Chromium Code Reviews Chromium Code Reviews
Issue 1414313002:
Allow dynamic updating of authentication policies (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/io_thread.h" | 5 #include "chrome/browser/io_thread.h" |
| 6 | 6 |
| 7 #include <vector> | 7 #include <vector> |
| 8 | 8 |
| 9 #include "base/base64.h" | 9 #include "base/base64.h" |
| 10 #include "base/bind.h" | 10 #include "base/bind.h" |
| (...skipping 440 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 451 : net_log_(net_log), | 451 : net_log_(net_log), |
| 452 #if defined(ENABLE_EXTENSIONS) | 452 #if defined(ENABLE_EXTENSIONS) |
| 453 extension_event_router_forwarder_(extension_event_router_forwarder), | 453 extension_event_router_forwarder_(extension_event_router_forwarder), |
| 454 #endif | 454 #endif |
| 455 globals_(NULL), | 455 globals_(NULL), |
| 456 is_spdy_disabled_by_policy_(false), | 456 is_spdy_disabled_by_policy_(false), |
| 457 is_quic_allowed_by_policy_(true), | 457 is_quic_allowed_by_policy_(true), |
| 458 creation_time_(base::TimeTicks::Now()), | 458 creation_time_(base::TimeTicks::Now()), |
| 459 weak_factory_(this) { | 459 weak_factory_(this) { |
| 460 auth_schemes_ = local_state->GetString(prefs::kAuthSchemes); | 460 auth_schemes_ = local_state->GetString(prefs::kAuthSchemes); |
| 461 negotiate_disable_cname_lookup_ = local_state->GetBoolean( | 461 negotiate_disable_cname_lookup_.Init( |
| 462 prefs::kDisableAuthNegotiateCnameLookup); | 462 prefs::kDisableAuthNegotiateCnameLookup, |
| 463 negotiate_enable_port_ = local_state->GetBoolean( | 463 local_state, |
| 464 prefs::kEnableAuthNegotiatePort); | 464 base::Bind(&IOThread::UpdateNegotiateDisableCnameLookup, |
| 465 auth_server_whitelist_ = local_state->GetString(prefs::kAuthServerWhitelist); | 465 weak_factory_.GetWeakPtr())); |
| 466 auth_delegate_whitelist_ = local_state->GetString( | 466 negotiate_disable_cname_lookup_.MoveToThread( |
| 467 prefs::kAuthNegotiateDelegateWhitelist); | 467 BrowserThread::GetMessageLoopProxyForThread(BrowserThread::IO)); |
|
Bernhard Bauer
2015/10/21 09:51:10
Extract this to a local variable so you can reuse
aberent
2015/10/22 17:57:03
Done.
| |
| 468 negotiate_enable_port_.Init( | |
| 469 prefs::kEnableAuthNegotiatePort, | |
| 470 local_state, | |
| 471 base::Bind(&IOThread::UpdateNegotiateEnablePort, | |
| 472 weak_factory_.GetWeakPtr())); | |
| 473 negotiate_enable_port_.MoveToThread( | |
| 474 BrowserThread::GetMessageLoopProxyForThread(BrowserThread::IO)); | |
| 475 auth_server_whitelist_.Init( | |
| 476 prefs::kAuthServerWhitelist, local_state, | |
| 477 base::Bind(&IOThread::UpdateSecurityManager, weak_factory_.GetWeakPtr())); | |
| 478 auth_server_whitelist_.MoveToThread( | |
| 479 BrowserThread::GetMessageLoopProxyForThread(BrowserThread::IO)); | |
| 480 auth_delegate_whitelist_.Init( | |
| 481 prefs::kAuthNegotiateDelegateWhitelist, local_state, | |
| 482 base::Bind(&IOThread::UpdateSecurityManager, weak_factory_.GetWeakPtr())); | |
| 483 auth_delegate_whitelist_.MoveToThread( | |
| 484 BrowserThread::GetMessageLoopProxyForThread(BrowserThread::IO)); | |
