170 lines
6.7 KiB
C++
170 lines
6.7 KiB
C++
// Copyright 2015 The Chromium Authors
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
#include "net/android/http_auth_negotiate_android.h"
|
|
|
|
#include "base/android/jni_string.h"
|
|
#include "base/android/scoped_java_ref.h"
|
|
#include "base/functional/bind.h"
|
|
#include "base/functional/callback_helpers.h"
|
|
#include "base/location.h"
|
|
#include "base/task/single_thread_task_runner.h"
|
|
#include "net/base/auth.h"
|
|
#include "net/base/net_errors.h"
|
|
#include "net/http/http_auth.h"
|
|
#include "net/http/http_auth_challenge_tokenizer.h"
|
|
#include "net/http/http_auth_multi_round_parse.h"
|
|
#include "net/http/http_auth_preferences.h"
|
|
#include "net/log/net_log_with_source.h"
|
|
#include "net/net_jni_headers/HttpNegotiateAuthenticator_jni.h"
|
|
|
|
using base::android::AttachCurrentThread;
|
|
using base::android::ConvertUTF8ToJavaString;
|
|
using base::android::ConvertJavaStringToUTF8;
|
|
using base::android::JavaParamRef;
|
|
using base::android::ScopedJavaLocalRef;
|
|
|
|
namespace net::android {
|
|
|
|
JavaNegotiateResultWrapper::JavaNegotiateResultWrapper(
|
|
const scoped_refptr<base::TaskRunner>& callback_task_runner,
|
|
base::OnceCallback<void(int, const std::string&)> thread_safe_callback)
|
|
: callback_task_runner_(callback_task_runner),
|
|
thread_safe_callback_(std::move(thread_safe_callback)) {}
|
|
|
|
JavaNegotiateResultWrapper::~JavaNegotiateResultWrapper() = default;
|
|
|
|
void JavaNegotiateResultWrapper::SetResult(JNIEnv* env,
|
|
const JavaParamRef<jobject>& obj,
|
|
int result,
|
|
const JavaParamRef<jstring>& token) {
|
|
// This will be called on the UI thread, so we have to post a task back to the
|
|
// correct thread to actually save the result
|
|
std::string raw_token;
|
|
if (token.obj())
|
|
raw_token = ConvertJavaStringToUTF8(env, token);
|
|
// Always post, even if we are on the same thread. This guarantees that the
|
|
// result will be delayed until after the request has completed, which
|
|
// simplifies the logic. In practice the result will only ever come back on
|
|
// the original thread in an obscure error case.
|
|
callback_task_runner_->PostTask(
|
|
FROM_HERE,
|
|
base::BindOnce(std::move(thread_safe_callback_), result, raw_token));
|
|
// We will always get precisely one call to set result for each call to
|
|
// getNextAuthToken, so we can now delete the callback object, and must
|
|
// do so to avoid a memory leak.
|
|
delete this;
|
|
}
|
|
|
|
HttpAuthNegotiateAndroid::HttpAuthNegotiateAndroid(
|
|
const HttpAuthPreferences* prefs)
|
|
: prefs_(prefs) {
|
|
JNIEnv* env = AttachCurrentThread();
|
|
java_authenticator_.Reset(Java_HttpNegotiateAuthenticator_create(
|
|
env, ConvertUTF8ToJavaString(env, GetAuthAndroidNegotiateAccountType())));
|
|
}
|
|
|
|
HttpAuthNegotiateAndroid::~HttpAuthNegotiateAndroid() = default;
|
|
|
|
bool HttpAuthNegotiateAndroid::Init(const NetLogWithSource& net_log) {
|
|
return true;
|
|
}
|
|
|
|
bool HttpAuthNegotiateAndroid::NeedsIdentity() const {
|
|
return false;
|
|
}
|
|
|
|
bool HttpAuthNegotiateAndroid::AllowsExplicitCredentials() const {
|
|
return false;
|
|
}
|
|
|
|
HttpAuth::AuthorizationResult HttpAuthNegotiateAndroid::ParseChallenge(
|
|
net::HttpAuthChallengeTokenizer* tok) {
|
|
if (first_challenge_) {
|
|
first_challenge_ = false;
|
|
return net::ParseFirstRoundChallenge(HttpAuth::AUTH_SCHEME_NEGOTIATE, tok);
|
|
}
|
|
std::string decoded_auth_token;
|
|
return net::ParseLaterRoundChallenge(HttpAuth::AUTH_SCHEME_NEGOTIATE, tok,
|
|
&server_auth_token_,
|
|
&decoded_auth_token);
|
|
}
|
|
|
|
int HttpAuthNegotiateAndroid::GenerateAuthTokenAndroid(
|
|
const AuthCredentials* credentials,
|
|
const std::string& spn,
|
|
const std::string& channel_bindings,
|
|
std::string* auth_token,
|
|
net::CompletionOnceCallback callback) {
|
|
return GenerateAuthToken(credentials, spn, channel_bindings, auth_token,
|
|
NetLogWithSource(), std::move(callback));
|
|
}
|
|
|
|
int HttpAuthNegotiateAndroid::GenerateAuthToken(
|
|
const AuthCredentials* credentials,
|
|
const std::string& spn,
|
|
const std::string& channel_bindings,
|
|
std::string* auth_token,
|
|
const NetLogWithSource& net_log,
|
|
net::CompletionOnceCallback callback) {
|
|
if (GetAuthAndroidNegotiateAccountType().empty()) {
|
|
// This can happen if there is a policy change, removing the account type,
|
|
// in the middle of a negotiation.
