Use AuthCredentials throughout the network stack instead of username/password.

net/base/auth.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/base/auth.h"
+#include "net/base/zap.h"
 
 namespace net {
 
 AuthChallengeInfo::AuthChallengeInfo() : is_proxy(false) {
 }
 
 bool AuthChallengeInfo::Equals(const AuthChallengeInfo& that) const {
   return (this->is_proxy == that.is_proxy &&
           this->challenger.Equals(that.challenger) &&
           this->scheme == that.scheme &&
           this->realm == that.realm);
 }
 
 AuthChallengeInfo::~AuthChallengeInfo() {
 }
 
 AuthData::AuthData() : state(AUTH_STATE_NEED_AUTH) {
 }
 
 AuthData::~AuthData() {
 }
 
 AuthCredentials::AuthCredentials() {
 }
 
+AuthCredentials::AuthCredentials(const string16& username,
+                                 const string16& password)
+    : username_(username),
+      password_(password) {
+}
+
 AuthCredentials::~AuthCredentials() {
+  // Wipe our copy of the password from memory, to reduce the chance of being
+  // written to the paging file on disk.
+  ZapString(&password_);
+}
+
+bool AuthCredentials::Equals(const AuthCredentials& other) const {
+  return username_ == other.username_ && password_ == other.password_;
+}
+
+bool AuthCredentials::Empty() const {
+  return username_.empty() && password_.empty();
+}
+
+void AuthCredentials::Set(const string16& username, const string16& password) {
+  username_ = username;
+  password_ = password;

[asanka, 2011/10/27 20:01:20]

Zap password_ before assignment?

Also consider assignment of AuthCredentials objects.  I.e. a construct like
'credentials = AuthCredentials()' should cause credentials.password_ to be
zapped.

[cbentzel, 2011/10/28 02:18:40]

As we discussed, I'll change behavior in another CL. This is intended to be a
refactor only.

 }
 
 }  // namespace net