Allow dynamic updating of authentication policies

net/http/http_auth_handler_factory.h

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_HTTP_HTTP_AUTH_HANDLER_FACTORY_H_
 #define NET_HTTP_HTTP_AUTH_HANDLER_FACTORY_H_
 
 #include <map>
 #include <string>
 #include <vector>
 
 #include "base/memory/scoped_ptr.h"
 #include "net/base/net_export.h"
 #include "net/http/http_auth.h"
 #include "net/http/url_security_manager.h"
 
 class GURL;
 
 namespace net {
 
 class BoundNetLog;
+class HttpAuthPreferences;
 class HostResolver;
 class HttpAuthChallengeTokenizer;
 class HttpAuthHandler;
 class HttpAuthHandlerRegistryFactory;
 
 // An HttpAuthHandlerFactory is used to create HttpAuthHandler objects.
 // The HttpAuthHandlerFactory object _must_ outlive any of the HttpAuthHandler
 // objects that it creates.
 class NET_EXPORT HttpAuthHandlerFactory {
  public:
   enum CreateReason {
     CREATE_CHALLENGE,     // Create a handler in response to a challenge.
     CREATE_PREEMPTIVE,    // Create a handler preemptively.
   };
 
-  HttpAuthHandlerFactory() : url_security_manager_(NULL) {}
+  HttpAuthHandlerFactory() : http_auth_preferences_(NULL) {}
   virtual ~HttpAuthHandlerFactory() {}
 
-  // Sets an URL security manager.  HttpAuthHandlerFactory doesn't own the URL
-  // security manager, and the URL security manager should outlive this object.
-  void set_url_security_manager(URLSecurityManager* url_security_manager) {
-    url_security_manager_ = url_security_manager;
+  // Sets the source of the HTTP authentication preferences.
+  // HttpAuthHandlerFactory doesn't own the preferences, and the
+  // HttpAuthPreference object should outlive the factory and any handlers it
+  // creates.
+  void set_http_auth_preferences(HttpAuthPreferences* http_auth_preferences) {
+    http_auth_preferences_ = http_auth_preferences;
   }
 
   // Retrieves the associated URL security manager.
-  URLSecurityManager* url_security_manager() {
-    return url_security_manager_;
+  HttpAuthPreferences* http_auth_preferences() {
+    return http_auth_preferences_;
   }
 
   // Creates an HttpAuthHandler object based on the authentication
   // challenge specified by |*challenge|. |challenge| must point to a valid
   // non-NULL tokenizer.
   //
   // If an HttpAuthHandler object is successfully created it is passed back to
   // the caller through |*handler| and OK is returned.
   //
   // If |*challenge| specifies an unsupported authentication scheme, |*handler|
@@ skipping 40 matching lines @@
   // |challenge| and calls |CreateAuthHandler|. See |CreateAuthHandler| for
   // more details on return values.
   int CreatePreemptiveAuthHandlerFromString(
       const std::string& challenge,
       HttpAuth::Target target,
       const GURL& origin,
       int digest_nonce_count,
       const BoundNetLog& net_log,
       scoped_ptr<HttpAuthHandler>* handler);
 
+  // For appropriate factories |SetNegotiateDisableCnameLookup()| sets whether
+  // the auth handlers generated by this factory should skip looking up the
+  // canonical DNS name of the the host that they are authenticating to when
+  // generating the SPN. The default value is false.
+  virtual void SetNegotiateDisableCnameLookup(bool disable_cname_lookup) {}

[asanka, 2015/11/20 15:32:09]

Why have individual setters? Wouldn't the callers update the HttpAuthPreferences
object instead?

[aberent, 2015/11/23 16:34:01]

Done.

+
+  // Sets the android account type to use, if relevant for this authenticator
+  virtual void SetAndroidAuthNegotiateAccountType(
+      const std::string& account_type) {}
+
+  // For appropriate factories |SetNegotiateEnablePort()| get/set whether the
+  // auth handlers
+  // generated by this factory should include the port number of the server
+  // they are authenticating to when constructing a Kerberos SPN. The default
+  // value is false.
+  virtual void SetNegotiateEnablePort(bool use_port) {}
+
   // Creates a standard HttpAuthHandlerRegistryFactory. The caller is
   // responsible for deleting the factory.
   // The default factory supports Basic, Digest, NTLM, and Negotiate schemes.
   //
   // |resolver| is used by the Negotiate authentication handler to perform
   // CNAME lookups to generate a Kerberos SPN for the server. It must be
   // non-NULL.  |resolver| must remain valid for the lifetime of the
   // HttpAuthHandlerRegistryFactory and any HttpAuthHandlers created by said
   // factory.
   static scoped_ptr<HttpAuthHandlerRegistryFactory> CreateDefault(
       HostResolver* resolver);
 
  private:
-  // The URL security manager
-  URLSecurityManager* url_security_manager_;
+  // The preferences for HTTP authentication.
+  HttpAuthPreferences* http_auth_preferences_;
 
