Support Kerberos on Android

net/android/http_auth_negotiate_android.cc

+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/android/http_auth_negotiate_android.h"
+
+#include "base/android/jni_android.h"
+#include "base/android/jni_string.h"
+#include "base/android/scoped_java_ref.h"
+#include "base/base64.h"
+#include "base/location.h"
+#include "base/logging.h"
+#include "base/message_loop/message_loop.h"
+#include "base/strings/string_util.h"
+#include "jni/HttpNegotiateAuthenticator_jni.h"
+#include "net/base/net_errors.h"
+#include "net/http/http_auth.h"
+#include "net/http/http_auth_challenge_tokenizer.h"
+
+using base::android::AttachCurrentThread;
+using base::android::ConvertUTF8ToJavaString;
+using base::android::ConvertJavaStringToUTF8;
+using base::android::ScopedJavaLocalRef;
+
+namespace net {
+namespace android {
+
+HttpAuthNegotiateAndroid::HttpAuthNegotiateAndroid(
+    const std::string& account_type)
+    : account_type_(account_type),
+      can_delegate_(false),
+      first_challenge_(true),
+      auth_token_(nullptr),
+      weak_factory_(this) {
+  DCHECK(!account_type.empty());
+  JNIEnv* env = AttachCurrentThread();
+  java_authenticator_.Reset(Java_HttpNegotiateAuthenticator_create(
+      env, reinterpret_cast<intptr_t>(this),
+      ConvertUTF8ToJavaString(env, account_type).obj()));
+}
+
+HttpAuthNegotiateAndroid::~HttpAuthNegotiateAndroid() {
+}
+
+bool HttpAuthNegotiateAndroid::Init() {
+  return true;
+}
+
+bool HttpAuthNegotiateAndroid::NeedsIdentity() const {
+  return false;
+}
+
+bool HttpAuthNegotiateAndroid::AllowsExplicitCredentials() const {
+  return false;
+}
+
+int HttpAuthNegotiateAndroid::GenerateAuthToken(
+    const AuthCredentials* credentials,
+    const std::string& spn,
+    std::string* auth_token,
+    const net::CompletionCallback& callback) {
+  DCHECK(auth_token);
+  DCHECK(completion_callback_.is_null());
+  DCHECK(!callback.is_null());
+  auth_token_ = auth_token;

[Ryan Sleevi, 2015/06/16 01:07:46]

nit: a newline between 64 & 65 can help readability

[aberent, 2015/06/19 15:06:24]

Done.

+  completion_callback_ = callback;
+  callback_task_runner_ = base::MessageLoop::current()->task_runner();

[Ryan Sleevi, 2015/06/16 01:07:46]

BUG: You should be using base::ThreadTaskRunnerHandle::Get() over
base::MessageLoop

[aberent, 2015/06/19 15:06:24]

Done.

+  thread_safe_callback_ = base::Bind(
+      &HttpAuthNegotiateAndroid::SetResultInternal, weak_factory_.GetWeakPtr());
+  JNIEnv* env = AttachCurrentThread();
+  ScopedJavaLocalRef<jstring> java_server_auth_token =
+      ConvertUTF8ToJavaString(env, server_auth_token_);
+  ScopedJavaLocalRef<jstring> java_spn = ConvertUTF8ToJavaString(env, spn);
+  ScopedJavaLocalRef<jstring> java_account_type =
+      ConvertUTF8ToJavaString(env, account_type_);
+  bool result = Java_HttpNegotiateAuthenticator_getNextAuthToken(
+      env, java_authenticator_.obj(), java_spn.obj(),
+      java_server_auth_token.obj(), can_delegate_);
+  return result ? ERR_IO_PENDING : ERR_INVALID_AUTH_CREDENTIALS;

[Ryan Sleevi, 2015/06/16 01:07:46]

Is this the right error code? If it synchronously fails, is this indicative that
the user authenticator failed, or there was some fatal JNI issue?

Just wanting to make sure a status code like
ERR_UNDOCUMENTED_SECURITY_LIBRARY_STATUS doesn't apply

[aberent, 2015/06/19 15:06:24]

Actually the only way it could fail synchronously is if it is somehow called
when there is no current Chrome activity. Due to other changes even this failure
will now come back asynchronously and GenerateAuthToken will now always return
ERR_IO_PENDING.

+}
+
+void HttpAuthNegotiateAndroid::Delegate() {
+  can_delegate_ = true;
+}
+
+void HttpAuthNegotiateAndroid::SetResultInternal(bool result,
+                                                 const std::string& raw_token) {
+  DCHECK(auth_token_);
+  DCHECK(!completion_callback_.is_null());
+  if (result)
+    *auth_token_ = "Negotiate " + raw_token;
+  completion_callback_.Run(result ? OK : ERR_INVALID_AUTH_CREDENTIALS);
+  completion_callback_.Reset();
+}
+
+void HttpAuthNegotiateAndroid::SetResult(JNIEnv* env,
+                                         jobject obj,
+                                         bool result,
+                                         jstring token) {
+  // This will be called on the UI thread, so we have to post a task back to the
+  // correct thread to actually save the result
+  std::string raw_token = ConvertJavaStringToUTF8(env, token);
+  callback_task_runner_->PostTask(

[Ryan Sleevi, 2015/06/16 01:07:46]

DANGEROUS PATTERN: This is an object that lives on the IO thread, that you're
trying to ensure is thread-safe for use on the IO thread (hence line 68/69), but
which you're accessing a data member on the UI thread - this is a common source
of bugs.

I've seen a couple different patterns for JNI calls that involve asynchronicity,
and I'm not sure which is the 'canonical'/preferred route.

Option 1:
The C++ call dispatches the JNI call on a worker thread, the JNI call is a
blocking method, and the Java implementation is allowed to dispatch (e.g. to a
Runner) to implement any asynchronicity it needs. Example is Android cert
verification (cert_verify_proc_android)

Option 2:
Use an explicit Delegate interface for the Java side, implemented by some C++
helper class. The helper class lives on any thread (can be tough to get
ownership right) and then dispatches to the appropriate thread. The
NetworkChangeNotifierAndroid is an example of this.



What I'd particularly encourage here is that you use a thread-safe,
implementation-only container that expresses the "lives on any thread" semantics
(e.g. a "::Core" class, as used by SSLClientSocketNSS or TCPClientSocketWin),
with the "lives on any thread" data members, and then that marshals things back
to appropriate threads and objects here.

The goal of this, though more boiler plate, is to try to make explicit the
object lifetimes (e.g. the HttpAuthNegotiateAndroid could live and die on a
single thread, safely, and for anyone) for consumers, and the member lifetimes
for future maintainers of this code (for example, if someone botched things and
called GenerateAuthToken twice, you'd potentially have thread-unsafe data races
that may not show until release builds)

[aberent, 2015/06/19 15:06:24]

Fixed with a helper class, similar to the ::Core model, but slightly modified to
allow for calling and thread selection from Java.

+      FROM_HERE, base::Bind(thread_safe_callback_, result, raw_token));
+}
+
+bool HttpAuthNegotiateAndroid::Register(JNIEnv* env) {
+  return RegisterNativesImpl(env);
+}
+
+}  // namespace android
+}  // namespace net