Support Kerberos on Android

net/http/http_auth_gssapi_posix.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/http/http_auth_gssapi_posix.h"
 
 #include <limits>
 #include <string>
 
 #include "base/base64.h"
 #include "base/files/file_path.h"
 #include "base/format_macros.h"
 #include "base/logging.h"
 #include "base/strings/string_util.h"
 #include "base/strings/stringprintf.h"
 #include "base/threading/thread_restrictions.h"
 #include "net/base/net_errors.h"
 #include "net/base/net_util.h"
-#include "net/http/http_auth_challenge_tokenizer.h"
+#include "net/http/http_auth_multi_round_parse.h"
 
 // These are defined for the GSSAPI library:
 // Paraphrasing the comments from gssapi.h:
 // "The implementation must reserve static storage for a
 // gss_OID_desc object for each constant.  That constant
 // should be initialized to point to that gss_OID_desc."
 // These are encoded using ASN.1 BER encoding.
 namespace {
 
 static gss_OID_desc GSS_C_NT_USER_NAME_VAL = {
@@ skipping 650 matching lines @@
 bool HttpAuthGSSAPI::AllowsExplicitCredentials() const {
   return false;
 }
 
 void HttpAuthGSSAPI::Delegate() {
   can_delegate_ = true;
 }
 
 HttpAuth::AuthorizationResult HttpAuthGSSAPI::ParseChallenge(
     HttpAuthChallengeTokenizer* tok) {
-  // Verify the challenge's auth-scheme.
-  if (!base::LowerCaseEqualsASCII(tok->scheme(),
-                                  base::StringToLowerASCII(scheme_).c_str()))
-    return HttpAuth::AUTHORIZATION_RESULT_INVALID;
-
-  std::string encoded_auth_token = tok->base64_param();
-
-  if (encoded_auth_token.empty()) {
-    // If a context has already been established, an empty Negotiate challenge
-    // should be treated as a rejection of the current attempt.
-    if (scoped_sec_context_.get() != GSS_C_NO_CONTEXT)
-      return HttpAuth::AUTHORIZATION_RESULT_REJECT;
-    DCHECK(decoded_server_auth_token_.empty());
-    return HttpAuth::AUTHORIZATION_RESULT_ACCEPT;
-  } else {
-    // If a context has not already been established, additional tokens should
-    // not be present in the auth challenge.
-    if (scoped_sec_context_.get() == GSS_C_NO_CONTEXT)
-      return HttpAuth::AUTHORIZATION_RESULT_INVALID;
+  if (scoped_sec_context_.get() == GSS_C_NO_CONTEXT) {
+    return net::ParseFirstRoundChallenge(scheme_, tok);
   }
-
-  // Make sure the additional token is base64 encoded.
-  std::string decoded_auth_token;
-  bool base64_rv = base::Base64Decode(encoded_auth_token, &decoded_auth_token);
-  if (!base64_rv)
-    return HttpAuth::AUTHORIZATION_RESULT_INVALID;
-  decoded_server_auth_token_ = decoded_auth_token;
-  return HttpAuth::AUTHORIZATION_RESULT_ACCEPT;
+  std::string encoded_auth_token;
+  return net::ParseLaterRoundChallenge(scheme_, tok, &encoded_auth_token,
+                                       &decoded_server_auth_token_);
 }
 
 int HttpAuthGSSAPI::GenerateAuthToken(const AuthCredentials* credentials,
                                       const std::string& spn,
-                                      std::string* auth_token) {
+                                      std::string* auth_token,
+                                      const CompletionCallback& /*callback*/) {
   DCHECK(auth_token);
 
   gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER;
   input_token.length = decoded_server_auth_token_.length();
   input_token.value = (input_token.length > 0) ?
       const_cast<char*>(decoded_server_auth_token_.data()) :
       NULL;
   gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER;
   ScopedBuffer scoped_output_token(&output_token, library_);
   int rv = GetNextSecurityToken(spn, &input_token, &output_token);
@@ skipping 150 matching lines @@
   if (rv != OK) {
     LOG(ERROR) << "Problem initializing context. \n"
                << DisplayExtendedStatus(library_, major_status, minor_status)
                << '\n'
                << DescribeContext(library_, scoped_sec_context_.get());
   }
   return rv;
 }
 
 }  // namespace net