEmpty()) { notifyChallengeResult(url, protectionSpace, AuthenticationChallengeSuccess, credential); return; } m_isAuthenticationChallenging = true; AuthenticationChallengeManager::instance()->authenticationChallenge(url, protectionSpace, credential, this, m_webCorePlayer->mediaPlayerClient()->mediaPlayerHostWindow()->platformPageClient()); }
CwGenericOutline(const Credential& _credential, khm_int32 _attr_id, int _column) : credential(_credential), attr_id(_attr_id), CwOutline(_column) { InsertChildAfter(el_text = PNEW StaticTextElement(credential.GetAttribStringObj(attr_id))); }
static void setAuthCredentials(NetworkRequest& platformRequest, const AuthenticationChallenge& challenge) { if (challenge.isNull()) return; Credential credential = challenge.proposedCredential(); const ProtectionSpace& protectionSpace = challenge.protectionSpace(); String username = credential.user(); String password = credential.password(); NetworkRequest::AuthType authType; NetworkRequest::AuthProtocol authProtocol; NetworkRequest::AuthScheme authScheme; protectionSpaceToPlatformAuth(protectionSpace, authType, authProtocol, authScheme); if (authType != NetworkRequest::AuthTypeNone && authProtocol != NetworkRequest::AuthProtocolNone && authScheme != NetworkRequest::AuthSchemeNone) platformRequest.setCredentials(authType, authProtocol, authScheme, username.utf8().data(), password.utf8().data()); }
bool MediaPlayerPrivate::onAuthenticationNeeded(MMRAuthChallenge& authChallenge) { KURL url(ParsedURLString, String(authChallenge.url().c_str())); if (!url.isValid()) return false; ProtectionSpace protectionSpace = generateProtectionSpaceFromMMRAuthChallenge(authChallenge); Credential credential = CredentialStorage::get(protectionSpace); bool isConfirmed = false; if (credential.isEmpty()) { if (frameView() && frameView()->hostWindow()) isConfirmed = frameView()->hostWindow()->platformPageClient()->authenticationChallenge(url, protectionSpace, credential); } else isConfirmed = true; if (isConfirmed) authChallenge.setCredential(credential.user().utf8().data(), credential.password().utf8().data(), static_cast<MMRAuthChallenge::CredentialPersistence>(credential.persistence())); return isConfirmed; }
void WebDownload::didReceiveAuthenticationChallenge(CFURLAuthChallengeRef challenge) { // Try previously stored credential first. if (!CFURLAuthChallengeGetPreviousFailureCount(challenge)) { Credential credential = CredentialStorage::get(core(CFURLAuthChallengeGetProtectionSpace(challenge))); if (!credential.isEmpty()) { RetainPtr<CFURLCredentialRef> cfCredential(AdoptCF, createCF(credential)); CFURLDownloadUseCredential(m_download.get(), cfCredential.get(), challenge); return; } } COMPtr<IWebURLAuthenticationChallenge> webChallenge(AdoptCOM, WebURLAuthenticationChallenge::createInstance(AuthenticationChallenge(challenge, 0), this)); if (SUCCEEDED(m_delegate->didReceiveAuthenticationChallenge(this, webChallenge.get()))) return; cancelAuthenticationChallenge(webChallenge.get()); }
void ResourceHandle::willSendRequest(ResourceRequest& request, const ResourceResponse& redirectResponse) { const URL& url = request.url(); d->m_user = url.user(); d->m_pass = url.pass(); d->m_lastHTTPMethod = request.httpMethod(); request.removeCredentials(); if (!protocolHostAndPortAreEqual(request.url(), redirectResponse.url())) { // The network layer might carry over some headers from the original request that // we want to strip here because the redirect is cross-origin. request.clearHTTPAuthorization(); request.clearHTTPOrigin(); } else { // Only consider applying authentication credentials if this is actually a redirect and the redirect // URL didn't include credentials of its own. if (d->m_user.isEmpty() && d->m_pass.isEmpty() && !redirectResponse.isNull()) { Credential credential = CredentialStorage::get(request.url()); if (!credential.isEmpty()) { d->m_initialCredential = credential; // FIXME: Support Digest authentication, and Proxy-Authorization. applyBasicAuthorizationHeader(request, d->m_initialCredential); } } } Ref<ResourceHandle> protect(*this); if (client()->usesAsyncCallbacks()) client()->willSendRequestAsync(this, request, redirectResponse); else { client()->willSendRequest(this, request, redirectResponse); // Client call may not preserve the session, especially if the request is sent over IPC. if (!request.isNull()) { request.setStorageSession(d->m_storageSession.get()); d->m_currentRequest = request; } } }