net/android/java/src/org/chromium/net/HttpNegotiateAuthenticator.java - Issue 1128043007: Support Kerberos on Android

Side by Side Diff: net/android/java/src/org/chromium/net/HttpNegotiateAuthenticator.java

Issue 1128043007: Support Kerberos on Android (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Fix Android GN build Created 5 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« net/android/http_auth_negotiate_android_unittest.cc ('K') | « net/android/http_auth_negotiate_android_unittest.cc ('k') | net/android/java/src/org/chromium/net/HttpNegotiateConstants.java » ('j') | net/android/junit/src/org/chromium/net/HttpNegotiateAuthenticatorTest.java » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
(Empty)
	1 // Copyright 2015 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 package org.chromium.net;

	6

	7 import android.accounts.AccountManager;

	8 import android.accounts.AccountManagerCallback;

	9 import android.accounts.AccountManagerFuture;

	10 import android.accounts.AuthenticatorException;

	11 import android.accounts.OperationCanceledException;

	12 import android.app.Activity;

	13 import android.os.Bundle;

	14 import android.os.Handler;

	15

	16 import org.chromium.base.ApplicationStatus;

	17 import org.chromium.base.CalledByNative;

	18 import org.chromium.base.JNINamespace;

	19 import org.chromium.base.ThreadUtils;

	20 import org.chromium.base.VisibleForTesting;

	21

	22 import java.io.IOException;

	23

	24 /**

	25 * Class to get Auth Tokens for HTTP Negotiate authentication (typically used fo r Kerberos) An

	26 * instance of this class is created for each separate negotiation.

	27 */

	28 @JNINamespace("net::android")

	29 public class HttpNegotiateAuthenticator {

	30 private Bundle mSpnegoContext = null;

	31 private final String mAccountType;

	32 private AccountManagerFuture<Bundle> mFuture;

	33

	34 private HttpNegotiateAuthenticator(String accountType) {

	35 assert !android.text.TextUtils.isEmpty(accountType);

	36 mAccountType = accountType;

	37 }

	38

	39 /**

	40 * @param nativeObject The corresponding HttpAuthNegotiateAndroid C++ object
	cbentzel 2015/06/30 12:53:55 nativeObject is not passed in. nativeObject is not passed in. aberent 2015/07/02 21:13:35 Done. Show quoted text On 2015/06/30 12:53:55, cbentzel wrote: > nativeObject is not passed in. Done.
	41 * @param accountType The Android account type to use.

	42 */

	43 @VisibleForTesting

	44 @CalledByNative

	45 static HttpNegotiateAuthenticator create(String accountType) {

	46 return new HttpNegotiateAuthenticator(accountType);

	47 }

	48

	49 /**

	50 * @param principal The principal (must be host based).

	51 * @param authToken The previous auth token, if any.

	52 * @return false for immediate failure, true otherwise.

	53 */

	54 @VisibleForTesting

	55 @CalledByNative

	56 void getNextAuthToken(final long nativeResultObject, final String principal, String authToken,

	57 boolean canDelegate) {

	58 assert principal != null;

	59 String authTokenType = HttpNegotiateConstants.SPNEGO_TOKEN_TYPE_BASE + p rincipal;

	60 Activity activity = ApplicationStatus.getLastTrackedFocusedActivity();

	61 if (activity == null) {

	62 nativeSetResult(nativeResultObject, NetError.ERR_UNEXPECTED, null);

	63 return;

	64 }

	65 AccountManager am = AccountManager.get(activity);

	66 String features[] = {HttpNegotiateConstants.SPNEGO_FEATURE};

	67

	68 Bundle options = new Bundle();

	69

	70 if (authToken != null) {

	71 options.putString(HttpNegotiateConstants.KEY_INCOMING_AUTH_TOKEN, au thToken);

	72 }

	73 if (mSpnegoContext != null) {

	74 options.putBundle(HttpNegotiateConstants.KEY_SPNEGO_CONTEXT, mSpnego Context);

	75 }

	76 options.putBoolean(HttpNegotiateConstants.KEY_CAN_DELEGATE, canDelegate) ;

	77

	78 mFuture = am.getAuthTokenByFeatures(mAccountType, authTokenType, feature s, activity, null,