|
|
return ERR_UNSUPPORTED_AUTH_SCHEME;
|
|
}
|
|
DCHECK(auth_token);
|
|
DCHECK(completion_callback_.is_null());
|
|
DCHECK(!callback.is_null());
|
|
|
|
auth_token_ = auth_token;
|
|
completion_callback_ = std::move(callback);
|
|
scoped_refptr<base::SingleThreadTaskRunner> callback_task_runner =
|
|
base::SingleThreadTaskRunner::GetCurrentDefault();
|
|
base::OnceCallback<void(int, const std::string&)> thread_safe_callback =
|
|
base::BindOnce(&HttpAuthNegotiateAndroid::SetResultInternal,
|
|
weak_factory_.GetWeakPtr());
|
|
JNIEnv* env = AttachCurrentThread();
|
|
ScopedJavaLocalRef<jstring> java_server_auth_token =
|
|
ConvertUTF8ToJavaString(env, server_auth_token_);
|
|
ScopedJavaLocalRef<jstring> java_spn = ConvertUTF8ToJavaString(env, spn);
|
|
|
|
// It is intentional that callback_wrapper is not owned or deleted by the
|
|
// HttpAuthNegotiateAndroid object. The Java code will call the callback
|
|
// asynchronously on a different thread, and needs an object to call it on. As
|
|
// such, the callback_wrapper must not be deleted until the callback has been
|
|
// called, whatever happens to the HttpAuthNegotiateAndroid object.
|
|
//
|
|
// Unfortunately we have no automated way of managing C++ objects owned by
|
|
// Java, so the Java code must simply be written to guarantee that the
|
|
// callback is, in the end, called.
|
|
JavaNegotiateResultWrapper* callback_wrapper = new JavaNegotiateResultWrapper(
|
|
callback_task_runner, std::move(thread_safe_callback));
|
|
Java_HttpNegotiateAuthenticator_getNextAuthToken(
|
|
env, java_authenticator_, reinterpret_cast<intptr_t>(callback_wrapper),
|
|
java_spn, java_server_auth_token, can_delegate());
|
|
return ERR_IO_PENDING;
|
|
}
|
|
|
|
void HttpAuthNegotiateAndroid::SetDelegation(
|
|
HttpAuth::DelegationType delegation_type) {
|
|
DCHECK_NE(delegation_type, HttpAuth::DelegationType::kByKdcPolicy);
|
|
can_delegate_ = delegation_type == HttpAuth::DelegationType::kUnconstrained;
|
|
}
|
|
|
|
std::string HttpAuthNegotiateAndroid::GetAuthAndroidNegotiateAccountType()
|
|
const {
|
|
return prefs_->AuthAndroidNegotiateAccountType();
|
|
}
|
|
|
|
void HttpAuthNegotiateAndroid::SetResultInternal(int result,
|
|
const std::string& raw_token) {
|
|
DCHECK(auth_token_);
|
|
DCHECK(!completion_callback_.is_null());
|
|
if (result == OK)
|
|
*auth_token_ = "Negotiate " + raw_token;
|
|
std::move(completion_callback_).Run(result);
|
|
}
|
|
|
|
} // namespace net::android
|