Support Kerberos on Android

net/android/dummy_spnego_authenticator.cc

+// Copyright (c) 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+#include "net/android/dummy_spnego_authenticator.h"
+
+#include "base/android/jni_string.h"
+#include "base/base64.h"
+#include "jni/DummySpnegoAuthenticator_jni.h"
+
+namespace net {
+
+// iso.org.dod.internet.security.mechanism.snego (1.3.6.1.5.5.2)

[Ryan Sleevi, 2015/06/29 13:56:44]

nit: Add a comment explaining where it's from and why it's not a typo ;)

// From RFC 4178. Note: snego is not a typo
// iso.org ....

[aberent, 2015/07/02 21:13:34]

Done.

+gss_OID_desc CHROME_GSS_SPNEGO_MECH_OID_DESC_VAL = {
+    6,
+    const_cast<char*>("\x2b\x06\x01\x05\x05\x02")};

[Ryan Sleevi, 2015/06/29 13:56:44]

DANGER: This is a fairly dangerous code pattern. Better to do

static const unsigned char kSpnegoOid[] = { 0x2b, 0x06, 0x01, 0x05, 0x05, 0x02
};
gss_OID_desc CHROME_GSS_SPNEGO_MECH_OID_DESC_VAL = {
    arraysize(kSpnegoOid),
    const_cast<char*>(kSpnegoOid)
};

[aberent, 2015/07/02 21:13:34]

Done. Should probably be copied back to the original in
http_auth_gssapi_posix.cc, but that is beyond the scope of this CL.

+
+gss_OID CHROME_GSS_SPNEGO_MECH_OID_DESC = &CHROME_GSS_SPNEGO_MECH_OID_DESC_VAL;
+
+namespace {
+
+// gss_OID helpers.
+// NOTE: gss_OID's do not own the data they point to, which should be static.
+void ClearOid(gss_OID dest) {
+  if (!dest)
+    return;
+  dest->length = 0;
+  dest->elements = NULL;
+}
+
+void SetOid(gss_OID dest, const void* src, size_t length) {
+  if (!dest)
+    return;
+  ClearOid(dest);
+  if (!src)
+    return;
+  dest->length = length;
+  if (length)
+    dest->elements = const_cast<void*>(src);
+}
+
+void CopyOid(gss_OID dest, const gss_OID_desc* src) {
+  if (!dest)
+    return;
+  ClearOid(dest);
+  if (!src)
+    return;
+  SetOid(dest, src->elements, src->length);
+}
+}  // namespace

[Ryan Sleevi, 2015/06/29 13:56:44]

newline between 48/49

[aberent, 2015/07/02 21:13:34]

Done.

+
+namespace test {
+GssContextMockImpl::GssContextMockImpl()

[Ryan Sleevi, 2015/06/29 13:56:44]

newline between 51/52

[aberent, 2015/07/02 21:13:34]

Done.

+    : lifetime_rec(0), ctx_flags(0), locally_initiated(0), open(0) {
+  ClearOid(&mech_type);
+}
+
+GssContextMockImpl::GssContextMockImpl(const GssContextMockImpl& other)
+    : src_name(other.src_name),
+      targ_name(other.targ_name),
+      lifetime_rec(other.lifetime_rec),
+      ctx_flags(other.ctx_flags),
+      locally_initiated(other.locally_initiated),
+      open(other.open) {
+  CopyOid(&mech_type, &other.mech_type);
+}
+
+GssContextMockImpl::GssContextMockImpl(const char* src_name_in,
+                                       const char* targ_name_in,
+                                       uint32_t lifetime_rec_in,
+                                       const gss_OID_desc& mech_type_in,
+                                       uint32_t ctx_flags_in,
+                                       int locally_initiated_in,
+                                       int open_in)
+    : src_name(src_name_in ? src_name_in : ""),
+      targ_name(targ_name_in ? targ_name_in : ""),
+      lifetime_rec(lifetime_rec_in),
+      ctx_flags(ctx_flags_in),
+      locally_initiated(locally_initiated_in),
+      open(open_in) {
+  CopyOid(&mech_type, &mech_type_in);
+}
+
+GssContextMockImpl::~GssContextMockImpl() {
+  ClearOid(&mech_type);
+}
+
+}  // namespace test
+
+namespace android {
+
+DummySpnegoAuthenticator::SecurityContextQuery::SecurityContextQuery(
+    const std::string& in_expected_package,
+    uint32_t in_response_code,
+    uint32_t in_minor_response_code,
+    const test::GssContextMockImpl& in_context_info,
+    const char* in_expected_input_token,
+    const char* in_output_token)
+    : expected_package(in_expected_package),
+      response_code(in_response_code),
+      minor_response_code(in_minor_response_code),
+      context_info(in_context_info) {
+  if (in_expected_input_token) {
+    expected_input_token = in_expected_input_token;
+  } else {
+    expected_input_token = std::string();

[Ryan Sleevi, 2015/06/29 13:56:44]

unnecessary (default string ctor will ensure this)

[aberent, 2015/07/02 21:13:34]

Done.

+  }
+  if (in_output_token) {
+    output_token = in_output_token;
+  } else {
+    output_token = std::string();

[Ryan Sleevi, 2015/06/29 13:56:44]

unnecessary

[aberent, 2015/07/02 21:13:34]

Done.

+  }
+}
+
+DummySpnegoAuthenticator::SecurityContextQuery::~SecurityContextQuery() {
+}
+
+void DummySpnegoAuthenticator::EnsureTestAccountExists() {
+  Java_DummySpnegoAuthenticator_ensureTestAccountExists(
+      base::android::AttachCurrentThread());
+}
+
+void DummySpnegoAuthenticator::RemoveTestAccounts() {
+  Java_DummySpnegoAuthenticator_removeTestAccounts(
+      base::android::AttachCurrentThread());
+}
+
+void DummySpnegoAuthenticator::ExpectSecurityContext(
+    const std::string& expected_package,
+    uint32_t response_code,
+    uint32_t minor_response_code,
+    const test::GssContextMockImpl& context_info,
+    std::string& expected_input_token,
+    std::string& output_token) {
+  std::string token;
+  base::Base64Encode(output_token, &token);

[Ryan Sleevi, 2015/06/29 13:56:44]

Check results

[aberent, 2015/07/02 21:13:34]

Now, after significant changes, the code is checking that the correct input
token is received by the dummy authenticator, and that it sends back the output
token correctly. It is also setting the response_code.

The expected_package is irrelevant for Android (we only support Negotiate). The
context_info isn't visible in Android in the C++ code, and the
minor_response_code is effectively never used by the tests on any platform.

+  SetNextResult(response_code, token);
+}
+
+void DummySpnegoAuthenticator::SetNextResult(int result,
+                                             const std::string& token) {
+  auto env = base::android::AttachCurrentThread();
+  Java_DummySpnegoAuthenticator_setNextResult(
+      env, result, base::android::ConvertUTF8ToJavaString(env, token).obj());
+}
+
+bool DummySpnegoAuthenticator::RegisterJni(JNIEnv* env) {
+  return RegisterNativesImpl(env);
+}
+
+}  // namespace android
+}  // namespace net