Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(42)

Unified Diff: net/android/http_auth_negotiate_android.h

Issue 1128043007: Support Kerberos on Android (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Fix cbentzel@'s nits Created 5 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: net/android/http_auth_negotiate_android.h
diff --git a/net/android/http_auth_negotiate_android.h b/net/android/http_auth_negotiate_android.h
new file mode 100644
index 0000000000000000000000000000000000000000..56990cee900301ae179068fe0e85a6c57832aa07
--- /dev/null
+++ b/net/android/http_auth_negotiate_android.h
@@ -0,0 +1,132 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef NET_ANDROID_HTTP_AUTH_NEGOTIATE_ANDROID_H_
+#define NET_ANDROID_HTTP_AUTH_NEGOTIATE_ANDROID_H_
+
+#include <jni.h>
+#include <string>
+
+#include "base/android/jni_android.h"
+#include "base/callback.h"
+#include "base/macros.h"
+#include "base/memory/ref_counted.h"
+#include "base/memory/scoped_ptr.h"
+#include "net/base/completion_callback.h"
+#include "net/http/http_auth.h"
+
+namespace net {
+
+class HttpAuthChallengeTokenizer;
+
+namespace android {
+
+// This class provides a threadsafe wrapper for SetResult, which is called from
+// Java. A new instance of this class is needed for each call, and the instance
+// destroys itself when the callback is received. It is written to allow
+// setResult to be called on any thread, but in practice they will be called
+// on the application's main thread.
+//
+// We cannot use a Callback object here, because there is no way of invoking the
+// Run method from Java.
+class NET_EXPORT_PRIVATE JavaNegotiateResultWrapper {
+ public:
+ scoped_refptr<base::TaskRunner> callback_task_runner_;
+ base::Callback<void(int, const std::string&)> thread_safe_callback_;
+
+ JavaNegotiateResultWrapper(
+ const scoped_refptr<base::TaskRunner>& callback_task_runner,
+ const base::Callback<void(int, const std::string&)>&
+ thread_safe_callback);
+
+ void SetResult(JNIEnv* env, jobject obj, int result, jstring token);
+
+ private:
+ // Class is only allowed to delete itself, nobody else is allowed to delete.
+ ~JavaNegotiateResultWrapper();
+};
+
+// Class providing Negotiate (SPNEGO/Kerberos) authentication support on
+// Android. The actual authentication is done through an Android authenticator
+// provided by third parties who want Kerberos support. This class simply
+// provides a bridge to the Java code, and hence to the service. See
+// https://drive.google.com/open?id=1G7WAaYEKMzj16PTHT_cIYuKXJG6bBcrQ7QQBQ6ihOcQ&authuser=1
+// for the full details.
+class NET_EXPORT_PRIVATE HttpAuthNegotiateAndroid {
+ public:
+ // Creates an object for one negotiation session. |account_type| is the
+ // Android account type, used by Android to find the correct authenticator.
+ explicit HttpAuthNegotiateAndroid(const std::string& account_type);
+ ~HttpAuthNegotiateAndroid();
+
+ // Register the JNI for this class.
+ static bool Register(JNIEnv* env);
+
+ // Does nothing, but needed for compatibility with the Negotiate
+ // authenticators for other O.S.. Always returns true.
+ bool Init();
+
+ // True if authentication needs the identity of the user from Chrome.
+ bool NeedsIdentity() const;
+
+ // True authentication can use explicit credentials included in the URL.
+ bool AllowsExplicitCredentials() const;
+
+ // Parse a received Negotiate challenge.
+ HttpAuth::AuthorizationResult ParseChallenge(
+ net::HttpAuthChallengeTokenizer* tok);
+
+ // Generates an authentication token.
+ //
+ // The return value is an error code. The authentication token will be
+ // returned in |*auth_token|. If the result code is not |OK|, the value of
+ // |*auth_token| is unspecified.
+ //
+ // If the operation cannot be completed synchronously, |ERR_IO_PENDING| will
+ // be returned and the real result code will be passed to the completion
+ // callback. Otherwise the result code is returned immediately from this
+ // call.
+ //
+ // If the AndroidAuthNegotiate object is deleted before completion then the
+ // callback will not be called.
+ //
+ // If no immediate result is returned then |auth_token| must remain valid
+ // until the callback has been called.
+ //
+ // |spn| is the Service Principal Name of the server that the token is
+ // being generated for.
+ //
+ // If this is the first round of a multiple round scheme, credentials are
+ // obtained using |*credentials|. If |credentials| is NULL, the default
+ // credentials are used instead.
+ int GenerateAuthToken(const AuthCredentials* credentials,
+ const std::string& spn,
+ std::string* auth_token,
+ const net::CompletionCallback& callback);
+
+ // Delegation is allowed on the Kerberos ticket. This allows certain servers
+ // to act as the user, such as an IIS server retrieving data from a
+ // Kerberized MSSQL server.
+ void Delegate();
+
+ private:
+ void SetResultInternal(int result, const std::string& token);
+
+ std::string account_type_;
+ bool can_delegate_;
+ bool first_challenge_;
+ std::string server_auth_token_;
+ std::string* auth_token_;
+ base::android::ScopedJavaGlobalRef<jobject> java_authenticator_;
+ net::CompletionCallback completion_callback_;
+
+ base::WeakPtrFactory<HttpAuthNegotiateAndroid> weak_factory_;
+
+ DISALLOW_COPY_AND_ASSIGN(HttpAuthNegotiateAndroid);
+};
+
+} // namespace android
+} // namespace net
+
+#endif // NET_ANDROID_HTTP_AUTH_NEGOTIATE_ANDROID_H_

Powered by Google App Engine
This is Rietveld 408576698