   DISALLOW_COPY_AND_ASSIGN(HttpAuthHandlerFactory);
 };
 
 // The HttpAuthHandlerRegistryFactory dispatches create requests out
 // to other factories based on the auth scheme.
 class NET_EXPORT HttpAuthHandlerRegistryFactory
     : public HttpAuthHandlerFactory {
  public:
   HttpAuthHandlerRegistryFactory();
   ~HttpAuthHandlerRegistryFactory() override;
 
-  // Sets an URL security manager into the factory associated with |scheme|.
-  void SetURLSecurityManager(const std::string& scheme,
-                             URLSecurityManager* url_security_manager);
+  // Sets the preferences into the factory associated with |scheme|.
+  void SetHttpAuthPreferences(const std::string& scheme,
+                              HttpAuthPreferences* prefs);
 
   // Registers a |factory| that will be used for a particular HTTP
   // authentication scheme such as Basic, Digest, or Negotiate.
   // The |*factory| object is assumed to be new-allocated, and its lifetime
   // will be managed by this HttpAuthHandlerRegistryFactory object (including
   // deleting it when it is no longer used.
   // A NULL |factory| value means that HttpAuthHandlers's will not be created
   // for |scheme|. If a factory object used to exist for |scheme|, it will be
   // deleted.
   void RegisterSchemeFactory(const std::string& scheme,
                              HttpAuthHandlerFactory* factory);
 
   // Retrieve the factory for the specified |scheme|. If no factory exists
   // for the |scheme|, NULL is returned. The returned factory must not be
   // deleted by the caller, and it is guaranteed to be valid until either
   // a new factory is registered for the same scheme, or until this
   // registry factory is destroyed.
   HttpAuthHandlerFactory* GetSchemeFactory(const std::string& scheme) const;
 
   // Creates an HttpAuthHandlerRegistryFactory.
   //
-  // |supported_schemes| is a list of authentication schemes. Valid values
-  // include "basic", "digest", "ntlm", and "negotiate", where case matters.
-  //
-  // |security_manager| is used by the NTLM and Negotiate authenticators
-  // to determine which servers Integrated Authentication can be used with. If
-  // NULL, Integrated Authentication will not be used with any server.
+  // |prefs| is a pointer to the (single) authentication preferences object.
+  // That object tracks preference, and hence policy, updates relevant to HTTP
+  // authentication, and provides the current values of the preferences.
   //
   // |host_resolver| is used by the Negotiate authentication handler to perform
   // CNAME lookups to generate a Kerberos SPN for the server. If the "negotiate"
   // scheme is used and |negotiate_disable_cname_lookup| is false,
   // |host_resolver| must not be NULL.
-  //
-  // |gssapi_library_name| specifies the name of the GSSAPI library that will
-  // be loaded on Posix platforms other than Android. |gssapi_library_name| is
-  // ignored on Android and Windows.
-  //
-  // |auth_android_negotiate_account_type| is an Android account type, used to
-  // find the appropriate authenticator service on Android. It is ignored on
-  // non-Android platforms.
-  //
-  // |negotiate_disable_cname_lookup| and |negotiate_enable_port| both control
-  // how Negotiate does SPN generation, by default these should be false.
-  static HttpAuthHandlerRegistryFactory* Create(
-      const std::vector<std::string>& supported_schemes,
-      URLSecurityManager* security_manager,
-      HostResolver* host_resolver,
-      const std::string& gssapi_library_name,
-      const std::string& auth_android_negotiate_account_type,
-      bool negotiate_disable_cname_lookup,
-      bool negotiate_enable_port);
-
+  static scoped_ptr<HttpAuthHandlerRegistryFactory> Create(
+      HttpAuthPreferences* prefs,
+      HostResolver* host_resolver);
+#if defined(OS_ANDROID)
+  void SetAndroidAuthNegotiateAccountType(
+      const std::string& account_type) override;
+#endif
   // Creates an auth handler by dispatching out to the registered factories
   // based on the first token in |challenge|.
   int CreateAuthHandler(HttpAuthChallengeTokenizer* challenge,
                         HttpAuth::Target target,
                         const GURL& origin,
                         CreateReason reason,
                         int digest_nonce_count,
                         const BoundNetLog& net_log,
                         scoped_ptr<HttpAuthHandler>* handler) override;
 
  private:
   typedef std::map<std::string, HttpAuthHandlerFactory*> FactoryMap;
 
   FactoryMap factory_map_;
   DISALLOW_COPY_AND_ASSIGN(HttpAuthHandlerRegistryFactory);
 };
 
 }  // namespace net
 
 #endif  // NET_HTTP_HTTP_AUTH_HANDLER_FACTORY_H_