Index: net/http/http_auth_handler_negotiate.cc |
diff --git a/net/http/http_auth_handler_negotiate.cc b/net/http/http_auth_handler_negotiate.cc |
index 422ddd729a27cf4dc9c24198c4dc30e0087cd60c..0a3f2a55876c6ef026acee1e291139e05ab2d0cf 100644 |
--- a/net/http/http_auth_handler_negotiate.cc |
+++ b/net/http/http_auth_handler_negotiate.cc |
@@ -4,14 +4,17 @@ |
#include "net/http/http_auth_handler_negotiate.h" |
+#include "base/base64.h" |
#include "base/bind.h" |
#include "base/bind_helpers.h" |
#include "base/logging.h" |
+#include "base/strings/string_util.h" |
#include "base/strings/stringprintf.h" |
#include "net/base/address_family.h" |
#include "net/base/net_errors.h" |
#include "net/dns/host_resolver.h" |
#include "net/dns/single_request_host_resolver.h" |
+#include "net/http/http_auth_challenge_tokenizer.h" |
#include "net/http/http_auth_filter.h" |
#include "net/http/url_security_manager.h" |
@@ -65,6 +68,19 @@ int HttpAuthHandlerNegotiate::Factory::CreateAuthHandler( |
return ERR_INVALID_RESPONSE; |
handler->swap(tmp_handler); |
return OK; |
+#elif defined(OS_ANDROID) |
+ if (is_unsupported_ || account_type_.empty()) |
+ return ERR_UNSUPPORTED_AUTH_SCHEME; |
+ // TODO(ahendrickson): Move towards model of parsing in the factory |
+ // method and only constructing when valid. |
Ryan Sleevi
2015/06/16 01:07:47
This looks like you just copy-pasted the TODO from
aberent
2015/06/19 15:06:25
Actually copied it from 91/92, but happy to switch
|
+ scoped_ptr<HttpAuthHandler> tmp_handler(new HttpAuthHandlerNegotiate( |
+ account_type_, url_security_manager(), resolver_, disable_cname_lookup_, |
+ use_port_)); |
+ if (!tmp_handler->InitFromChallenge(challenge, target, origin, net_log)) |
+ return ERR_INVALID_RESPONSE; |
+ handler->swap(tmp_handler); |
+ return OK; |
+ |
#elif defined(OS_POSIX) |
if (is_unsupported_) |
return ERR_UNSUPPORTED_AUTH_SCHEME; |
@@ -72,7 +88,7 @@ int HttpAuthHandlerNegotiate::Factory::CreateAuthHandler( |
is_unsupported_ = true; |
return ERR_UNSUPPORTED_AUTH_SCHEME; |
} |
- // TODO(ahendrickson): Move towards model of parsing in the factory |
+ // TODO(ahendrickHson): Move towards model of parsing in the factory |
Bernhard Bauer
2015/06/15 16:43:11
Nit: Capital H snuck in here somehow :)
aberent
2015/06/19 15:06:24
Done.
