net/android/http_auth_negotiate_android.h

   1 // Copyright 2015 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef NET_ANDROID_HTTP_AUTH_NEGOTIATE_ANDROID_H_
   6 #define NET_ANDROID_HTTP_AUTH_NEGOTIATE_ANDROID_H_
   7
   8 #include <jni.h>
   9 #include <string>
  10
  11 #include "base/android/jni_android.h"
  12 #include "base/callback.h"
  13 #include "base/macros.h"
  14 #include "base/memory/ref_counted.h"
  15 #include "base/memory/scoped_ptr.h"
  16 #include "net/base/completion_callback.h"
  17 #include "net/http/http_auth.h"
  18
  19 namespace net {
  20
  21 class HttpAuthChallengeTokenizer;
  22
  23 namespace android {
  24
  25 // This class provides a threadsafe wrapper for SetResult, which is called from
  26 // Java. A new instance of this class is needed for each call, and the instance
  27 // destroys itself when the callback is received. It is written to allow
  28 // setResult to be called on any thread, but in practice they will be called
  29 // on the application's main thread.
  30 //
  31 // We cannot use a Callback object here, because there is no way of invoking the
  32 // Run method from Java.
  33 class NET_EXPORT_PRIVATE JavaNegotiateResultWrapper {
  34  public:
  35   scoped_refptr<base::TaskRunner> callback_task_runner_;
  36   base::Callback<void(int, const std::string&)> thread_safe_callback_;
  37
  38   JavaNegotiateResultWrapper(
  39       const scoped_refptr<base::TaskRunner>& callback_task_runner,
  40       const base::Callback<void(int, const std::string&)>&
  41           thread_safe_callback);
  42
  43   void SetResult(JNIEnv* env, jobject obj, int result, jstring token);
  44
  45  private:
  46   // Class is only allowed to delete itself, nobody else is allowed to delete.
  47   ~JavaNegotiateResultWrapper();
  48 };
  49
  50 // Class providing Negotiate (SPNEGO/Kerberos) authentication support on
  51 // Android. The actual authentication is done through an Android authenticator
  52 // provided by third parties who want Kerberos support. This class simply
  53 // provides a bridge to the Java code, and hence to the service. See
  54 // https://drive.google.com/open?id=1G7WAaYEKMzj16PTHT_cIYuKXJG6bBcrQ7QQBQ6ihOcQ&authuser=1
  55 // for the full details.
  56 class NET_EXPORT_PRIVATE HttpAuthNegotiateAndroid {
  57  public:
  58   // Creates an object for one negotiation session. |account_type| is the
  59   // Android account type, used by Android to find the correct authenticator.
  60   explicit HttpAuthNegotiateAndroid(const std::string& account_type);
  61   ~HttpAuthNegotiateAndroid();
  62
  63   // Register the JNI for this class.
  64   static bool Register(JNIEnv* env);
  65
  66   // Does nothing, but needed for compatibility with the Negotiate
  67   // authenticators for other O.S.. Always returns true.
  68   bool Init();
  69
  70   // True if authentication needs the identity of the user from Chrome.
  71   bool NeedsIdentity() const;
  72
  73   // True authentication can use explicit credentials included in the URL.
  74   bool AllowsExplicitCredentials() const;
  75
  76   // Parse a received Negotiate challenge.
  77   HttpAuth::AuthorizationResult ParseChallenge(
  78       net::HttpAuthChallengeTokenizer* tok);
  79
  80   // Generates an authentication token.
  81   //
  82   // The return value is an error code. The authentication token will be
  83   // returned in |*auth_token|. If the result code is not |OK|, the value of
  84   // |*auth_token| is unspecified.
  85   //
  86   // If the operation cannot be completed synchronously, |ERR_IO_PENDING| will
  87   // be returned and the real result code will be passed to the completion
  88   // callback.  Otherwise the result code is returned immediately from this
  89   // call.
  90   //
  91   // If the AndroidAuthNegotiate object is deleted before completion then the
  92   // callback will not be called.
  93   //
  94   // If no immediate result is returned then |auth_token| must remain valid
  95   // until the callback has been called.
  96   //
  97   // |spn| is the Service Principal Name of the server that the token is
  98   // being generated for.
  99   //
 100   // If this is the first round of a multiple round scheme, credentials are
 101   // obtained using |*credentials|. If |credentials| is NULL, the default
 102   // credentials are used instead.
 103   int GenerateAuthToken(const AuthCredentials* credentials,
 104                         const std::string& spn,
 105                         std::string* auth_token,
 106                         const net::CompletionCallback& callback);
 107
 108   // Delegation is allowed on the Kerberos ticket. This allows certain servers
 109   // to act as the user, such as an IIS server retrieving data from a
 110   // Kerberized MSSQL server.
 111   void Delegate();
 112
 113  private:
 114   void SetResultInternal(int result, const std::string& token);
 115
 116   std::string account_type_;
 117   bool can_delegate_;
 118   bool first_challenge_;
 119   std::string server_auth_token_;
 120   std::string* auth_token_;
 121   base::android::ScopedJavaGlobalRef<jobject> java_authenticator_;
 122   net::CompletionCallback completion_callback_;
 123
 124   base::WeakPtrFactory<HttpAuthNegotiateAndroid> weak_factory_;
 125
 126   DISALLOW_COPY_AND_ASSIGN(HttpAuthNegotiateAndroid);
 127 };
 128
 129 }  // namespace android
 130 }  // namespace net
 131
 132 #endif  // NET_ANDROID_HTTP_AUTH_NEGOTIATE_ANDROID_H_