| 468 gssapi_library_name_ = local_state->GetString(prefs::kGSSAPILibraryName); | 485 gssapi_library_name_ = local_state->GetString(prefs::kGSSAPILibraryName); |
| 469 auth_android_negotiate_account_type_ = | 486 auth_android_negotiate_account_type_.Init( |
| 470 local_state->GetString(prefs::kAuthAndroidNegotiateAccountType); | 487 prefs::kAuthAndroidNegotiateAccountType, |
| 488 local_state, | |
| 489 base::Bind(&IOThread::UpdateAndroidAuthNegotiateAccount, | |
| 490 weak_factory_.GetWeakPtr())); | |
| 491 auth_android_negotiate_account_type_.MoveToThread( | |
| 492 BrowserThread::GetMessageLoopProxyForThread(BrowserThread::IO)); | |
| 471 pref_proxy_config_tracker_.reset( | 493 pref_proxy_config_tracker_.reset( |
| 472 ProxyServiceFactory::CreatePrefProxyConfigTrackerOfLocalState( | 494 ProxyServiceFactory::CreatePrefProxyConfigTrackerOfLocalState( |
| 473 local_state)); | 495 local_state)); |
| 474 ChromeNetworkDelegate::InitializePrefsOnUIThread( | 496 ChromeNetworkDelegate::InitializePrefsOnUIThread( |
| 475 &system_enable_referrers_, | 497 &system_enable_referrers_, |
| 476 NULL, | 498 NULL, |
| 477 NULL, | 499 NULL, |
| 478 NULL, | 500 NULL, |
| 479 local_state); | 501 local_state); |
| 480 ssl_config_service_manager_.reset( | 502 ssl_config_service_manager_.reset( |
| (...skipping 230 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 711 // TODO(erikchen): Remove ScopedTracker below once http://crbug.com/466432 | 733 // TODO(erikchen): Remove ScopedTracker below once http://crbug.com/466432 |
| 712 // is fixed. | 734 // is fixed. |
| 713 tracked_objects::ScopedTracker tracking_profile10( | 735 tracked_objects::ScopedTracker tracking_profile10( |
| 714 FROM_HERE_WITH_EXPLICIT_FUNCTION( | 736 FROM_HERE_WITH_EXPLICIT_FUNCTION( |
| 715 "466432 IOThread::InitAsync::CertPolicyEnforcer")); | 737 "466432 IOThread::InitAsync::CertPolicyEnforcer")); |
| 716 net::CertPolicyEnforcer* policy_enforcer = new net::CertPolicyEnforcer; | 738 net::CertPolicyEnforcer* policy_enforcer = new net::CertPolicyEnforcer; |
| 717 globals_->cert_policy_enforcer.reset(policy_enforcer); | 739 globals_->cert_policy_enforcer.reset(policy_enforcer); |
| 718 | 740 |
| 719 globals_->ssl_config_service = GetSSLConfigService(); | 741 globals_->ssl_config_service = GetSSLConfigService(); |
| 720 | 742 |
| 721 globals_->http_auth_handler_factory.reset(CreateDefaultAuthHandlerFactory( | 743 CreateDefaultAuthHandlerFactory(); |
| 722 globals_->host_resolver.get())); | |
| 723 globals_->http_server_properties.reset(new net::HttpServerPropertiesImpl()); | 744 globals_->http_server_properties.reset(new net::HttpServerPropertiesImpl()); |
| 724 // For the ProxyScriptFetcher, we use a direct ProxyService. | 745 // For the ProxyScriptFetcher, we use a direct ProxyService. |
| 725 globals_->proxy_script_fetcher_proxy_service = | 746 globals_->proxy_script_fetcher_proxy_service = |
| 726 net::ProxyService::CreateDirectWithNetLog(net_log_); | 747 net::ProxyService::CreateDirectWithNetLog(net_log_); |
| 727 // In-memory cookie store. | 748 // In-memory cookie store. |
| 728 // TODO(erikchen): Remove ScopedTracker below once http://crbug.com/466432 | 749 // TODO(erikchen): Remove ScopedTracker below once http://crbug.com/466432 |
