[net/http auth] Make HttpAuthHandler challenge handling asynchronous.

net/http/http_auth_gssapi_posix.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/http/http_auth_gssapi_posix.h"
 
 #include <limits>
 #include <string>
 
 #include "base/base64.h"
@@ skipping 649 matching lines @@
       gss_oid_(gss_oid),
       library_(library),
       scoped_sec_context_(library),
       can_delegate_(false) {
   DCHECK(library_);
 }
 
 HttpAuthGSSAPI::~HttpAuthGSSAPI() {
 }
 
+// TODO(asanka): Take a HttpResonseInfo along with the initial challenge to
+// initialize the HttpAuthHandler. Then HttpAuthHandlerNegotiate can generate a
+// channel binding token from the SSLInfo which can then be used when tokens are
+// being generated.
+//
+// Only the HandleAnotherChallenge() and InitFromChallenge() phases have
+// realiable access to a HttpResonseInfo.
+//
+// There is a lot of cleanup to do here, but should be kept separate from the
+// other ongoing work.
+//
+// We unfortunately can't move the token generation code to be after header
+// receipt in http_network_transaction because it's needed for pre-emptive
+// authentication :(. We need to make both HTTP auth challenge handling and
+// token generation to be potentially asynchronous.
 bool HttpAuthGSSAPI::Init() {
   if (!library_)
     return false;
   return library_->Init();
 }
 
 bool HttpAuthGSSAPI::NeedsIdentity() const {
   return decoded_server_auth_token_.empty();
 }
 
@@ skipping 182 matching lines @@
   if (rv != OK) {
     LOG(ERROR) << "Problem initializing context. \n"
                << DisplayExtendedStatus(library_, major_status, minor_status)
                << '\n'
                << DescribeContext(library_, scoped_sec_context_.get());
   }
   return rv;
 }
 
 }  // namespace net