Allow dynamic updating of authentication policies

net/http/http_auth_handler_factory.cc

 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/http/http_auth_handler_factory.h"
 
 #include "base/stl_util.h"
 #include "base/strings/string_util.h"
 #include "net/base/net_errors.h"
 #include "net/http/http_auth_challenge_tokenizer.h"
 #include "net/http/http_auth_filter.h"
 #include "net/http/http_auth_handler_basic.h"
 #include "net/http/http_auth_handler_digest.h"
 #include "net/http/http_auth_handler_ntlm.h"
+#include "net/http/http_auth_scheme.h"
 
 #if defined(USE_KERBEROS)
 #include "net/http/http_auth_handler_negotiate.h"
 #endif
 
 namespace net {
 
 int HttpAuthHandlerFactory::CreateAuthHandlerFromString(
     const std::string& challenge,
     HttpAuth::Target target,
@@ skipping 16 matching lines @@
   return CreateAuthHandler(&props, target, origin, CREATE_PREEMPTIVE,
                            digest_nonce_count, net_log, handler);
 }
 
 // static
 scoped_ptr<HttpAuthHandlerRegistryFactory>
 HttpAuthHandlerFactory::CreateDefault(HostResolver* host_resolver) {
   DCHECK(host_resolver);
   scoped_ptr<HttpAuthHandlerRegistryFactory> registry_factory =
       make_scoped_ptr(new HttpAuthHandlerRegistryFactory());
-  registry_factory->RegisterSchemeFactory(
-      "basic", new HttpAuthHandlerBasic::Factory());
-  registry_factory->RegisterSchemeFactory(
-      "digest", new HttpAuthHandlerDigest::Factory());
+  registry_factory->RegisterSchemeFactory(kBasicAuthScheme,
+                                          new HttpAuthHandlerBasic::Factory());
+  registry_factory->RegisterSchemeFactory(kDigestAuthScheme,
+                                          new HttpAuthHandlerDigest::Factory());
 
 // On Android Chrome needs an account type configured to enable Kerberos,
 // so the default factory should not include Kerberos.
 #if defined(USE_KERBEROS) && !defined(OS_ANDROID)
   HttpAuthHandlerNegotiate::Factory* negotiate_factory =
       new HttpAuthHandlerNegotiate::Factory();
-#if defined(OS_POSIX)
-  negotiate_factory->set_library(new GSSAPISharedLibrary(std::string()));
-#elif defined(OS_WIN)
-  negotiate_factory->set_library(new SSPILibraryDefault());
+#if defined(OS_WIN)
+  negotiate_factory->set_library(make_scoped_ptr(new SSPILibraryDefault()));
+#elif defined(OS_POSIX)
+  negotiate_factory->set_library(
+      make_scoped_ptr(new GSSAPISharedLibrary(std::string())));
 #endif
   negotiate_factory->set_host_resolver(host_resolver);
-  registry_factory->RegisterSchemeFactory("negotiate", negotiate_factory);
+  registry_factory->RegisterSchemeFactory(kNegotiateAuthScheme,
+                                          negotiate_factory);
 #endif  // defined(USE_KERBEROS) && !defined(OS_ANDROID)
 
   HttpAuthHandlerNTLM::Factory* ntlm_factory =
       new HttpAuthHandlerNTLM::Factory();
 #if defined(OS_WIN)
   ntlm_factory->set_sspi_library(new SSPILibraryDefault());
 #endif
-  registry_factory->RegisterSchemeFactory("ntlm", ntlm_factory);
+  registry_factory->RegisterSchemeFactory(kNtlmAuthScheme, ntlm_factory);
   return registry_factory;
 }
 
 namespace {
 
 bool IsSupportedScheme(const std::vector<std::string>& supported_schemes,
                        const std::string& scheme) {
   std::vector<std::string>::const_iterator it = std::find(
       supported_schemes.begin(), supported_schemes.end(), scheme);
   return it != supported_schemes.end();
@@ skipping 10 matching lines @@
 }
 
 void HttpAuthHandlerRegistryFactory::SetURLSecurityManager(
     const std::string& scheme,
     URLSecurityManager* security_manager) {
   HttpAuthHandlerFactory* factory = GetSchemeFactory(scheme);
   if (factory)
     factory->set_url_security_manager(security_manager);
 }
 
 void HttpAuthHandlerRegistryFactory::RegisterSchemeFactory(

[asanka, 2015/11/10 15:48:06]

This method should propagate dynamic properties when registering a new handler.

[aberent, 2015/11/13 17:46:32]

Done.

     const std::string& scheme,
     HttpAuthHandlerFactory* factory) {
   std::string lower_scheme = base::ToLowerASCII(scheme);
   FactoryMap::iterator it = factory_map_.find(lower_scheme);
   if (it != factory_map_.end()) {
     delete it->second;
   }
   if (factory)
     factory_map_[lower_scheme] = factory;
   else
     factory_map_.erase(it);
 }
 
 HttpAuthHandlerFactory* HttpAuthHandlerRegistryFactory::GetSchemeFactory(
     const std::string& scheme) const {
   std::string lower_scheme = base::ToLowerASCII(scheme);
   FactoryMap::const_iterator it = factory_map_.find(lower_scheme);
   if (it == factory_map_.end()) {
     return NULL;                  // |scheme| is not registered.
   }
   return it->second;
 }
 
