Allow dynamic updating of authentication policies

net/http/http_auth_handler_factory.cc

 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/http/http_auth_handler_factory.h"
 
 #include "base/stl_util.h"
 #include "base/strings/string_util.h"
 #include "net/base/net_errors.h"
 #include "net/http/http_auth_challenge_tokenizer.h"
 #include "net/http/http_auth_filter.h"
 #include "net/http/http_auth_handler_basic.h"
 #include "net/http/http_auth_handler_digest.h"
 #include "net/http/http_auth_handler_ntlm.h"
+#include "net/http/http_auth_preferences.h"
+#include "net/http/http_auth_scheme.h"
 
 #if defined(USE_KERBEROS)
 #include "net/http/http_auth_handler_negotiate.h"
 #endif
 
 namespace net {
 
 int HttpAuthHandlerFactory::CreateAuthHandlerFromString(
     const std::string& challenge,
     HttpAuth::Target target,
@@ skipping 10 matching lines @@
     HttpAuth::Target target,
     const GURL& origin,
     int digest_nonce_count,
     const BoundNetLog& net_log,
     scoped_ptr<HttpAuthHandler>* handler) {
   HttpAuthChallengeTokenizer props(challenge.begin(), challenge.end());
   return CreateAuthHandler(&props, target, origin, CREATE_PREEMPTIVE,
                            digest_nonce_count, net_log, handler);
 }
 
-// static
-scoped_ptr<HttpAuthHandlerRegistryFactory>
-HttpAuthHandlerFactory::CreateDefault(HostResolver* host_resolver) {
-  DCHECK(host_resolver);
-  scoped_ptr<HttpAuthHandlerRegistryFactory> registry_factory =
-      make_scoped_ptr(new HttpAuthHandlerRegistryFactory());
-  registry_factory->RegisterSchemeFactory(
-      "basic", new HttpAuthHandlerBasic::Factory());
-  registry_factory->RegisterSchemeFactory(
-      "digest", new HttpAuthHandlerDigest::Factory());
-
-// On Android Chrome needs an account type configured to enable Kerberos,
-// so the default factory should not include Kerberos.
-#if defined(USE_KERBEROS) && !defined(OS_ANDROID)
-  HttpAuthHandlerNegotiate::Factory* negotiate_factory =
-      new HttpAuthHandlerNegotiate::Factory();
-#if defined(OS_POSIX)
-  negotiate_factory->set_library(new GSSAPISharedLibrary(std::string()));
-#elif defined(OS_WIN)
-  negotiate_factory->set_library(new SSPILibraryDefault());
-#endif
-  negotiate_factory->set_host_resolver(host_resolver);
-  registry_factory->RegisterSchemeFactory("negotiate", negotiate_factory);
-#endif  // defined(USE_KERBEROS) && !defined(OS_ANDROID)
-
-  HttpAuthHandlerNTLM::Factory* ntlm_factory =
-      new HttpAuthHandlerNTLM::Factory();
-#if defined(OS_WIN)
-  ntlm_factory->set_sspi_library(new SSPILibraryDefault());
-#endif
-  registry_factory->RegisterSchemeFactory("ntlm", ntlm_factory);
-  return registry_factory;
-}
 
 namespace {
 
+const char* default_auth_types[] = {kBasicAuthScheme, kDigestAuthScheme,

[asanka, 2015/11/20 15:32:09]

const char* const kDefaultAuthTypes[] = {...};

Without the extra const, kDefaultAuthTypes would be a non-const array of const
pointers. I.e. it would be legal to do:
  kDefaultAuthTypes[0] = "asdf";

[aberent, 2015/11/23 16:34:01]

Done.

+#if defined(USE_KERBEROS) && !defined(OS_ANDROID)
+                                    kNegotiateAuthScheme,
+#endif
+                                    kNtlmAuthScheme};
+
 bool IsSupportedScheme(const std::vector<std::string>& supported_schemes,
                        const std::string& scheme) {
   std::vector<std::string>::const_iterator it = std::find(
       supported_schemes.begin(), supported_schemes.end(), scheme);
   return it != supported_schemes.end();
 }
 
