OLD | NEW |
(Empty) | |
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #ifndef NET_ANDROID_HTTP_AUTH_NEGOTIATE_ANDROID_H_ |
| 6 #define NET_ANDROID_HTTP_AUTH_NEGOTIATE_ANDROID_H_ |
| 7 |
| 8 #include <jni.h> |
| 9 #include <string> |
| 10 |
| 11 #include "base/android/jni_android.h" |
| 12 #include "base/callback.h" |
| 13 #include "base/macros.h" |
| 14 #include "base/memory/ref_counted.h" |
| 15 #include "base/memory/scoped_ptr.h" |
| 16 #include "net/base/completion_callback.h" |
| 17 #include "net/http/http_auth.h" |
| 18 |
| 19 namespace net { |
| 20 |
| 21 class HttpAuthChallengeTokenizer; |
| 22 |
| 23 namespace android { |
| 24 // This class provides a threadsafe wrapper for SetResult, which is called from |
| 25 // Java. A new instance of this class is needed for each call, and the instance |
| 26 // destroys itself when the callback is received. It is written to allow |
| 27 // setResult to be called on any thread, but in practice they will be called |
| 28 // on the application's main thread. |
| 29 // |
| 30 // We cannot use a Callback object here, because there is no way of invoking the |
| 31 // Run method from Java. |
| 32 class NET_EXPORT_PRIVATE JavaNegotiateResultWrapper { |
| 33 public: |
| 34 scoped_refptr<base::TaskRunner> callback_task_runner_; |
| 35 base::Callback<void(bool, const std::string&)> thread_safe_callback_; |
| 36 |
| 37 JavaNegotiateResultWrapper( |
| 38 const scoped_refptr<base::TaskRunner>& callback_task_runner, |
| 39 const base::Callback<void(bool, const std::string&)>& |
| 40 thread_safe_callback); |
| 41 |
| 42 void SetResult(JNIEnv* env, jobject obj, bool result, jstring token); |
| 43 |
| 44 private: |
| 45 // Class is only allowed to delete itself, nobody else is allowed to delete. |
| 46 ~JavaNegotiateResultWrapper(); |
| 47 }; |
| 48 |
| 49 // Class providing Negotiate (SPNEGO/Kerberos) authentication support on |
| 50 // Android. The actual authentication is done through an Android authenticator |
| 51 // provided by third parties who want Kerberos support. This class simply |
| 52 // provides a bridge to the Java code, and hence to the service. See |
| 53 // https://drive.google.com/open?id=1G7WAaYEKMzj16PTHT_cIYuKXJG6bBcrQ7QQBQ6ihOcQ
&authuser=1 |
| 54 // for the full details. |
| 55 class NET_EXPORT_PRIVATE HttpAuthNegotiateAndroid { |
| 56 public: |
| 57 // Creates an object for one negotiation session. |account_type| is the |
| 58 // Android account type, used by Android to find the correct authenticator. |
| 59 HttpAuthNegotiateAndroid(const std::string& account_type); |
| 60 ~HttpAuthNegotiateAndroid(); |
| 61 |
| 62 // Register the JNI for this class. |
| 63 static bool Register(JNIEnv* env); |
| 64 |
| 65 // Does nothing, but needed for compatibility with the Negotiate |
| 66 // authenticators for other O.S.. Always returns true. |
| 67 bool Init(); |
| 68 |
| 69 // True if authentication needs the identity of the user from Chrome. |
| 70 bool NeedsIdentity() const; |
| 71 |
| 72 // True authentication can use explicit credentials included in the URL. |
| 73 bool AllowsExplicitCredentials() const; |
| 74 |
| 75 // Parse a received Negotiate challenge. |
| 76 HttpAuth::AuthorizationResult ParseChallenge( |
| 77 net::HttpAuthChallengeTokenizer* tok); |
| 78 |
| 79 // Generates an authentication token. |
| 80 // |
| 81 // The return value is an error code. The authentication token will be |
| 82 // returned in |*auth_token|. If the result code is not |OK|, the value of |
| 83 // |*auth_token| is unspecified. |
| 84 // |
| 85 // If the operation cannot be completed synchronously, |ERR_IO_PENDING| will |
| 86 // be returned and the real result code will be passed to the completion |
| 87 // callback. Otherwise the result code is returned immediately from this |
| 88 // call. |
| 89 // |
| 90 // If the AndroidAuthNegotiate object is deleted before completion then the |
| 91 // callback will not be called. |
| 92 // |
| 93 // If no immediate result is returned then |auth_token| must remain valid |
| 94 // until the callback has been called. |
| 95 // |
| 96 // |spn| is the Service Principal Name of the server that the token is |
| 97 // being generated for. |
| 98 // |
| 99 // If this is the first round of a multiple round scheme, credentials are |
| 100 // obtained using |*credentials|. If |credentials| is NULL, the default |
| 101 // credentials are used instead. |
| 102 int GenerateAuthToken(const AuthCredentials* credentials, |
| 103 const std::string& spn, |
| 104 std::string* auth_token, |
| 105 const net::CompletionCallback& callback); |
| 106 |
| 107 // Delegation is allowed on the Kerberos ticket. This allows certain servers |
| 108 // to act as the user, such as an IIS server retrieving data from a |
| 109 // Kerberized MSSQL server. |
| 110 void Delegate(); |
| 111 |
| 112 // JNI callback for returning (asynchronously) the result of requesting a |
| 113 // token. |
| 114 void SetResult(JNIEnv* env, jobject obj, bool result, jstring token); |
| 115 |
| 116 private: |
| 117 void SetResultInternal(bool result, const std::string& token); |
| 118 |
| 119 std::string account_type_; |
| 120 bool can_delegate_; |
| 121 bool first_challenge_; |
| 122 std::string server_auth_token_; |
| 123 std::string* auth_token_; |
| 124 base::android::ScopedJavaGlobalRef<jobject> java_authenticator_; |
| 125 net::CompletionCallback completion_callback_; |
| 126 |
| 127 base::WeakPtrFactory<HttpAuthNegotiateAndroid> weak_factory_; |
| 128 |
| 129 DISALLOW_COPY_AND_ASSIGN(HttpAuthNegotiateAndroid); |
| 130 }; |
| 131 |
| 132 } // namespace android |
| 133 } // namespace net |
| 134 |
| 135 #endif // NET_ANDROID_HTTP_AUTH_NEGOTIATE_ANDROID_H_ |
OLD | NEW |