OLD | NEW |
---|---|
(Empty) | |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "net/android/http_android_auth_negotiate.h" | |
6 | |
7 #include "base/android/jni_android.h" | |
8 #include "base/android/jni_string.h" | |
9 #include "base/android/scoped_java_ref.h" | |
10 #include "base/base64.h" | |
11 #include "base/location.h" | |
12 #include "base/logging.h" | |
13 #include "base/message_loop/message_loop.h" | |
14 #include "base/strings/string_util.h" | |
15 #include "jni/HttpNegotiateAuthenticator_jni.h" | |
16 #include "net/base/net_errors.h" | |
17 #include "net/http/http_auth.h" | |
18 #include "net/http/http_auth_challenge_tokenizer.h" | |
19 | |
20 using base::android::AttachCurrentThread; | |
21 using base::android::ConvertUTF8ToJavaString; | |
22 using base::android::ConvertJavaStringToUTF8; | |
23 using base::android::ScopedJavaLocalRef; | |
24 | |
25 namespace net { | |
26 namespace android { | |
27 | |
28 AndroidAuthNegotiate::AndroidAuthNegotiate(const std::string& account_type, | |
29 const std::string& scheme) | |
30 : account_type_(account_type), | |
31 scheme_(scheme), | |
32 can_delegate_(false), | |
33 first_challenge_(true), | |
34 auth_token_(nullptr), | |
35 weak_factory_(this) { | |
36 DCHECK(!account_type.empty()); | |
37 JNIEnv* env = AttachCurrentThread(); | |
38 java_authenticator_.Reset(Java_HttpNegotiateAuthenticator_create( | |
39 env, reinterpret_cast<intptr_t>(this), | |
40 ConvertUTF8ToJavaString(env, account_type).obj())); | |
41 } | |
42 | |
43 AndroidAuthNegotiate::~AndroidAuthNegotiate() { | |
44 } | |
45 | |
46 bool AndroidAuthNegotiate::Init() { | |
47 return true; | |
48 } | |
49 | |
50 bool AndroidAuthNegotiate::NeedsIdentity() const { | |
51 return false; | |
52 } | |
53 | |
54 bool AndroidAuthNegotiate::AllowsExplicitCredentials() const { | |
55 return false; | |
56 } | |
57 | |
58 HttpAuth::AuthorizationResult AndroidAuthNegotiate::ParseChallenge( | |
59 net::HttpAuthChallengeTokenizer* tok) { | |
60 // Verify the challenge's auth-scheme. | |
cbentzel
2015/06/11 20:51:43
I wonder if this could be moved into a common func
aberent
2015/06/15 15:52:19
Done, or more precisely, moved into http_auth_hand
aberent
2015/06/15 16:57:47
Realized that there are problems with my changes h
aberent
2015/06/19 15:06:24
I have now made a second attempt at this. I have l
| |
61 if (!base::LowerCaseEqualsASCII(tok->scheme(), | |
62 base::StringToLowerASCII(scheme_).c_str())) | |
63 return HttpAuth::AUTHORIZATION_RESULT_INVALID; | |
64 | |
65 std::string encoded_auth_token = tok->base64_param(); | |
66 if (encoded_auth_token.empty()) { | |
67 if (!first_challenge_) | |
68 return HttpAuth::AUTHORIZATION_RESULT_REJECT; | |
69 first_challenge_ = false; | |
70 return HttpAuth::AUTHORIZATION_RESULT_ACCEPT; | |
71 } else { | |
72 // If a context has not already been established, additional tokens should | |
73 // not be present in the auth challenge. | |
74 if (first_challenge_) | |
75 return HttpAuth::AUTHORIZATION_RESULT_INVALID; | |
76 } | |
77 // Make sure the additional token is base64 encoded. | |
78 std::string decoded_auth_token; | |
79 bool base64_rv = base::Base64Decode(encoded_auth_token, &decoded_auth_token); | |
80 if (!base64_rv) | |
81 return HttpAuth::AUTHORIZATION_RESULT_INVALID; | |
82 server_auth_token_ = encoded_auth_token; | |
83 return HttpAuth::AUTHORIZATION_RESULT_ACCEPT; | |
84 } | |
85 | |
86 int AndroidAuthNegotiate::GenerateAuthToken( | |
87 const AuthCredentials* credentials, | |
88 const std::string& spn, | |
89 std::string* auth_token, | |
90 const net::CompletionCallback& callback) { | |
91 DCHECK(auth_token); | |
92 DCHECK(completion_callback_.is_null()); | |
93 DCHECK(!callback.is_null()); | |
94 auth_token_ = auth_token; | |
95 completion_callback_ = callback; | |
96 callback_task_runner_ = base::MessageLoop::current()->task_runner(); | |
97 thread_safe_callback_ = base::Bind(&AndroidAuthNegotiate::SetResultInternal, | |
98 weak_factory_.GetWeakPtr()); | |
99 JNIEnv* env = AttachCurrentThread(); | |
100 ScopedJavaLocalRef<jstring> java_server_auth_token = | |
101 ConvertUTF8ToJavaString(env, server_auth_token_); | |
102 ScopedJavaLocalRef<jstring> java_spn = ConvertUTF8ToJavaString(env, spn); | |
103 ScopedJavaLocalRef<jstring> java_account_type = | |
104 ConvertUTF8ToJavaString(env, account_type_); | |
105 bool result = Java_HttpNegotiateAuthenticator_getNextAuthToken( | |
106 env, java_authenticator_.obj(), java_spn.obj(), | |
107 java_server_auth_token.obj(), can_delegate_); | |
108 return result ? ERR_IO_PENDING : ERR_INVALID_AUTH_CREDENTIALS; | |
109 } | |
110 | |
111 void AndroidAuthNegotiate::Delegate() { | |
112 can_delegate_ = true; | |
113 } | |
114 | |
115 void AndroidAuthNegotiate::SetResultInternal(bool result, | |
116 std::string raw_token) { | |
117 DCHECK(auth_token_); | |
118 DCHECK(!completion_callback_.is_null()); | |
119 if (result) | |
120 *auth_token_ = scheme_ + " " + raw_token; | |
121 completion_callback_.Run(result ? OK : ERR_INVALID_AUTH_CREDENTIALS); | |
122 completion_callback_.Reset(); | |
123 } | |
124 | |
125 void AndroidAuthNegotiate::SetResult(JNIEnv* env, | |
126 jobject obj, | |
127 bool result, | |
128 jstring token) { | |
129 // This will be called on the UI thread, so we have to post a task back to the | |
130 // correct thread to actually save the result | |
131 std::string raw_token = ConvertJavaStringToUTF8(env, token); | |
132 callback_task_runner_->PostTask( | |
133 FROM_HERE, base::Bind(thread_safe_callback_, result, raw_token)); | |
134 } | |
135 | |
136 bool AndroidAuthNegotiate::Register(JNIEnv* env) { | |
137 return RegisterNativesImpl(env); | |
138 } | |
139 | |
140 } // namespace android | |
141 } // namespace net | |
OLD | NEW |