+void InitAuthHandlerRegistryFactory(
+    HttpAuthHandlerRegistryFactory* registry_factory,
+    std::vector<std::string> schemes,
+    HostResolver* host_resolver
+#if defined(OS_POSIX) && !defined(OS_ANDROID)
+    ,
+    std::string gssapi_library_name
+#endif
+    ) {
+  if (IsSupportedScheme(schemes, kBasicAuthScheme))
+    registry_factory->RegisterSchemeFactory(
+        kBasicAuthScheme, new HttpAuthHandlerBasic::Factory());
+  if (IsSupportedScheme(schemes, kDigestAuthScheme))
+    registry_factory->RegisterSchemeFactory(
+        kDigestAuthScheme, new HttpAuthHandlerDigest::Factory());
+  if (IsSupportedScheme(schemes, kNtlmAuthScheme)) {
+    HttpAuthHandlerNTLM::Factory* ntlm_factory =
+        new HttpAuthHandlerNTLM::Factory();
+#if defined(OS_WIN)
+    ntlm_factory->set_sspi_library(new SSPILibraryDefault());
+#endif  // defined(OS_WIN)
+    registry_factory->RegisterSchemeFactory(kNtlmAuthScheme, ntlm_factory);
+  }
+#if defined(USE_KERBEROS)
+  if (IsSupportedScheme(schemes, kNegotiateAuthScheme)) {
+    DCHECK(host_resolver);
+    HttpAuthHandlerNegotiate::Factory* negotiate_factory =
+        new HttpAuthHandlerNegotiate::Factory();
+#if defined(OS_WIN)
+    negotiate_factory->set_library(make_scoped_ptr(new SSPILibraryDefault()));
+#elif defined(OS_POSIX) && !defined(OS_ANDROID)
+    negotiate_factory->set_library(
+        make_scoped_ptr(new GSSAPISharedLibrary(gssapi_library_name)));
+#endif  // defined(OS_POSIX) && !defined(OS_ANDROID)
+    negotiate_factory->set_host_resolver(host_resolver);
+    registry_factory->RegisterSchemeFactory(kNegotiateAuthScheme,
+                                            negotiate_factory);
+  }
+#endif  // defined(USE_KERBEROS)
+}
+
 }  // namespace
 
 HttpAuthHandlerRegistryFactory::HttpAuthHandlerRegistryFactory() {
 }
 
 HttpAuthHandlerRegistryFactory::~HttpAuthHandlerRegistryFactory() {
   STLDeleteContainerPairSecondPointers(factory_map_.begin(),
                                        factory_map_.end());
 }
 
-void HttpAuthHandlerRegistryFactory::SetURLSecurityManager(
+void HttpAuthHandlerRegistryFactory::SetHttpAuthPreferences(
     const std::string& scheme,
-    URLSecurityManager* security_manager) {
+    HttpAuthPreferences* prefs) {
   HttpAuthHandlerFactory* factory = GetSchemeFactory(scheme);
   if (factory)
-    factory->set_url_security_manager(security_manager);
+    factory->set_http_auth_preferences(prefs);
 }
 
 void HttpAuthHandlerRegistryFactory::RegisterSchemeFactory(
     const std::string& scheme,
     HttpAuthHandlerFactory* factory) {
   std::string lower_scheme = base::ToLowerASCII(scheme);
   FactoryMap::iterator it = factory_map_.find(lower_scheme);
+  factory->set_http_auth_preferences(http_auth_preferences());
   if (it != factory_map_.end()) {
     delete it->second;
   }
   if (factory)
     factory_map_[lower_scheme] = factory;
   else
     factory_map_.erase(it);
 }
 
 HttpAuthHandlerFactory* HttpAuthHandlerRegistryFactory::GetSchemeFactory(
     const std::string& scheme) const {
   std::string lower_scheme = base::ToLowerASCII(scheme);
   FactoryMap::const_iterator it = factory_map_.find(lower_scheme);
   if (it == factory_map_.end()) {
     return NULL;                  // |scheme| is not registered.
   }
   return it->second;
 }
 