| 729 // is fixed. | 750 // is fixed. |
| 730 tracked_objects::ScopedTracker tracking_profile11( | 751 tracked_objects::ScopedTracker tracking_profile11( |
| 731 FROM_HERE_WITH_EXPLICIT_FUNCTION( | 752 FROM_HERE_WITH_EXPLICIT_FUNCTION( |
| 732 "466432 IOThread::InitAsync::CreateCookieStore::Start")); | 753 "466432 IOThread::InitAsync::CreateCookieStore::Start")); |
| (...skipping 241 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 974 registry->RegisterStringPref(prefs::kAuthAndroidNegotiateAccountType, | 995 registry->RegisterStringPref(prefs::kAuthAndroidNegotiateAccountType, |
| 975 std::string()); | 996 std::string()); |
| 976 registry->RegisterStringPref( | 997 registry->RegisterStringPref( |
| 977 data_reduction_proxy::prefs::kDataReductionProxy, std::string()); | 998 data_reduction_proxy::prefs::kDataReductionProxy, std::string()); |
| 978 registry->RegisterBooleanPref(prefs::kEnableReferrers, true); | 999 registry->RegisterBooleanPref(prefs::kEnableReferrers, true); |
| 979 data_reduction_proxy::RegisterPrefs(registry); | 1000 data_reduction_proxy::RegisterPrefs(registry); |
| 980 registry->RegisterBooleanPref(prefs::kBuiltInDnsClientEnabled, true); | 1001 registry->RegisterBooleanPref(prefs::kBuiltInDnsClientEnabled, true); |
| 981 registry->RegisterBooleanPref(prefs::kQuickCheckEnabled, true); | 1002 registry->RegisterBooleanPref(prefs::kQuickCheckEnabled, true); |
| 982 } | 1003 } |
| 983 | 1004 |
| 984 net::HttpAuthHandlerFactory* IOThread::CreateDefaultAuthHandlerFactory( | 1005 void IOThread::UpdateSecurityManager() { |
| 985 net::HostResolver* resolver) { | |
| 986 net::HttpAuthFilterWhitelist* auth_filter_default_credentials = NULL; | 1006 net::HttpAuthFilterWhitelist* auth_filter_default_credentials = NULL; |
| 987 if (!auth_server_whitelist_.empty()) { | 1007 std::string server_whitelist = auth_server_whitelist_.GetValue(); |
| 988 auth_filter_default_credentials = | 1008 if (!server_whitelist.empty()) { |
| 989 new net::HttpAuthFilterWhitelist(auth_server_whitelist_); | 1009 auth_filter_default_credentials = new net::HttpAuthFilterWhitelist( |
| 1010 server_whitelist); | |
| 990 } | 1011 } |
| 991 net::HttpAuthFilterWhitelist* auth_filter_delegate = NULL; | 1012 net::HttpAuthFilterWhitelist* auth_filter_delegate = NULL; |
| 992 if (!auth_delegate_whitelist_.empty()) { | 1013 std::string delegate_whitelist = auth_delegate_whitelist_.GetValue(); |
| 993 auth_filter_delegate = | 1014 if (!delegate_whitelist.empty()) |
| 994 new net::HttpAuthFilterWhitelist(auth_delegate_whitelist_); | 1015 auth_filter_delegate = new net::HttpAuthFilterWhitelist(delegate_whitelist); |
| 995 } | |
| 996 globals_->url_security_manager.reset( | 1016 globals_->url_security_manager.reset( |
| 997 net::URLSecurityManager::Create(auth_filter_default_credentials, | 1017 net::URLSecurityManager::Create(auth_filter_default_credentials, |
| 998 auth_filter_delegate)); | 1018 auth_filter_delegate)); |
| 1019 globals_->http_auth_handler_factory->SetSecurityManager( | |
| 1020 globals_->url_security_manager.get()); | |
| 1021 } | |
| 1022 | |
| 1023 void IOThread::UpdateAndroidAuthNegotiateAccount() { | |
