OLD | NEW |
---|---|
(Empty) | |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #ifndef NET_ANDROID_HTTP_AUTH_NEGOTIATE_ANDROID_H_ | |
6 #define NET_ANDROID_HTTP_AUTH_NEGOTIATE_ANDROID_H_ | |
7 | |
8 #include <jni.h> | |
9 #include <string> | |
10 | |
11 #include "base/android/jni_android.h" | |
12 #include "base/callback.h" | |
13 #include "base/macros.h" | |
14 #include "base/memory/ref_counted.h" | |
15 #include "base/memory/scoped_ptr.h" | |
16 #include "net/base/completion_callback.h" | |
17 #include "net/http/http_auth.h" | |
18 | |
19 namespace net { | |
20 | |
21 class HttpAuthChallengeTokenizer; | |
22 | |
23 namespace android { | |
Ryan Sleevi
2015/06/29 13:56:45
newline between 23/24
aberent
2015/07/02 21:13:35
Done.
| |
24 // This class provides a threadsafe wrapper for SetResult, which is called from | |
25 // Java. A new instance of this class is needed for each call, and the instance | |
26 // destroys itself when the callback is received. It is written to allow | |
27 // setResult to be called on any thread, but in practice they will be called | |
28 // on the application's main thread. | |
29 // | |
30 // We cannot use a Callback object here, because there is no way of invoking the | |
31 // Run method from Java. | |
32 class NET_EXPORT_PRIVATE JavaNegotiateResultWrapper { | |
33 public: | |
34 scoped_refptr<base::TaskRunner> callback_task_runner_; | |
35 base::Callback<void(int, const std::string&)> thread_safe_callback_; | |
36 | |
37 JavaNegotiateResultWrapper( | |
38 const scoped_refptr<base::TaskRunner>& callback_task_runner, | |
39 const base::Callback<void(int, const std::string&)>& | |
40 thread_safe_callback); | |
41 | |
42 void SetResult(JNIEnv* env, jobject obj, int result, jstring token); | |
43 | |
44 private: | |
45 // Class is only allowed to delete itself, nobody else is allowed to delete. | |
46 ~JavaNegotiateResultWrapper(); | |
47 }; | |
48 | |
49 // Class providing Negotiate (SPNEGO/Kerberos) authentication support on | |
50 // Android. The actual authentication is done through an Android authenticator | |
51 // provided by third parties who want Kerberos support. This class simply | |
52 // provides a bridge to the Java code, and hence to the service. See | |
53 // https://drive.google.com/open?id=1G7WAaYEKMzj16PTHT_cIYuKXJG6bBcrQ7QQBQ6ihOcQ &authuser=1 | |
cbentzel
2015/06/30 12:53:55
Is this a publicly accessible document? I couldn't
aberent
2015/07/02 21:13:35
Works for me (even incognito). The sharing is set
cbentzel
2015/07/08 18:27:11
Ah, when I copy-and-pasted there was a space in th
| |
54 // for the full details. | |
55 class NET_EXPORT_PRIVATE HttpAuthNegotiateAndroid { | |
56 public: | |
57 // Creates an object for one negotiation session. |account_type| is the | |
58 // Android account type, used by Android to find the correct authenticator. | |
59 HttpAuthNegotiateAndroid(const std::string& account_type); | |
Ryan Sleevi
2015/06/29 13:56:45
explicit
aberent
2015/07/02 21:13:35
Done.
| |
60 ~HttpAuthNegotiateAndroid(); | |
61 | |
62 // Register the JNI for this class. | |
63 static bool Register(JNIEnv* env); | |
64 | |
65 // Does nothing, but needed for compatibility with the Negotiate | |
66 // authenticators for other O.S.. Always returns true. | |
67 bool Init(); | |
68 | |
69 // True if authentication needs the identity of the user from Chrome. | |
70 bool NeedsIdentity() const; | |
71 | |
72 // True authentication can use explicit credentials included in the URL. | |
73 bool AllowsExplicitCredentials() const; | |
74 | |
75 // Parse a received Negotiate challenge. | |
76 HttpAuth::AuthorizationResult ParseChallenge( | |
77 net::HttpAuthChallengeTokenizer* tok); | |
78 | |
79 // Generates an authentication token. | |
80 // | |
81 // The return value is an error code. The authentication token will be | |
82 // returned in |*auth_token|. If the result code is not |OK|, the value of | |
83 // |*auth_token| is unspecified. | |
84 // | |
85 // If the operation cannot be completed synchronously, |ERR_IO_PENDING| will | |
86 // be returned and the real result code will be passed to the completion | |
87 // callback. Otherwise the result code is returned immediately from this | |
88 // call. | |
89 // | |
90 // If the AndroidAuthNegotiate object is deleted before completion then the | |
91 // callback will not be called. | |
92 // | |
93 // If no immediate result is returned then |auth_token| must remain valid | |
94 // until the callback has been called. | |
95 // | |
96 // |spn| is the Service Principal Name of the server that the token is | |
97 // being generated for. | |
98 // | |
99 // If this is the first round of a multiple round scheme, credentials are | |
100 // obtained using |*credentials|. If |credentials| is NULL, the default | |
101 // credentials are used instead. | |
102 int GenerateAuthToken(const AuthCredentials* credentials, | |
103 const std::string& spn, | |
104 std::string* auth_token, | |
105 const net::CompletionCallback& callback); | |
106 | |
107 // Delegation is allowed on the Kerberos ticket. This allows certain servers | |
108 // to act as the user, such as an IIS server retrieving data from a | |
109 // Kerberized MSSQL server. | |
110 void Delegate(); | |
111 | |
112 private: | |
113 void SetResultInternal(int result, const std::string& token); | |
114 | |
115 std::string account_type_; | |
116 bool can_delegate_; | |
117 bool first_challenge_; | |
118 std::string server_auth_token_; | |
119 std::string* auth_token_; | |
120 base::android::ScopedJavaGlobalRef<jobject> java_authenticator_; | |
121 net::CompletionCallback completion_callback_; | |
122 | |
123 base::WeakPtrFactory<HttpAuthNegotiateAndroid> weak_factory_; | |
124 | |
125 DISALLOW_COPY_AND_ASSIGN(HttpAuthNegotiateAndroid); | |
126 }; | |
127 | |
128 } // namespace android | |
129 } // namespace net | |
130 | |
131 #endif // NET_ANDROID_HTTP_AUTH_NEGOTIATE_ANDROID_H_ | |
OLD | NEW |