 // static
 HttpAuthHandlerRegistryFactory* HttpAuthHandlerRegistryFactory::Create(
     const std::vector<std::string>& supported_schemes,
     URLSecurityManager* security_manager,
     HostResolver* host_resolver,
-    const std::string& gssapi_library_name,
-    const std::string& auth_android_negotiate_account_type,
-    bool negotiate_disable_cname_lookup,
-    bool negotiate_enable_port) {
+    const std::string& gssapi_library_name) {
   HttpAuthHandlerRegistryFactory* registry_factory =
       new HttpAuthHandlerRegistryFactory();
-  if (IsSupportedScheme(supported_schemes, "basic"))
+  if (IsSupportedScheme(supported_schemes, kBasicAuthScheme))
     registry_factory->RegisterSchemeFactory(
-        "basic", new HttpAuthHandlerBasic::Factory());
-  if (IsSupportedScheme(supported_schemes, "digest"))
+        kBasicAuthScheme, new HttpAuthHandlerBasic::Factory());
+  if (IsSupportedScheme(supported_schemes, kDigestAuthScheme))
     registry_factory->RegisterSchemeFactory(
-        "digest", new HttpAuthHandlerDigest::Factory());
-  if (IsSupportedScheme(supported_schemes, "ntlm")) {
+        kDigestAuthScheme, new HttpAuthHandlerDigest::Factory());
+  if (IsSupportedScheme(supported_schemes, kNtlmAuthScheme)) {
     HttpAuthHandlerNTLM::Factory* ntlm_factory =
         new HttpAuthHandlerNTLM::Factory();
-    ntlm_factory->set_url_security_manager(security_manager);
 #if defined(OS_WIN)
     ntlm_factory->set_sspi_library(new SSPILibraryDefault());
 #endif
-    registry_factory->RegisterSchemeFactory("ntlm", ntlm_factory);
+    ntlm_factory->set_url_security_manager(security_manager);
+    registry_factory->RegisterSchemeFactory(kNtlmAuthScheme, ntlm_factory);
   }
 #if defined(USE_KERBEROS)
-  if (IsSupportedScheme(supported_schemes, "negotiate")) {
+  if (IsSupportedScheme(supported_schemes, kNegotiateAuthScheme)) {
     HttpAuthHandlerNegotiate::Factory* negotiate_factory =
         new HttpAuthHandlerNegotiate::Factory();
-#if defined(OS_ANDROID)
-    negotiate_factory->set_library(&auth_android_negotiate_account_type);
-#elif defined(OS_POSIX)
+#if defined(OS_WIN)
+    negotiate_factory->set_library(make_scoped_ptr(new SSPILibraryDefault()));
+#elif defined(OS_POSIX) && !defined(OS_ANDROID)
     negotiate_factory->set_library(
-        new GSSAPISharedLibrary(gssapi_library_name));
-#elif defined(OS_WIN)
-    negotiate_factory->set_library(new SSPILibraryDefault());
+        make_scoped_ptr(new GSSAPISharedLibrary(gssapi_library_name)));
 #endif
     negotiate_factory->set_url_security_manager(security_manager);
-    DCHECK(host_resolver || negotiate_disable_cname_lookup);
     negotiate_factory->set_host_resolver(host_resolver);
-    negotiate_factory->set_disable_cname_lookup(negotiate_disable_cname_lookup);
-    negotiate_factory->set_use_port(negotiate_enable_port);
-    registry_factory->RegisterSchemeFactory("negotiate", negotiate_factory);
+    registry_factory->RegisterSchemeFactory(kNegotiateAuthScheme,
+                                            negotiate_factory);
   }
 #endif  // defined(USE_KERBEROS)
 
   return registry_factory;
 }
 
 int HttpAuthHandlerRegistryFactory::CreateAuthHandler(
     HttpAuthChallengeTokenizer* challenge,
     HttpAuth::Target target,
     const GURL& origin,
@@ skipping 10 matching lines @@
   FactoryMap::iterator it = factory_map_.find(lower_scheme);
   if (it == factory_map_.end()) {
     handler->reset();
     return ERR_UNSUPPORTED_AUTH_SCHEME;
   }
   DCHECK(it->second);
   return it->second->CreateAuthHandler(challenge, target, origin, reason,
                                        digest_nonce_count, net_log, handler);
 }
 
+void HttpAuthHandlerRegistryFactory::SetAndroidAuthNegotiateAccountType(
+    const std::string& account_type) {
+#if defined(OS_ANDROID)

[asanka, 2015/11/10 15:48:06]

Can we comment out the entire method for !OS_ANDROID? 

[aberent, 2015/11/13 17:46:32]

Method no longer exists. Methods for account type in HttpAuthPreferences are
Android only.

+  for (std::pair<std::string, HttpAuthHandlerFactory*> map_entry :
+       factory_map_) {
+    map_entry.second->SetAndroidAuthNegotiateAccountType(account_type);
+  }
+#endif
+}
+
+void HttpAuthHandlerRegistryFactory::SetNegotiateDisableCnameLookup(
+    bool negotiate_disable_cname_lookup) {
+  for (std::pair<std::string, HttpAuthHandlerFactory*> map_entry :
+       factory_map_) {
+    map_entry.second->SetNegotiateDisableCnameLookup(
+        negotiate_disable_cname_lookup);
+  }
+}
+
+void HttpAuthHandlerRegistryFactory::SetNegotiateEnablePort(
+    bool negotiate_enable_port) {
+  for (std::pair<std::string, HttpAuthHandlerFactory*> map_entry :
+       factory_map_) {
+    map_entry.second->SetNegotiateEnablePort(negotiate_enable_port);
+  }
+}
+
 }  // namespace net