Support Kerberos on Android

net/android/java/src/org/chromium/net/HttpNegotiateAuthenticator.java

+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+package org.chromium.net;
+
+import android.accounts.AccountManager;
+import android.accounts.AccountManagerCallback;
+import android.accounts.AccountManagerFuture;
+import android.accounts.AuthenticatorException;
+import android.accounts.OperationCanceledException;
+import android.app.Activity;
+import android.os.Bundle;
+import android.os.Handler;
+import android.os.Parcelable;
+
+import org.chromium.base.ApplicationStatus;
+import org.chromium.base.CalledByNative;
+import org.chromium.base.JNINamespace;
+import org.chromium.base.VisibleForTesting;
+
+import java.io.IOException;
+
+/**
+ * Class to get Auth Tokens for HTTP Negotiate authentication (typically used for Kerberos)
+ * An instance of this class is created for each separate negotiation.
+ */
+@JNINamespace("net::android")
+public class HttpNegotiateAuthenticator {
+    static final String KEY_INCOMING_AUTH_TOKEN = "incomingAuthToken";
+    static final String KEY_SPNEGO_CONTEXT = "spnegoContext";
+
+    static final String SPNEGO_FEATURE = "SPNEGO";
+    static final String SPNEGO_TOKEN_TYPE_BASE = "SPNEGO:HOSTBASED:";
+
+    private Parcelable mSpnegoContext = null;
+    private final long mNativeObject;
+
+    private HttpNegotiateAuthenticator(long nativeObject) {
+        mNativeObject = nativeObject;
+    }
+
+    @CalledByNative
+    private static HttpNegotiateAuthenticator create(long nativeObject) {
+        return new HttpNegotiateAuthenticator(nativeObject);
+    }
+
+    /**
+     *
+     * @param accountType The Android account type;
+     * @param principal The principal (must be host based).
+     * @param authToken The previous auth token, if any.
+     * @return false for immediate failure, true otherwise.
+     */
+    @VisibleForTesting
+    @CalledByNative
+    boolean getNextAuthToken(String accountType, String principal, String authToken) {
+        assert accountType != null;
+        assert principal != null;
+        String authTokenType = SPNEGO_TOKEN_TYPE_BASE + principal;
+        Activity activity = ApplicationStatus.getLastTrackedFocusedActivity();
+        if (activity == null) return false;
+        AccountManager am = AccountManager.get(activity);
+        String features[] = {SPNEGO_FEATURE};
+
+        Bundle options = new Bundle();
+
+        if (authToken != null) options.putString(KEY_INCOMING_AUTH_TOKEN, authToken);
+        if (mSpnegoContext != null) options.putParcelable(KEY_SPNEGO_CONTEXT, mSpnegoContext);
+
+        am.getAuthTokenByFeatures(accountType, authTokenType, features, activity, null,
+                options, new AccountManagerCallback<Bundle>() {
+
+                    @Override
+                    public void run(AccountManagerFuture<Bundle> future) {
+                        try {
+                            Bundle result = future.getResult();
+                            mSpnegoContext = result.getParcelable(KEY_SPNEGO_CONTEXT);
+                            nativeSetResult(mNativeObject, true,
+                                    result.getString(AccountManager.KEY_AUTHTOKEN));
+                        } catch (OperationCanceledException | AuthenticatorException
+                                | IOException e) {
+                            nativeSetResult(mNativeObject, false, null);
+                        }
+                    }
+
+                }, new Handler());
+        return true;
+    }
+
+    private native void nativeSetResult(
+            long nativeAndroidAuthNegotiate, boolean result, String authToken);
+}