	79 options, new AccountManagerCallback<Bundle>() {

	80

	81 @Override

	82 public void run(AccountManagerFuture<Bundle> future) {

	83 try {

	84 Bundle result = future.getResult();

	85 mSpnegoContext =
	cbentzel 2015/06/30 12:53:55 Do you know if this gets cleared when KEY_SPNEGO_R Do you know if this gets cleared when KEY_SPNEGO_RESULT is an error? aberent 2015/07/02 21:13:35 I don't, it depends on the Keberos authenication a Show quoted text On 2015/06/30 12:53:55, cbentzel wrote: > Do you know if this gets cleared when KEY_SPNEGO_RESULT is an error? I don't, it depends on the Keberos authenication app, however I don't think we care. Every negotiation creates a new instance of this class, and I don't think the negotiation ever continues after an error. As such, if it isn't cleared, it will freed by normal Java garbage collection.
	86 result.getBundle(HttpNegotiateConstants.KEY_ SPNEGO_CONTEXT);

	87 int status;

	88 switch (result.getInt(HttpNegotiateConstants.KEY_SPN EGO_RESULT)) {
	cbentzel 2015/06/30 12:53:55 This will go to OK if KEY_SPNEGO_RESULT is not pre This will go to OK if KEY_SPNEGO_RESULT is not present - is that intended, or should that be treated as an error? aberent 2015/07/02 21:13:35 Done. Changed to return ERR_UNEXPECTED. Show quoted text On 2015/06/30 12:53:55, cbentzel wrote: > This will go to OK if KEY_SPNEGO_RESULT is not present - is that intended, or > should that be treated as an error? Done. Changed to return ERR_UNEXPECTED.
	89 case HttpNegotiateConstants.OK:

	90 status = 0;

	91 break;

	92 case HttpNegotiateConstants.ERR_UNEXPECTED:

	93 status = NetError.ERR_UNEXPECTED;

	94 break;

	95 case HttpNegotiateConstants.ERR_ABORTED:

	96 status = NetError.ERR_ABORTED;

	97 break;

	98 case HttpNegotiateConstants.ERR_UNEXPECTED_SECUR ITY_LIBRARY_STATUS:

	99 status = NetError.ERR_UNEXPECTED_SECURITY_LI BRARY_STATUS;

	100 break;

	101 case HttpNegotiateConstants.ERR_INVALID_RESPONSE :

	102 status = NetError.ERR_INVALID_RESPONSE;

	103 break;

	104 case HttpNegotiateConstants.ERR_INVALID_AUTH_CRE DENTIALS:

	105 status = NetError.ERR_INVALID_AUTH_CREDENTIA LS;

	106 break;

	107 case HttpNegotiateConstants.ERR_UNSUPPORTED_AUTH _SCHEME:

	108 status = NetError.ERR_UNSUPPORTED_AUTH_SCHEM E;

	109 break;

	110 case HttpNegotiateConstants.ERR_MISSING_AUTH_CRE DENTIALS:

	111 status = NetError.ERR_MISSING_AUTH_CREDENTIA LS;

	112 break;

	113 case HttpNegotiateConstants

	114 .ERR_UNDOCUMENTED_SECURITY_LIBRARY_STATU S:

	115 status = NetError.ERR_UNDOCUMENTED_SECURITY_ LIBRARY_STATUS;

	116 break;

	117 case HttpNegotiateConstants.ERR_MALFORMED_IDENTI TY:

	118 status = NetError.ERR_MALFORMED_IDENTITY;

	119 break;

	120 default:

	121 status = NetError.ERR_UNEXPECTED;

	122 }

	123 nativeSetResult(nativeResultObject, status,

	124 result.getString(AccountManager.KEY_AUTHTOKE N));
	cbentzel 2015/06/30 12:53:55 What happens when KEY_AUTHTOKEN is called for non- What happens when KEY_AUTHTOKEN is called for non-OK status codes? Does it have defined behavior? aberent 2015/07/02 21:13:35 The value returned will be whatever the Kerberos A Show quoted text On 2015/06/30 12:53:55, cbentzel wrote: > What happens when KEY_AUTHTOKEN is called for non-OK status codes? Does it have > defined behavior? The value returned will be whatever the Kerberos Authentication app set for this key, or NULL if it didn't set anything for this key. Either way it will be ignored on the C++ side, see HttpAuthNegotiateAndroid::SetResultInternal.
	125 } catch (OperationCanceledException \| AuthenticatorExcep tion

	126 \| IOException e) {

	127 nativeSetResult(nativeResultObject, NetError.ERR_ABO RTED, null);

	128 }

	129 }

	130

	131 }, new Handler(ThreadUtils.getUiThreadLooper()));

	132 }

	133

	134 @VisibleForTesting

	135 native void nativeSetResult(

	136 long nativeJavaNegotiateResultWrapper, int status, String authToken) ;

	137 }

OLD	NEW