OLD | NEW |
(Empty) | |
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #ifndef NET_ANDROID_HTTP_AUTH_NEGOTIATE_ANDROID_H_ |
| 6 #define NET_ANDROID_HTTP_AUTH_NEGOTIATE_ANDROID_H_ |
| 7 |
| 8 #include <jni.h> |
| 9 #include <string> |
| 10 |
| 11 #include "base/android/jni_android.h" |
| 12 #include "base/callback.h" |
| 13 #include "base/macros.h" |
| 14 #include "base/memory/ref_counted.h" |
| 15 #include "base/memory/scoped_ptr.h" |
| 16 #include "net/base/completion_callback.h" |
| 17 #include "net/http/http_auth.h" |
| 18 |
| 19 namespace net { |
| 20 |
| 21 class HttpAuthChallengeTokenizer; |
| 22 |
| 23 namespace android { |
| 24 |
| 25 // This class provides a threadsafe wrapper for SetResult, which is called from |
| 26 // Java. A new instance of this class is needed for each call, and the instance |
| 27 // destroys itself when the callback is received. It is written to allow |
| 28 // setResult to be called on any thread, but in practice they will be called |
| 29 // on the application's main thread. |
| 30 // |
| 31 // We cannot use a Callback object here, because there is no way of invoking the |
| 32 // Run method from Java. |
| 33 class NET_EXPORT_PRIVATE JavaNegotiateResultWrapper { |
| 34 public: |
| 35 scoped_refptr<base::TaskRunner> callback_task_runner_; |
| 36 base::Callback<void(int, const std::string&)> thread_safe_callback_; |
| 37 |
| 38 JavaNegotiateResultWrapper( |
| 39 const scoped_refptr<base::TaskRunner>& callback_task_runner, |
| 40 const base::Callback<void(int, const std::string&)>& |
| 41 thread_safe_callback); |
| 42 |
| 43 void SetResult(JNIEnv* env, jobject obj, int result, jstring token); |
| 44 |
| 45 private: |
| 46 // Class is only allowed to delete itself, nobody else is allowed to delete. |
| 47 ~JavaNegotiateResultWrapper(); |
| 48 }; |
| 49 |
| 50 // Class providing Negotiate (SPNEGO/Kerberos) authentication support on |
| 51 // Android. The actual authentication is done through an Android authenticator |
| 52 // provided by third parties who want Kerberos support. This class simply |
| 53 // provides a bridge to the Java code, and hence to the service. See |
| 54 // https://drive.google.com/open?id=1G7WAaYEKMzj16PTHT_cIYuKXJG6bBcrQ7QQBQ6ihOcQ
&authuser=1 |
| 55 // for the full details. |
| 56 class NET_EXPORT_PRIVATE HttpAuthNegotiateAndroid { |
| 57 public: |
| 58 // Creates an object for one negotiation session. |account_type| is the |
| 59 // Android account type, used by Android to find the correct authenticator. |
| 60 explicit HttpAuthNegotiateAndroid(const std::string& account_type); |
| 61 ~HttpAuthNegotiateAndroid(); |
| 62 |
| 63 // Register the JNI for this class. |
| 64 static bool Register(JNIEnv* env); |
| 65 |
| 66 // Does nothing, but needed for compatibility with the Negotiate |
| 67 // authenticators for other O.S.. Always returns true. |
| 68 bool Init(); |
| 69 |
| 70 // True if authentication needs the identity of the user from Chrome. |
| 71 bool NeedsIdentity() const; |
| 72 |
| 73 // True authentication can use explicit credentials included in the URL. |
| 74 bool AllowsExplicitCredentials() const; |
| 75 |
| 76 // Parse a received Negotiate challenge. |
| 77 HttpAuth::AuthorizationResult ParseChallenge( |
| 78 net::HttpAuthChallengeTokenizer* tok); |
| 79 |
| 80 // Generates an authentication token. |
| 81 // |
| 82 // The return value is an error code. The authentication token will be |
| 83 // returned in |*auth_token|. If the result code is not |OK|, the value of |
| 84 // |*auth_token| is unspecified. |
| 85 // |
| 86 // If the operation cannot be completed synchronously, |ERR_IO_PENDING| will |
| 87 // be returned and the real result code will be passed to the completion |
| 88 // callback. Otherwise the result code is returned immediately from this |
| 89 // call. |
| 90 // |
| 91 // If the AndroidAuthNegotiate object is deleted before completion then the |
| 92 // callback will not be called. |
| 93 // |
| 94 // If no immediate result is returned then |auth_token| must remain valid |
| 95 // until the callback has been called. |
| 96 // |
| 97 // |spn| is the Service Principal Name of the server that the token is |
| 98 // being generated for. |
| 99 // |
| 100 // If this is the first round of a multiple round scheme, credentials are |
| 101 // obtained using |*credentials|. If |credentials| is NULL, the default |
| 102 // credentials are used instead. |
| 103 int GenerateAuthToken(const AuthCredentials* credentials, |
| 104 const std::string& spn, |
| 105 std::string* auth_token, |
| 106 const net::CompletionCallback& callback); |
| 107 |
| 108 // Delegation is allowed on the Kerberos ticket. This allows certain servers |
| 109 // to act as the user, such as an IIS server retrieving data from a |
| 110 // Kerberized MSSQL server. |
| 111 void Delegate(); |
| 112 |
| 113 private: |
| 114 void SetResultInternal(int result, const std::string& token); |
| 115 |
| 116 std::string account_type_; |
| 117 bool can_delegate_; |
| 118 bool first_challenge_; |
| 119 std::string server_auth_token_; |
| 120 std::string* auth_token_; |
| 121 base::android::ScopedJavaGlobalRef<jobject> java_authenticator_; |
| 122 net::CompletionCallback completion_callback_; |
| 123 |
| 124 base::WeakPtrFactory<HttpAuthNegotiateAndroid> weak_factory_; |
| 125 |
| 126 DISALLOW_COPY_AND_ASSIGN(HttpAuthNegotiateAndroid); |
| 127 }; |
| 128 |
| 129 } // namespace android |
| 130 } // namespace net |
| 131 |
| 132 #endif // NET_ANDROID_HTTP_AUTH_NEGOTIATE_ANDROID_H_ |
OLD | NEW |