Support Kerberos on Android

net/http/http_auth_handler_negotiate.h

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_HTTP_HTTP_AUTH_HANDLER_NEGOTIATE_H_
 #define NET_HTTP_HTTP_AUTH_HANDLER_NEGOTIATE_H_
 
 #include <string>
 
 #include "build/build_config.h"
 #include "net/base/address_list.h"
 #include "net/base/net_export.h"
 #include "net/http/http_auth_handler.h"
 #include "net/http/http_auth_handler_factory.h"
 
-#if defined(OS_WIN)
+#if defined(OS_ANDROID)
+#include "net/android/http_auth_negotiate_android.h"
+#elif defined(OS_WIN)
 #include "net/http/http_auth_sspi_win.h"
 #elif defined(OS_POSIX)
 #include "net/http/http_auth_gssapi_posix.h"
 #endif
 
 namespace net {
 
 class HostResolver;
 class SingleRequestHostResolver;
 class URLSecurityManager;
 
 // Handler for WWW-Authenticate: Negotiate protocol.
 //
 // See http://tools.ietf.org/html/rfc4178 and http://tools.ietf.org/html/rfc4559
 // for more information about the protocol.
 
 class NET_EXPORT_PRIVATE HttpAuthHandlerNegotiate : public HttpAuthHandler {
  public:
-#if defined(OS_WIN)
+#if defined(OS_ANDROID)
+  typedef net::android::HttpAuthNegotiateAndroid AuthSystem;

[cbentzel, 2015/06/30 12:53:55]

I think this is likely too ugly, but you could consider doing 

typedef std::string AuthLibrary

And save a number of macros and methods below.

[aberent, 2015/07/02 21:13:36]

Done. I don't really like it (since it isn't a library), but it is better than I
had before, and I don't have a better solution.

[cbentzel, 2015/07/08 18:27:11]

I don't have one either, other than renaming the variable/typedef/method name to
something like AuthSystemConfig or similar.

Could you please comment on the Android portion in any case as it is
non-intuitive?

[aberent, 2015/07/09 13:38:45]

Done.

+#elif defined(OS_WIN)
   typedef SSPILibrary AuthLibrary;
   typedef HttpAuthSSPI AuthSystem;
 #elif defined(OS_POSIX)
   typedef GSSAPILibrary AuthLibrary;
   typedef HttpAuthGSSAPI AuthSystem;
 #endif
 
   class NET_EXPORT_PRIVATE Factory : public HttpAuthHandlerFactory {
    public:
     Factory();
@@ skipping 10 matching lines @@
 
     // |use_port()| and |set_use_port()| get/set whether the auth handlers
     // generated by this factory should include the port number of the server
     // they are authenticating to when constructing a Kerberos SPN. The default
     // value is false.
     bool use_port() const { return use_port_; }
     void set_use_port(bool use_port) { use_port_ = use_port; }
 
     void set_host_resolver(HostResolver* host_resolver);
 
+#if defined(OS_ANDROID)
+    // Sets the account type to use for authentication
+    void set_account_type(const std::string& account_type) {
+      account_type_ = account_type;
+    }
+#endif
+#if defined(OS_WIN) || (defined(OS_POSIX) && !defined(OS_ANDROID))

[cbentzel, 2015/06/30 12:53:55]

This is repeated three times in this header - wonder if another macro definition
would help here. 

[aberent, 2015/07/02 21:13:36]

Removed because of the change on line 38.

     // Sets the system library to use, thereby assuming ownership of
     // |auth_library|.
     void set_library(AuthLibrary* auth_library) {
       auth_library_.reset(auth_library);
     }
+#endif
 
     int CreateAuthHandler(HttpAuthChallengeTokenizer* challenge,
                           HttpAuth::Target target,
                           const GURL& origin,
                           CreateReason reason,
                           int digest_nonce_count,
                           const BoundNetLog& net_log,
                           scoped_ptr<HttpAuthHandler>* handler) override;
 
    private:
     bool disable_cname_lookup_;
     bool use_port_;
     HostResolver* resolver_;
 #if defined(OS_WIN)
     ULONG max_token_length_;
     bool first_creation_;
 #endif
     bool is_unsupported_;
+#if defined(OS_ANDROID)
+    std::string account_type_;
+#endif
+#if defined(OS_WIN) || (defined(OS_POSIX) && !defined(OS_ANDROID))
     scoped_ptr<AuthLibrary> auth_library_;
+#endif
   };
 
-  HttpAuthHandlerNegotiate(AuthLibrary* sspi_library,
+  HttpAuthHandlerNegotiate(
+#if defined(OS_ANDROID)
+      std::string account_type,
+#endif
+#if defined(OS_WIN) || (defined(OS_POSIX) && !defined(OS_ANDROID))
+      AuthLibrary* sspi_library,
+#endif
 #if defined(OS_WIN)
-                           ULONG max_token_length,
+      ULONG max_token_length,
 #endif
-                           URLSecurityManager* url_security_manager,
-                           HostResolver* host_resolver,
-                           bool disable_cname_lookup,
-                           bool use_port);
+      URLSecurityManager* url_security_manager,
+      HostResolver* host_resolver,
+      bool disable_cname_lookup,
+      bool use_port);
 
   ~HttpAuthHandlerNegotiate() override;
 
   // These are public for unit tests
   std::string CreateSPN(const AddressList& address_list, const GURL& orign);
   const std::string& spn() const { return spn_; }
 
   // HttpAuthHandler:
   HttpAuth::AuthorizationResult HandleAnotherChallenge(
       HttpAuthChallengeTokenizer* challenge) override;
@@ skipping 21 matching lines @@
   void OnIOComplete(int result);
   void DoCallback(int result);
   int DoLoop(int result);
 
   int DoResolveCanonicalName();
   int DoResolveCanonicalNameComplete(int rv);
   int DoGenerateAuthToken();
   int DoGenerateAuthTokenComplete(int rv);
   bool CanDelegate() const;
 
+  bool ParseFirstChallenge(HttpAuthChallengeTokenizer* tok);

[cbentzel, 2015/06/30 12:53:55]

ParseFirstChallenge is not defined. Should this be removed?

[aberent, 2015/07/02 21:13:36]

Done.

+
   AuthSystem auth_system_;
   bool disable_cname_lookup_;
   bool use_port_;
   HostResolver* const resolver_;
 
   // Members which are needed for DNS lookup + SPN.
   AddressList address_list_;
   scoped_ptr<SingleRequestHostResolver> single_resolve_;
 
   // Things which should be consistent after first call to GenerateAuthToken.
   bool already_called_;
   bool has_credentials_;
   AuthCredentials credentials_;
   std::string spn_;
 
   // Things which vary each round.
   CompletionCallback callback_;
   std::string* auth_token_;
 
   State next_state_;
 
   const URLSecurityManager* url_security_manager_;
 };
 
 }  // namespace net
 
 #endif  // NET_HTTP_HTTP_AUTH_HANDLER_NEGOTIATE_H_