| // Copyright 2020 The Chromium OS Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "system-proxy/http_util.h" |
| |
| #include <array> |
| #include <string_view> |
| |
| #include <base/strings/stringprintf.h> |
| #include <base/strings/string_split.h> |
| #include <base/strings/string_tokenizer.h> |
| |
| namespace { |
| // The elements in this array are used to identify the end of a HTTP header |
| // which should be an empty line. Note: all HTTP header lines end with CRLF. |
| // RFC7230, section 3.5 allow LF (without CR) as a valid end of header. HTTP |
| // connect requests don't have a body so end of header is end of request. |
| static const std::array<std::string, 2> kValidHttpHeaderEnd = {"\r\n\n", |
| "\r\n\r\n"}; |
| constexpr char kConnectMethod[] = "CONNECT"; |
| constexpr char kProxyAuthenticate[] = "Proxy-Authenticate:"; |
| const std::string_view kRealm = "realm="; |
| } // namespace |
| |
| namespace system_proxy { |
| |
| bool IsEndingWithHttpEmptyLine(const base::StringPiece& http_header_line) { |
| for (const auto& header_end : kValidHttpHeaderEnd) { |
| if (http_header_line.size() > header_end.size() && |
| std::memcmp(header_end.data(), |
| http_header_line.data() + http_header_line.size() - |
| header_end.size(), |
| header_end.size()) == 0) { |
| return true; |
| } |
| } |
| return false; |
| } |
| |
| std::string GetUriAuthorityFromHttpHeader( |
| const base::StringPiece& http_request) { |
| // Request-Line ends with CRLF (RFC2616, section 5.1). |
| size_t i = http_request.find_first_of("\r\n"); |
| if (i == base::StringPiece::npos) |
| return std::string(); |
| // Elements are delimited by non-breaking space (SP). |
| auto pieces = |
| base::SplitString(http_request.substr(0, i), " ", base::TRIM_WHITESPACE, |
| base::SPLIT_WANT_NONEMPTY); |
| // Request-Line has the format: Method SP Request-URI SP HTTP-Version CRLF. |
| if (pieces.size() < 3) |
| return std::string(); |
| if (pieces[0] != kConnectMethod) |
| return std::string(); |
| |
| return pieces[1]; |
| } |
| |
| SchemeRealmPairList ParseAuthChallenge(const base::StringPiece& http_request) { |
| SchemeRealmPairList scheme_realm_pairs; |
| std::string scheme; |
| std::string realm; |
| std::vector<base::StringPiece> header_lines = base::SplitStringPiece( |
| http_request, "\r\n", base::TRIM_WHITESPACE, base::SPLIT_WANT_NONEMPTY); |
| |
| for (const auto& line : header_lines) { |
| const std::string request_line = line.as_string(); |
| base::StringTokenizer tok_challenge(request_line, " "); |
| tok_challenge.GetNext(); |
| if (tok_challenge.token() != kProxyAuthenticate) { |
| continue; |
| } |
| |
| tok_challenge.GetNext(); |
| scheme = tok_challenge.token(); |
| realm = std::string(); |
| // Depending on the challenge scheme, the challenge can contain a |
| // comma-separated list of authenticatio parameters. See RFC7235, |
| // section 4.3. |
| base::StringTokenizer tok_realm(tok_challenge.token_end(), |
| request_line.end(), ","); |
| tok_realm.set_quote_chars("\""); |
| while (tok_realm.GetNext()) { |
| int pos = tok_realm.token().find(kRealm); |
| if (pos != std::string::npos) { |
| realm = tok_realm.token().substr(pos + kRealm.size()); |
| } |
| } |
| scheme_realm_pairs.push_back(std::make_pair(scheme, realm)); |
| } |
| |
| return scheme_realm_pairs; |
| } |
| |
| } // namespace system_proxy |