Allow dynamic updating of authentication policies

net/android/http_auth_negotiate_android.h

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_ANDROID_HTTP_AUTH_NEGOTIATE_ANDROID_H_
 #define NET_ANDROID_HTTP_AUTH_NEGOTIATE_ANDROID_H_
 
 #include <jni.h>
 #include <string>
 
 #include "base/android/jni_android.h"
 #include "base/callback.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
 #include "base/memory/scoped_ptr.h"
 #include "net/base/completion_callback.h"
 #include "net/http/http_auth.h"
 
 namespace net {
 
 class HttpAuthChallengeTokenizer;
+class HttpAuthPreferences;
 
 namespace android {
 
 // This class provides a threadsafe wrapper for SetResult, which is called from
 // Java. A new instance of this class is needed for each call, and the instance
 // destroys itself when the callback is received. It is written to allow
 // setResult to be called on any thread, but in practice they will be called
 // on the application's main thread.
 //
 // We cannot use a Callback object here, because there is no way of invoking the
@@ skipping 16 matching lines @@
 };
 
 // Class providing Negotiate (SPNEGO/Kerberos) authentication support on
 // Android. The actual authentication is done through an Android authenticator
 // provided by third parties who want Kerberos support. This class simply
 // provides a bridge to the Java code, and hence to the service. See
 // https://drive.google.com/open?id=1G7WAaYEKMzj16PTHT_cIYuKXJG6bBcrQ7QQBQ6ihOcQ&authuser=1
 // for the full details.
 class NET_EXPORT_PRIVATE HttpAuthNegotiateAndroid {
  public:
-  // Creates an object for one negotiation session. |account_type| is the
-  // Android account type, used by Android to find the correct authenticator.
-  explicit HttpAuthNegotiateAndroid(const std::string& account_type);
+  // Creates an object for one negotiation session. |prefs| are the
+  // authentication preferences. In particular they include the Android account
+  // type, which is used to connect to the correct Android Authenticator.
+  explicit HttpAuthNegotiateAndroid(HttpAuthPreferences* prefs);

[asanka, 2015/11/25 19:00:09]

Let's pass in const references for the auth handlers. There's nothing in
HttpAuthPreferences that they should be able to modify.

[aberent, 2015/11/26 15:58:00]

Sadly we can't, because most of the auth handlers have to check for a null prefs
pointer before using it. This one doesn't because we only enable negotiate on
Android if the necessary preferences are set. I have changed these pointers
(and, if fact, every other raw HttpAuthPreferences pointer) to pointers to
const.

   ~HttpAuthNegotiateAndroid();
 
   // Register the JNI for this class.
   static bool Register(JNIEnv* env);
 
   // Does nothing, but needed for compatibility with the Negotiate
   // authenticators for other O.S.. Always returns true.
   bool Init();
 
   // True if authentication needs the identity of the user from Chrome.
@@ skipping 35 matching lines @@
                         const net::CompletionCallback& callback);
 
   // Delegation is allowed on the Kerberos ticket. This allows certain servers
   // to act as the user, such as an IIS server retrieving data from a
   // Kerberized MSSQL server.
   void Delegate();
 
  private:
   void SetResultInternal(int result, const std::string& token);
 
-  std::string account_type_;
+  HttpAuthPreferences* prefs_;
   bool can_delegate_;
   bool first_challenge_;
   std::string server_auth_token_;
   std::string* auth_token_;
   base::android::ScopedJavaGlobalRef<jobject> java_authenticator_;
   net::CompletionCallback completion_callback_;
 
   base::WeakPtrFactory<HttpAuthNegotiateAndroid> weak_factory_;
 
   DISALLOW_COPY_AND_ASSIGN(HttpAuthNegotiateAndroid);
 };
 
 }  // namespace android
 }  // namespace net
 
 #endif  // NET_ANDROID_HTTP_AUTH_NEGOTIATE_ANDROID_H_