Support Kerberos on Android

net/android/java/src/org/chromium/net/HttpNegotiateAuthenticator.java

Index: net/android/java/src/org/chromium/net/HttpNegotiateAuthenticator.java
diff --git a/net/android/java/src/org/chromium/net/HttpNegotiateAuthenticator.java b/net/android/java/src/org/chromium/net/HttpNegotiateAuthenticator.java
new file mode 100644
index 0000000000000000000000000000000000000000..10c5f0dc6c7182c92a3e705bf5bbd2004d4a9f13
--- /dev/null
+++ b/net/android/java/src/org/chromium/net/HttpNegotiateAuthenticator.java
@@ -0,0 +1,102 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+package org.chromium.net;
+
+import android.accounts.AccountManager;
+import android.accounts.AccountManagerCallback;
+import android.accounts.AccountManagerFuture;
+import android.accounts.AuthenticatorException;
+import android.accounts.OperationCanceledException;
+import android.app.Activity;
+import android.os.Bundle;
+import android.os.Handler;
+
+import org.chromium.base.ApplicationStatus;
+import org.chromium.base.CalledByNative;
+import org.chromium.base.JNINamespace;
+import org.chromium.base.ThreadUtils;
+import org.chromium.base.VisibleForTesting;
+
+import java.io.IOException;
+
+/**
+ * Class to get Auth Tokens for HTTP Negotiate authentication (typically used for Kerberos) An
+ * instance of this class is created for each separate negotiation.
+ */
+@JNINamespace("net::android")
+public class HttpNegotiateAuthenticator {
+    private static final String KEY_INCOMING_AUTH_TOKEN = "incomingAuthToken";
+    private static final String KEY_SPNEGO_CONTEXT = "spnegoContext";
+    private static final String KEY_CAN_DELEGATE = "canDelegate";
+
+    private static final String SPNEGO_FEATURE = "SPNEGO";
+    private static final String SPNEGO_TOKEN_TYPE_BASE = "SPNEGO:HOSTBASED:";
+
+    private String mSpnegoContext = null;
+    private final long mNativeObject;
+    private final String mAccountType;
+    private AccountManagerFuture<Bundle> mFuture;
+
+    private HttpNegotiateAuthenticator(long nativeObject, String accountType) {
+        assert !android.text.TextUtils.isEmpty(accountType);
+        mNativeObject = nativeObject;
+        mAccountType = accountType;
+    }
+
+    /**
+     * @param nativeObject The corresponding HttpAuthNegotiateAndroid C++ object
+     * @param accountType The Android account type to use.
+     */
+    @VisibleForTesting
+    @CalledByNative
+    static HttpNegotiateAuthenticator create(long nativeObject, String accountType) {
+        return new HttpNegotiateAuthenticator(nativeObject, accountType);
+    }
+
+    /**
+     * @param principal The principal (must be host based).
+     * @param authToken The previous auth token, if any.
+     * @return false for immediate failure, true otherwise.
+     */
+    @VisibleForTesting
+    @CalledByNative
+    boolean getNextAuthToken(String principal, String authToken, boolean canDelegate) {
+        assert principal != null;
+        String authTokenType = SPNEGO_TOKEN_TYPE_BASE + principal;
+        Activity activity = ApplicationStatus.getLastTrackedFocusedActivity();
+        if (activity == null) return false;
+        AccountManager am = AccountManager.get(activity);
+        String features[] = {SPNEGO_FEATURE};
+
+        Bundle options = new Bundle();
+
+        if (authToken != null) options.putString(KEY_INCOMING_AUTH_TOKEN, authToken);
+        if (mSpnegoContext != null) options.putString(KEY_SPNEGO_CONTEXT, mSpnegoContext);
+        options.putBoolean(KEY_CAN_DELEGATE, canDelegate);
+
+        mFuture = am.getAuthTokenByFeatures(mAccountType, authTokenType, features, activity, null,

[Ryan Sleevi, 2015/06/16 01:07:46]

Just to make sure: Can exceptions be thrown by any of these other methods (line
68, 70, 75, 76, 77, 79)?

Juuuuust wanting to make sure; IIRC, the answer is "no", because the cmopiler
would have yelled at you for the absent throw spec on line 65, but I wanted to
confirm.

[aberent, 2015/06/19 15:06:24]

The only things they can, in theory, throw are exceptions of unchecked exception
types, such as NullPointerException, and I think I have protected against these.
If not, then these are generally programming errors, and I should fix these. 

+                options, new AccountManagerCallback<Bundle>() {
+
+                    @Override
+                    public void run(AccountManagerFuture<Bundle> future) {
+                        try {
+                            Bundle result = future.getResult();
+                            mSpnegoContext = result.getString(KEY_SPNEGO_CONTEXT);
+                            nativeSetResult(mNativeObject, true,
+                                    result.getString(AccountManager.KEY_AUTHTOKEN));
+                        } catch (OperationCanceledException | AuthenticatorException
+                                | IOException e) {
+                            nativeSetResult(mNativeObject, false, null);
+                        }
+                    }
+
+                }, new Handler(ThreadUtils.getUiThreadLooper()));
+        return true;
+    }
+
+    @VisibleForTesting
+    native void nativeSetResult(
+            long nativeHttpAuthNegotiateAndroid, boolean result, String authToken);
+}