Support Kerberos on Android

net/http/http_auth_sspi_win.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // See "SSPI Sample Application" at
 // http://msdn.microsoft.com/en-us/library/aa918273.aspx
 
 #include "net/http/http_auth_sspi_win.h"
 
 #include "base/base64.h"
 #include "base/logging.h"
 #include "base/strings/string_util.h"
 #include "base/strings/utf_string_conversions.h"
 #include "net/base/net_errors.h"
 #include "net/http/http_auth.h"
-#include "net/http/http_auth_challenge_tokenizer.h"
+#include "net/http/http_auth_multi_round_parse.h"
 
 namespace net {
 
 namespace {
 
 int MapAcquireCredentialsStatusToError(SECURITY_STATUS status,
                                        const SEC_WCHAR* package) {
   VLOG(1) << "AcquireCredentialsHandle returned 0x" << std::hex << status;
   switch (status) {
     case SEC_E_OK:
@@ skipping 248 matching lines @@
 
 void HttpAuthSSPI::ResetSecurityContext() {
   if (SecIsValidHandle(&ctxt_)) {
     library_->DeleteSecurityContext(&ctxt_);
     SecInvalidateHandle(&ctxt_);
   }
 }
 
 HttpAuth::AuthorizationResult HttpAuthSSPI::ParseChallenge(
     HttpAuthChallengeTokenizer* tok) {
-  // Verify the challenge's auth-scheme.
-  if (!base::LowerCaseEqualsASCII(tok->scheme(),
-                                  base::StringToLowerASCII(scheme_).c_str()))
-    return HttpAuth::AUTHORIZATION_RESULT_INVALID;
-
-  std::string encoded_auth_token = tok->base64_param();
-  if (encoded_auth_token.empty()) {
-    // If a context has already been established, an empty challenge
-    // should be treated as a rejection of the current attempt.
-    if (SecIsValidHandle(&ctxt_))
-      return HttpAuth::AUTHORIZATION_RESULT_REJECT;
-    DCHECK(decoded_server_auth_token_.empty());
-    return HttpAuth::AUTHORIZATION_RESULT_ACCEPT;
-  } else {
-    // If a context has not already been established, additional tokens should
-    // not be present in the auth challenge.
-    if (!SecIsValidHandle(&ctxt_))
-      return HttpAuth::AUTHORIZATION_RESULT_INVALID;
+  if (!SecIsValidHandle(&ctxt_)) {
+    return net::ParseFirstRoundChallenge(scheme_, tok);
   }
-
-  std::string decoded_auth_token;
-  bool base64_rv = base::Base64Decode(encoded_auth_token, &decoded_auth_token);
-  if (!base64_rv)
-    return HttpAuth::AUTHORIZATION_RESULT_INVALID;
-  decoded_server_auth_token_ = decoded_auth_token;
-  return HttpAuth::AUTHORIZATION_RESULT_ACCEPT;
+  std::string encoded_auth_token;
+  return net::ParseLaterRoundChallenge(scheme_, tok, &encoded_auth_token,
+                                       &decoded_server_auth_token_);
 }
 
 int HttpAuthSSPI::GenerateAuthToken(const AuthCredentials* credentials,
                                     const std::string& spn,
-                                    std::string* auth_token) {
+                                    std::string* auth_token,
+                                    const CompletionCallback& /*callback*/) {
   // Initial challenge.
   if (!SecIsValidHandle(&cred_)) {
     int rv = OnFirstRound(credentials);
     if (rv != OK)
       return rv;
   }
 
   DCHECK(SecIsValidHandle(&cred_));
   void* out_buf;
   int out_buf_len;
@@ skipping 147 matching lines @@
   int token_length = pkg_info->cbMaxToken;
   status = library->FreeContextBuffer(pkg_info);
   rv = MapFreeContextBufferStatusToError(status);
   if (rv != OK)
     return rv;
   *max_token_length = token_length;
   return OK;
 }
 
 }  // namespace net