| 1024 globals_->http_auth_handler_factory->SetAndroidAuthNegotiateAccountType( | |
| 1025 auth_android_negotiate_account_type_.GetValue()); | |
| 1026 } | |
| 1027 | |
| 1028 void IOThread::UpdateNegotiateDisableCnameLookup() { | |
| 1029 globals_->http_auth_handler_factory->SetNegotiateDisableCnameLookup( | |
| 1030 negotiate_disable_cname_lookup_.GetValue()); | |
| 1031 } | |
| 1032 | |
| 1033 void IOThread::UpdateNegotiateEnablePort() { | |
| 1034 globals_->http_auth_handler_factory->SetNegotiateEnablePort( | |
| 1035 negotiate_enable_port_.GetValue()); | |
| 1036 } | |
| 1037 | |
| 1038 void IOThread::CreateDefaultAuthHandlerFactory() { | |
| 999 std::vector<std::string> supported_schemes = base::SplitString( | 1039 std::vector<std::string> supported_schemes = base::SplitString( |
| 1000 auth_schemes_, ",", base::TRIM_WHITESPACE, base::SPLIT_WANT_ALL); | 1040 auth_schemes_, ",", base::TRIM_WHITESPACE, base::SPLIT_WANT_ALL); |
| 1001 | 1041 globals_->http_auth_handler_factory.reset( |
| 1002 scoped_ptr<net::HttpAuthHandlerRegistryFactory> registry_factory( | 1042 net::HttpAuthHandlerRegistryFactory::Create(supported_schemes, |
| 1003 net::HttpAuthHandlerRegistryFactory::Create( | 1043 globals_->host_resolver.get(), |
| 1004 supported_schemes, globals_->url_security_manager.get(), resolver, | 1044 gssapi_library_name_)); |
| 1005 gssapi_library_name_, auth_android_negotiate_account_type_, | 1045 UpdateSecurityManager(); |
| 1006 negotiate_disable_cname_lookup_, negotiate_enable_port_)); | 1046 UpdateAndroidAuthNegotiateAccount(); |
| 1007 return registry_factory.release(); | 1047 UpdateNegotiateDisableCnameLookup(); |
| 1048 UpdateNegotiateEnablePort(); | |
| 1008 } | 1049 } |
| 1009 | 1050 |
| 1010 void IOThread::ClearHostCache() { | 1051 void IOThread::ClearHostCache() { |
| 1011 DCHECK_CURRENTLY_ON(BrowserThread::IO); | 1052 DCHECK_CURRENTLY_ON(BrowserThread::IO); |
| 1012 | 1053 |
| 1013 net::HostCache* host_cache = globals_->host_resolver->GetHostCache(); | 1054 net::HostCache* host_cache = globals_->host_resolver->GetHostCache(); |
| 1014 if (host_cache) | 1055 if (host_cache) |
| 1015 host_cache->clear(); | 1056 host_cache->clear(); |
| 1016 } | 1057 } |
| 1017 | 1058 |
| (...skipping 613 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1631 globals->proxy_script_fetcher_url_request_job_factory = job_factory.Pass(); | 1672 globals->proxy_script_fetcher_url_request_job_factory = job_factory.Pass(); |
| 1632 | 1673 |
| 1633 context->set_job_factory( | 1674 context->set_job_factory( |
| 1634 globals->proxy_script_fetcher_url_request_job_factory.get()); | 1675 globals->proxy_script_fetcher_url_request_job_factory.get()); |
| 1635 | 1676 |
| 1636 // TODO(rtenneti): We should probably use HttpServerPropertiesManager for the | 1677 // TODO(rtenneti): We should probably use HttpServerPropertiesManager for the |
| 1637 // system URLRequestContext too. There's no reason this should be tied to a | 1678 // system URLRequestContext too. There's no reason this should be tied to a |
| 1638 // profile. | 1679 // profile. |
| 1639 return context; | 1680 return context; |
| 1640 } | 1681 } |
| OLD | NEW |
