1 files changed, 86 insertions, 0 deletions

diff --git a/netwerk/protocol/http/nsIHttpChannelAuthProvider.idl b/netwerk/protocol/http/nsIHttpChannelAuthProvider.idl
new file mode 100644
index 0000000000..67a1ae217d
--- /dev/null
+++ b/netwerk/protocol/http/nsIHttpChannelAuthProvider.idl
@@ -0,0 +1,86 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set sw=2 ts=8 et tw=80 : */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsICancelable.idl"
+
+interface nsIHttpChannel;
+interface nsIHttpAuthenticableChannel;
+
+/**
+ * nsIHttpChannelAuthProvider
+ *
+ * This interface is intended for providing authentication for http-style
+ * channels, like nsIHttpChannel and nsIWebSocket, which implement the
+ * nsIHttpAuthenticableChannel interface.
+ *
+ * When requesting pages AddAuthorizationHeaders MUST be called
+ * in order to get the http cached headers credentials. When the request is
+ * unsuccessful because of receiving either a 401 or 407 http response code
+ * ProcessAuthentication MUST be called and the page MUST be requested again
+ * with the new credentials that the user has provided. After a successful
+ * request, checkForSuperfluousAuth MAY be called, and disconnect MUST be
+ * called.
+ */
+
+[uuid(788f331b-2e1f-436c-b405-4f88a31a105b)]
+interface nsIHttpChannelAuthProvider : nsICancelable
+{
+  /**
+   * Initializes the http authentication support for the channel.
+   * Implementations must hold a weak reference of the channel.
+   */
+  [must_use] void init(in nsIHttpAuthenticableChannel channel);
+
+  /**
+   * Upon receipt of a server challenge, this function is called to determine
+   * the credentials to send.
+   *
+   * @param httpStatus
+   *        the http status received.
+   * @param sslConnectFailed
+   *        if the last ssl tunnel connection attempt was or not successful.
+   * @param callback
+   *        the callback to be called when it returns NS_ERROR_IN_PROGRESS.
+   *        The implementation must hold a weak reference.
+   *
+   * @returns NS_OK if the credentials were got and set successfully.
+   *          NS_ERROR_IN_PROGRESS if the credentials are going to be asked to
+   *                               the user. The channel reference must be
+   *                               alive until the feedback from
+   *                               nsIHttpAuthenticableChannel's methods or
+   *                               until disconnect be called.
+   */
+  [must_use] void processAuthentication(in unsigned long httpStatus,
+                                        in boolean sslConnectFailed);
+
+  /**
+   * Add credentials from the http auth cache.
+   *
+   * @param dontUseCachedWWWCreds
+   *    When true, the method will not add any Authorization headers from
+   *    the auth cache.
+   */
+  [must_use] void addAuthorizationHeaders(in boolean dontUseCachedWWWCreds);
+
+  /**
+   * Check if an unnecessary(and maybe malicious) url authentication has been
+   * provided.
+   */
+  [must_use] void checkForSuperfluousAuth();
+
+  /**
+   * Cancel pending user auth prompts and release the callback and channel
+   * weak references.
+   */
+  [must_use] void disconnect(in nsresult status);
+
+  /**
+   * Clear the proxy ident to not consider it invalid on re-athentication.
+   * Called when the channel finds out its transaction has been internally
+   * restarted.
+   */
+  void clearProxyIdent();
+};