Allow dynamic updating of authentication policies

chrome/browser/io_thread.cc

Index: chrome/browser/io_thread.cc
diff --git a/chrome/browser/io_thread.cc b/chrome/browser/io_thread.cc
index 572e5348d66d00a57223f6f67433e5aa85d2beab..16d5643938d3caf6c423595eeb6ff35109978c57 100644
--- a/chrome/browser/io_thread.cc
+++ b/chrome/browser/io_thread.cc
@@ -458,16 +458,38 @@ IOThread::IOThread(
       creation_time_(base::TimeTicks::Now()),
       weak_factory_(this) {
   auth_schemes_ = local_state->GetString(prefs::kAuthSchemes);
-  negotiate_disable_cname_lookup_ = local_state->GetBoolean(
-      prefs::kDisableAuthNegotiateCnameLookup);
-  negotiate_enable_port_ = local_state->GetBoolean(
-      prefs::kEnableAuthNegotiatePort);
-  auth_server_whitelist_ = local_state->GetString(prefs::kAuthServerWhitelist);
-  auth_delegate_whitelist_ = local_state->GetString(
-      prefs::kAuthNegotiateDelegateWhitelist);
+  negotiate_disable_cname_lookup_.Init(
+      prefs::kDisableAuthNegotiateCnameLookup,
+      local_state,
+      base::Bind(&IOThread::UpdateNegotiateDisableCnameLookup,
+                 weak_factory_.GetWeakPtr()));
+  negotiate_disable_cname_lookup_.MoveToThread(
+      BrowserThread::GetMessageLoopProxyForThread(BrowserThread::IO));

[Bernhard Bauer, 2015/10/21 09:51:10]

Extract this to a local variable so you can reuse it?

[aberent, 2015/10/22 17:57:03]

Done.

+  negotiate_enable_port_.Init(
+      prefs::kEnableAuthNegotiatePort,
+      local_state,
+      base::Bind(&IOThread::UpdateNegotiateEnablePort,
+                 weak_factory_.GetWeakPtr()));
+  negotiate_enable_port_.MoveToThread(
+      BrowserThread::GetMessageLoopProxyForThread(BrowserThread::IO));
+  auth_server_whitelist_.Init(
+      prefs::kAuthServerWhitelist, local_state,
+      base::Bind(&IOThread::UpdateSecurityManager, weak_factory_.GetWeakPtr()));
+  auth_server_whitelist_.MoveToThread(
+      BrowserThread::GetMessageLoopProxyForThread(BrowserThread::IO));
+  auth_delegate_whitelist_.Init(
+      prefs::kAuthNegotiateDelegateWhitelist, local_state,
+      base::Bind(&IOThread::UpdateSecurityManager, weak_factory_.GetWeakPtr()));
+  auth_delegate_whitelist_.MoveToThread(
+      BrowserThread::GetMessageLoopProxyForThread(BrowserThread::IO));
   gssapi_library_name_ = local_state->GetString(prefs::kGSSAPILibraryName);
-  auth_android_negotiate_account_type_ =
-      local_state->GetString(prefs::kAuthAndroidNegotiateAccountType);
+  auth_android_negotiate_account_type_.Init(
+      prefs::kAuthAndroidNegotiateAccountType,
+      local_state,
+      base::Bind(&IOThread::UpdateAndroidAuthNegotiateAccount,
+                 weak_factory_.GetWeakPtr()));
+  auth_android_negotiate_account_type_.MoveToThread(
+      BrowserThread::GetMessageLoopProxyForThread(BrowserThread::IO));
   pref_proxy_config_tracker_.reset(
       ProxyServiceFactory::CreatePrefProxyConfigTrackerOfLocalState(
           local_state));
@@ -718,8 +740,7 @@ void IOThread::Init() {
 
   globals_->ssl_config_service = GetSSLConfigService();
 
-  globals_->http_auth_handler_factory.reset(CreateDefaultAuthHandlerFactory(
-      globals_->host_resolver.get()));
+  CreateDefaultAuthHandlerFactory();
   globals_->http_server_properties.reset(new net::HttpServerPropertiesImpl());
   // For the ProxyScriptFetcher, we use a direct ProxyService.
   globals_->proxy_script_fetcher_proxy_service =
@@ -981,30 +1002,50 @@ void IOThread::RegisterPrefs(PrefRegistrySimple* registry) {
   registry->RegisterBooleanPref(prefs::kQuickCheckEnabled, true);
 }
 
-net::HttpAuthHandlerFactory* IOThread::CreateDefaultAuthHandlerFactory(
-    net::HostResolver* resolver) {
+void IOThread::UpdateSecurityManager() {
   net::HttpAuthFilterWhitelist* auth_filter_default_credentials = NULL;
-  if (!auth_server_whitelist_.empty()) {
-    auth_filter_default_credentials =
-        new net::HttpAuthFilterWhitelist(auth_server_whitelist_);
+  std::string server_whitelist = auth_server_whitelist_.GetValue();
+  if (!server_whitelist.empty()) {
+    auth_filter_default_credentials = new net::HttpAuthFilterWhitelist(
+        server_whitelist);
   }
   net::HttpAuthFilterWhitelist* auth_filter_delegate = NULL;
-  if (!auth_delegate_whitelist_.empty()) {
-    auth_filter_delegate =
-        new net::HttpAuthFilterWhitelist(auth_delegate_whitelist_);
-  }
+  std::string delegate_whitelist = auth_delegate_whitelist_.GetValue();
+  if (!delegate_whitelist.empty())
+    auth_filter_delegate = new net::HttpAuthFilterWhitelist(delegate_whitelist);
   globals_->url_security_manager.reset(
       net::URLSecurityManager::Create(auth_filter_default_credentials,
                                       auth_filter_delegate));
+  globals_->http_auth_handler_factory->SetSecurityManager(
+      globals_->url_security_manager.get());
+}
+
+void IOThread::UpdateAndroidAuthNegotiateAccount() {
+  globals_->http_auth_handler_factory->SetAndroidAuthNegotiateAccountType(
+      auth_android_negotiate_account_type_.GetValue());
+}
+
+void IOThread::UpdateNegotiateDisableCnameLookup() {
+  globals_->http_auth_handler_factory->SetNegotiateDisableCnameLookup(
+      negotiate_disable_cname_lookup_.GetValue());
+}
+
+void IOThread::UpdateNegotiateEnablePort() {
+  globals_->http_auth_handler_factory->SetNegotiateEnablePort(
+      negotiate_enable_port_.GetValue());
+}
+
+void IOThread::CreateDefaultAuthHandlerFactory() {
   std::vector<std::string> supported_schemes = base::SplitString(
       auth_schemes_, ",", base::TRIM_WHITESPACE, base::SPLIT_WANT_ALL);
-
-  scoped_ptr<net::HttpAuthHandlerRegistryFactory> registry_factory(
-      net::HttpAuthHandlerRegistryFactory::Create(
-          supported_schemes, globals_->url_security_manager.get(), resolver,
-          gssapi_library_name_, auth_android_negotiate_account_type_,
-          negotiate_disable_cname_lookup_, negotiate_enable_port_));
-  return registry_factory.release();
+  globals_->http_auth_handler_factory.reset(
+      net::HttpAuthHandlerRegistryFactory::Create(supported_schemes,
+                                                  globals_->host_resolver.get(),
+                                                  gssapi_library_name_));
+  UpdateSecurityManager();
+  UpdateAndroidAuthNegotiateAccount();
+  UpdateNegotiateDisableCnameLookup();
+  UpdateNegotiateEnablePort();
 }
 
 void IOThread::ClearHostCache() {