|
// method and only constructing when valid. |
scoped_ptr<HttpAuthHandler> tmp_handler( |
new HttpAuthHandlerNegotiate(auth_library_.get(), url_security_manager(), |
@@ -86,7 +102,12 @@ int HttpAuthHandlerNegotiate::Factory::CreateAuthHandler( |
} |
HttpAuthHandlerNegotiate::HttpAuthHandlerNegotiate( |
+#if defined(OS_ANDROID) |
+ std::string account_type, |
+#endif |
+#if defined(OS_WIN) || (defined(OS_POSIX) && !defined(OS_ANDROID)) |
AuthLibrary* auth_library, |
+#endif |
#if defined(OS_WIN) |
ULONG max_token_length, |
#endif |
@@ -94,7 +115,9 @@ HttpAuthHandlerNegotiate::HttpAuthHandlerNegotiate( |
HostResolver* resolver, |
bool disable_cname_lookup, |
bool use_port) |
-#if defined(OS_WIN) |
+#if defined(OS_ANDROID) |
+ : auth_system_(account_type), |
+#elif defined(OS_WIN) |
: auth_system_(auth_library, "Negotiate", NEGOSSP_NAME, max_token_length), |
#elif defined(OS_POSIX) |
: auth_system_(auth_library, "Negotiate", CHROME_GSS_SPNEGO_MECH_OID_DESC), |
@@ -162,7 +185,21 @@ std::string HttpAuthHandlerNegotiate::CreateSPN( |
HttpAuth::AuthorizationResult HttpAuthHandlerNegotiate::HandleAnotherChallenge( |
HttpAuthChallengeTokenizer* challenge) { |
- return auth_system_.ParseChallenge(challenge); |
+ // Verify the challenge's auth-scheme. |
+ if (!base::LowerCaseEqualsASCII(challenge->scheme(), "negotiate")) |
Ryan Sleevi
2015/06/16 01:07:47
DANGER: It's worth noting here that there isn't a
aberent
2015/06/19 15:06:25
Note that there is substantial refactoring of this
|
+ return HttpAuth::AUTHORIZATION_RESULT_INVALID; |
+ |
+ std::string encoded_auth_token = challenge->base64_param(); |
+ if (encoded_auth_token.empty()) { |
+ return HttpAuth::AUTHORIZATION_RESULT_REJECT; |
+ } |
Ryan Sleevi
2015/06/16 01:07:47
Consistent with lines 189/190 and 199/200 (and rea
aberent
2015/06/19 15:06:25
Done.
|
+ // Make sure the additional token is base64 encoded. |
+ std::string decoded_auth_token; |
+ bool base64_rv = base::Base64Decode(encoded_auth_token, &decoded_auth_token); |
+ if (!base64_rv) |
Ryan Sleevi
2015/06/16 01:07:47
Does not seem like there's any reason to use a tem
aberent
2015/06/19 15:06:24
Done.
|
+ return HttpAuth::AUTHORIZATION_RESULT_INVALID; |
+ auth_system_.SetServerAuthToken(encoded_auth_token, decoded_auth_token); |
+ return HttpAuth::AUTHORIZATION_RESULT_ACCEPT; |
} |
// Require identity on first pass instead of second. |
@@ -202,9 +239,9 @@ bool HttpAuthHandlerNegotiate::Init(HttpAuthChallengeTokenizer* challenge) { |
auth_scheme_ = HttpAuth::AUTH_SCHEME_NEGOTIATE; |
score_ = 4; |
properties_ = ENCRYPTS_IDENTITY | IS_CONNECTION_BASED; |
- HttpAuth::AuthorizationResult auth_result = |
- auth_system_.ParseChallenge(challenge); |
- return (auth_result == HttpAuth::AUTHORIZATION_RESULT_ACCEPT); |
+ if (!base::LowerCaseEqualsASCII(challenge->scheme(), "negotiate")) |
+ return false; |
+ return challenge->base64_param().empty(); |
} |
int HttpAuthHandlerNegotiate::GenerateAuthTokenImpl( |
@@ -315,8 +352,10 @@ int HttpAuthHandlerNegotiate::DoResolveCanonicalNameComplete(int rv) { |
int HttpAuthHandlerNegotiate::DoGenerateAuthToken() { |
next_state_ = STATE_GENERATE_AUTH_TOKEN_COMPLETE; |
AuthCredentials* credentials = has_credentials_ ? &credentials_ : NULL; |
- // TODO(cbentzel): This should possibly be done async. |
- return auth_system_.GenerateAuthToken(credentials, spn_, auth_token_); |
+ return auth_system_.GenerateAuthToken( |
+ credentials, spn_, auth_token_, |
+ base::Bind(&HttpAuthHandlerNegotiate::OnIOComplete, |
+ base::Unretained(this))); |
} |
int HttpAuthHandlerNegotiate::DoGenerateAuthTokenComplete(int rv) { |