 // static
-HttpAuthHandlerRegistryFactory* HttpAuthHandlerRegistryFactory::Create(
-    const std::vector<std::string>& supported_schemes,
-    URLSecurityManager* security_manager,
-    HostResolver* host_resolver,
-    const std::string& gssapi_library_name,
-    const std::string& auth_android_negotiate_account_type,
-    bool negotiate_disable_cname_lookup,
-    bool negotiate_enable_port) {
-  HttpAuthHandlerRegistryFactory* registry_factory =
-      new HttpAuthHandlerRegistryFactory();
-  if (IsSupportedScheme(supported_schemes, "basic"))
-    registry_factory->RegisterSchemeFactory(
-        "basic", new HttpAuthHandlerBasic::Factory());
-  if (IsSupportedScheme(supported_schemes, "digest"))
-    registry_factory->RegisterSchemeFactory(
-        "digest", new HttpAuthHandlerDigest::Factory());
-  if (IsSupportedScheme(supported_schemes, "ntlm")) {
-    HttpAuthHandlerNTLM::Factory* ntlm_factory =
-        new HttpAuthHandlerNTLM::Factory();
-    ntlm_factory->set_url_security_manager(security_manager);
-#if defined(OS_WIN)
-    ntlm_factory->set_sspi_library(new SSPILibraryDefault());
+scoped_ptr<HttpAuthHandlerRegistryFactory>
+HttpAuthHandlerFactory::CreateDefault(HostResolver* host_resolver) {
+  scoped_ptr<HttpAuthHandlerRegistryFactory> registry_factory(
+      new HttpAuthHandlerRegistryFactory());
+  std::vector<std::string> auth_types(
+      default_auth_types, default_auth_types + arraysize(default_auth_types));
+  InitAuthHandlerRegistryFactory(registry_factory.get(), auth_types,
+                                 host_resolver
+#if defined(OS_POSIX) && !defined(OS_ANDROID)
+                                 ,
+                                 std::string()
 #endif
-    registry_factory->RegisterSchemeFactory("ntlm", ntlm_factory);
-  }
-#if defined(USE_KERBEROS)
-  if (IsSupportedScheme(supported_schemes, "negotiate")) {
-    HttpAuthHandlerNegotiate::Factory* negotiate_factory =
-        new HttpAuthHandlerNegotiate::Factory();
-#if defined(OS_ANDROID)
-    negotiate_factory->set_library(&auth_android_negotiate_account_type);
-#elif defined(OS_POSIX)
-    negotiate_factory->set_library(
-        new GSSAPISharedLibrary(gssapi_library_name));
-#elif defined(OS_WIN)
-    negotiate_factory->set_library(new SSPILibraryDefault());
-#endif
-    negotiate_factory->set_url_security_manager(security_manager);
-    DCHECK(host_resolver || negotiate_disable_cname_lookup);
-    negotiate_factory->set_host_resolver(host_resolver);
-    negotiate_factory->set_disable_cname_lookup(negotiate_disable_cname_lookup);
-    negotiate_factory->set_use_port(negotiate_enable_port);
-    registry_factory->RegisterSchemeFactory("negotiate", negotiate_factory);
-  }
-#endif  // defined(USE_KERBEROS)
-
+                                     );
   return registry_factory;
 }
 
+// static
+scoped_ptr<HttpAuthHandlerRegistryFactory>
+HttpAuthHandlerRegistryFactory::Create(HttpAuthPreferences* prefs,
+                                       HostResolver* host_resolver) {
+  scoped_ptr<HttpAuthHandlerRegistryFactory> registry_factory(
+      new HttpAuthHandlerRegistryFactory());
+  registry_factory->set_http_auth_preferences(prefs);
+  InitAuthHandlerRegistryFactory(registry_factory.get(), prefs->auth_schemes(),
+                                 host_resolver
+#if defined(OS_POSIX) && !defined(OS_ANDROID)
+                                 ,
+                                 prefs->gssapi_library_name()
+#endif
+                                     );
+  for (std::pair<std::string, HttpAuthHandlerFactory*> factory_entry :
+       registry_factory->factory_map_) {
+    factory_entry.second->set_http_auth_preferences(prefs);
+  }
+  return registry_factory;
+}
+
 int HttpAuthHandlerRegistryFactory::CreateAuthHandler(
     HttpAuthChallengeTokenizer* challenge,
     HttpAuth::Target target,
     const GURL& origin,
     CreateReason reason,
     int digest_nonce_count,
     const BoundNetLog& net_log,
     scoped_ptr<HttpAuthHandler>* handler) {
   std::string scheme = challenge->scheme();
   if (scheme.empty()) {
     handler->reset();
     return ERR_INVALID_RESPONSE;
   }
   std::string lower_scheme = base::ToLowerASCII(scheme);
   FactoryMap::iterator it = factory_map_.find(lower_scheme);
   if (it == factory_map_.end()) {
     handler->reset();
     return ERR_UNSUPPORTED_AUTH_SCHEME;
   }
   DCHECK(it->second);
   return it->second->CreateAuthHandler(challenge, target, origin, reason,
                                        digest_nonce_count, net_log, handler);
 }
 
+#if defined(OS_ANDROID)
+void HttpAuthHandlerRegistryFactory::SetAndroidAuthNegotiateAccountType(
+    const std::string& account_type) {
+  for (std::pair<std::string, HttpAuthHandlerFactory*> map_entry :
+       factory_map_) {
+    map_entry.second->SetAndroidAuthNegotiateAccountType(account_type);
+  }
+}
+#endif
+
 }  // namespace net